Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Vbh0wgM4vb71F1FuZ0y2h7TMOCc.roa
File: Vbh0wgM4vb71F1FuZ0y2h7TMOCc.roa (raw, json)
Hash identifier: fNbQJtGnLvQfT0HSQnr/II3ZfsxZXAmRrhW862mXwdY=
Subject key identifier: 55:B8:74:C2:03:38:BD:BE:F5:17:51:6E:67:4C:B6:87:B4:CC:38:27
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 0198006C85B0160B38379373181F1E962A1F
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Vbh0wgM4vb71F1FuZ0y2h7TMOCc.roa
Signing time: Sat 12 Jul 2025 20:56:08 +0000
ROA not before: Sat 12 Jul 2025 20:56:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16125
IP address blocks: 84.32.9.0/24 maxlen: 24
84.32.25.0/24 maxlen: 24
84.32.97.0/24 maxlen: 24
84.32.178.0/23 maxlen: 23
84.32.209.0/24 maxlen: 24
84.32.214.0/24 maxlen: 24
84.32.215.0/24 maxlen: 24
84.32.248.0/24 maxlen: 24
88.216.197.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 21:00:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:00:6c:85:b0:16:0b:38:37:93:73:18:1f:1e:96:2a:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Jul 12 20:56:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=55b874c20338bdbef517516e674cb687b4cc3827
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:78:28:03:ac:8e:52:7d:d1:81:a2:91:e7:d3:
49:9b:dc:fc:02:ac:5e:ba:bb:3a:3b:46:eb:ce:75:
16:99:fb:e3:13:3b:26:f5:b0:76:ae:a3:c7:da:bb:
6c:d8:48:f9:e5:64:d8:25:fc:0f:7e:4a:d3:d8:90:
f3:81:70:63:90:76:40:67:37:99:ad:8e:cf:bb:3a:
b1:50:4c:ef:17:b6:9a:31:bc:35:6a:73:58:5b:91:
a1:76:4e:93:05:1d:ea:ca:22:04:b6:5f:a2:7a:2a:
24:a4:b8:7d:87:73:a3:d2:36:cc:c5:d1:d6:db:52:
5e:bd:a9:11:f9:bd:f6:09:aa:d0:b2:5b:44:e7:d5:
7c:03:07:13:31:ee:68:36:6c:c7:8c:16:2d:9e:32:
f5:9d:47:24:61:f7:30:60:f1:e8:0e:3b:89:3d:55:
8f:29:f9:cc:92:df:eb:f2:18:3a:6b:d6:0f:d6:86:
e5:9a:12:f2:b1:7a:c3:04:c4:8f:b2:46:40:bc:6b:
e9:6b:a0:e7:3e:3e:92:77:ee:f3:64:2c:4c:05:a1:
2b:6d:40:19:6d:72:66:10:4b:59:5b:2e:fe:8c:47:
66:88:8c:a3:54:dd:94:5e:45:5f:cb:79:b5:84:a9:
c2:d8:93:50:6b:b7:95:8a:ab:f1:e4:82:9f:e0:97:
ac:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:B8:74:C2:03:38:BD:BE:F5:17:51:6E:67:4C:B6:87:B4:CC:38:27
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Vbh0wgM4vb71F1FuZ0y2h7TMOCc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.9.0/24
84.32.25.0/24
84.32.97.0/24
84.32.178.0/23
84.32.209.0/24
84.32.214.0/23
84.32.248.0/24
88.216.197.0/24
Signature Algorithm: sha256WithRSAEncryption
0e:b2:55:05:dd:56:15:9e:87:15:df:f9:78:d8:2a:62:30:53:
61:87:76:29:df:68:90:38:bd:c8:0e:2c:76:d7:2b:ba:b0:cb:
e4:0c:58:65:e6:e2:71:e7:fb:8a:c5:2e:67:d4:02:2d:d0:6f:
b6:c1:55:cc:49:96:1c:7a:3b:dc:36:c5:7d:0b:7b:7d:3e:b7:
ad:ae:f1:99:0e:72:e7:ba:d2:bf:22:7f:4b:15:81:fb:3a:d1:
f1:f5:6b:67:7c:f6:bc:97:3a:44:7e:85:41:20:76:f2:e7:e5:
83:da:d8:67:31:3d:cf:5c:e7:49:2b:8f:76:1e:28:7c:c7:2f:
95:65:e0:8c:ee:21:4e:02:c3:ca:14:99:0e:49:46:71:57:42:
5c:fb:5a:22:db:df:c7:32:9c:6d:44:74:8a:be:47:33:40:1c:
20:00:f3:f8:13:f6:81:b6:4e:a2:23:f3:bc:e7:db:1b:00:8b:
bb:3f:97:29:71:f3:b3:f6:26:0c:7b:a2:a1:85:33:e1:aa:a3:
93:6e:be:47:d1:d6:9f:f8:76:b1:29:7c:53:6a:85:95:a0:f9:
ba:8a:d0:a1:13:76:87:e3:0a:74:1b:53:2c:b0:07:fa:88:74:
34:54:67:2f:7e:2d:60:55:90:f1:80:79:98:f6:54:b1:4f:67:
bb:10:03:58
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZgAbIWwFgs4N5NzGB8eliofMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwNzEyMjA1NjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWI4NzRjMjAzMzhiZGJlZjUxNzUxNmU2NzRjYjY4N2I0Y2MzODI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3goA6yOUn3RgaKR59NJm9z8Aqxe
urs6O0brznUWmfvjEzsm9bB2rqPH2rts2Ej55WTYJfwPfkrT2JDzgXBjkHZAZzeZ
rY7PuzqxUEzvF7aaMbw1anNYW5Ghdk6TBR3qyiIEtl+ieiokpLh9h3Oj0jbMxdHW
21JevakR+b32CarQsltE59V8AwcTMe5oNmzHjBYtnjL1nUckYfcwYPHoDjuJPVWP
KfnMkt/r8hg6a9YP1oblmhLysXrDBMSPskZAvGvpa6DnPj6Sd+7zZCxMBaErbUAZ
bXJmEEtZWy7+jEdmiIyjVN2UXkVfy3m1hKnC2JNQa7eViqvx5IKf4JesMwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFFW4dMIDOL2+9RdRbmdMtoe0zDgnMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvVmJoMHdnTTR2YjcxRjFGdVoweTJoN1RNT0NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAVCAJAwQA
VCAZAwQAVCBhAwQBVCCyAwQAVCDRAwQBVCDWAwQAVCD4AwQAWNjFMA0GCSqGSIb3
DQEBCwUAA4IBAQAOslUF3VYVnocV3/l42CpiMFNhh3Yp32iQOL3IDix21yu6sMvk
DFhl5uJx5/uKxS5n1AIt0G+2wVXMSZYcejvcNsV9C3t9PretrvGZDnLnutK/In9L
FYH7OtHx9WtnfPa8lzpEfoVBIHby5+WD2thnMT3PXOdJK492Hih8xy+VZeCM7iFO
AsPKFJkOSUZxV0Jc+1oi29/HMpxtRHSKvkczQBwgAPP4E/aBtk6iI/O859sbAIu7
P5cpcfOz9iYMe6KhhTPhqqOTbr5H0daf+HaxKXxTaoWVoPm6itChE3aH4wp0G1Ms
sAf6iHQ0VGcvfi1gVZDxgHmY9lSxT2e7EANY
-----END CERTIFICATE-----
Generated at Mon Jul 21 02:07:33 2025 by rpki-client