Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/391350-a970-4ba1-8a94-3979b800cda8/1/4xTwGwEgqqNgpztG8b7-qFnWnmQ.roa
File: 4xTwGwEgqqNgpztG8b7-qFnWnmQ.roa (raw, json)
Hash identifier: G+NieVImXlejNVzPXtYNNAfkIKyCKo0Pau1bwovvw64=
Subject key identifier: E3:14:F0:1B:01:20:AA:A3:60:A7:3B:46:F1:BE:FE:A8:59:D6:9E:64
Certificate issuer: /CN=1c422dd7ed73d1c004850033bf9579b4fef5e9d1
Certificate serial: 01973EA126736F9D6D7E533BC7DFA8F22FA7
Authority key identifier: 1C:42:2D:D7:ED:73:D1:C0:04:85:00:33:BF:95:79:B4:FE:F5:E9:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HEIt1-1z0cAEhQAzv5V5tP716dE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/391350-a970-4ba1-8a94-3979b800cda8/1/4xTwGwEgqqNgpztG8b7-qFnWnmQ.roa
Signing time: Thu 05 Jun 2025 05:47:17 +0000
ROA not before: Thu 05 Jun 2025 05:47:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48559
IP address blocks: 91.224.214.0/23 maxlen: 23
185.27.52.0/22 maxlen: 22
195.26.12.0/23 maxlen: 23
195.248.226.0/23 maxlen: 23
2a00:9320:fffd::/48 maxlen: 48
2a00:9320:fffe::/48 maxlen: 48
2a00:9320:ffff::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b4/391350-a970-4ba1-8a94-3979b800cda8/1/HEIt1-1z0cAEhQAzv5V5tP716dE.crl
rsync://rpki.ripe.net/repository/DEFAULT/b4/391350-a970-4ba1-8a94-3979b800cda8/1/HEIt1-1z0cAEhQAzv5V5tP716dE.mft
rsync://rpki.ripe.net/repository/DEFAULT/HEIt1-1z0cAEhQAzv5V5tP716dE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 09 Jun 2025 12:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:3e:a1:26:73:6f:9d:6d:7e:53:3b:c7:df:a8:f2:2f:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c422dd7ed73d1c004850033bf9579b4fef5e9d1
Validity
Not Before: Jun 5 05:47:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e314f01b0120aaa360a73b46f1befea859d69e64
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:bb:21:ff:36:ba:b4:79:b1:03:00:45:83:95:
0f:42:2a:8c:e5:a7:dd:ac:5c:c3:c8:a9:c9:60:18:
75:84:51:f4:27:99:40:ab:68:3d:37:13:61:24:fb:
e5:66:a3:c3:1d:51:5a:a6:b9:13:f6:4e:52:b2:4d:
9b:9c:62:bf:ac:bd:3f:45:43:1b:45:93:0d:c3:4e:
d4:96:a4:8e:74:2d:bb:98:ea:81:b6:19:1b:aa:b2:
9d:ee:e9:4c:a2:cc:c3:75:ac:7f:fe:3f:d4:ff:35:
f3:0a:43:3d:5e:ee:ee:c2:bf:3f:30:36:47:22:fd:
f1:20:65:7b:7d:fe:17:f9:fb:63:80:63:9f:6b:32:
8d:28:c1:74:39:43:ce:1a:f2:e0:2a:5f:59:03:ab:
e1:85:15:fd:20:d0:9f:03:3b:af:28:93:c1:47:70:
21:05:a8:be:f8:eb:49:82:9e:06:e8:7a:35:ce:a8:
fa:a6:43:44:0e:d1:5f:7e:a8:9f:70:6e:4f:89:9c:
fb:1d:76:83:23:57:ae:7a:54:e3:ea:13:6c:c8:bb:
5a:db:bb:b8:22:ec:f3:51:82:70:91:29:43:e3:cb:
98:65:02:a9:1c:1c:4c:cb:ae:9f:89:15:d2:da:0c:
8e:47:67:03:59:45:e4:21:a7:5e:46:aa:a2:57:cb:
95:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:14:F0:1B:01:20:AA:A3:60:A7:3B:46:F1:BE:FE:A8:59:D6:9E:64
X509v3 Authority Key Identifier:
