Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/Y4y_3m4POfZlVUhwqm0uVd4P9vQ.roa
File: Y4y_3m4POfZlVUhwqm0uVd4P9vQ.roa (raw, json)
Hash identifier: dZrOM2p3noTvf6KyFY1PrTf2FDGKF1aorRCqRis2DzA=
Subject key identifier: 63:8C:BF:DE:6E:0F:39:F6:65:55:48:70:AA:6D:2E:55:DE:0F:F6:F4
Certificate issuer: /CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
Certificate serial: 019903B0196C16120CF4B7395EF649491EE7
Authority key identifier: E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/Y4y_3m4POfZlVUhwqm0uVd4P9vQ.roa
Signing time: Mon 01 Sep 2025 05:11:36 +0000
ROA not before: Mon 01 Sep 2025 05:11:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 396982
IP address blocks: 212.38.240.0/24 maxlen: 24
212.38.241.0/24 maxlen: 24
212.38.242.0/24 maxlen: 24
212.38.243.0/24 maxlen: 24
212.38.244.0/24 maxlen: 24
2001:671:fc00::/40 maxlen: 40
2001:671:fd00::/40 maxlen: 40
2001:671:fe00::/40 maxlen: 40
2001:671:ff00::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl
rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.mft
rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Sep 2025 10:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:03:b0:19:6c:16:12:0c:f4:b7:39:5e:f6:49:49:1e:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
Validity
Not Before: Sep 1 05:11:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=638cbfde6e0f39f665554870aa6d2e55de0ff6f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:00:80:88:93:4a:86:58:a9:2a:cb:8e:6c:d6:
19:92:ec:54:d1:ca:85:d5:51:a1:19:a5:ce:9e:52:
58:2c:54:8a:b0:27:06:de:e4:ff:74:06:0b:74:ec:
37:fc:b6:1b:e1:45:6b:7d:7e:ad:80:7a:d7:c3:f6:
e4:a8:4a:93:ed:8d:27:b1:40:a9:76:80:dc:a2:7f:
b5:b3:82:3c:ed:5d:33:c7:52:65:7f:af:3a:76:63:
eb:b2:df:f1:bb:af:54:9e:fb:76:ca:e9:a1:2b:c4:
97:a9:bb:b2:93:28:16:47:a0:03:b3:f4:44:4c:fc:
05:ae:cf:62:6b:85:55:08:f6:50:a0:7a:8c:3e:aa:
0c:49:5c:d1:6b:5d:fc:24:bb:71:9c:36:1c:17:0a:
a2:43:18:c5:45:9f:06:45:3a:d1:c0:d7:0f:ad:5b:
8e:69:3f:6f:e1:cf:e6:6a:99:6f:72:12:be:ee:ad:
0e:e9:9a:c2:5a:6f:db:29:db:17:95:cb:d1:1c:d3:
56:c9:da:ec:9e:4a:97:e5:52:63:a3:e0:25:d8:01:
f6:eb:2d:46:2b:50:38:62:12:aa:72:5e:18:ab:53:
3a:60:e3:a7:0f:f3:e1:5c:da:ad:9c:16:d0:b9:80:
77:db:b6:82:c4:49:7b:c5:9e:62:a3:f8:25:3d:99:
b9:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:8C:BF:DE:6E:0F:39:F6:65:55:48:70:AA:6D:2E:55:DE:0F:F6:F4
X509v3 Authority Key Identifier:
keyid:E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/Y4y_3m4POfZlVUhwqm0uVd4P9vQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.38.240.0-212.38.244.255
