Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/X4k7-gx3Iz3bK5Yw5wYpilxpJ7g.roa
File: X4k7-gx3Iz3bK5Yw5wYpilxpJ7g.roa (raw, json)
Hash identifier: 8kM4IFymaJqYQyJ47Wu8FaHzxRRZk/Yg3UJ9x8o4IYw=
Subject key identifier: 5F:89:3B:FA:0C:77:23:3D:DB:2B:96:30:E7:06:29:8A:5C:69:27:B8
Certificate issuer: /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial: 0198F0D46641BEBD0BF8827B54DA4B96C300
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/X4k7-gx3Iz3bK5Yw5wYpilxpJ7g.roa
Signing time: Thu 28 Aug 2025 13:18:28 +0000
ROA not before: Thu 28 Aug 2025 13:18:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 996
IP address blocks: 89.34.224.0/23 maxlen: 23
89.34.224.0/24 maxlen: 24
89.34.225.0/24 maxlen: 24
89.34.231.0/24 maxlen: 24
89.37.119.0/24 maxlen: 24
89.40.82.0/24 maxlen: 24
89.42.143.0/24 maxlen: 24
89.46.0.0/24 maxlen: 24
89.47.99.0/24 maxlen: 24
89.47.117.0/24 maxlen: 24
89.47.118.0/24 maxlen: 24
89.47.125.0/24 maxlen: 24
89.47.127.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 06 Sep 2025 10:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:f0:d4:66:41:be:bd:0b:f8:82:7b:54:da:4b:96:c3:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Validity
Not Before: Aug 28 13:18:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5f893bfa0c77233ddb2b9630e706298a5c6927b8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:6c:af:57:a7:a0:eb:b9:f4:39:31:6f:e7:33:
c6:39:55:b5:da:d3:29:76:a3:e0:a4:ec:f3:c5:9e:
31:ee:7f:ec:6b:0d:80:1d:72:37:eb:5f:6b:d7:fe:
3d:76:82:a5:cb:39:3d:f6:b2:92:58:a5:89:d6:b9:
a7:2c:d4:c7:47:66:d3:7b:85:07:6b:71:f9:f6:09:
e5:dd:9b:92:76:31:81:de:2a:88:76:e8:be:1f:de:
74:bf:ef:a5:f6:b1:8f:80:2e:df:7c:b4:78:7e:30:
61:39:b5:46:f7:16:ae:29:21:63:0a:1d:9e:9f:65:
32:64:8f:5c:fc:d1:28:b9:93:75:c1:65:a9:5b:fa:
59:72:61:67:ea:34:bd:a7:97:b8:a8:ab:2f:c1:8b:
45:50:cd:ac:bd:11:11:b0:27:6d:1b:0d:d5:4c:f1:
14:44:cc:66:25:6b:71:96:95:66:34:2e:72:25:09:
f4:dd:26:49:18:c7:05:f4:92:6c:b9:ec:0b:a3:70:
4c:5c:16:3f:ce:94:0d:b6:60:12:e4:83:b8:0c:45:
3d:d1:20:ad:7e:cd:b2:7d:87:4c:be:af:4d:60:b6:
14:85:f3:16:a7:de:54:c3:32:6e:b2:60:43:86:42:
3c:8e:4b:0e:16:91:42:d1:67:c0:bf:52:bb:7c:7f:
4f:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:89:3B:FA:0C:77:23:3D:DB:2B:96:30:E7:06:29:8A:5C:69:27:B8
X509v3 Authority Key Identifier:
keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/X4k7-gx3Iz3bK5Yw5wYpilxpJ7g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.34.224.0/23
