Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/Sz-2_xwv8_Pr62CPMcJKGCNIl0Q.roa
File: Sz-2_xwv8_Pr62CPMcJKGCNIl0Q.roa (raw, json)
Hash identifier: KGCimG6dQ21lOqL0fLNubpwWVkOlwHw1k0SNCSE2QP0=
Subject key identifier: 4B:3F:B6:FF:1C:2F:F3:F3:EB:EB:60:8F:31:C2:4A:18:23:48:97:44
Certificate issuer: /CN=3016b10d0ac218017c749394e4f2519cf2c0514e
Certificate serial: 019740FE4FBA8DD0CC791271EADA9E5AC538
Authority key identifier: 30:16:B1:0D:0A:C2:18:01:7C:74:93:94:E4:F2:51:9C:F2:C0:51:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MBaxDQrCGAF8dJOU5PJRnPLAUU4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/Sz-2_xwv8_Pr62CPMcJKGCNIl0Q.roa
Signing time: Thu 05 Jun 2025 16:48:17 +0000
ROA not before: Thu 05 Jun 2025 16:48:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44489
IP address blocks: 45.85.172.0/22 maxlen: 22
95.129.240.0/21 maxlen: 21
213.129.128.0/21 maxlen: 21
213.129.136.0/21 maxlen: 21
213.129.144.0/21 maxlen: 21
213.129.152.0/21 maxlen: 21
2a03:f300::/29 maxlen: 29
2a03:f300::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/MBaxDQrCGAF8dJOU5PJRnPLAUU4.crl
rsync://rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/MBaxDQrCGAF8dJOU5PJRnPLAUU4.mft
rsync://rpki.ripe.net/repository/DEFAULT/MBaxDQrCGAF8dJOU5PJRnPLAUU4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 04:00:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:40:fe:4f:ba:8d:d0:cc:79:12:71:ea:da:9e:5a:c5:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3016b10d0ac218017c749394e4f2519cf2c0514e
Validity
Not Before: Jun 5 16:48:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4b3fb6ff1c2ff3f3ebeb608f31c24a1823489744
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ff:a8:1b:a2:e3:7f:22:f7:57:88:10:3b:76:26:
ce:4d:37:b2:a3:eb:6a:aa:47:bd:2e:98:9e:bb:04:
40:a9:ab:64:cd:2b:c5:46:4c:8a:51:a1:15:f1:37:
cc:c5:35:a9:e3:fc:7c:66:1a:72:96:bc:5b:7c:6a:
39:29:5a:4f:d5:0e:57:91:b2:da:d8:35:9e:8e:c3:
fc:16:eb:9c:a8:63:90:49:ca:92:1a:0d:ba:fc:65:
e4:df:17:6b:ce:13:ab:46:e8:28:b0:ec:91:90:2b:
7a:68:a5:42:f9:8f:ba:a2:28:64:12:bf:da:76:e5:
b7:c2:e1:93:b6:f4:44:31:d5:71:25:0e:02:68:29:
ae:58:de:c0:00:e5:32:4c:d5:89:05:57:4a:0b:58:
97:c0:71:99:c6:fe:24:9e:df:38:4b:3b:cb:ba:ff:
0e:e6:76:b4:f5:a4:6c:dd:15:56:0e:cf:7e:3c:d6:
cd:b4:7d:92:df:9a:23:2a:e8:e8:47:c6:6f:f7:7e:
ef:3d:aa:b6:28:66:e7:20:48:90:0b:b3:f4:cb:73:
2e:5b:d7:79:07:a9:b6:89:cd:11:63:1e:fb:c1:a0:
05:b7:2d:44:07:5a:54:64:7d:a7:56:94:7c:c0:4d:
3b:74:64:e2:92:72:07:e4:c3:76:98:81:fc:62:e0:
1a:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:3F:B6:FF:1C:2F:F3:F3:EB:EB:60:8F:31:C2:4A:18:23:48:97:44
X509v3 Authority Key Identifier:
keyid:30:16:B1:0D:0A:C2:18:01:7C:74:93:94:E4:F2:51:9C:F2:C0:51:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MBaxDQrCGAF8dJOU5PJRnPLAUU4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/Sz-2_xwv8_Pr62CPMcJKGCNIl0Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/MBaxDQrCGAF8dJOU5PJRnPLAUU4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.85.172.0/22
95.129.240.0/21
213.129.128.0/19
IPv6:
2a03:f300::/29
Signature Algorithm: sha256WithRSAEncryption
ad:b6:26:af:ef:6e:e2:96:b5:30:76:ec:98:90:46:64:83:3d:
7f:4e:eb:43:13:85:d7:4c:4b:34:42:a5:f9:bb:30:0b:9f:0b:
eb:92:31:47:0b:9f:4d:60:63:ba:6f:da:ce:46:60:76:70:4d:
f6:5b:aa:ed:68:76:bb:27:66:38:c0:8f:93:3e:67:67:43:b8:
56:ab:b1:41:1d:83:20:5c:68:90:10:66:fc:ee:39:38:d5:fe:
59:79:de:58:88:9d:7d:ef:44:f8:86:a5:38:a6:dd:6e:9d:2a:
65:9e:33:a7:1c:c7:55:4d:92:6a:1a:6c:66:02:1a:d6:53:80:
99:d2:51:a7:6f:7a:a6:19:0b:04:c7:68:3c:92:93:11:8d:ca:
6d:35:d2:39:86:66:ad:0e:92:d9:5b:d8:a3:ba:39:0c:ca:7a:
3a:32:88:ae:fe:88:da:97:5c:e9:0e:2a:c7:a5:32:39:87:81:
76:32:d1:e5:2a:91:79:fe:bc:7f:c0:3c:27:46:90:f7:04:14:
c6:87:ce:09:c3:80:51:2e:d1:0e:c3:aa:38:fa:09:b3:8f:80:
25:65:97:92:43:3d:3c:99:eb:bb:ac:a6:b3:a5:e0:0a:17:60:
e2:a7:47:a2:5d:e9:85:e8:5f:e0:ac:7e:5e:08:94:b6:11:09:
b8:43:fa:a7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZdA/k+6jdDMeRJx6tqeWsU4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMTZiMTBkMGFjMjE4MDE3Yzc0OTM5NGU0ZjI1MTljZjJj
MDUxNGUwHhcNMjUwNjA1MTY0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjNmYjZmZjFjMmZmM2YzZWJlYjYwOGYzMWMyNGExODIzNDg5NzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/6gbouN/IvdXiBA7dibOTTeyo+tq
qke9LpieuwRAqatkzSvFRkyKUaEV8TfMxTWp4/x8ZhpylrxbfGo5KVpP1Q5XkbLa
2DWejsP8FuucqGOQScqSGg26/GXk3xdrzhOrRugosOyRkCt6aKVC+Y+6oihkEr/a
duW3wuGTtvREMdVxJQ4CaCmuWN7AAOUyTNWJBVdKC1iXwHGZxv4knt84SzvLuv8O
5na09aRs3RVWDs9+PNbNtH2S35ojKujoR8Zv937vPaq2KGbnIEiQC7P0y3MuW9d5
B6m2ic0RYx77waAFty1EB1pUZH2nVpR8wE07dGTiknIH5MN2mIH8YuAaIQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFEs/tv8cL/Pz6+tgjzHCShgjSJdEMB8GA1UdIwQY
MBaAFDAWsQ0KwhgBfHSTlOTyUZzywFFOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUJheERRckNHQUY4ZEpPVTVQSlJuUExBVVU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zZWI2NGEtZTZkZS00NWY1LWI2OGMt
NjkzNjc2MmQyZmNlLzEvU3otMl94d3Y4X1ByNjJDUE1jSktHQ05JbDBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zZWI2NGEtZTZkZS00NWY1LWI2OGMtNjkzNjc2MmQyZmNl
LzEvTUJheERRckNHQUY4ZEpPVTVQSlJuUExBVVU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCLVWsAwQD
X4HwAwQF1YGAMA0EAgACMAcDBQMqA/MAMA0GCSqGSIb3DQEBCwUAA4IBAQCttiav
727ilrUwduyYkEZkgz1/TutDE4XXTEs0QqX5uzALnwvrkjFHC59NYGO6b9rORmB2
cE32W6rtaHa7J2Y4wI+TPmdnQ7hWq7FBHYMgXGiQEGb87jk41f5Zed5YiJ1970T4
hqU4pt1unSplnjOnHMdVTZJqGmxmAhrWU4CZ0lGnb3qmGQsEx2g8kpMRjcptNdI5
hmatDpLZW9ijujkMyno6Moiu/ojal1zpDirHpTI5h4F2MtHlKpF5/rx/wDwnRpD3
BBTGh84Jw4BRLtEOw6o4+gmzj4AlZZeSQz08meu7rKazpeAKF2Dip0eiXemF6F/g
rH5eCJS2EQm4Q/qn
-----END CERTIFICATE-----
Generated at Sat Jun 7 14:22:41 2025 by rpki-client