Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/pa4psCNGpVnlXPr5Xjd5Q4dCGqo.roa
File: pa4psCNGpVnlXPr5Xjd5Q4dCGqo.roa (raw, json)
Hash identifier: 9bWKHfzVg42Te5unuEl+G5osuB65PQ9mG4+hf0aFTzw=
Subject key identifier: A5:AE:29:B0:23:46:A5:59:E5:5C:FA:F9:5E:37:79:43:87:42:1A:AA
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 019811EB48C19E8BFD49FF85EE1D8C37728D
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/pa4psCNGpVnlXPr5Xjd5Q4dCGqo.roa
Signing time: Wed 16 Jul 2025 06:28:08 +0000
ROA not before: Wed 16 Jul 2025 06:28:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 77.242.146.0/23 maxlen: 24
83.137.153.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.232.0/22 maxlen: 24
88.209.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 13:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:11:eb:48:c1:9e:8b:fd:49:ff:85:ee:1d:8c:37:72:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jul 16 06:28:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a5ae29b02346a559e55cfaf95e37794387421aaa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:c3:16:a5:b5:07:99:5c:0b:90:4a:7c:7b:c1:
36:ff:43:cc:0c:0f:d8:9c:48:d8:13:5e:0f:56:75:
7d:2c:7a:b3:68:4d:e2:d7:25:35:8c:29:19:2f:71:
28:7a:bc:08:dc:35:51:e4:e2:30:e2:46:b0:f3:49:
01:19:46:b2:7b:de:de:e2:9d:ae:0a:8f:8e:96:91:
46:5e:3b:f1:90:28:c8:b5:75:d7:8d:73:f9:1b:d5:
fc:13:c7:a4:45:ad:14:56:32:94:20:f3:05:b5:6a:
2f:66:a3:bc:ab:ba:bd:ca:a6:b6:07:d4:ac:d4:90:
88:08:4d:39:13:51:6a:48:d3:7b:e0:fd:dd:79:93:
ab:cb:5f:c7:41:64:3f:78:47:3d:99:c9:fc:5e:09:
0b:a4:46:ce:ec:29:70:d8:bb:5e:f3:37:37:8e:7f:
ea:ef:fa:b5:4e:e6:84:43:aa:2f:52:18:3c:cf:12:
3b:67:2d:14:a9:0d:6f:25:8d:8c:1d:5c:4c:4c:d9:
a5:5e:2b:5f:82:91:99:26:8b:6c:95:d4:77:b9:87:
9c:95:96:a6:62:33:4a:2e:9b:e1:81:ec:19:1c:d4:
80:e1:e1:05:e1:b0:94:8b:7b:01:dd:ea:77:28:5f:
b3:e7:ee:7a:8a:59:63:14:9b:6f:71:b6:4d:9a:ab:
a1:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:AE:29:B0:23:46:A5:59:E5:5C:FA:F9:5E:37:79:43:87:42:1A:AA
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/pa4psCNGpVnlXPr5Xjd5Q4dCGqo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.242.146.0/23
83.137.153.0/24
88.151.56.0/23
88.209.232.0/22
88.209.254.0/24
Signature Algorithm: sha256WithRSAEncryption
36:54:ab:6a:a4:5e:da:05:1b:7c:67:83:89:25:60:8a:0b:ba:
80:51:db:bb:d7:32:f9:81:41:c4:6b:1e:31:0d:66:75:32:93:
86:cc:19:85:8d:e3:ca:9b:ea:39:f6:01:b0:ce:b9:98:92:e0:
f6:70:27:f8:0f:8b:a0:b7:39:9c:64:30:ac:27:73:b5:ce:48:
ff:e3:a0:08:e5:02:b9:25:36:79:1c:24:48:eb:de:64:82:54:
f8:58:51:40:ed:ea:23:ce:d1:1f:36:72:8c:ae:7e:72:89:6a:
8c:ec:2f:35:c9:21:64:83:cd:7f:1b:2b:67:13:62:b1:d6:1b:
cb:ff:6d:71:a0:69:75:41:42:29:35:f7:55:6e:72:84:cf:4e:
b4:ba:fb:f8:87:d6:83:6c:c3:4d:4f:ca:23:42:9b:e3:78:ad:
98:5f:67:09:be:42:d8:c2:98:df:98:97:ea:48:d7:05:cc:fb:
59:39:f2:2e:ff:c2:3f:1f:76:36:3d:76:7d:8c:ae:23:e6:9d:
3e:dd:79:07:94:54:ae:91:e3:78:a9:77:c8:fe:75:0a:bb:c3:
14:11:aa:e1:2d:9a:ce:f0:71:3c:37:43:23:6b:b5:13:3d:8a:
0d:67:20:70:cd:4d:4a:de:10:66:72:f5:eb:09:ec:d4:6a:4a:
f9:7c:4d:08
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZgR60jBnov9Sf+F7h2MN3KNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwNzE2MDYyODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWFlMjliMDIzNDZhNTU5ZTU1Y2ZhZjk1ZTM3Nzk0Mzg3NDIxYWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMMWpbUHmVwLkEp8e8E2/0PMDA/Y
nEjYE14PVnV9LHqzaE3i1yU1jCkZL3EoerwI3DVR5OIw4kaw80kBGUaye97e4p2u
Co+OlpFGXjvxkCjItXXXjXP5G9X8E8ekRa0UVjKUIPMFtWovZqO8q7q9yqa2B9Ss
1JCICE05E1FqSNN74P3deZOry1/HQWQ/eEc9mcn8XgkLpEbO7Clw2Lte8zc3jn/q
7/q1TuaEQ6ovUhg8zxI7Zy0UqQ1vJY2MHVxMTNmlXitfgpGZJotsldR3uYeclZam
YjNKLpvhgewZHNSA4eEF4bCUi3sB3ep3KF+z5+56illjFJtvcbZNmquhZQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFKWuKbAjRqVZ5Vz6+V43eUOHQhqqMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvcGE0cHNDTkdwVm5sWFByNVhqZDVRNGRDR3FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBTfKSAwQA
U4mZAwQBWJc4AwQCWNHoAwQAWNH+MA0GCSqGSIb3DQEBCwUAA4IBAQA2VKtqpF7a
BRt8Z4OJJWCKC7qAUdu71zL5gUHEax4xDWZ1MpOGzBmFjePKm+o59gGwzrmYkuD2
cCf4D4ugtzmcZDCsJ3O1zkj/46AI5QK5JTZ5HCRI695kglT4WFFA7eojztEfNnKM
rn5yiWqM7C81ySFkg81/GytnE2Kx1hvL/21xoGl1QUIpNfdVbnKEz060uvv4h9aD
bMNNT8ojQpvjeK2YX2cJvkLYwpjfmJfqSNcFzPtZOfIu/8I/H3Y2PXZ9jK4j5p0+
3XkHlFSukeN4qXfI/nUKu8MUEarhLZrO8HE8N0Mja7UTPYoNZyBwzU1K3hBmcvXr
CezUakr5fE0I
-----END CERTIFICATE-----
Generated at Sun Jul 20 20:13:51 2025 by rpki-client