keyid:1C:42:2D:D7:ED:73:D1:C0:04:85:00:33:BF:95:79:B4:FE:F5:E9:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HEIt1-1z0cAEhQAzv5V5tP716dE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/391350-a970-4ba1-8a94-3979b800cda8/1/4xTwGwEgqqNgpztG8b7-qFnWnmQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/391350-a970-4ba1-8a94-3979b800cda8/1/HEIt1-1z0cAEhQAzv5V5tP716dE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.224.214.0/23
185.27.52.0/22
195.26.12.0/23
195.248.226.0/23
IPv6:
2a00:9320:fffd::-2a00:9320:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
4f:24:d2:46:ba:ec:4a:c7:93:2f:c6:e0:43:d3:e4:35:09:d1:
8a:29:58:c3:f1:13:f3:cc:26:2a:26:92:04:c7:d7:2c:4b:ac:
cd:34:97:47:bc:62:0f:92:f7:13:57:9e:05:2b:f4:18:cd:7a:
8e:1e:44:93:9b:d8:82:28:45:04:a9:97:8f:e5:54:c7:8a:9e:
e0:95:e4:02:f5:a8:d8:47:52:94:ec:f9:b7:f9:81:d5:9f:3f:
a0:f1:87:e2:d0:39:ca:7f:55:9d:32:2e:ee:a3:a1:e7:ad:24:
78:16:39:51:56:20:7f:b8:9d:63:10:ed:f9:61:79:6b:c2:38:
36:df:a1:5e:e2:6a:dc:84:2f:5e:e9:53:0f:85:cf:c4:76:49:
57:b4:ee:4c:b5:b6:e6:2c:1f:8d:05:04:b9:e7:d1:56:49:0e:
a5:c1:2f:b4:74:9e:d2:5b:b1:fe:c0:02:8f:b0:fe:15:12:82:
de:2f:09:d6:2d:22:e4:fa:90:f7:32:ee:40:43:10:2c:1b:d9:
41:de:8f:f6:5c:a5:d1:f1:7a:9b:f9:83:b3:a6:cc:33:c1:37:
86:6f:7f:c2:2c:f5:ba:22:73:85:3e:12:86:12:d5:46:cb:80:
c4:f0:98:fc:0d:51:7e:6c:3c:74:ac:6d:2f:10:4b:e0:cd:21:
6e:44:47:d0
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZc+oSZzb51tflM7x9+o8i+nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNDIyZGQ3ZWQ3M2QxYzAwNDg1MDAzM2JmOTU3OWI0ZmVm
NWU5ZDEwHhcNMjUwNjA1MDU0NzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzE0ZjAxYjAxMjBhYWEzNjBhNzNiNDZmMWJlZmVhODU5ZDY5ZTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2bsh/za6tHmxAwBFg5UPQiqM5afd
rFzDyKnJYBh1hFH0J5lAq2g9NxNhJPvlZqPDHVFaprkT9k5Ssk2bnGK/rL0/RUMb
RZMNw07UlqSOdC27mOqBthkbqrKd7ulMoszDdax//j/U/zXzCkM9Xu7uwr8/MDZH
Iv3xIGV7ff4X+ftjgGOfazKNKMF0OUPOGvLgKl9ZA6vhhRX9INCfAzuvKJPBR3Ah
Bai++OtJgp4G6Ho1zqj6pkNEDtFffqifcG5PiZz7HXaDI1euelTj6hNsyLta27u4
IuzzUYJwkSlD48uYZQKpHBxMy66fiRXS2gyOR2cDWUXkIadeRqqiV8uV0wIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFOMU8BsBIKqjYKc7RvG+/qhZ1p5kMB8GA1UdIwQY
MBaAFBxCLdftc9HABIUAM7+VebT+9enRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEVJdDEtMXowY0FFaFFBenY1VjV0UDcxNmRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8zOTEzNTAtYTk3MC00YmExLThhOTQt
Mzk3OWI4MDBjZGE4LzEvNHhUd0d3RWdxcU5ncHp0RzhiNy1xRm5Xbm1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8zOTEzNTAtYTk3MC00YmExLThhOTQtMzk3OWI4MDBjZGE4
LzEvSEVJdDEtMXowY0FFaFFBenY1VjV0UDcxNmRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjAeBAIAATAYAwQBW+DWAwQC
uRs0AwQBwxoMAwQBw/jiMBgEAgACMBIwEAMHACoAkyD//QMFACoAkyAwDQYJKoZI
hvcNAQELBQADggEBAE8k0ka67ErHky/G4EPT5DUJ0YopWMPxE/PMJiomkgTH1yxL
rM00l0e8Yg+S9xNXngUr9BjNeo4eRJOb2IIoRQSpl4/lVMeKnuCV5AL1qNhHUpTs
+bf5gdWfP6Dxh+LQOcp/VZ0yLu6joeetJHgWOVFWIH+4nWMQ7flheWvCODbfoV7i
atyEL17pUw+Fz8R2SVe07ky1tuYsH40FBLnn0VZJDqXBL7R0ntJbsf7AAo+w/hUS
gt4vCdYtIuT6kPcy7kBDECwb2UHej/ZcpdHxepv5g7OmzDPBN4Zvf8Is9boic4U+
EoYS1UbLgMTwmPwNUX5sPHSsbS8QS+DNIW5ER9A=
-----END CERTIFICATE-----
Generated at Sun Jun 8 21:55:50 2025 by rpki-client