Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/FthrDhWKQKwEzNN5rbEKo0Gle9U.roa
File: FthrDhWKQKwEzNN5rbEKo0Gle9U.roa (raw, json)
Hash identifier: g0UDkg5eszKLKNeW9Nu0ccpcl/R27yXYXJn3G2Co7Z4=
Subject key identifier: 16:D8:6B:0E:15:8A:40:AC:04:CC:D3:79:AD:B1:0A:A3:41:A5:7B:D5
Certificate issuer: /CN=4c54ecce6cbc9c54929eaa4b22b337b0fd9b36bf
Certificate serial: 019A4EB87639212838C2070435E305AF2E6E
Authority key identifier: 4C:54:EC:CE:6C:BC:9C:54:92:9E:AA:4B:22:B3:37:B0:FD:9B:36:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/FthrDhWKQKwEzNN5rbEKo0Gle9U.roa
Signing time: Tue 04 Nov 2025 11:55:03 +0000
ROA not before: Tue 04 Nov 2025 11:55:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48444
IP address blocks: 88.212.189.0/24 maxlen: 24
88.212.191.0/24 maxlen: 24
195.82.125.0/24 maxlen: 24
212.85.228.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.crl
rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.mft
rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 14:00:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4e:b8:76:39:21:28:38:c2:07:04:35:e3:05:af:2e:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4c54ecce6cbc9c54929eaa4b22b337b0fd9b36bf
Validity
Not Before: Nov 4 11:55:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=16d86b0e158a40ac04ccd379adb10aa341a57bd5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:f0:f6:3d:2f:71:61:3b:ff:b8:43:53:6e:25:
7e:e7:c2:d3:29:e8:89:80:36:80:85:b8:42:e9:ec:
04:af:10:7f:d7:2e:66:02:1a:6a:27:3a:06:b6:12:
7b:d9:41:07:b3:96:45:89:a5:51:67:9a:89:ea:0c:
e6:0b:30:4d:bb:42:84:49:08:d6:fa:dc:69:23:b4:
7a:ed:2f:fd:55:32:b6:1b:72:90:64:7c:78:92:db:
87:e3:ce:e8:1e:7e:51:75:eb:ff:5b:b3:06:89:71:
91:b4:8f:e9:fa:8a:3c:52:4e:5e:b5:e9:6f:2a:df:
ed:d6:6f:fb:37:18:45:2c:5e:28:b4:a3:c8:8c:21:
2d:21:69:18:d9:7a:4e:b6:f0:8d:be:4d:7b:67:39:
23:d9:9c:9b:f6:50:73:de:2a:b3:1b:3c:60:eb:6f:
06:e7:7c:e0:5c:c7:42:b1:63:24:5f:aa:55:03:d0:
2a:03:ac:d1:d2:92:ee:76:d6:3d:0b:1a:9c:39:3d:
4f:65:63:5f:5b:96:89:dc:70:cd:72:54:a7:98:52:
7f:90:51:91:be:b8:69:02:df:f3:f5:6c:bf:6c:53:
c0:25:1f:89:f3:4f:ae:0a:56:fa:3e:b8:48:a2:3f:
a1:6a:1d:88:2f:09:63:60:95:61:d2:88:6d:f8:ed:
8b:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:D8:6B:0E:15:8A:40:AC:04:CC:D3:79:AD:B1:0A:A3:41:A5:7B:D5
X509v3 Authority Key Identifier:
keyid:4C:54:EC:CE:6C:BC:9C:54:92:9E:AA:4B:22:B3:37:B0:FD:9B:36:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/FthrDhWKQKwEzNN5rbEKo0Gle9U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.212.189.0/24
88.212.191.0/24
195.82.125.0/24
212.85.228.0/24
