Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/4qKtq5VyVr4i6mCaCCL3IEDl3u0.roa
File: 4qKtq5VyVr4i6mCaCCL3IEDl3u0.roa (raw, json)
Hash identifier: n8ZWKxQJZb9Dr8bci1Ig4La7cUpMPW5gwdYW9MK9KNg=
Subject key identifier: E2:A2:AD:AB:95:72:56:BE:22:EA:60:9A:08:22:F7:20:40:E5:DE:ED
Certificate issuer: /CN=11b69b59d19f2987e49f1852d60bb1777f80a301
Certificate serial: 01991A3068C9DE58076147797B8E16EDEF64
Authority key identifier: 11:B6:9B:59:D1:9F:29:87:E4:9F:18:52:D6:0B:B1:77:7F:80:A3:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EbabWdGfKYfknxhS1guxd3-AowE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/4qKtq5VyVr4i6mCaCCL3IEDl3u0.roa
Signing time: Fri 05 Sep 2025 14:03:23 +0000
ROA not before: Fri 05 Sep 2025 14:03:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43647
IP address blocks: 62.122.216.0/22 maxlen: 24
82.148.0.0/21 maxlen: 24
89.232.184.0/22 maxlen: 24
94.154.128.0/22 maxlen: 24
185.76.12.0/22 maxlen: 24
185.228.88.0/22 maxlen: 24
193.149.16.0/22 maxlen: 24
213.232.225.0/24 maxlen: 24
213.232.245.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/EbabWdGfKYfknxhS1guxd3-AowE.crl
rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/EbabWdGfKYfknxhS1guxd3-AowE.mft
rsync://rpki.ripe.net/repository/DEFAULT/EbabWdGfKYfknxhS1guxd3-AowE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 10 Sep 2025 08:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:1a:30:68:c9:de:58:07:61:47:79:7b:8e:16:ed:ef:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11b69b59d19f2987e49f1852d60bb1777f80a301
Validity
Not Before: Sep 5 14:03:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e2a2adab957256be22ea609a0822f72040e5deed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:bd:dc:f6:5d:53:3a:dc:30:31:de:1e:5c:07:
9a:82:d7:50:e4:45:c1:e4:30:56:16:2d:10:67:ff:
6c:37:2b:ad:bf:8c:b5:5d:bb:c6:c0:7d:96:82:0b:
20:b7:5d:c7:d0:4c:9d:42:ce:e3:75:77:c0:21:81:
47:f2:9c:c8:85:4b:8c:e5:98:34:5f:5e:a3:fe:76:
e1:4a:81:eb:36:b9:17:c3:21:d2:be:dc:eb:fb:20:
27:a7:e7:ae:88:49:6f:eb:a6:5c:88:cb:da:72:9f:
80:76:10:65:79:0c:17:cd:6f:ab:cb:ac:2d:9e:a9:
b9:66:d1:13:2c:ac:5c:1d:41:11:62:15:a0:72:54:
d5:14:6f:71:80:b4:b3:55:2d:8d:93:4b:ec:b7:92:
8e:51:7e:ba:23:1c:4b:84:b0:83:ec:e1:56:e2:73:
b5:b3:11:d6:ea:b6:08:ee:cd:7c:7e:be:d0:b2:51:
d9:f9:38:ca:3b:e7:81:93:9c:3a:18:d9:c8:f8:07:
55:7b:1a:48:bf:9e:6a:f0:c7:51:82:d9:e5:3f:b4:
ac:6e:95:f5:a2:c0:31:ec:08:a3:89:8e:ba:7b:1d:
dc:70:b3:8d:5a:2b:86:ac:7c:28:75:12:9b:26:63:
8c:42:03:32:5e:71:05:12:fe:cc:6b:33:cc:06:29:
ea:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:A2:AD:AB:95:72:56:BE:22:EA:60:9A:08:22:F7:20:40:E5:DE:ED
X509v3 Authority Key Identifier:
keyid:11:B6:9B:59:D1:9F:29:87:E4:9F:18:52:D6:0B:B1:77:7F:80:A3:01
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EbabWdGfKYfknxhS1guxd3-AowE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/4qKtq5VyVr4i6mCaCCL3IEDl3u0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/EbabWdGfKYfknxhS1guxd3-AowE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.122.216.0/22
