Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/4rZKd46UtjMFSvkEmIBmjnbR8ZU.roa
File: 4rZKd46UtjMFSvkEmIBmjnbR8ZU.roa (raw, json)
Hash identifier: kz7DSDOczDsova9+5wFlTwyvE1DUkNFXyz3Ogb4Dgvo=
Subject key identifier: E2:B6:4A:77:8E:94:B6:33:05:4A:F9:04:98:80:66:8E:76:D1:F1:95
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 019883F7028E1CDE2042F0A168FDFFCD37DA
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/4rZKd46UtjMFSvkEmIBmjnbR8ZU.roa
Signing time: Thu 07 Aug 2025 09:57:40 +0000
ROA not before: Thu 07 Aug 2025 09:57:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 40676
IP address blocks: 45.43.147.0/24 maxlen: 24
45.43.152.0/24 maxlen: 24
64.137.111.0/24 maxlen: 24
104.222.160.0/24 maxlen: 24
104.222.163.0/24 maxlen: 24
104.222.164.0/24 maxlen: 24
104.222.165.0/24 maxlen: 24
104.222.166.0/24 maxlen: 24
104.233.56.0/24 maxlen: 24
104.233.58.0/24 maxlen: 24
104.239.66.0/24 maxlen: 24
104.239.74.0/24 maxlen: 24
104.239.79.0/24 maxlen: 24
104.239.83.0/24 maxlen: 24
104.239.89.0/24 maxlen: 24
104.239.100.0/24 maxlen: 24
104.239.102.0/24 maxlen: 24
104.239.109.0/24 maxlen: 24
104.239.127.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 23:01:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:83:f7:02:8e:1c:de:20:42:f0:a1:68:fd:ff:cd:37:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Aug 7 09:57:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e2b64a778e94b633054af9049880668e76d1f195
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:c7:57:b9:a2:5c:d0:5b:dd:b4:36:42:7b:3d:
9e:e0:9f:4b:12:a6:be:80:3d:21:31:d8:95:31:65:
fc:89:20:29:54:b7:10:b5:94:42:df:dd:9b:33:b3:
7c:e7:d3:9d:c3:e9:4f:16:ef:d0:42:52:37:58:6e:
ea:11:55:34:68:90:6e:03:09:fd:c5:46:ca:58:37:
7e:df:b3:d8:e6:4a:54:b6:d9:05:c7:45:e4:80:55:
5d:95:71:07:74:99:52:cf:a1:64:aa:16:eb:a0:e6:
cf:b5:97:8f:54:46:5a:bf:40:4b:f4:9f:72:e9:4a:
a1:29:d7:21:be:9b:e8:7c:a7:70:9c:0e:81:68:03:
51:08:00:a9:e9:3b:43:17:73:de:3f:fb:a3:44:c1:
f9:43:75:ce:0a:4a:90:fc:02:60:c3:d2:e9:c9:a7:
c7:e9:25:96:55:63:3e:e7:03:44:98:bb:06:da:1f:
36:b6:e0:28:fc:ef:71:16:6e:02:0a:2b:5c:78:27:
74:06:8b:19:75:37:f2:27:02:34:df:b4:5d:75:90:
1c:ab:1d:22:d4:0d:4d:05:d8:54:12:0c:dc:4a:9e:
76:c9:45:32:5b:df:04:55:f7:d6:8a:0b:24:95:53:
98:c0:90:80:29:60:97:0b:dd:ce:ec:30:de:69:60:
cd:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:B6:4A:77:8E:94:B6:33:05:4A:F9:04:98:80:66:8E:76:D1:F1:95
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/4rZKd46UtjMFSvkEmIBmjnbR8ZU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.43.147.0/24
45.43.152.0/24
