Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/fzCrHTjLW7keLra830xMwM9iv60.roa
File: fzCrHTjLW7keLra830xMwM9iv60.roa (raw, json)
Hash identifier: 5YxnZbsq6xFnzzyX2h5V/FRD7z5YRnJfK7m6hOO9s9o=
Subject key identifier: 7F:30:AB:1D:38:CB:5B:B9:1E:2E:B6:BC:DF:4C:4C:C0:CF:62:BF:AD
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 01980CF8310061387AA2AA682802E4FA19BF
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/fzCrHTjLW7keLra830xMwM9iv60.roa
Signing time: Tue 15 Jul 2025 07:24:08 +0000
ROA not before: Tue 15 Jul 2025 07:24:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 84.32.7.0/24 maxlen: 24
84.32.8.0/24 maxlen: 24
84.32.20.0/22 maxlen: 24
84.32.46.0/24 maxlen: 24
84.32.47.0/24 maxlen: 24
84.32.48.0/22 maxlen: 24
84.32.64.0/24 maxlen: 24
84.32.104.0/24 maxlen: 24
84.32.148.0/23 maxlen: 24
84.32.150.0/23 maxlen: 24
84.32.151.0/24 maxlen: 24
84.32.174.0/23 maxlen: 24
84.32.214.0/23 maxlen: 24
84.32.217.0/24 maxlen: 24
84.32.223.0/24 maxlen: 24
84.32.230.0/24 maxlen: 24
84.32.244.0/23 maxlen: 24
84.32.246.0/23 maxlen: 24
88.216.22.0/23 maxlen: 24
88.216.44.0/24 maxlen: 24
88.216.45.0/24 maxlen: 24
88.216.60.0/22 maxlen: 24
88.216.66.0/23 maxlen: 24
88.216.70.0/24 maxlen: 24
88.216.90.0/24 maxlen: 24
88.216.93.0/24 maxlen: 24
88.216.127.0/24 maxlen: 24
88.216.130.0/23 maxlen: 24
88.216.134.0/23 maxlen: 24
88.216.211.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Jul 2025 06:00:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:0c:f8:31:00:61:38:7a:a2:aa:68:28:02:e4:fa:19:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Jul 15 07:24:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7f30ab1d38cb5bb91e2eb6bcdf4c4cc0cf62bfad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:21:be:64:df:e4:3b:94:1d:5e:88:4e:9b:60:
46:14:e8:a4:0d:fd:90:4d:10:43:ae:4a:47:08:32:
e0:04:63:35:97:4d:89:1a:59:be:10:bc:98:49:7d:
a9:86:4a:2a:d2:9b:19:36:75:27:23:52:3e:9a:e1:
95:e3:a6:dc:91:eb:bc:df:51:9c:b3:4c:5a:a2:c2:
48:6b:a3:2b:00:20:f8:83:32:75:4c:2b:17:b4:d5:
c4:ec:f8:6b:c0:f9:9f:1c:68:f3:06:a8:69:1a:aa:
58:52:72:b2:92:39:d8:12:be:cc:6c:b7:7f:fa:f3:
13:6b:d1:0c:51:cc:e4:1a:a7:e3:e6:0c:7d:ef:b4:
5f:c2:7f:ec:64:53:70:e2:8b:3c:1f:1a:4a:2d:02:
d5:48:61:2e:6d:47:e0:67:a2:cd:de:78:5d:7a:78:
aa:23:c7:56:7a:39:d4:c8:f5:41:e2:02:0f:24:8b:
3e:71:09:3b:95:e6:ab:2d:4e:7d:e7:94:eb:27:1d:
80:25:87:67:84:1b:74:b8:a9:33:35:f9:a4:d0:c4:
85:a0:d8:e2:3f:2b:58:4c:9f:d2:f1:be:27:f4:bc:
c2:c3:06:9e:e4:ee:8f:41:a2:3d:28:78:10:0a:01:
e7:73:c5:a2:9b:47:10:39:6e:ab:e1:c7:5a:ea:0c:
cf:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:30:AB:1D:38:CB:5B:B9:1E:2E:B6:BC:DF:4C:4C:C0:CF:62:BF:AD
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/fzCrHTjLW7keLra830xMwM9iv60.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.7.0-84.32.8.255
