Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4VY7qG-nqqcClJU2KrxZOYA0wog.roa
File: 4VY7qG-nqqcClJU2KrxZOYA0wog.roa (raw, json)
Hash identifier: nS3i2e+JkZVDpfYN6DkuFLuG+4xppwlM1LVfWhKYNdA=
Subject key identifier: E1:56:3B:A8:6F:A7:AA:A7:02:94:95:36:2A:BC:59:39:80:34:C2:88
Certificate issuer: /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial: 0199CEE29120D3726814CDF17C219AB62CFC
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4VY7qG-nqqcClJU2KrxZOYA0wog.roa
Signing time: Fri 10 Oct 2025 16:09:38 +0000
ROA not before: Fri 10 Oct 2025 16:09:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 163.5.36.0/24 maxlen: 24
163.5.82.0/24 maxlen: 24
163.5.87.0/24 maxlen: 24
163.5.95.0/24 maxlen: 24
163.5.99.0/24 maxlen: 24
163.5.136.0/24 maxlen: 24
163.5.181.0/24 maxlen: 24
163.5.202.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 01:22:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:ce:e2:91:20:d3:72:68:14:cd:f1:7c:21:9a:b6:2c:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Validity
Not Before: Oct 10 16:09:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e1563ba86fa7aaa7029495362abc59398034c288
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:ce:3a:9c:d5:30:ab:c4:c8:c7:75:10:cf:45:
34:36:44:ba:99:fe:b7:78:b3:c5:6c:7a:6f:b2:fa:
d2:6a:f2:58:01:62:b7:3a:28:b8:47:b8:da:64:da:
08:36:69:80:4d:cc:cb:a7:b0:5c:10:e3:64:70:fb:
51:75:ec:5a:90:37:93:96:7f:4b:b8:a0:0b:11:ec:
19:0b:fd:f1:19:f0:42:4b:fd:03:da:d4:cd:67:ff:
a5:6b:9d:6e:29:8d:5c:60:c9:1e:ef:e6:6c:1c:7f:
a7:f8:f7:cf:b8:51:e8:ed:58:b3:9a:66:90:fe:6d:
63:e0:5d:80:16:00:2b:8d:fe:72:13:ad:97:58:42:
bd:58:35:55:2e:20:09:04:8d:46:a7:14:b9:53:ef:
f9:1b:2f:ab:22:a3:cd:51:78:ff:e5:23:9b:37:39:
5f:48:7e:5d:3c:af:52:a9:18:2b:32:37:66:e5:d2:
53:cb:40:2f:c3:40:f4:d5:46:da:fe:2e:8f:98:8a:
58:9c:d6:ec:9f:52:91:aa:19:d9:52:fe:ad:cc:d4:
b1:77:6c:e3:3f:a2:f1:46:df:1b:75:75:4f:4e:de:
7c:a0:40:a5:f8:b2:78:42:fe:5f:25:75:ae:b8:4b:
e0:78:9f:c9:ab:a4:f5:5f:83:6e:68:57:ae:5a:87:
89:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:56:3B:A8:6F:A7:AA:A7:02:94:95:36:2A:BC:59:39:80:34:C2:88
X509v3 Authority Key Identifier:
keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4VY7qG-nqqcClJU2KrxZOYA0wog.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
163.5.36.0/24
163.5.82.0/24
163.5.87.0/24
163.5.95.0/24
163.5.99.0/24
163.5.136.0/24
163.5.181.0/24
163.5.202.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:0b:2c:0c:96:4c:89:5d:a7:77:95:70:62:6b:8e:ee:7b:5b:
9e:0e:b3:70:52:b3:ec:be:ca:20:85:41:6a:e9:7b:71:71:fc:
f0:ba:65:14:f1:94:b8:5d:75:ac:49:f4:dc:a1:f7:6f:6d:15:
5c:cd:1a:cf:d9:24:77:3b:e3:4f:f3:91:6f:ea:d5:54:8b:21:
4b:e1:ef:12:32:b2:49:3c:2f:54:2c:08:24:69:68:61:85:10:
13:d3:32:a2:b1:2a:4d:d0:87:95:11:d6:b0:36:9b:05:2c:e3:
07:8f:10:24:c3:35:4d:81:7d:4f:8d:16:b5:3c:d8:f1:45:5d:
16:1b:4d:d2:69:d8:70:7f:55:42:e8:2e:a7:24:36:f2:b0:25:
08:dc:02:e1:e6:86:a0:09:79:a2:58:34:a5:50:52:46:f6:aa:
4b:ca:7d:74:ad:e8:a0:7e:b3:60:5f:e4:4d:ed:c0:c6:06:59:
2a:40:05:09:dc:39:0e:1a:b3:d8:fd:0a:e3:de:a0:a9:74:f4:
b2:a4:cb:e5:3d:f9:eb:e0:c3:9d:69:cd:5b:f7:98:bc:de:78:
5f:9c:ac:ea:b9:d4:ef:ef:af:76:20:a5:2d:b7:1f:2c:8d:58:
83:3b:1d:68:bb:5a:ec:61:8c:32:8e:b8:4b:59:eb:6e:cf:61:
fb:c5:95:f0
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZnO4pEg03JoFM3xfCGatiz8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUxMDEwMTYwOTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTU2M2JhODZmYTdhYWE3MDI5NDk1MzYyYWJjNTkzOTgwMzRjMjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAss46nNUwq8TIx3UQz0U0NkS6mf63
eLPFbHpvsvrSavJYAWK3Oii4R7jaZNoINmmATczLp7BcEONkcPtRdexakDeTln9L
uKALEewZC/3xGfBCS/0D2tTNZ/+la51uKY1cYMke7+ZsHH+n+PfPuFHo7VizmmaQ
/m1j4F2AFgArjf5yE62XWEK9WDVVLiAJBI1GpxS5U+/5Gy+rIqPNUXj/5SObNzlf
SH5dPK9SqRgrMjdm5dJTy0Avw0D01Uba/i6PmIpYnNbsn1KRqhnZUv6tzNSxd2zj
P6LxRt8bdXVPTt58oECl+LJ4Qv5fJXWuuEvgeJ/Jq6T1X4NuaFeuWoeJGQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFOFWO6hvp6qnApSVNiq8WTmANMKIMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvNFZZN3FHLW5xcWNDbEpVMktyeFpPWUEwd29nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAowUkAwQA
owVSAwQAowVXAwQAowVfAwQAowVjAwQAowWIAwQAowW1AwQAowXKMA0GCSqGSIb3
DQEBCwUAA4IBAQBrCywMlkyJXad3lXBia47ue1ueDrNwUrPsvsoghUFq6Xtxcfzw
umUU8ZS4XXWsSfTcofdvbRVczRrP2SR3O+NP85Fv6tVUiyFL4e8SMrJJPC9ULAgk
aWhhhRAT0zKisSpN0IeVEdawNpsFLOMHjxAkwzVNgX1PjRa1PNjxRV0WG03Sadhw
f1VC6C6nJDbysCUI3ALh5oagCXmiWDSlUFJG9qpLyn10reigfrNgX+RN7cDGBlkq
QAUJ3DkOGrPY/Qrj3qCpdPSypMvlPfnr4MOdac1b95i83nhfnKzqudTv7692IKUt
tx8sjViDOx1ou1rsYYwyjrhLWetuz2H7xZXw
-----END CERTIFICATE-----
Generated at Sun Oct 19 08:29:48 2025 by rpki-client