82.148.0.0/21
89.232.184.0/22
94.154.128.0/22
185.76.12.0/22
185.228.88.0/22
193.149.16.0/22
213.232.225.0/24
213.232.245.0/24
Signature Algorithm: sha256WithRSAEncryption
13:86:0b:e1:8a:28:ff:98:a6:00:03:9a:6f:5c:b6:ae:26:54:
c5:9d:ba:54:c4:34:ef:53:5f:2f:20:17:4e:06:3c:70:f9:81:
4e:82:0e:16:49:d3:83:a9:ec:29:5f:f8:89:cb:26:28:13:75:
8c:e3:c1:7b:c6:f0:4b:f2:c4:34:da:49:c4:1d:74:f4:34:ec:
46:3a:98:07:d4:fe:bc:e4:60:5c:71:bc:ff:15:79:d0:e9:03:
05:dd:c1:0e:a6:94:69:5c:ce:7a:62:61:b8:df:c6:60:8b:36:
9c:e2:31:e6:ec:52:a3:f3:94:9d:1a:30:17:47:df:5c:69:1f:
ce:4f:8d:d7:e0:0f:4d:f3:f6:0a:57:5b:b7:a6:a0:fa:c7:98:
f3:87:db:a5:56:5a:a2:0d:9c:67:b1:03:35:c2:61:80:c3:8d:
a3:29:53:d6:c1:7e:57:6c:69:5b:fd:e5:59:9a:86:34:3c:bd:
c1:82:98:48:54:d2:2f:c9:d4:9e:fc:73:b7:a0:67:d7:bf:1f:
10:b1:80:8e:bc:06:3c:51:d2:18:c1:c8:37:e6:09:34:11:c7:
dc:83:cd:8b:1c:f1:5d:b7:70:71:14:4f:8b:b3:e8:dd:14:42:
a0:10:7d:9c:17:98:fc:7f:2b:d3:33:56:f0:a5:25:b6:da:98:
fe:be:a5:2b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZkaMGjJ3lgHYUd5e44W7e9kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYjY5YjU5ZDE5ZjI5ODdlNDlmMTg1MmQ2MGJiMTc3N2Y4
MGEzMDEwHhcNMjUwOTA1MTQwMzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmEyYWRhYjk1NzI1NmJlMjJlYTYwOWEwODIyZjcyMDQwZTVkZWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsb3c9l1TOtwwMd4eXAeagtdQ5EXB
5DBWFi0QZ/9sNyutv4y1XbvGwH2Wggsgt13H0EydQs7jdXfAIYFH8pzIhUuM5Zg0
X16j/nbhSoHrNrkXwyHSvtzr+yAnp+euiElv66ZciMvacp+AdhBleQwXzW+ry6wt
nqm5ZtETLKxcHUERYhWgclTVFG9xgLSzVS2Nk0vst5KOUX66IxxLhLCD7OFW4nO1
sxHW6rYI7s18fr7QslHZ+TjKO+eBk5w6GNnI+AdVexpIv55q8MdRgtnlP7SsbpX1
osAx7AijiY66ex3ccLONWiuGrHwodRKbJmOMQgMyXnEFEv7MazPMBinq7wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFOKirauVcla+Iupgmggi9yBA5d7tMB8GA1UdIwQY
MBaAFBG2m1nRnymH5J8YUtYLsXd/gKMBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWJhYldkR2ZLWWZrbnhoUzFndXhkMy1Bb3dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC81ZWRmN2EtYWI5YS00NWU3LWE2MTIt
ZDE2OWMwODhiNDEyLzEvNHFLdHE1VnlWcjRpNm1DYUNDTDNJRURsM3UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC81ZWRmN2EtYWI5YS00NWU3LWE2MTItZDE2OWMwODhiNDEy
LzEvRWJhYldkR2ZLWWZrbnhoUzFndXhkMy1Bb3dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCPnrYAwQD
UpQAAwQCWei4AwQCXpqAAwQCuUwMAwQCueRYAwQCwZUQAwQA1ejhAwQA1ej1MA0G
CSqGSIb3DQEBCwUAA4IBAQAThgvhiij/mKYAA5pvXLauJlTFnbpUxDTvU18vIBdO
Bjxw+YFOgg4WSdODqewpX/iJyyYoE3WM48F7xvBL8sQ02knEHXT0NOxGOpgH1P68
5GBccbz/FXnQ6QMF3cEOppRpXM56YmG438Zgizac4jHm7FKj85SdGjAXR99caR/O
T43X4A9N8/YKV1u3pqD6x5jzh9ulVlqiDZxnsQM1wmGAw42jKVPWwX5XbGlb/eVZ
moY0PL3BgphIVNIvydSe/HO3oGfXvx8QsYCOvAY8UdIYwcg35gk0Ecfcg82LHPFd
t3BxFE+Ls+jdFEKgEH2cF5j8fyvTM1bwpSW22pj+vqUr
-----END CERTIFICATE-----
Generated at Tue Sep 9 16:58:10 2025 by rpki-client