Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/Vk-tGAmV5TZofFrkU8NsN6eg260.roa
File: Vk-tGAmV5TZofFrkU8NsN6eg260.roa (raw, json)
Hash identifier: n+OnJ5MdOwQk0fYvXBBSZ9AYECq0X6y6UCleUqQHa9c=
Subject key identifier: 56:4F:AD:18:09:95:E5:36:68:7C:5A:E4:53:C3:6C:37:A7:A0:DB:AD
Certificate issuer: /CN=a14e499240cea588541a7dc74f321c9141744bb6
Certificate serial: 01983957FF7C7066DF6AAFF4AB9168A22F90
Authority key identifier: A1:4E:49:92:40:CE:A5:88:54:1A:7D:C7:4F:32:1C:91:41:74:4B:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/Vk-tGAmV5TZofFrkU8NsN6eg260.roa
Signing time: Wed 23 Jul 2025 22:12:04 +0000
ROA not before: Wed 23 Jul 2025 22:12:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49603
IP address blocks: 46.19.152.0/21 maxlen: 24
185.88.60.0/22 maxlen: 24
2a02:2980::/32 maxlen: 32
2a05:ca80::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/oU5JkkDOpYhUGn3HTzIckUF0S7Y.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/oU5JkkDOpYhUGn3HTzIckUF0S7Y.mft
rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 26 Jul 2025 08:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:39:57:ff:7c:70:66:df:6a:af:f4:ab:91:68:a2:2f:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a14e499240cea588541a7dc74f321c9141744bb6
Validity
Not Before: Jul 23 22:12:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=564fad180995e536687c5ae453c36c37a7a0dbad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:43:62:8c:c9:76:dd:69:34:71:87:e5:da:31:
fc:4f:ff:15:5d:d6:51:09:23:30:fe:27:35:9c:c8:
d7:24:f9:36:dc:b6:08:e5:e7:57:e6:db:8b:a4:c0:
4e:18:b4:26:2f:95:6a:bc:ae:d9:1c:5c:1b:50:50:
42:b5:82:ab:4d:9a:e1:2b:23:a8:2a:12:b8:ef:01:
a5:d8:c5:f6:93:be:e6:78:d0:c9:2a:22:82:77:ae:
c8:e9:57:14:1b:27:12:e7:c2:ac:01:91:ec:49:7a:
08:6d:1f:63:7e:7e:f1:c5:1c:fe:f6:ec:8b:d1:72:
05:b5:7d:4c:5b:83:4d:f3:4c:7c:eb:29:d9:d7:7a:
78:14:5c:70:a4:db:35:3f:81:aa:7b:a3:99:6c:dd:
d7:43:9e:c3:62:37:1c:83:8a:1e:92:f5:a5:c8:e6:
e6:7c:b2:82:29:47:53:45:46:80:2a:87:ba:ea:9b:
f9:37:45:0f:fa:99:3d:8a:ed:31:ef:0e:cb:a9:f7:
6b:a7:ee:d6:96:d1:85:93:ad:9a:9d:93:87:ff:f1:
eb:c8:9e:71:e2:e1:00:12:e3:36:91:ff:9f:fa:d4:
f0:1b:02:ee:02:a6:45:5e:fa:3f:55:05:d1:60:71:
0c:65:d7:94:e0:17:1b:98:79:3e:32:5d:c5:54:9a:
93:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:4F:AD:18:09:95:E5:36:68:7C:5A:E4:53:C3:6C:37:A7:A0:DB:AD
X509v3 Authority Key Identifier:
keyid:A1:4E:49:92:40:CE:A5:88:54:1A:7D:C7:4F:32:1C:91:41:74:4B:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/Vk-tGAmV5TZofFrkU8NsN6eg260.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/oU5JkkDOpYhUGn3HTzIckUF0S7Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.19.152.0/21
