Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/y4hXN5h520C6rIRBqZCkJxCs4kM.roa
File: y4hXN5h520C6rIRBqZCkJxCs4kM.roa (raw, json)
Hash identifier: hFGkrbVECeoS1bfuF6fyTpHJSpst5NyjE4R6qigrklw=
Subject key identifier: CB:88:57:37:98:79:DB:40:BA:AC:84:41:A9:90:A4:27:10:AC:E2:43
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0197C714910A7D83AB5ADE8DE653BEEBFAB8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/y4hXN5h520C6rIRBqZCkJxCs4kM.roa
Signing time: Tue 01 Jul 2025 17:41:42 +0000
ROA not before: Tue 01 Jul 2025 17:41:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44547
IP address blocks: 45.90.88.0/24 maxlen: 24
45.149.242.0/24 maxlen: 24
87.121.103.0/24 maxlen: 24
87.121.104.0/24 maxlen: 24
91.92.16.0/24 maxlen: 24
94.156.113.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 14:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:c7:14:91:0a:7d:83:ab:5a:de:8d:e6:53:be:eb:fa:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 1 17:41:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cb8857379879db40baac8441a990a42710ace243
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:a5:2a:72:5a:df:bf:17:b3:19:32:86:3b:ac:
1e:27:c0:d0:c4:49:76:99:26:f3:ec:3b:02:f4:9e:
fa:69:7c:7b:1a:19:4e:38:01:4c:69:f5:38:18:f4:
3e:56:56:1a:a5:9a:f1:c2:9c:c9:a2:6c:14:6b:c6:
96:52:19:8c:db:f5:68:84:54:46:28:3d:5c:7a:66:
4f:16:53:c4:46:a8:c7:76:55:f5:58:d4:95:1c:03:
94:5d:bd:07:2e:5e:45:59:fe:84:e3:23:aa:4c:48:
d5:5d:8a:c2:3e:54:5e:62:a6:3d:d9:4c:2e:42:5d:
26:84:4a:23:61:df:dd:48:32:81:81:3a:f0:ac:a3:
e0:6a:fa:e4:da:64:08:b7:9f:30:ab:4e:46:17:0b:
b1:00:56:b5:3b:a7:9c:7d:e8:02:a9:95:58:69:ba:
28:7d:9a:0e:45:0e:73:6d:c9:3f:9a:ee:5b:cf:29:
30:bc:75:72:0d:bc:0c:d2:62:8a:a5:02:0e:ad:c6:
e7:7b:f3:60:f1:2e:9b:5a:83:cb:e0:c1:18:82:fa:
6f:f4:06:05:3d:24:bb:47:2a:9c:70:b5:95:2b:5a:
e2:70:ac:f5:0a:ee:d7:ce:51:e7:61:82:91:28:e4:
13:13:d9:35:41:2c:74:47:3a:98:67:3c:41:a3:30:
f8:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:88:57:37:98:79:DB:40:BA:AC:84:41:A9:90:A4:27:10:AC:E2:43
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/y4hXN5h520C6rIRBqZCkJxCs4kM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.90.88.0/24
45.149.242.0/24
87.121.103.0-87.121.104.255
91.92.16.0/24
94.156.113.0/24
Signature Algorithm: sha256WithRSAEncryption
07:08:dd:f2:f8:6a:9b:b6:b2:96:5f:ee:54:85:b3:c7:31:f2:
2f:a1:c8:d6:d4:e0:a2:0d:ae:42:c4:9c:e8:71:8f:f1:8f:d6:
b2:11:11:9e:16:bc:20:64:3a:79:1b:44:e9:ad:55:51:e5:03:
70:22:77:33:c7:7f:2d:6d:3e:f9:5b:74:7d:df:43:47:45:12:
1f:7d:cc:9e:b0:51:e3:0e:fc:43:10:50:fc:6b:3f:fb:9f:88:
21:15:71:51:a3:d6:7a:d9:56:2c:0b:60:ea:e9:62:03:35:16:
91:57:20:cb:87:90:36:c4:be:cd:fc:27:00:cc:6a:b3:69:5e:
4d:3c:22:1b:cc:20:c3:82:f7:80:69:18:7e:0e:22:cf:a3:18:
b0:62:7a:dc:f7:ff:65:eb:88:c6:22:98:67:86:1e:42:90:57:
be:69:24:4f:74:06:85:fe:f5:1b:ce:5b:6f:17:4e:d1:91:97:
a9:aa:b2:cd:3f:bd:99:35:f9:9e:75:88:46:08:55:ab:7e:38:
2a:55:df:37:14:a7:04:4a:30:b3:ce:41:f4:b0:17:00:38:f1:
25:31:8a:7a:16:e7:bb:58:be:0e:28:7a:38:fe:a3:de:73:98:
69:3e:1a:7b:e1:9f:c3:e8:e0:0a:2f:27:b5:71:bc:20:3b:7f:
e9:87:90:99
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZfHFJEKfYOrWt6N5lO+6/q4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNzAxMTc0MTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjg4NTczNzk4NzlkYjQwYmFhYzg0NDFhOTkwYTQyNzEwYWNlMjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKUqclrfvxezGTKGO6weJ8DQxEl2
mSbz7DsC9J76aXx7GhlOOAFMafU4GPQ+VlYapZrxwpzJomwUa8aWUhmM2/VohFRG
KD1cemZPFlPERqjHdlX1WNSVHAOUXb0HLl5FWf6E4yOqTEjVXYrCPlReYqY92Uwu
Ql0mhEojYd/dSDKBgTrwrKPgavrk2mQIt58wq05GFwuxAFa1O6ecfegCqZVYaboo
fZoORQ5zbck/mu5bzykwvHVyDbwM0mKKpQIOrcbne/Ng8S6bWoPL4MEYgvpv9AYF
PSS7RyqccLWVK1ricKz1Cu7XzlHnYYKRKOQTE9k1QSx0RzqYZzxBozD4MQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFMuIVzeYedtAuqyEQamQpCcQrOJDMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveTRoWE41aDUyMEM2cklSQnFaQ2tKeENzNGtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQALVpYAwQA
LZXyMAwDBABXeWcDBABXeWgDBABbXBADBABenHEwDQYJKoZIhvcNAQELBQADggEB
AAcI3fL4apu2spZf7lSFs8cx8i+hyNbU4KINrkLEnOhxj/GP1rIREZ4WvCBkOnkb
ROmtVVHlA3AidzPHfy1tPvlbdH3fQ0dFEh99zJ6wUeMO/EMQUPxrP/ufiCEVcVGj
1nrZViwLYOrpYgM1FpFXIMuHkDbEvs38JwDMarNpXk08IhvMIMOC94BpGH4OIs+j
GLBietz3/2XriMYimGeGHkKQV75pJE90BoX+9RvOW28XTtGRl6mqss0/vZk1+Z51
iEYIVat+OCpV3zcUpwRKMLPOQfSwFwA48SUxinoW57tYvg4oejj+o95zmGk+Gnvh
n8Po4AovJ7VxvCA7f+mHkJk=
-----END CERTIFICATE-----
Generated at Sat Aug 9 23:19:37 2025 by rpki-client