Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/O7XNpQnDtYiMLeopQRW-QBNvr8o.roa
File: O7XNpQnDtYiMLeopQRW-QBNvr8o.roa (raw, json)
Hash identifier: g/At5wz+bizytuX+mfwwdf2aNmqHtaKp2Xz0pHACMZU=
Subject key identifier: 3B:B5:CD:A5:09:C3:B5:88:8C:2D:EA:29:41:15:BE:40:13:6F:AF:CA
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 0199C3A423BFB2D54C2751F890024B7BBD81
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/O7XNpQnDtYiMLeopQRW-QBNvr8o.roa
Signing time: Wed 08 Oct 2025 11:45:38 +0000
ROA not before: Wed 08 Oct 2025 11:45:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 61317
IP address blocks: 84.32.15.0/24 maxlen: 24
84.32.24.0/24 maxlen: 24
84.32.107.0/24 maxlen: 24
84.32.149.0/24 maxlen: 24
84.32.152.0/24 maxlen: 24
84.32.154.0/24 maxlen: 24
84.32.156.0/24 maxlen: 24
84.32.177.0/24 maxlen: 24
84.32.218.0/24 maxlen: 24
88.216.41.0/24 maxlen: 24
88.216.186.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Oct 2025 20:00:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:c3:a4:23:bf:b2:d5:4c:27:51:f8:90:02:4b:7b:bd:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Oct 8 11:45:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3bb5cda509c3b5888c2dea294115be40136fafca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:a4:ba:3f:1f:36:d2:52:a1:9c:e4:8f:13:11:
08:99:29:c1:c6:04:e3:57:87:5d:ed:14:1d:09:f2:
ec:da:ae:d4:d2:6f:7d:b0:95:51:cd:89:80:3b:f1:
4e:d3:47:bd:e1:71:7a:9f:bf:27:82:b0:3a:77:20:
b6:09:9a:81:f4:d7:10:21:d4:7f:ed:01:95:88:05:
6b:0b:d7:1a:67:71:af:d7:f7:56:4f:cb:1b:e8:93:
05:13:52:63:43:6d:1b:9e:ee:81:d1:af:7a:e3:3b:
7e:ac:77:04:7d:02:f6:3e:59:4e:ae:d3:3f:34:ae:
9a:a0:2c:ff:66:59:bf:e7:bc:8a:aa:c3:5f:22:c6:
ee:54:16:5b:30:b1:69:43:cf:f5:68:f0:0b:8c:00:
98:2c:7e:09:a5:06:e1:21:29:24:7f:79:c2:47:13:
14:87:4f:ea:97:f3:57:93:82:32:97:60:8b:ad:c4:
8d:22:e5:8c:4a:fb:ac:8a:26:77:54:09:8e:2f:1a:
8e:d8:93:53:13:04:71:3f:9a:6c:a6:f1:72:57:11:
40:d1:69:9a:e4:be:8e:a1:66:58:c6:bf:e4:80:62:
b5:50:aa:c9:d8:45:ed:64:57:9b:bc:3d:c3:53:35:
80:9b:96:87:f5:d7:3c:7b:10:73:9b:23:f6:72:99:
24:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:B5:CD:A5:09:C3:B5:88:8C:2D:EA:29:41:15:BE:40:13:6F:AF:CA
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/O7XNpQnDtYiMLeopQRW-QBNvr8o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.15.0/24
84.32.24.0/24
84.32.107.0/24
84.32.149.0/24
