Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/4qVlaSTsE1gXSumcFtIoCSI6_Ds.roa
File: 4qVlaSTsE1gXSumcFtIoCSI6_Ds.roa (raw, json)
Hash identifier: gxiJkMzAgslpclu4FVxFkwBMuCJhHIk77n6WLMjRt50=
Subject key identifier: E2:A5:65:69:24:EC:13:58:17:4A:E9:9C:16:D2:28:09:22:3A:FC:3B
Certificate issuer: /CN=f0a9005423147453909366c6b4d09c31958acc1c
Certificate serial: 0199151333F557D2B84681C28343CE7B929B
Authority key identifier: F0:A9:00:54:23:14:74:53:90:93:66:C6:B4:D0:9C:31:95:8A:CC:1C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8KkAVCMUdFOQk2bGtNCcMZWKzBw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/4qVlaSTsE1gXSumcFtIoCSI6_Ds.roa
Signing time: Thu 04 Sep 2025 14:13:23 +0000
ROA not before: Thu 04 Sep 2025 14:13:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5430
IP address blocks: 89.58.120.0/21 maxlen: 21
194.97.0.0/19 maxlen: 19
195.4.92.0/23 maxlen: 23
2001:748::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/8KkAVCMUdFOQk2bGtNCcMZWKzBw.crl
rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/8KkAVCMUdFOQk2bGtNCcMZWKzBw.mft
rsync://rpki.ripe.net/repository/DEFAULT/8KkAVCMUdFOQk2bGtNCcMZWKzBw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Sep 2025 02:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:15:13:33:f5:57:d2:b8:46:81:c2:83:43:ce:7b:92:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0a9005423147453909366c6b4d09c31958acc1c
Validity
Not Before: Sep 4 14:13:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e2a5656924ec1358174ae99c16d22809223afc3b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:68:02:d3:0f:70:7c:9a:d6:5d:3b:da:b1:c8:
b2:87:eb:64:97:0d:14:00:95:22:a2:38:ec:f5:28:
66:fe:77:ed:7a:44:4a:cd:b3:09:fe:a1:b5:6d:cc:
0c:18:af:5b:d3:a1:04:95:cc:a8:03:db:b1:dd:1e:
cb:65:55:af:7f:35:8c:3c:bd:27:39:a1:06:68:aa:
42:8f:94:98:39:eb:e2:8f:93:99:21:fa:da:4e:22:
ca:03:d9:40:d4:7d:7c:84:fc:e3:3e:aa:6b:22:df:
27:5c:7f:a4:cc:ed:85:75:1b:77:a9:1e:6e:ea:45:
e8:23:b5:b0:12:47:f6:23:a7:6b:16:fb:c4:29:57:
c1:e9:c3:68:e4:55:c6:f0:92:61:39:2a:10:67:c3:
e8:d3:c1:17:ca:0c:da:a9:b1:ea:16:07:83:70:d5:
54:7c:44:b7:00:f4:f2:86:d8:bf:60:50:79:2b:6c:
ad:c7:86:4f:cc:a5:5d:1b:d9:d8:13:3a:4a:2f:9b:
fe:22:40:bb:4b:e0:4d:c0:76:c9:1f:92:68:3c:68:
44:ab:42:b0:fa:1a:21:2b:90:08:55:b0:dd:5c:8e:
8c:a0:4a:ff:36:de:f4:fe:d1:f2:0e:16:3d:7a:f0:
96:c3:ed:a5:b4:c5:34:3d:05:9c:fb:1a:4b:9d:6c:
6e:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:A5:65:69:24:EC:13:58:17:4A:E9:9C:16:D2:28:09:22:3A:FC:3B
X509v3 Authority Key Identifier:
keyid:F0:A9:00:54:23:14:74:53:90:93:66:C6:B4:D0:9C:31:95:8A:CC:1C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8KkAVCMUdFOQk2bGtNCcMZWKzBw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/4qVlaSTsE1gXSumcFtIoCSI6_Ds.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/8KkAVCMUdFOQk2bGtNCcMZWKzBw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.58.120.0/21