64.137.111.0/24
104.222.160.0/24
104.222.163.0-104.222.166.255
104.233.56.0/24
104.233.58.0/24
104.239.66.0/24
104.239.74.0/24
104.239.79.0/24
104.239.83.0/24
104.239.89.0/24
104.239.100.0/24
104.239.102.0/24
104.239.109.0/24
104.239.127.0/24
Signature Algorithm: sha256WithRSAEncryption
58:6d:1c:75:d0:47:45:76:8e:b5:2c:8b:2d:1f:a2:dc:9a:78:
83:36:38:96:05:40:9b:8e:1d:8d:22:59:71:dd:b8:d2:17:e8:
15:90:a3:c7:77:da:6d:d2:72:43:c5:6c:58:73:18:aa:f2:8f:
69:c6:ff:08:31:3c:f1:4f:59:da:7a:93:c2:49:75:c3:3e:0b:
c0:8f:91:94:59:01:a3:77:bd:2c:7a:b3:98:3e:0f:17:ac:4d:
19:e6:13:d0:50:57:62:c6:29:ae:72:18:27:d6:83:63:93:f1:
cb:3d:0f:f1:3a:00:06:37:25:f2:30:14:f3:3c:3d:d9:4a:d9:
e0:9d:07:28:41:a1:8f:af:93:60:26:a9:e2:b9:6c:cd:21:e3:
e2:5e:6a:f5:3c:25:73:cc:a7:0a:48:7d:0a:e9:33:b4:fb:36:
eb:83:a5:52:26:84:c3:c8:8a:88:a5:54:81:f2:11:cf:8e:86:
06:87:42:c6:78:b9:5b:bc:58:3d:c2:e8:dc:e7:e7:de:50:f0:
be:3d:5d:38:90:bd:63:b3:91:26:c6:e4:fb:10:61:8b:5c:06:
c7:15:85:7f:e5:21:16:68:90:1f:99:a3:ab:0e:f2:de:bb:c5:
82:3c:4f:88:aa:4a:cc:36:e2:0a:5d:ff:cf:af:3e:a8:d1:0d:
0c:af:d3:9e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAZiD9wKOHN4gQvChaP3/zTfaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwODA3MDk1NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmI2NGE3NzhlOTRiNjMzMDU0YWY5MDQ5ODgwNjY4ZTc2ZDFmMTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssdXuaJc0FvdtDZCez2e4J9LEqa+
gD0hMdiVMWX8iSApVLcQtZRC392bM7N859Odw+lPFu/QQlI3WG7qEVU0aJBuAwn9
xUbKWDd+37PY5kpUttkFx0XkgFVdlXEHdJlSz6FkqhbroObPtZePVEZav0BL9J9y
6UqhKdchvpvofKdwnA6BaANRCACp6TtDF3PeP/ujRMH5Q3XOCkqQ/AJgw9LpyafH
6SWWVWM+5wNEmLsG2h82tuAo/O9xFm4CCitceCd0BosZdTfyJwI037RddZAcqx0i
1A1NBdhUEgzcSp52yUUyW98EVffWigsklVOYwJCAKWCXC93O7DDeaWDNVwIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFOK2SneOlLYzBUr5BJiAZo520fGVMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvNHJaS2Q0NlV0ak1GU3ZrRW1JQm1qbmJSOFpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwbgQCAAEwaAMEAC0rkwME
AC0rmAMEAECJbwMEAGjeoDAMAwQAaN6jAwQAaN6mAwQAaOk4AwQAaOk6AwQAaO9C
AwQAaO9KAwQAaO9PAwQAaO9TAwQAaO9ZAwQAaO9kAwQAaO9mAwQAaO9tAwQAaO9/
MA0GCSqGSIb3DQEBCwUAA4IBAQBYbRx10EdFdo61LIstH6LcmniDNjiWBUCbjh2N
Illx3bjSF+gVkKPHd9pt0nJDxWxYcxiq8o9pxv8IMTzxT1naepPCSXXDPgvAj5GU
WQGjd70serOYPg8XrE0Z5hPQUFdiximuchgn1oNjk/HLPQ/xOgAGNyXyMBTzPD3Z
StngnQcoQaGPr5NgJqniuWzNIePiXmr1PCVzzKcKSH0K6TO0+zbrg6VSJoTDyIqI
pVSB8hHPjoYGh0LGeLlbvFg9wujc5+feUPC+PV04kL1js5EmxuT7EGGLXAbHFYV/
5SEWaJAfmaOrDvLeu8WCPE+IqkrMNuIKXf/Prz6o0Q0Mr9Oe
-----END CERTIFICATE-----
Generated at Thu Aug 21 06:56:39 2025 by rpki-client