89.34.231.0/24
89.37.119.0/24
89.40.82.0/24
89.42.143.0/24
89.46.0.0/24
89.47.99.0/24
89.47.117.0-89.47.118.255
89.47.125.0/24
89.47.127.0/24
Signature Algorithm: sha256WithRSAEncryption
74:ef:7c:e6:5c:e2:17:80:de:d9:e3:70:8a:1f:1d:29:5b:1e:
c3:b2:91:12:c6:19:ca:2d:af:b0:9e:9c:f2:9a:a4:79:03:2c:
21:bc:da:a6:b1:7c:cd:22:17:00:d8:31:6e:65:61:b1:14:ed:
82:34:7b:60:6d:73:01:95:e7:b5:c8:a8:fb:51:1f:27:19:9b:
1f:f3:f6:e5:ae:64:c7:8a:a9:c2:2f:c1:45:a0:7f:23:a5:55:
f3:e9:4c:e1:5e:b0:20:62:d9:69:85:c2:49:0b:9c:17:ee:76:
cd:e5:0d:83:4b:90:a8:3d:ad:17:50:41:2e:f5:36:81:53:eb:
36:69:34:64:d9:e3:d7:7d:10:c8:e8:80:3d:2c:c8:5f:6f:46:
f4:59:62:5c:f1:f3:fa:ee:89:eb:55:ac:5f:b8:32:6a:70:07:
ad:ec:30:ca:c8:10:6c:b7:21:7a:1c:99:d6:4a:0f:e5:b8:35:
e2:0f:f5:ea:e3:77:8f:7f:10:97:e5:36:df:33:0d:1e:40:c3:
93:c8:e1:5c:34:5e:b2:4a:0b:36:c7:33:51:a2:4f:d7:e0:a1:
2a:14:c8:64:1a:53:bc:96:a7:0d:98:e3:0b:0f:dc:26:3d:f9:
c9:63:1e:60:d5:54:0a:3e:68:89:34:59:19:3a:21:d7:74:0a:
71:b7:6e:65
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZjw1GZBvr0L+IJ7VNpLlsMAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwODI4MTMxODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjg5M2JmYTBjNzcyMzNkZGIyYjk2MzBlNzA2Mjk4YTVjNjkyN2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7WyvV6eg67n0OTFv5zPGOVW12tMp
dqPgpOzzxZ4x7n/saw2AHXI3619r1/49doKlyzk99rKSWKWJ1rmnLNTHR2bTe4UH
a3H59gnl3ZuSdjGB3iqIdui+H950v++l9rGPgC7ffLR4fjBhObVG9xauKSFjCh2e
n2UyZI9c/NEouZN1wWWpW/pZcmFn6jS9p5e4qKsvwYtFUM2svRERsCdtGw3VTPEU
RMxmJWtxlpVmNC5yJQn03SZJGMcF9JJsuewLo3BMXBY/zpQNtmAS5IO4DEU90SCt
fs2yfYdMvq9NYLYUhfMWp95UwzJusmBDhkI8jksOFpFC0WfAv1K7fH9P9wIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFF+JO/oMdyM92yuWMOcGKYpcaSe4MB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvWDRrNy1neDNJejNiSzVZdzV3WXBpbHhwSjdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQBWSLgAwQA
WSLnAwQAWSV3AwQAWShSAwQAWSqPAwQAWS4AAwQAWS9jMAwDBABZL3UDBABZL3YD
BABZL30DBABZL38wDQYJKoZIhvcNAQELBQADggEBAHTvfOZc4heA3tnjcIofHSlb
HsOykRLGGcotr7CenPKapHkDLCG82qaxfM0iFwDYMW5lYbEU7YI0e2BtcwGV57XI
qPtRHycZmx/z9uWuZMeKqcIvwUWgfyOlVfPpTOFesCBi2WmFwkkLnBfuds3lDYNL
kKg9rRdQQS71NoFT6zZpNGTZ49d9EMjogD0syF9vRvRZYlzx8/ruietVrF+4Mmpw
B63sMMrIEGy3IXocmdZKD+W4NeIP9erjd49/EJflNt8zDR5Aw5PI4Vw0XrJKCzbH
M1GiT9fgoSoUyGQaU7yWpw2Y4wsP3CY9+cljHmDVVAo+aIk0WRk6Idd0CnG3bmU=
-----END CERTIFICATE-----
Generated at Fri Sep 5 19:33:25 2025 by rpki-client