Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/U4Qf3m-_lNgbhUmqZq5v74L6z8c.roa
File: U4Qf3m-_lNgbhUmqZq5v74L6z8c.roa (raw, json)
Hash identifier: VPMPk5mnIfEXtcNt7+oZ4szv7YRKEbtC396WPss+pnE=
Subject key identifier: 53:84:1F:DE:6F:BF:94:D8:1B:85:49:AA:66:AE:6F:EF:82:FA:CF:C7
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0197FA23F1B2AF292FA37D623A452E40BE36
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/U4Qf3m-_lNgbhUmqZq5v74L6z8c.roa
Signing time: Fri 11 Jul 2025 15:39:09 +0000
ROA not before: Fri 11 Jul 2025 15:39:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 36530
IP address blocks: 82.152.142.0/24 maxlen: 24
89.213.104.0/24 maxlen: 24
89.213.123.0/24 maxlen: 24
213.210.52.0/24 maxlen: 24
213.210.53.0/24 maxlen: 24
217.145.75.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 06:21:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:fa:23:f1:b2:af:29:2f:a3:7d:62:3a:45:2e:40:be:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jul 11 15:39:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=53841fde6fbf94d81b8549aa66ae6fef82facfc7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:fa:aa:5b:23:60:5a:60:4b:63:af:21:3d:99:
30:13:cf:af:df:eb:60:7d:f3:39:aa:9b:30:f8:66:
e0:a2:d6:2a:0b:48:3b:a8:34:6b:8c:78:f4:b4:ff:
ce:2c:f5:15:c9:c5:8d:b6:4d:9f:97:23:1d:e8:17:
30:2a:37:b3:1a:62:a1:f4:f3:f7:08:f0:f2:83:37:
8d:31:dd:fb:4d:bf:3e:04:7f:15:16:b5:a8:98:8b:
f6:d2:b5:ba:7d:46:26:34:e7:cc:ab:c5:2a:39:a0:
ce:17:81:20:83:47:51:84:5b:58:b9:cb:bb:f6:42:
aa:63:7b:58:2f:44:98:39:e7:9a:96:4f:bc:1e:41:
d5:0d:fa:9c:9f:43:8a:bf:d9:ad:4e:64:80:cd:4e:
e5:a9:ff:da:9a:42:0a:5e:1c:25:fb:85:e0:77:b8:
ff:7d:af:f4:3f:c6:22:97:29:43:db:23:e1:c9:16:
11:fd:f0:00:05:8c:e5:93:3d:7b:f4:91:9c:89:3a:
0b:f6:03:78:2d:d3:d7:f8:69:6b:e3:d2:19:73:6f:
33:fa:5b:85:1e:57:4b:7f:d0:11:ed:10:d8:22:b4:
3c:99:3b:56:b3:54:55:d8:09:09:8f:12:0a:d5:dc:
f9:ad:24:37:dc:86:54:1e:e5:a7:39:c0:79:13:ed:
63:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:84:1F:DE:6F:BF:94:D8:1B:85:49:AA:66:AE:6F:EF:82:FA:CF:C7
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/U4Qf3m-_lNgbhUmqZq5v74L6z8c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.142.0/24
89.213.104.0/24
89.213.123.0/24
213.210.52.0/23
217.145.75.0/24
Signature Algorithm: sha256WithRSAEncryption
27:20:a0:1a:cf:68:61:45:44:67:50:62:85:83:5d:66:77:ca:
63:d6:47:66:a9:c9:31:55:af:30:00:26:eb:88:87:a7:f4:79:
b6:e7:44:5f:6c:fa:f4:10:a3:09:e7:6c:fd:4f:42:12:5d:da:
57:21:2d:89:09:f3:1f:ee:61:84:26:8d:84:e7:a7:cc:3f:7e:
01:a4:2a:3f:28:8f:d4:81:e5:59:5a:8a:69:61:6e:3f:c9:84:
fe:30:08:6e:39:89:91:89:a8:43:25:24:c2:0c:a1:f2:5a:ce:
dc:2a:ac:9e:7c:0a:e6:5a:de:9a:9b:18:88:ff:a6:8b:ab:a9:
f0:af:6d:79:08:bf:39:0e:9a:5e:ae:8f:7b:96:62:5b:4b:80:
ff:cf:7c:6c:45:f4:27:5d:4c:9a:10:2e:f5:74:28:42:64:5a:
7a:e5:87:1a:de:60:35:8a:20:b4:ed:5f:17:c4:00:17:98:bb:
6a:fe:b3:15:6b:66:da:c9:44:b2:78:c1:49:ee:ea:af:4c:71:
78:9e:ab:92:38:06:00:ff:0c:83:d2:5b:70:c2:db:85:8f:16:
af:2c:6a:56:46:51:7b:6a:81:c7:3d:58:59:03:ab:67:ca:07:
58:a6:c2:f4:31:51:e6:a8:5e:24:b5:d7:8b:48:31:20:a6:ed:
ad:3a:90:00
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZf6I/Gyrykvo31iOkUuQL42MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzExMTUzOTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mzg0MWZkZTZmYmY5NGQ4MWI4NTQ5YWE2NmFlNmZlZjgyZmFjZmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofqqWyNgWmBLY68hPZkwE8+v3+tg
ffM5qpsw+GbgotYqC0g7qDRrjHj0tP/OLPUVycWNtk2flyMd6BcwKjezGmKh9PP3
CPDygzeNMd37Tb8+BH8VFrWomIv20rW6fUYmNOfMq8UqOaDOF4Egg0dRhFtYucu7
9kKqY3tYL0SYOeealk+8HkHVDfqcn0OKv9mtTmSAzU7lqf/amkIKXhwl+4Xgd7j/
fa/0P8YilylD2yPhyRYR/fAABYzlkz179JGciToL9gN4LdPX+Glr49IZc28z+luF
HldLf9AR7RDYIrQ8mTtWs1RV2AkJjxIK1dz5rSQ33IZUHuWnOcB5E+1jbwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFFOEH95vv5TYG4VJqmaub++C+s/HMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVTRRZjNtLV9sTmdiaFVtcVpxNXY3NEw2ejhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAUpiOAwQA
WdVoAwQAWdV7AwQB1dI0AwQA2ZFLMA0GCSqGSIb3DQEBCwUAA4IBAQAnIKAaz2hh
RURnUGKFg11md8pj1kdmqckxVa8wACbriIen9Hm250RfbPr0EKMJ52z9T0ISXdpX
IS2JCfMf7mGEJo2E56fMP34BpCo/KI/UgeVZWoppYW4/yYT+MAhuOYmRiahDJSTC
DKHyWs7cKqyefArmWt6amxiI/6aLq6nwr215CL85Dppero97lmJbS4D/z3xsRfQn
XUyaEC71dChCZFp65Yca3mA1iiC07V8XxAAXmLtq/rMVa2bayUSyeMFJ7uqvTHF4
nquSOAYA/wyD0ltwwtuFjxavLGpWRlF7aoHHPVhZA6tnygdYpsL0MVHmqF4ktdeL
SDEgpu2tOpAA
-----END CERTIFICATE-----
Generated at Sun Jul 20 15:01:59 2025 by rpki-client