84.32.152.0/24
84.32.154.0/24
84.32.156.0/24
84.32.177.0/24
84.32.218.0/24
88.216.41.0/24
88.216.186.0/24
Signature Algorithm: sha256WithRSAEncryption
8d:ed:2a:a6:4d:4a:32:75:f4:37:76:ec:de:38:35:06:e4:6b:
fb:0a:94:cc:72:80:8e:8f:16:91:67:76:54:4d:3c:5e:5b:56:
96:8e:19:aa:33:a1:94:4b:02:6c:65:3a:9d:ec:08:ca:4c:cc:
90:96:05:31:eb:ed:86:24:2d:c6:f8:f0:18:f9:86:e1:0e:94:
cd:98:ba:25:eb:25:a8:4c:89:c4:16:e1:9b:f1:60:1e:e2:54:
15:b5:45:c0:9e:ad:f6:7a:1f:8a:67:69:c2:bb:36:18:1c:46:
d8:28:ea:41:f6:ad:ee:26:7e:ca:62:4b:39:3c:4b:c5:0f:4e:
da:bc:9a:ce:bc:d8:a7:25:21:dc:c3:03:3a:d1:0a:ea:6e:45:
2d:f0:b5:65:86:3c:ef:23:65:b2:06:dc:3d:4b:56:60:f7:c0:
30:bf:88:7d:83:ba:fc:1d:6f:a3:0f:1e:35:99:20:a1:b0:db:
1e:e7:91:b5:3f:90:f4:4a:8f:70:f2:cc:bb:b6:10:7c:ae:e6:
9b:ac:0d:98:b6:db:5e:f4:9c:1c:71:84:66:24:8e:15:16:19:
f1:05:50:48:f2:e3:6f:e3:af:a4:11:ae:1a:33:b6:28:61:d1:
a8:7c:a2:ca:1d:21:62:30:f3:a7:10:21:69:1b:e3:98:ee:58:
67:fc:59:64
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZnDpCO/stVMJ1H4kAJLe72BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUxMDA4MTE0NTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmI1Y2RhNTA5YzNiNTg4OGMyZGVhMjk0MTE1YmU0MDEzNmZhZmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6S6Px820lKhnOSPExEImSnBxgTj
V4dd7RQdCfLs2q7U0m99sJVRzYmAO/FO00e94XF6n78ngrA6dyC2CZqB9NcQIdR/
7QGViAVrC9caZ3Gv1/dWT8sb6JMFE1JjQ20bnu6B0a964zt+rHcEfQL2PllOrtM/
NK6aoCz/Zlm/57yKqsNfIsbuVBZbMLFpQ8/1aPALjACYLH4JpQbhISkkf3nCRxMU
h0/ql/NXk4Iyl2CLrcSNIuWMSvusiiZ3VAmOLxqO2JNTEwRxP5pspvFyVxFA0Wma
5L6OoWZYxr/kgGK1UKrJ2EXtZFebvD3DUzWAm5aH9dc8exBzmyP2cpkkawIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFDu1zaUJw7WIjC3qKUEVvkATb6/KMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvTzdYTnBRbkR0WWlNTGVvcFFSVy1RQk52cjhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAVCAPAwQA
VCAYAwQAVCBrAwQAVCCVAwQAVCCYAwQAVCCaAwQAVCCcAwQAVCCxAwQAVCDaAwQA
WNgpAwQAWNi6MA0GCSqGSIb3DQEBCwUAA4IBAQCN7SqmTUoydfQ3duzeODUG5Gv7
CpTMcoCOjxaRZ3ZUTTxeW1aWjhmqM6GUSwJsZTqd7AjKTMyQlgUx6+2GJC3G+PAY
+YbhDpTNmLol6yWoTInEFuGb8WAe4lQVtUXAnq32eh+KZ2nCuzYYHEbYKOpB9q3u
Jn7KYks5PEvFD07avJrOvNinJSHcwwM60QrqbkUt8LVlhjzvI2WyBtw9S1Zg98Aw
v4h9g7r8HW+jDx41mSChsNse55G1P5D0So9w8sy7thB8ruabrA2Yttte9JwccYRm
JI4VFhnxBVBI8uNv46+kEa4aM7YoYdGofKLKHSFiMPOnECFpG+OY7lhn/Flk
-----END CERTIFICATE-----
Generated at Thu Oct 9 03:56:25 2025 by rpki-client