IPv6:
2001:671:fc00::/38
Signature Algorithm: sha256WithRSAEncryption
40:12:c1:01:1e:8f:92:e8:2f:33:94:0a:64:9d:d7:b6:90:e0:
28:45:5c:7f:72:e2:c4:13:31:80:bf:e9:07:95:b1:12:2f:04:
6c:01:54:c1:2b:63:a4:a4:7f:7d:c7:0e:e7:e2:bb:39:bb:b1:
90:b5:2b:d6:79:c5:f0:f5:d9:68:39:2c:11:c8:29:0a:4f:a0:
7d:e7:29:12:a6:3c:6f:68:2e:40:59:73:3e:f1:73:97:80:23:
74:2f:85:3b:9f:63:0a:6d:9b:ab:01:d3:85:b9:28:71:d9:49:
64:d9:13:6b:37:c0:04:5b:34:b0:31:49:1a:f5:f1:a6:8c:43:
c2:64:dd:b4:77:41:48:e9:54:b6:90:71:24:ae:a2:a6:e1:44:
c1:9a:a0:c5:2a:a7:1a:23:85:ec:35:2a:17:49:ab:f2:e2:33:
1d:69:a7:32:55:c6:c6:3a:8b:21:f7:98:f0:43:c9:5a:60:64:
d0:f7:aa:40:0e:00:f7:12:b9:28:36:c3:b8:f7:d6:8b:d5:ef:
f6:f5:11:62:5c:22:a5:c8:59:25:ff:a3:fa:3b:3a:ed:12:aa:
b6:2c:9a:41:2e:7a:14:13:b2:7b:0a:4a:67:10:2f:f8:04:e7:
2b:d7:8d:a6:66:72:18:54:67:23:15:c0:0f:d2:55:90:66:79:
f8:7a:c0:07
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZkDsBlsFhIM9Lc5XvZJSR7nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZGVlMWIwNmJhMjRhNjc2MjEzZjk3NmE0YjUwYzEyOWRj
YjJiNzMwHhcNMjUwOTAxMDUxMTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzhjYmZkZTZlMGYzOWY2NjU1NTQ4NzBhYTZkMmU1NWRlMGZmNmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwCAiJNKhlipKsuObNYZkuxU0cqF
1VGhGaXOnlJYLFSKsCcG3uT/dAYLdOw3/LYb4UVrfX6tgHrXw/bkqEqT7Y0nsUCp
doDcon+1s4I87V0zx1Jlf686dmPrst/xu69Unvt2yumhK8SXqbuykygWR6ADs/RE
TPwFrs9ia4VVCPZQoHqMPqoMSVzRa138JLtxnDYcFwqiQxjFRZ8GRTrRwNcPrVuO
aT9v4c/maplvchK+7q0O6ZrCWm/bKdsXlcvRHNNWydrsnkqX5VJjo+Al2AH26y1G
K1A4YhKqcl4Yq1M6YOOnD/PhXNqtnBbQuYB327aCxEl7xZ5io/glPZm5XQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFGOMv95uDzn2ZVVIcKptLlXeD/b0MB8GA1UdIwQY
MBaAFODe4bBrokpnYhP5dqS1DBKdyytzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMt
MTVlOTBiZjg3ZmFiLzEvWTR5XzNtNFBPZlpsVlVod3FtMHVWZDRQOXZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMtMTVlOTBiZjg3ZmFi
LzEvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAUBAIAATAOMAwDBATUJvAD
BADUJvQwDgQCAAIwCAMGAiABBnH8MA0GCSqGSIb3DQEBCwUAA4IBAQBAEsEBHo+S
6C8zlApknde2kOAoRVx/cuLEEzGAv+kHlbESLwRsAVTBK2OkpH99xw7n4rs5u7GQ
tSvWecXw9dloOSwRyCkKT6B95ykSpjxvaC5AWXM+8XOXgCN0L4U7n2MKbZurAdOF
uShx2Ulk2RNrN8AEWzSwMUka9fGmjEPCZN20d0FI6VS2kHEkrqKm4UTBmqDFKqca
I4XsNSoXSavy4jMdaacyVcbGOosh95jwQ8laYGTQ96pADgD3ErkoNsO499aL1e/2
9RFiXCKlyFkl/6P6OzrtEqq2LJpBLnoUE7J7CkpnEC/4BOcr142mZnIYVGcjFcAP
0lWQZnn4esAH
-----END CERTIFICATE-----
Generated at Wed Sep 10 18:55:17 2025 by rpki-client