Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/b70761-bfd2-44b9-b60a-5969d6eb9b0d/1/4jPpa2yrHFokJLczcdkZDLR9h98.roa
File: 4jPpa2yrHFokJLczcdkZDLR9h98.roa (raw, json)
Hash identifier: EAFCvLqIzBJHhjSQ4BlNHua0JxEcTXMXgVltdpts9XM=
Subject key identifier: E2:33:E9:6B:6C:AB:1C:5A:24:24:B7:33:71:D9:19:0C:B4:7D:87:DF
Certificate issuer: /CN=1af1487e4d0e26c53d593ece6e14712221e24010
Certificate serial: 019A1CF5D047F983A81C3AA529A0FDB53EF0
Authority key identifier: 1A:F1:48:7E:4D:0E:26:C5:3D:59:3E:CE:6E:14:71:22:21:E2:40:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GvFIfk0OJsU9WT7ObhRxIiHiQBA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/04/b70761-bfd2-44b9-b60a-5969d6eb9b0d/1/4jPpa2yrHFokJLczcdkZDLR9h98.roa
Signing time: Sat 25 Oct 2025 20:01:03 +0000
ROA not before: Sat 25 Oct 2025 20:01:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39934
IP address blocks: 185.224.4.0/24 maxlen: 24
185.224.5.0/24 maxlen: 24
185.224.6.0/24 maxlen: 24
185.224.7.0/24 maxlen: 24
2a0c:b400::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/04/b70761-bfd2-44b9-b60a-5969d6eb9b0d/1/GvFIfk0OJsU9WT7ObhRxIiHiQBA.crl
rsync://rpki.ripe.net/repository/DEFAULT/04/b70761-bfd2-44b9-b60a-5969d6eb9b0d/1/GvFIfk0OJsU9WT7ObhRxIiHiQBA.mft
rsync://rpki.ripe.net/repository/DEFAULT/GvFIfk0OJsU9WT7ObhRxIiHiQBA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 08:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:1c:f5:d0:47:f9:83:a8:1c:3a:a5:29:a0:fd:b5:3e:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1af1487e4d0e26c53d593ece6e14712221e24010
Validity
Not Before: Oct 25 20:01:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e233e96b6cab1c5a2424b73371d9190cb47d87df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:a4:65:54:c4:c5:41:b7:2f:4f:9d:f9:2c:b9:
de:f6:73:fc:2c:a6:10:b1:01:02:41:c7:ae:d4:cc:
7e:94:fe:9e:90:ea:c9:52:de:25:9f:51:15:2f:57:
5d:3e:c7:f5:10:01:d3:c3:90:f1:4f:b6:3e:58:4c:
75:ac:0a:db:52:ad:22:2f:e8:26:e3:b8:5e:e1:f6:
a0:c7:17:ec:59:fe:72:6c:9e:b6:a0:47:6a:6c:ce:
90:a6:fc:f4:bd:30:18:dc:b4:e5:c8:e1:24:06:6b:
1d:b7:ef:ee:38:e0:26:d5:77:ee:b6:07:3d:78:28:
7b:85:53:5c:9d:51:7b:65:1b:0d:28:93:06:4a:0a:
a5:b1:f3:fa:5c:f6:53:03:eb:c1:ad:78:f8:d8:19:
17:bd:e7:7a:2d:da:d5:77:f1:0f:8a:ea:49:bf:85:
e6:0b:3f:02:f1:ca:c5:e0:f2:92:8b:ae:41:62:2f:
fa:50:1b:13:9b:70:cf:1f:76:eb:38:ce:94:be:fa:
2e:bd:ac:4d:19:22:6d:b5:24:7f:c3:13:6a:e4:b9:
e4:27:e0:60:7b:ed:08:ef:a6:e7:f9:3d:2d:ab:b8:
81:93:18:2e:ad:86:d5:fa:20:03:58:89:9e:75:a7:
39:32:18:f8:f2:e3:5a:8f:01:9b:a1:fa:8e:ea:e2:
c4:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:33:E9:6B:6C:AB:1C:5A:24:24:B7:33:71:D9:19:0C:B4:7D:87:DF
X509v3 Authority Key Identifier:
keyid:1A:F1:48:7E:4D:0E:26:C5:3D:59:3E:CE:6E:14:71:22:21:E2:40:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GvFIfk0OJsU9WT7ObhRxIiHiQBA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/b70761-bfd2-44b9-b60a-5969d6eb9b0d/1/4jPpa2yrHFokJLczcdkZDLR9h98.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/04/b70761-bfd2-44b9-b60a-5969d6eb9b0d/1/GvFIfk0OJsU9WT7ObhRxIiHiQBA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.224.4.0/22
IPv6:
2a0c:b400::/29
Signature Algorithm: sha256WithRSAEncryption
2b:d8:0b:03:23:f0:8d:b4:39:b3:25:7c:21:58:78:6e:0e:f9:
ae:1d:01:76:7d:e0:47:d8:ab:f8:52:eb:14:eb:40:4c:a8:f9:
4a:c9:3c:8e:d0:09:c3:2d:66:22:9f:77:97:35:31:6e:dc:9b:
f4:8b:66:c1:f5:57:57:80:c4:d2:f4:2e:2a:1e:53:81:c4:15:
58:81:71:64:b1:02:2e:f1:53:7d:eb:be:a6:52:d1:f2:8e:1e:
97:cf:db:6f:ce:9b:64:0d:49:ef:dd:a2:1c:d9:1c:a6:e2:fc:
6a:c8:43:7d:56:e8:74:0a:c4:92:3f:d9:47:9a:d7:8b:e8:51:
64:06:d2:90:10:c1:7b:bc:0c:aa:14:35:01:f5:aa:05:de:d2:
0f:d0:e6:64:c2:2a:2e:9f:36:b1:f8:ac:f0:96:dc:0f:92:66:
02:df:48:0f:9f:56:98:2f:de:c2:ed:d7:94:09:7e:74:8c:73:
95:d7:eb:ba:17:93:90:3d:79:88:c2:08:3e:02:d0:ec:9c:bf:
96:e1:33:c0:6b:cb:ff:54:8c:51:43:e6:4b:18:5e:3a:02:de:
7e:cc:da:ae:ae:a4:35:dc:eb:79:99:ec:61:1b:e9:2a:63:4f:
11:9e:f6:eb:31:95:3d:06:0f:fc:b0:18:74:e2:9d:4d:9f:db:
b6:57:ab:69
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZoc9dBH+YOoHDqlKaD9tT7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZjE0ODdlNGQwZTI2YzUzZDU5M2VjZTZlMTQ3MTIyMjFl
MjQwMTAwHhcNMjUxMDI1MjAwMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjMzZTk2YjZjYWIxYzVhMjQyNGI3MzM3MWQ5MTkwY2I0N2Q4N2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6RlVMTFQbcvT535LLne9nP8LKYQ
sQECQceu1Mx+lP6ekOrJUt4ln1EVL1ddPsf1EAHTw5DxT7Y+WEx1rArbUq0iL+gm
47he4fagxxfsWf5ybJ62oEdqbM6Qpvz0vTAY3LTlyOEkBmsdt+/uOOAm1Xfutgc9
eCh7hVNcnVF7ZRsNKJMGSgqlsfP6XPZTA+vBrXj42BkXved6LdrVd/EPiupJv4Xm
Cz8C8crF4PKSi65BYi/6UBsTm3DPH3brOM6UvvouvaxNGSJttSR/wxNq5LnkJ+Bg
e+0I76bn+T0tq7iBkxgurYbV+iADWImedac5Mhj48uNajwGbofqO6uLEywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOIz6WtsqxxaJCS3M3HZGQy0fYffMB8GA1UdIwQY
MBaAFBrxSH5NDibFPVk+zm4UcSIh4kAQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3ZGSWZrME9Kc1U5V1Q3T2JoUnhJaUhpUUJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9iNzA3NjEtYmZkMi00NGI5LWI2MGEt
NTk2OWQ2ZWI5YjBkLzEvNGpQcGEyeXJIRm9rSkxjemNka1pETFI5aDk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9iNzA3NjEtYmZkMi00NGI5LWI2MGEtNTk2OWQ2ZWI5YjBk
LzEvR3ZGSWZrME9Kc1U5V1Q3T2JoUnhJaUhpUUJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueAEMA0E
AgACMAcDBQMqDLQAMA0GCSqGSIb3DQEBCwUAA4IBAQAr2AsDI/CNtDmzJXwhWHhu
DvmuHQF2feBH2Kv4UusU60BMqPlKyTyO0AnDLWYin3eXNTFu3Jv0i2bB9VdXgMTS
9C4qHlOBxBVYgXFksQIu8VN9676mUtHyjh6Xz9tvzptkDUnv3aIc2Rym4vxqyEN9
Vuh0CsSSP9lHmteL6FFkBtKQEMF7vAyqFDUB9aoF3tIP0OZkwiounzax+KzwltwP
kmYC30gPn1aYL97C7deUCX50jHOV1+u6F5OQPXmIwgg+AtDsnL+W4TPAa8v/VIxR
Q+ZLGF46At5+zNqurqQ13Ot5mexhG+kqY08RnvbrMZU9Bg/8sBh04p1Nn9u2V6tp
-----END CERTIFICATE-----
Generated at Wed Nov 5 17:26:01 2025 by rpki-client