84.32.20.0/22
84.32.46.0-84.32.51.255
84.32.64.0/24
84.32.104.0/24
84.32.148.0/22
84.32.174.0/23
84.32.214.0/23
84.32.217.0/24
84.32.223.0/24
84.32.230.0/24
84.32.244.0/22
88.216.22.0/23
88.216.44.0/23
88.216.60.0/22
88.216.66.0/23
88.216.70.0/24
88.216.90.0/24
88.216.93.0/24
88.216.127.0/24
88.216.130.0/23
88.216.134.0/23
88.216.211.0/24
Signature Algorithm: sha256WithRSAEncryption
37:d6:ac:1e:19:5c:b6:96:92:14:08:da:bb:23:2c:77:bf:e0:
e6:89:99:52:5a:32:93:e0:bc:8f:6b:6e:5f:92:66:21:63:1b:
2c:6f:f6:72:16:be:54:c3:4e:7d:12:94:bf:bf:2b:3d:c4:33:
fc:19:a0:35:8b:0d:2e:38:07:75:db:24:6a:a1:c6:d4:63:71:
89:1a:f7:92:a9:3b:ab:fb:e2:63:70:9d:80:23:19:bd:61:e2:
5e:68:c4:e3:fb:ac:f8:e9:01:81:ae:7e:2a:27:c7:8a:6e:c8:
3e:d5:4d:0f:56:04:81:f1:90:bd:b9:87:b8:c4:e2:51:e0:8b:
a1:ba:a8:13:61:2d:45:13:1a:99:6c:68:d2:e1:3e:6b:0d:5e:
b2:4d:c1:d5:99:c3:d0:46:e1:4c:ec:52:ac:8d:18:af:9e:76:
7a:44:9d:c9:6f:f6:40:34:29:e7:c8:6d:66:8b:24:2d:93:01:
82:71:97:98:06:f4:c4:e3:17:49:a5:24:bf:f1:63:28:dd:86:
38:bf:31:15:0e:7f:cf:e8:20:c3:22:00:b3:6a:7d:15:40:a5:
b0:5a:f9:ee:31:ae:13:78:70:14:4d:35:0c:8b:6a:a1:e3:1c:
c4:bb:88:cc:b6:ac:13:9d:a7:1b:b8:f6:22:96:f2:e2:3f:2c:
09:e6:06:29
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgISAZgM+DEAYTh6oqpoKALk+hm/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwNzE1MDcyNDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjMwYWIxZDM4Y2I1YmI5MWUyZWI2YmNkZjRjNGNjMGNmNjJiZmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSG+ZN/kO5QdXohOm2BGFOikDf2Q
TRBDrkpHCDLgBGM1l02JGlm+ELyYSX2phkoq0psZNnUnI1I+muGV46bckeu831Gc
s0xaosJIa6MrACD4gzJ1TCsXtNXE7PhrwPmfHGjzBqhpGqpYUnKykjnYEr7MbLd/
+vMTa9EMUczkGqfj5gx977Rfwn/sZFNw4os8HxpKLQLVSGEubUfgZ6LN3nhdeniq
I8dWejnUyPVB4gIPJIs+cQk7learLU5955TrJx2AJYdnhBt0uKkzNfmk0MSFoNji
PytYTJ/S8b4n9LzCwwae5O6PQaI9KHgQCgHnc8Wim0cQOW6r4cda6gzPpwIDAQAB
o4ICojCCAp4wHQYDVR0OBBYEFH8wqx04y1u5Hi62vN9MTMDPYr+tMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvZnpDckhUakxXN2tlTHJhODMweE13TTlpdjYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG3BggrBgEFBQcBBwEB/wSBpzCBpDCBoQQCAAEwgZowDAME
AFQgBwMEAFQgCAMEAlQgFDAMAwQBVCAuAwQCVCAwAwQAVCBAAwQAVCBoAwQCVCCU
AwQBVCCuAwQBVCDWAwQAVCDZAwQAVCDfAwQAVCDmAwQCVCD0AwQBWNgWAwQBWNgs
AwQCWNg8AwQBWNhCAwQAWNhGAwQAWNhaAwQAWNhdAwQAWNh/AwQBWNiCAwQBWNiG
AwQAWNjTMA0GCSqGSIb3DQEBCwUAA4IBAQA31qweGVy2lpIUCNq7Iyx3v+DmiZlS
WjKT4LyPa25fkmYhYxssb/ZyFr5Uw059EpS/vys9xDP8GaA1iw0uOAd12yRqocbU
Y3GJGveSqTur++JjcJ2AIxm9YeJeaMTj+6z46QGBrn4qJ8eKbsg+1U0PVgSB8ZC9
uYe4xOJR4IuhuqgTYS1FExqZbGjS4T5rDV6yTcHVmcPQRuFM7FKsjRivnnZ6RJ3J
b/ZANCnnyG1miyQtkwGCcZeYBvTE4xdJpSS/8WMo3YY4vzEVDn/P6CDDIgCzan0V
QKWwWvnuMa4TeHAUTTUMi2qh4xzEu4jMtqwTnacbuPYilvLiPywJ5gYp
-----END CERTIFICATE-----
Generated at Mon Jul 21 12:39:05 2025 by rpki-client