194.97.0.0/19
195.4.92.0/23
IPv6:
2001:748::/32
Signature Algorithm: sha256WithRSAEncryption
0f:22:ae:60:f1:a9:bc:a9:55:d0:ef:82:3e:9c:a6:ae:d0:93:
a5:8f:f1:b4:2d:98:77:20:ac:f0:14:b9:5a:4e:c8:83:96:91:
0a:1f:7d:3c:8b:4b:84:8d:72:b0:5a:cd:75:eb:23:f8:54:15:
4e:20:0b:68:a4:9b:7a:e2:0c:fe:53:4f:88:8c:21:a1:b0:09:
c6:3a:83:a2:e0:11:0a:fd:08:94:ec:84:03:f7:c4:fb:dd:ac:
39:2a:8d:ef:c6:53:7c:94:ac:89:95:e4:13:a5:f0:9d:56:42:
40:93:a5:fb:3b:20:63:be:06:f7:08:08:ec:12:9c:55:9e:7d:
92:4a:08:79:a2:5f:2f:ba:a1:10:80:d7:64:05:2e:ac:1d:d1:
08:44:e9:b9:e0:52:0f:a6:5e:1d:bb:d4:db:18:f2:48:6c:40:
b3:57:ac:93:f0:37:04:67:50:17:e7:67:c3:46:16:6d:af:1f:
53:27:51:c4:8b:56:51:ee:23:e2:d3:0c:80:f6:e3:2e:b9:f6:
cd:88:cd:8d:a7:17:73:2d:67:3f:b4:80:3f:89:da:86:7f:69:
d8:7d:54:0b:54:b2:33:0a:24:db:98:a5:d8:82:6e:8d:f8:97:
ad:16:9d:2c:35:7c:6c:54:a6:88:7d:7b:dd:87:3b:6a:85:3f:
03:b1:7c:5b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZkVEzP1V9K4RoHCg0POe5KbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYTkwMDU0MjMxNDc0NTM5MDkzNjZjNmI0ZDA5YzMxOTU4
YWNjMWMwHhcNMjUwOTA0MTQxMzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmE1NjU2OTI0ZWMxMzU4MTc0YWU5OWMxNmQyMjgwOTIyM2FmYzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGgC0w9wfJrWXTvasciyh+tklw0U
AJUiojjs9Shm/nftekRKzbMJ/qG1bcwMGK9b06EElcyoA9ux3R7LZVWvfzWMPL0n
OaEGaKpCj5SYOevij5OZIfraTiLKA9lA1H18hPzjPqprIt8nXH+kzO2FdRt3qR5u
6kXoI7WwEkf2I6drFvvEKVfB6cNo5FXG8JJhOSoQZ8Po08EXygzaqbHqFgeDcNVU
fES3APTyhti/YFB5K2ytx4ZPzKVdG9nYEzpKL5v+IkC7S+BNwHbJH5JoPGhEq0Kw
+hohK5AIVbDdXI6MoEr/Nt70/tHyDhY9evCWw+2ltMU0PQWc+xpLnWxuewIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFOKlZWkk7BNYF0rpnBbSKAkiOvw7MB8GA1UdIwQY
MBaAFPCpAFQjFHRTkJNmxrTQnDGViswcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEtrQVZDTVVkRk9RazJiR3ROQ2NNWldLekJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8xNTdhZjYtY2NlMi00ZTZkLWJjMjMt
MzBkNzlmOWFhODc3LzEvNHFWbGFTVHNFMWdYU3VtY0Z0SW9DU0k2X0RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8xNTdhZjYtY2NlMi00ZTZkLWJjMjMtMzBkNzlmOWFhODc3
LzEvOEtrQVZDTVVkRk9RazJiR3ROQ2NNWldLekJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDWTp4AwQF
wmEAAwQBwwRcMA0EAgACMAcDBQAgAQdIMA0GCSqGSIb3DQEBCwUAA4IBAQAPIq5g
8am8qVXQ74I+nKau0JOlj/G0LZh3IKzwFLlaTsiDlpEKH308i0uEjXKwWs116yP4
VBVOIAtopJt64gz+U0+IjCGhsAnGOoOi4BEK/QiU7IQD98T73aw5Ko3vxlN8lKyJ
leQTpfCdVkJAk6X7OyBjvgb3CAjsEpxVnn2SSgh5ol8vuqEQgNdkBS6sHdEIROm5
4FIPpl4du9TbGPJIbECzV6yT8DcEZ1AX52fDRhZtrx9TJ1HEi1ZR7iPi0wyA9uMu
ufbNiM2NpxdzLWc/tIA/idqGf2nYfVQLVLIzCiTbmKXYgm6N+JetFp0sNXxsVKaI
fXvdhztqhT8DsXxb
-----END CERTIFICATE-----
Generated at Wed Sep 10 10:21:42 2025 by rpki-client