185.88.60.0/22
IPv6:
2a02:2980::/32
2a05:ca80::/29
Signature Algorithm: sha256WithRSAEncryption
26:9a:22:1b:7e:ac:71:82:e9:14:41:7e:e3:ae:6f:26:2c:66:
72:a6:11:28:35:05:6d:5a:9c:0d:be:ea:f0:fd:9b:46:a8:40:
b2:06:55:48:eb:e0:30:e4:d6:b5:0c:9a:ac:c9:cb:26:86:f6:
ea:6a:f3:80:3a:c4:07:0f:82:be:82:e3:f9:4e:4c:5c:96:e7:
18:67:db:79:0c:c9:18:01:2c:39:7a:c7:41:3c:b9:7e:9a:bc:
52:39:77:3a:c2:82:f9:3b:5f:22:0f:12:d9:ef:8a:6b:4b:d5:
e0:d7:05:8d:1e:cb:46:07:c5:f8:f6:67:ab:96:d0:0d:24:84:
0b:a6:2a:9d:1c:1a:5f:db:ae:9f:3f:79:e9:f4:b9:43:47:b0:
1c:57:ea:a2:91:c6:f7:6f:62:e7:65:52:bf:84:e0:b1:30:54:
5c:1b:16:4d:a9:b6:cf:b3:8f:9a:24:16:e6:21:19:fe:e4:ce:
a2:bc:af:83:0e:bb:9c:65:08:92:65:6f:05:2e:c2:3f:37:e9:
70:cd:68:10:73:d0:44:0d:50:58:6a:90:5e:29:42:f3:73:05:
29:5c:13:81:36:69:10:a6:96:a8:77:d3:2f:51:06:1a:10:e1:
88:0c:dc:7a:a6:4d:0e:4f:29:84:63:73:b8:46:64:e1:dd:cf:
4e:41:c5:a2
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZg5V/98cGbfaq/0q5Fooi+QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNGU0OTkyNDBjZWE1ODg1NDFhN2RjNzRmMzIxYzkxNDE3
NDRiYjYwHhcNMjUwNzIzMjIxMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjRmYWQxODA5OTVlNTM2Njg3YzVhZTQ1M2MzNmMzN2E3YTBkYmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUNijMl23Wk0cYfl2jH8T/8VXdZR
CSMw/ic1nMjXJPk23LYI5edX5tuLpMBOGLQmL5VqvK7ZHFwbUFBCtYKrTZrhKyOo
KhK47wGl2MX2k77meNDJKiKCd67I6VcUGycS58KsAZHsSXoIbR9jfn7xxRz+9uyL
0XIFtX1MW4NN80x86ynZ13p4FFxwpNs1P4Gqe6OZbN3XQ57DYjccg4oekvWlyObm
fLKCKUdTRUaAKoe66pv5N0UP+pk9iu0x7w7Lqfdrp+7WltGFk62anZOH//HryJ5x
4uEAEuM2kf+f+tTwGwLuAqZFXvo/VQXRYHEMZdeU4BcbmHk+Ml3FVJqTxwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFFZPrRgJleU2aHxa5FPDbDenoNutMB8GA1UdIwQY
MBaAFKFOSZJAzqWIVBp9x08yHJFBdEu2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1U1SmtrRE9wWWhVR24zSFR6SWNrVUYwUzdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8wODI4ZTctMWU1Ny00NzQ3LThlYTEt
MzZhODA4ZjNkMTRkLzEvVmstdEdBbVY1VFpvZkZya1U4TnNONmVnMjYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8wODI4ZTctMWU1Ny00NzQ3LThlYTEtMzZhODA4ZjNkMTRk
LzEvb1U1SmtrRE9wWWhVR24zSFR6SWNrVUYwUzdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQDLhOYAwQC
uVg8MBQEAgACMA4DBQAqAimAAwUDKgXKgDANBgkqhkiG9w0BAQsFAAOCAQEAJpoi
G36scYLpFEF+465vJixmcqYRKDUFbVqcDb7q8P2bRqhAsgZVSOvgMOTWtQyarMnL
Job26mrzgDrEBw+CvoLj+U5MXJbnGGfbeQzJGAEsOXrHQTy5fpq8Ujl3OsKC+Ttf
Ig8S2e+Ka0vV4NcFjR7LRgfF+PZnq5bQDSSEC6YqnRwaX9uunz956fS5Q0ewHFfq
opHG929i52VSv4TgsTBUXBsWTam2z7OPmiQW5iEZ/uTOoryvgw67nGUIkmVvBS7C
PzfpcM1oEHPQRA1QWGqQXilC83MFKVwTgTZpEKaWqHfTL1EGGhDhiAzceqZNDk8p
hGNzuEZk4d3PTkHFog==
-----END CERTIFICATE-----
Generated at Fri Jul 25 14:00:21 2025 by rpki-client