Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/XRqT75FMCujKOLdj3yOK3RX_q4A.roa
File: XRqT75FMCujKOLdj3yOK3RX_q4A.roa (raw, json)
Hash identifier: nt7rRS0CI+nu2xhkCGeXeB3lTOLjkITAImd3n/vfkfU=
Subject key identifier: 5D:1A:93:EF:91:4C:0A:E8:CA:38:B7:63:DF:23:8A:DD:15:FF:AB:80
Certificate issuer: /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial: 019730E3B37820E769C59D375D67CDEC7D33
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/XRqT75FMCujKOLdj3yOK3RX_q4A.roa
Signing time: Mon 02 Jun 2025 13:45:18 +0000
ROA not before: Mon 02 Jun 2025 13:45:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209024
IP address blocks: 176.109.64.0/24 maxlen: 24
176.109.65.0/24 maxlen: 24
176.109.66.0/24 maxlen: 24
176.109.68.0/24 maxlen: 24
176.109.69.0/24 maxlen: 24
176.109.70.0/24 maxlen: 24
178.236.24.0/24 maxlen: 24
2a02:28:d::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 11:24:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:30:e3:b3:78:20:e7:69:c5:9d:37:5d:67:cd:ec:7d:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Validity
Not Before: Jun 2 13:45:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5d1a93ef914c0ae8ca38b763df238add15ffab80
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:ca:e2:72:73:0b:f4:2c:30:ec:67:df:04:2c:
35:a5:0c:d5:a4:f9:2d:07:cd:9a:36:35:79:4e:f9:
95:60:fa:41:e9:b8:9c:ae:98:b9:91:31:b8:14:a8:
10:f8:4e:4e:ac:a6:dc:52:fe:fb:17:0c:f6:7a:66:
58:c1:2c:71:7e:ba:e6:74:a5:01:43:99:50:ab:62:
3d:8d:4d:30:76:31:1e:c1:b2:13:e3:90:4e:31:3a:
51:e6:62:bf:34:c1:2c:5e:b0:51:3b:7a:df:91:d7:
e9:8b:ea:8f:3c:27:68:25:25:8e:39:f6:52:0a:33:
6d:4d:21:d5:1e:a2:bd:f8:da:00:5f:77:81:57:0b:
cb:25:3e:10:97:52:3c:50:66:e3:c8:e2:98:34:c2:
3a:f4:62:90:69:f4:29:f6:23:07:db:27:c7:59:f8:
b1:7e:18:3d:67:1f:ce:a2:04:7b:40:7c:1c:74:40:
86:66:c6:8b:a4:1b:27:ea:8e:63:69:84:c9:b3:97:
f3:ce:3f:35:2c:e4:d5:37:6c:09:0b:8e:db:ee:bd:
a9:79:95:a3:86:17:8b:e0:e4:95:60:18:c1:f9:d3:
fb:0d:92:0c:73:f3:a6:66:1a:a2:5d:27:e1:f6:78:
12:c6:d8:04:d1:c0:07:2f:e0:09:54:0f:1c:c5:36:
ef:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:1A:93:EF:91:4C:0A:E8:CA:38:B7:63:DF:23:8A:DD:15:FF:AB:80
X509v3 Authority Key Identifier:
keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/XRqT75FMCujKOLdj3yOK3RX_q4A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.109.64.0-176.109.66.255
176.109.68.0-176.109.70.255
178.236.24.0/24
IPv6:
2a02:28:d::/48
Signature Algorithm: sha256WithRSAEncryption
46:32:7b:85:d8:8f:fb:6c:1e:de:e7:21:5f:fa:d4:69:d9:2f:
11:74:41:6b:cc:c0:b0:61:36:99:22:1e:ae:9d:54:38:56:f5:
5c:89:8f:3b:6e:e9:75:96:26:d7:4b:83:f0:72:06:87:85:c4:
f9:3f:6b:29:62:79:cc:14:8e:38:db:c8:1b:59:bc:9e:4d:bd:
ea:0b:92:db:f8:af:72:d8:48:ac:ef:b7:06:16:ef:9a:68:81:
b6:e7:20:71:e4:d6:65:ef:5b:00:b4:c9:bf:96:04:23:8f:e3:
19:0d:71:92:a5:d9:05:66:d4:76:dd:2a:0a:58:f2:1f:df:77:
d6:f6:8b:c0:7c:f5:a1:30:03:74:b1:bf:d7:7b:33:3a:33:0a:
d7:fb:f8:f1:9f:2e:e6:f2:58:3a:9e:a6:b3:03:bb:3b:5c:45:
02:2a:57:a6:c6:73:ea:54:e4:c3:7b:36:05:27:84:34:bb:e5:
a4:f3:78:cf:b1:72:9e:c0:13:b1:8a:1c:52:10:08:d2:7a:67:
da:14:27:5e:b0:aa:21:96:3d:c8:67:24:d8:cf:ea:bf:f0:98:
c0:f3:89:b7:e1:9e:6b:60:0d:db:59:28:0d:32:8f:0e:62:f1:
30:a1:63:85:8d:e2:73:76:18:a8:0b:ef:91:82:ac:15:ff:d1:
b5:c3:82:b0
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZcw47N4IOdpxZ03XWfN7H0zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjUwNjAyMTM0NTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDFhOTNlZjkxNGMwYWU4Y2EzOGI3NjNkZjIzOGFkZDE1ZmZhYjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MricnML9Cww7GffBCw1pQzVpPkt
B82aNjV5TvmVYPpB6bicrpi5kTG4FKgQ+E5OrKbcUv77Fwz2emZYwSxxfrrmdKUB
Q5lQq2I9jU0wdjEewbIT45BOMTpR5mK/NMEsXrBRO3rfkdfpi+qPPCdoJSWOOfZS
CjNtTSHVHqK9+NoAX3eBVwvLJT4Ql1I8UGbjyOKYNMI69GKQafQp9iMH2yfHWfix
fhg9Zx/OogR7QHwcdECGZsaLpBsn6o5jaYTJs5fzzj81LOTVN2wJC47b7r2peZWj
hheL4OSVYBjB+dP7DZIMc/OmZhqiXSfh9ngSxtgE0cAHL+AJVA8cxTbvnwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFF0ak++RTAroyji3Y98jit0V/6uAMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvWFJxVDc1Rk1DdWpLT0xkajN5T0szUlhfcTRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAoBAIAATAiMAwDBAawbUAD
BACwbUIwDAMEArBtRAMEALBtRgMEALLsGDAPBAIAAjAJAwcAKgIAKAANMA0GCSqG
SIb3DQEBCwUAA4IBAQBGMnuF2I/7bB7e5yFf+tRp2S8RdEFrzMCwYTaZIh6unVQ4
VvVciY87bul1libXS4PwcgaHhcT5P2spYnnMFI4428gbWbyeTb3qC5Lb+K9y2Eis
77cGFu+aaIG25yBx5NZl71sAtMm/lgQjj+MZDXGSpdkFZtR23SoKWPIf33fW9ovA
fPWhMAN0sb/XezM6MwrX+/jxny7m8lg6nqazA7s7XEUCKlemxnPqVOTDezYFJ4Q0
u+Wk83jPsXKewBOxihxSEAjSemfaFCdesKohlj3IZyTYz+q/8JjA84m34Z5rYA3b
WSgNMo8OYvEwoWOFjeJzdhioC++RgqwV/9G1w4Kw
-----END CERTIFICATE-----
Generated at Sat Jun 7 22:16:04 2025 by rpki-client