
Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/mfr4z2k9K3BC4fSqhbUb79zfV0w.roa
File: mfr4z2k9K3BC4fSqhbUb79zfV0w.roa (raw, json)
Hash identifier: fGz/wU4ptwwjfEulptTYTQDN19LZ9Ru07ebI6zVJTAs=
Subject key identifier: 99:FA:F8:CF:69:3D:2B:70:42:E1:F4:AA:85:B5:1B:EF:DC:DF:57:4C
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 0197E92F2A6C3998B3218AF7C389C1490AC1
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/mfr4z2k9K3BC4fSqhbUb79zfV0w.roa
Signing time: Tue 08 Jul 2025 08:37:51 +0000
ROA not before: Tue 08 Jul 2025 08:37:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214706
IP address blocks: 45.43.162.0/24 maxlen: 24
104.167.0.0/24 maxlen: 24
104.239.82.0/24 maxlen: 24
104.239.98.0/24 maxlen: 24
204.52.107.0/24 maxlen: 24
216.173.95.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Jul 2025 02:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:e9:2f:2a:6c:39:98:b3:21:8a:f7:c3:89:c1:49:0a:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Jul 8 08:37:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=99faf8cf693d2b7042e1f4aa85b51befdcdf574c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:92:ed:e1:08:2d:41:92:12:16:5a:6c:39:d7:
2d:cb:71:54:20:e2:7e:a7:ae:b4:c9:10:37:6a:43:
7c:21:03:b3:63:11:00:1b:cc:62:61:9f:81:05:e0:
23:61:94:03:bb:6d:40:d4:f6:d9:83:e7:04:0f:f8:
90:f3:04:98:4d:02:02:1c:05:cd:bc:4c:5e:f1:42:
b2:95:9e:4c:51:5d:88:dc:8c:8b:b6:52:a7:be:35:
4e:1d:65:d7:05:de:cb:4c:9f:14:1f:4e:bc:87:fd:
38:33:2b:cb:03:34:a3:c0:b6:6d:c9:c2:08:89:50:
26:70:5e:b2:97:7e:c9:86:5e:2b:95:7c:8b:65:8b:
cc:b3:d0:95:21:0b:cc:ee:b8:1d:9c:e9:96:3f:6f:
84:c8:a6:2d:d2:ba:80:96:15:2e:0c:05:b3:cf:d9:
d3:ce:a3:00:65:6b:fa:67:d2:9a:94:99:35:8b:99:
b8:e5:80:dc:1f:46:ef:7f:93:c6:00:2a:3e:28:c7:
b2:66:85:39:02:32:76:ef:65:65:64:ae:c2:1a:68:
2f:46:bc:4d:d1:c1:cf:8e:4d:06:6d:35:b8:05:b2:
84:e3:f4:69:d7:28:9e:d2:30:b5:78:8b:56:47:2a:
27:1b:4d:04:e2:f2:fc:9e:32:b0:b9:b2:ac:8f:83:
b5:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:FA:F8:CF:69:3D:2B:70:42:E1:F4:AA:85:B5:1B:EF:DC:DF:57:4C
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/mfr4z2k9K3BC4fSqhbUb79zfV0w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.43.162.0/24
104.167.0.0/24
104.239.82.0/24
104.239.98.0/24
204.52.107.0/24
216.173.95.0/24
Signature Algorithm: sha256WithRSAEncryption
4a:30:5e:1a:6e:7c:bc:29:d2:c6:3e:42:51:f6:8e:3d:9e:c3:
42:32:9a:d5:2f:73:58:4e:2c:6c:b0:7d:82:b8:37:36:b4:e9:
e7:5a:ae:ff:52:a3:48:a5:f2:1c:43:ec:cf:e7:76:4c:bd:f7:
6e:f5:35:25:e1:24:56:f9:63:7a:a5:6f:01:ef:40:99:22:95:
41:65:9d:25:5a:61:2b:7b:39:32:52:83:2b:43:70:0b:98:50:
9b:5d:55:4d:5e:9f:fb:91:bb:f5:73:12:4b:3d:fd:df:85:99:
8c:6e:26:ee:fc:07:9f:d7:ef:e6:43:7a:87:9d:54:2c:f0:79:
0b:0a:0c:91:10:41:c5:6b:33:c7:40:4a:bb:e3:38:20:d5:b4:
3f:0d:bf:f2:06:5f:4f:7d:1b:66:28:b5:ed:40:33:d1:80:03:
0d:00:76:22:c4:f8:d0:fc:da:93:b9:65:05:27:56:a6:2d:66:
b6:b1:5a:2b:81:39:f5:f7:06:f0:df:e4:00:c9:b0:b6:da:8c:
77:12:ff:3d:43:b8:11:a0:d4:cd:71:bd:bc:12:b1:a5:70:f7:
0d:78:3f:21:0e:4c:41:3b:e0:8b:01:de:dd:18:66:53:05:7b:
0e:9e:56:05:14:b9:61:32:76:89:dc:f1:b2:79:86:6c:90:87:
8a:e9:2b:bf
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZfpLypsOZizIYr3w4nBSQrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwNzA4MDgzNzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWZhZjhjZjY5M2QyYjcwNDJlMWY0YWE4NWI1MWJlZmRjZGY1NzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpLt4QgtQZISFlpsOdcty3FUIOJ+
p660yRA3akN8IQOzYxEAG8xiYZ+BBeAjYZQDu21A1PbZg+cED/iQ8wSYTQICHAXN
vExe8UKylZ5MUV2I3IyLtlKnvjVOHWXXBd7LTJ8UH068h/04MyvLAzSjwLZtycII
iVAmcF6yl37Jhl4rlXyLZYvMs9CVIQvM7rgdnOmWP2+EyKYt0rqAlhUuDAWzz9nT
zqMAZWv6Z9KalJk1i5m45YDcH0bvf5PGACo+KMeyZoU5AjJ272VlZK7CGmgvRrxN
0cHPjk0GbTW4BbKE4/Rp1yie0jC1eItWRyonG00E4vL8njKwubKsj4O1GQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFJn6+M9pPStwQuH0qoW1G+/c31dMMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvbWZyNHoyazlLM0JDNGZTcWhiVWI3OXpmVjB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALSuiAwQA
aKcAAwQAaO9SAwQAaO9iAwQAzDRrAwQA2K1fMA0GCSqGSIb3DQEBCwUAA4IBAQBK
MF4abny8KdLGPkJR9o49nsNCMprVL3NYTixssH2CuDc2tOnnWq7/UqNIpfIcQ+zP
53ZMvfdu9TUl4SRW+WN6pW8B70CZIpVBZZ0lWmErezkyUoMrQ3ALmFCbXVVNXp/7
kbv1cxJLPf3fhZmMbibu/Aef1+/mQ3qHnVQs8HkLCgyREEHFazPHQEq74zgg1bQ/
Db/yBl9PfRtmKLXtQDPRgAMNAHYixPjQ/NqTuWUFJ1amLWa2sVorgTn19wbw3+QA
ybC22ox3Ev89Q7gRoNTNcb28ErGlcPcNeD8hDkxBO+CLAd7dGGZTBXsOnlYFFLlh
MnaJ3PGyeYZskIeK6Su/
-----END CERTIFICATE-----
Generated at Sat Jul 26 08:19:42 2025 by rpki-client