Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/146f8a-e068-48ca-a388-fb186b94334f/1/48HLzEg5hUyysvh2QdFLov5OhmU.roa
File: 48HLzEg5hUyysvh2QdFLov5OhmU.roa (raw, json)
Hash identifier: bw7hBJRBr+ljNjkA7DMlIt09FqFYCknq6hOA/oTgbSY=
Subject key identifier: E3:C1:CB:CC:48:39:85:4C:B2:B2:F8:76:41:D1:4B:A2:FE:4E:86:65
Certificate issuer: /CN=a1b4dd83fc5ecd210f4f684fb6bf40fb3160db21
Certificate serial: 0197F3BA658DD360F0427CC712FD68E3CCCB
Authority key identifier: A1:B4:DD:83:FC:5E:CD:21:0F:4F:68:4F:B6:BF:40:FB:31:60:DB:21
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/obTdg_xezSEPT2hPtr9A-zFg2yE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/146f8a-e068-48ca-a388-fb186b94334f/1/48HLzEg5hUyysvh2QdFLov5OhmU.roa
Signing time: Thu 10 Jul 2025 09:46:08 +0000
ROA not before: Thu 10 Jul 2025 09:46:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198545
IP address blocks: 185.57.220.0/22 maxlen: 22
185.57.223.0/24 maxlen: 24
185.246.16.0/22 maxlen: 22
2a02:5fa0::/32 maxlen: 32
2a02:5fa0:100::/48 maxlen: 48
2a02:5fa0:102::/48 maxlen: 48
2a02:5fa0:103::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/08/146f8a-e068-48ca-a388-fb186b94334f/1/obTdg_xezSEPT2hPtr9A-zFg2yE.crl
rsync://rpki.ripe.net/repository/DEFAULT/08/146f8a-e068-48ca-a388-fb186b94334f/1/obTdg_xezSEPT2hPtr9A-zFg2yE.mft
rsync://rpki.ripe.net/repository/DEFAULT/obTdg_xezSEPT2hPtr9A-zFg2yE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 Aug 2025 12:00:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:f3:ba:65:8d:d3:60:f0:42:7c:c7:12:fd:68:e3:cc:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a1b4dd83fc5ecd210f4f684fb6bf40fb3160db21
Validity
Not Before: Jul 10 09:46:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e3c1cbcc4839854cb2b2f87641d14ba2fe4e8665
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:39:a2:f7:4e:06:91:03:00:5f:00:62:64:c3:
51:a1:4c:8c:e4:93:87:e7:9d:69:a0:a3:5d:d5:30:
92:98:a7:31:cd:f9:93:95:8e:82:0b:e8:4f:2a:dc:
19:35:db:5e:49:88:7e:30:b4:0f:86:d6:03:b2:06:
e4:cc:b5:21:18:51:07:f2:ab:6e:04:63:ab:73:48:
16:cf:ff:7d:a8:76:88:36:40:01:5d:f8:78:29:a2:
8c:42:dd:2b:61:f7:a2:ba:a5:69:a7:74:c9:1d:63:
d8:1c:cd:0f:35:58:2b:9b:53:6a:22:f2:b9:a6:97:
48:16:f4:1d:d5:26:e7:82:d2:fa:14:6c:74:8d:fe:
e1:62:ad:8f:08:9f:f4:a8:1a:54:e6:1c:70:3f:be:
32:fd:bc:09:76:a5:24:a9:92:39:38:c2:36:0d:d9:
40:b6:56:16:1d:61:de:2b:02:b4:11:48:b6:70:fc:
06:9f:7b:57:54:24:fc:a6:a4:71:e8:03:0e:fc:0a:
c0:d3:2c:60:dd:86:9a:90:92:21:06:f7:00:64:7c:
e3:48:a2:7e:33:d2:f5:b2:4e:fc:92:30:e4:3b:b2:
58:55:65:b4:a3:4e:99:3e:92:21:5e:bc:9d:67:0d:
28:34:5a:21:a8:30:eb:2f:2b:56:0d:86:db:14:3b:
f1:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:C1:CB:CC:48:39:85:4C:B2:B2:F8:76:41:D1:4B:A2:FE:4E:86:65
X509v3 Authority Key Identifier:
keyid:A1:B4:DD:83:FC:5E:CD:21:0F:4F:68:4F:B6:BF:40:FB:31:60:DB:21
