Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/LT2qFiZrkaTJpVLssvHy4QQr-TQ.roa
File: LT2qFiZrkaTJpVLssvHy4QQr-TQ.roa (raw, json)
Hash identifier: /hfGm6m2RRlkHsNmzVghdGMGlRCMAPVquHiTQ52JUJo=
Subject key identifier: 2D:3D:AA:16:26:6B:91:A4:C9:A5:52:EC:B2:F1:F2:E1:04:2B:F9:34
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01980332FA4D943DDFA568D9935511E08B50
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/LT2qFiZrkaTJpVLssvHy4QQr-TQ.roa
Signing time: Sun 13 Jul 2025 09:52:09 +0000
ROA not before: Sun 13 Jul 2025 09:52:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50053
IP address blocks: 45.128.96.0/24 maxlen: 24
45.128.232.0/24 maxlen: 24
45.144.154.0/24 maxlen: 24
45.149.234.0/24 maxlen: 24
79.110.48.0/24 maxlen: 24
185.222.161.0/24 maxlen: 24
193.222.97.0/24 maxlen: 24
194.31.204.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 09 Aug 2025 11:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:03:32:fa:4d:94:3d:df:a5:68:d9:93:55:11:e0:8b:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 13 09:52:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2d3daa16266b91a4c9a552ecb2f1f2e1042bf934
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:4c:ef:94:39:57:11:ed:6b:94:ef:e5:4b:f1:
ef:98:eb:67:96:27:35:12:ce:f0:49:47:a4:e8:a7:
68:ee:4b:aa:46:ac:b7:a6:d9:c7:8e:6d:87:bc:c5:
d5:0c:48:20:be:bc:8d:f2:90:ec:c0:dd:8a:aa:ec:
aa:c0:aa:55:5e:06:58:b4:29:62:a8:9d:38:6a:4e:
84:af:36:36:01:0d:09:77:fa:cb:0b:be:00:bc:8c:
fb:7a:30:e1:56:07:91:42:a6:e3:d5:44:41:04:a5:
a5:20:a9:54:3c:12:c9:47:50:da:8d:5c:d3:68:29:
1e:94:38:c5:b7:3d:07:6e:65:61:5c:88:6a:bc:bf:
b9:45:19:c7:af:dc:0c:28:b0:a0:32:70:9c:57:b1:
72:86:78:e2:36:b0:08:af:2a:39:26:98:ba:ab:3e:
5a:37:d2:ed:ea:b3:4a:a1:96:98:07:f8:dd:71:6d:
5c:43:45:e9:20:12:dd:d6:6a:2e:06:1e:2a:7b:78:
c7:d8:fb:29:9d:9d:db:d2:e3:2f:bd:97:e0:d2:80:
21:4a:76:d8:37:31:fb:0c:ca:f8:7d:1b:e0:ee:74:
0a:da:f6:42:39:5c:e9:fd:12:e1:4d:7f:10:b1:0e:
34:f7:5f:f5:78:f1:d0:37:d3:56:23:2f:94:95:81:
7c:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:3D:AA:16:26:6B:91:A4:C9:A5:52:EC:B2:F1:F2:E1:04:2B:F9:34
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/LT2qFiZrkaTJpVLssvHy4QQr-TQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.96.0/24
45.128.232.0/24
45.144.154.0/24
45.149.234.0/24
79.110.48.0/24
185.222.161.0/24
193.222.97.0/24
194.31.204.0/24
Signature Algorithm: sha256WithRSAEncryption
99:6f:00:f3:f8:02:d4:2c:f0:00:ed:97:85:4b:d0:bf:56:37:
98:94:15:55:8a:5d:21:86:c8:86:ab:c3:ea:06:7b:3a:5c:08:
88:c9:c2:c0:79:df:ad:8f:3d:88:4e:fd:0a:82:7d:60:5c:d1:
c3:f3:fc:f9:45:f3:dd:02:12:22:c6:a5:41:2b:e6:2a:bd:b4:
27:26:85:44:68:d8:45:fd:5a:a6:32:86:d1:4b:b2:ad:b7:d2:
d1:3e:43:26:f8:b8:5d:b3:e6:61:2e:63:08:a3:27:2a:94:75:
f9:4a:c0:b0:1f:55:c4:d0:2e:ef:8a:fc:df:1c:c8:f6:4e:2c:
46:f9:06:ae:f7:5d:fa:d4:4d:e1:13:ae:40:6d:be:73:9f:15:
67:75:62:c7:2a:61:50:b7:19:d5:c2:37:59:0b:ad:f1:ed:f8:
89:31:63:d3:ea:65:c6:0e:a4:21:b9:40:4a:6e:c6:e9:0c:c1:
84:e2:f0:ee:14:01:d1:57:fa:50:8e:7b:36:e4:90:c1:c9:d8:
8f:34:0c:62:99:da:3e:3a:a4:84:ba:a6:be:75:e7:d0:ae:d7:
9c:8c:90:53:de:ff:7a:15:4b:3e:16:6b:a6:cb:0b:d5:d9:a7:
d1:44:6c:42:f7:ac:9b:2b:99:a8:b9:ac:a9:01:82:15:69:9f:
f6:39:09:64
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZgDMvpNlD3fpWjZk1UR4ItQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNzEzMDk1MjA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDNkYWExNjI2NmI5MWE0YzlhNTUyZWNiMmYxZjJlMTA0MmJmOTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0zvlDlXEe1rlO/lS/HvmOtnlic1
Es7wSUek6Kdo7kuqRqy3ptnHjm2HvMXVDEggvryN8pDswN2KquyqwKpVXgZYtCli
qJ04ak6ErzY2AQ0Jd/rLC74AvIz7ejDhVgeRQqbj1URBBKWlIKlUPBLJR1DajVzT
aCkelDjFtz0HbmVhXIhqvL+5RRnHr9wMKLCgMnCcV7FyhnjiNrAIryo5Jpi6qz5a
N9Lt6rNKoZaYB/jdcW1cQ0XpIBLd1mouBh4qe3jH2PspnZ3b0uMvvZfg0oAhSnbY
NzH7DMr4fRvg7nQK2vZCOVzp/RLhTX8QsQ4091/1ePHQN9NWIy+UlYF8TQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFC09qhYma5GkyaVS7LLx8uEEK/k0MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTFQycUZpWnJrYVRKcFZMc3N2SHk0UVFyLVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALYBgAwQA
LYDoAwQALZCaAwQALZXqAwQAT24wAwQAud6hAwQAwd5hAwQAwh/MMA0GCSqGSIb3
DQEBCwUAA4IBAQCZbwDz+ALULPAA7ZeFS9C/VjeYlBVVil0hhsiGq8PqBns6XAiI
ycLAed+tjz2ITv0Kgn1gXNHD8/z5RfPdAhIixqVBK+YqvbQnJoVEaNhF/VqmMobR
S7Ktt9LRPkMm+Lhds+ZhLmMIoycqlHX5SsCwH1XE0C7vivzfHMj2TixG+Qau9136
1E3hE65Abb5znxVndWLHKmFQtxnVwjdZC63x7fiJMWPT6mXGDqQhuUBKbsbpDMGE
4vDuFAHRV/pQjns25JDBydiPNAximdo+OqSEuqa+defQrtecjJBT3v96FUs+Fmum
ywvV2afRRGxC96ybK5mouaypAYIVaZ/2OQlk
-----END CERTIFICATE-----
Generated at Fri Aug 8 19:40:27 2025 by rpki-client