Signature Algorithm: sha256WithRSAEncryption
7b:96:c4:17:8f:f8:60:63:c9:33:55:68:48:5d:6f:24:14:57:
6b:41:e3:e9:2b:dd:fc:40:00:d7:99:8f:46:4a:81:cc:d9:4a:
7d:fc:2b:7f:f2:cf:cb:aa:3c:b9:b0:50:fe:e1:cd:60:25:2d:
0f:9b:66:ab:f6:d3:88:02:49:ca:06:08:3e:d6:39:04:36:8b:
78:05:3a:63:ee:75:8b:2a:eb:1f:b8:ed:5a:2a:72:2b:b7:25:
5a:23:a6:ff:2b:15:07:e8:f4:a4:f9:b0:17:e7:a8:05:32:7a:
49:a3:fc:be:f2:30:be:de:e6:49:ad:7b:f3:03:ed:4d:cb:a7:
a3:a4:89:d7:03:6c:a1:76:f8:6b:f5:ac:93:2b:d2:1e:51:9b:
6d:d8:98:af:44:3a:01:f1:90:dd:f6:02:87:6b:fa:ab:e3:f8:
00:ce:c6:c8:4d:00:33:c6:e6:97:0f:e7:7d:49:50:02:ad:3d:
fd:95:a2:d8:8c:00:b4:1a:36:a2:3a:b4:52:e3:c6:f6:8a:e1:
ca:91:8e:a2:16:89:6a:77:db:aa:24:65:c2:98:44:b3:10:9f:
99:66:20:f0:e9:c8:d1:8f:af:88:8e:76:17:c2:50:d3:18:07:
94:3f:05:bb:6b:37:7c:78:b4:b7:db:79:2d:26:c8:ce:cd:36:
7b:9a:60:ba
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZpOuHY5ISg4wgcENeMFry5uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNTRlY2NlNmNiYzljNTQ5MjllYWE0YjIyYjMzN2IwZmQ5
YjM2YmYwHhcNMjUxMTA0MTE1NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmQ4NmIwZTE1OGE0MGFjMDRjY2QzNzlhZGIxMGFhMzQxYTU3YmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fD2PS9xYTv/uENTbiV+58LTKeiJ
gDaAhbhC6ewErxB/1y5mAhpqJzoGthJ72UEHs5ZFiaVRZ5qJ6gzmCzBNu0KESQjW
+txpI7R67S/9VTK2G3KQZHx4ktuH487oHn5Rdev/W7MGiXGRtI/p+oo8Uk5etelv
Kt/t1m/7NxhFLF4otKPIjCEtIWkY2XpOtvCNvk17Zzkj2Zyb9lBz3iqzGzxg628G
53zgXMdCsWMkX6pVA9AqA6zR0pLudtY9CxqcOT1PZWNfW5aJ3HDNclSnmFJ/kFGR
vrhpAt/z9Wy/bFPAJR+J80+uClb6PrhIoj+hah2ILwljYJVh0oht+O2LowIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBbYaw4VikCsBMzTea2xCqNBpXvVMB8GA1UdIwQY
MBaAFExU7M5svJxUkp6qSyKzN7D9mza/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEZUc3pteThuRlNTbnFwTElyTTNzUDJiTnI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8wMmM1ZWMtN2M2Zi00YWUyLTk4OTct
MzA1OWM4OWI3MmVhLzEvRnRockRoV0tRS3dFek5ONXJiRUtvMEdsZTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8wMmM1ZWMtN2M2Zi00YWUyLTk4OTctMzA1OWM4OWI3MmVh
LzEvVEZUc3pteThuRlNTbnFwTElyTTNzUDJiTnI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAWNS9AwQA
WNS/AwQAw1J9AwQA1FXkMA0GCSqGSIb3DQEBCwUAA4IBAQB7lsQXj/hgY8kzVWhI
XW8kFFdrQePpK938QADXmY9GSoHM2Up9/Ct/8s/Lqjy5sFD+4c1gJS0Pm2ar9tOI
AknKBgg+1jkENot4BTpj7nWLKusfuO1aKnIrtyVaI6b/KxUH6PSk+bAX56gFMnpJ
o/y+8jC+3uZJrXvzA+1Ny6ejpInXA2yhdvhr9ayTK9IeUZtt2JivRDoB8ZDd9gKH
a/qr4/gAzsbITQAzxuaXD+d9SVACrT39laLYjAC0GjaiOrRS48b2iuHKkY6iFolq
d9uqJGXCmESzEJ+ZZiDw6cjRj6+IjnYXwlDTGAeUPwW7azd8eLS323ktJsjOzTZ7
mmC6
-----END CERTIFICATE-----
Generated at Wed Nov 5 23:29:38 2025 by rpki-client