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/obTdg_xezSEPT2hPtr9A-zFg2yE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/146f8a-e068-48ca-a388-fb186b94334f/1/48HLzEg5hUyysvh2QdFLov5OhmU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/146f8a-e068-48ca-a388-fb186b94334f/1/obTdg_xezSEPT2hPtr9A-zFg2yE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.57.220.0/22
185.246.16.0/22
IPv6:
2a02:5fa0::/32
Signature Algorithm: sha256WithRSAEncryption
b0:7a:05:e3:3f:b3:62:c4:f0:85:45:1a:dd:bd:f3:d7:ff:25:
1c:22:68:c6:0e:bc:85:8e:02:03:c1:3b:a9:73:1e:40:e8:7e:
39:16:12:40:f3:76:9f:be:28:96:65:e5:d9:cb:fb:95:b4:f8:
f8:c6:fd:5b:7d:a8:ff:39:fd:bf:30:e3:c4:29:11:06:0d:75:
eb:9d:b5:00:d4:94:5d:05:bf:44:f8:02:33:21:7c:c2:fc:b2:
d7:9b:a0:92:1a:9a:04:8b:ec:64:b7:ee:1f:38:27:81:fe:66:
0b:d5:2e:cc:13:61:d8:ce:a7:af:25:f1:4a:19:c9:1f:ab:8f:
64:0d:30:44:06:37:dd:c9:4d:c5:a9:0e:b0:e7:7f:26:07:31:
83:26:9e:b9:73:3c:be:22:da:96:af:ba:e1:d1:f2:71:7a:80:
f3:85:6b:86:39:4f:e8:62:79:f7:5b:ae:e7:a2:7a:5e:dd:95:
a5:a3:50:64:c2:ff:05:97:df:0b:13:5a:ca:a9:79:85:4b:8d:
96:79:83:58:c6:5b:e2:de:e5:27:b8:d0:43:88:4f:be:bb:07:
53:81:0f:dc:be:a8:e9:40:9d:ea:36:e3:b6:bb:3d:4e:56:36:
98:12:e0:f6:c8:91:95:e1:8b:66:05:3b:c8:3e:64:b3:c0:00:
f0:41:9c:3a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZfzumWN02DwQnzHEv1o48zLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExYjRkZDgzZmM1ZWNkMjEwZjRmNjg0ZmI2YmY0MGZiMzE2
MGRiMjEwHhcNMjUwNzEwMDk0NjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2MxY2JjYzQ4Mzk4NTRjYjJiMmY4NzY0MWQxNGJhMmZlNGU4NjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Dmi904GkQMAXwBiZMNRoUyM5JOH
551poKNd1TCSmKcxzfmTlY6CC+hPKtwZNdteSYh+MLQPhtYDsgbkzLUhGFEH8qtu
BGOrc0gWz/99qHaINkABXfh4KaKMQt0rYfeiuqVpp3TJHWPYHM0PNVgrm1NqIvK5
ppdIFvQd1SbngtL6FGx0jf7hYq2PCJ/0qBpU5hxwP74y/bwJdqUkqZI5OMI2DdlA
tlYWHWHeKwK0EUi2cPwGn3tXVCT8pqRx6AMO/ArA0yxg3YaakJIhBvcAZHzjSKJ+
M9L1sk78kjDkO7JYVWW0o06ZPpIhXrydZw0oNFohqDDrLytWDYbbFDvxzwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOPBy8xIOYVMsrL4dkHRS6L+ToZlMB8GA1UdIwQY
MBaAFKG03YP8Xs0hD09oT7a/QPsxYNshMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2JUZGdfeGV6U0VQVDJoUHRyOUEtekZnMnlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8xNDZmOGEtZTA2OC00OGNhLWEzODgt
ZmIxODZiOTQzMzRmLzEvNDhITHpFZzVoVXl5c3ZoMlFkRkxvdjVPaG1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8xNDZmOGEtZTA2OC00OGNhLWEzODgtZmIxODZiOTQzMzRm
LzEvb2JUZGdfeGV6U0VQVDJoUHRyOUEtekZnMnlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuTncAwQC
ufYQMA0EAgACMAcDBQAqAl+gMA0GCSqGSIb3DQEBCwUAA4IBAQCwegXjP7NixPCF
RRrdvfPX/yUcImjGDryFjgIDwTupcx5A6H45FhJA83afviiWZeXZy/uVtPj4xv1b
faj/Of2/MOPEKREGDXXrnbUA1JRdBb9E+AIzIXzC/LLXm6CSGpoEi+xkt+4fOCeB
/mYL1S7ME2HYzqevJfFKGckfq49kDTBEBjfdyU3FqQ6w538mBzGDJp65czy+ItqW
r7rh0fJxeoDzhWuGOU/oYnn3W67nonpe3ZWlo1Bkwv8Fl98LE1rKqXmFS42WeYNY
xlvi3uUnuNBDiE++uwdTgQ/cvqjpQJ3qNuO2uz1OVjaYEuD2yJGV4YtmBTvIPmSz
wADwQZw6
-----END CERTIFICATE-----
Generated at Wed Aug 13 17:54:33 2025 by rpki-client