Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/62b15d-ee50-450b-8e2d-097b0510d3e2/1/RzF4b3sIXe3DzFdXYIh4DACfNyQ.roa
File: RzF4b3sIXe3DzFdXYIh4DACfNyQ.roa (raw, json)
Hash identifier: NzaYQenLUpyVGKDKds+F+mtyj0Y2xs4JaXrSTsoxdK0=
Subject key identifier: 47:31:78:6F:7B:08:5D:ED:C3:CC:57:57:60:88:78:0C:00:9F:37:24
Certificate issuer: /CN=3bde638684c645fedd600ed3c50cdf310b116d3e
Certificate serial: 019875498582332B7AE39AC6FC5C9047E44D
Authority key identifier: 3B:DE:63:86:84:C6:45:FE:DD:60:0E:D3:C5:0C:DF:31:0B:11:6D:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/O95jhoTGRf7dYA7TxQzfMQsRbT4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/62b15d-ee50-450b-8e2d-097b0510d3e2/1/RzF4b3sIXe3DzFdXYIh4DACfNyQ.roa
Signing time: Mon 04 Aug 2025 13:33:29 +0000
ROA not before: Mon 04 Aug 2025 13:33:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209045
IP address blocks: 147.189.192.0/20 maxlen: 24
147.189.207.0/24 maxlen: 24
2a09:7000::/29 maxlen: 36
2a09:7000::/31 maxlen: 32
2a09:7007::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/25/62b15d-ee50-450b-8e2d-097b0510d3e2/1/O95jhoTGRf7dYA7TxQzfMQsRbT4.crl
rsync://rpki.ripe.net/repository/DEFAULT/25/62b15d-ee50-450b-8e2d-097b0510d3e2/1/O95jhoTGRf7dYA7TxQzfMQsRbT4.mft
rsync://rpki.ripe.net/repository/DEFAULT/O95jhoTGRf7dYA7TxQzfMQsRbT4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 07 Aug 2025 19:01:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:75:49:85:82:33:2b:7a:e3:9a:c6:fc:5c:90:47:e4:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3bde638684c645fedd600ed3c50cdf310b116d3e
Validity
Not Before: Aug 4 13:33:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4731786f7b085dedc3cc57576088780c009f3724
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:7a:98:fd:0a:59:f5:e8:82:57:bc:be:f2:16:
81:fb:90:11:ed:a8:3d:9e:27:de:85:80:ed:e0:cb:
b6:4d:5d:40:3d:ee:7f:15:fd:8c:95:5c:ed:63:4d:
44:ed:d2:50:21:cd:96:c3:0b:24:95:fb:6a:24:c8:
c0:ab:5c:56:2a:7b:03:98:eb:0f:33:43:89:c1:02:
2c:70:90:48:f4:8c:f1:e4:8b:65:0e:3a:b5:35:63:
ea:e2:d9:aa:3e:39:db:3f:5d:dc:14:81:1d:31:56:
48:2c:df:09:59:ef:48:3a:d5:cb:d6:b1:14:1f:16:
0c:c1:de:20:70:d9:75:2c:14:cc:1b:a1:f1:60:76:
0f:3c:cc:ef:3d:c2:41:a8:25:a7:f6:53:09:6c:f7:
39:77:0f:0b:28:be:d7:74:e9:fb:16:c8:8c:89:a6:
fd:dd:e4:10:57:7e:3f:dc:ee:21:38:5c:70:12:60:
fc:83:bf:d8:4d:d6:fd:3c:f7:9e:13:86:29:58:c7:
cd:9b:58:25:89:df:89:e2:86:3b:c3:38:97:ab:fa:
a7:89:9b:3f:36:3d:e3:0b:ca:0d:c4:e3:60:df:44:
91:f7:7b:98:84:39:75:f5:df:fd:3d:21:69:2b:b4:
05:47:3f:85:36:0d:b7:71:97:4a:24:c0:f0:44:52:
15:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:31:78:6F:7B:08:5D:ED:C3:CC:57:57:60:88:78:0C:00:9F:37:24
X509v3 Authority Key Identifier:
keyid:3B:DE:63:86:84:C6:45:FE:DD:60:0E:D3:C5:0C:DF:31:0B:11:6D:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O95jhoTGRf7dYA7TxQzfMQsRbT4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/62b15d-ee50-450b-8e2d-097b0510d3e2/1/RzF4b3sIXe3DzFdXYIh4DACfNyQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/62b15d-ee50-450b-8e2d-097b0510d3e2/1/O95jhoTGRf7dYA7TxQzfMQsRbT4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.189.192.0/20
IPv6:
2a09:7000::/29
Signature Algorithm: sha256WithRSAEncryption
7b:1c:83:c7:a0:d2:d6:ed:84:a4:cb:f0:2b:e3:73:39:d4:20:
b8:94:87:2a:cf:a3:d6:84:00:ed:8e:59:b4:af:18:e5:65:4b:
cb:3f:c4:5c:e2:be:f4:96:8f:9d:35:c2:35:80:ef:d0:72:64:
92:7e:b9:63:7d:8b:d6:0d:94:f8:a2:28:46:13:cb:c9:78:82:
56:68:4c:e2:57:8f:f4:d4:9b:58:2b:4a:f3:b7:8e:22:85:8c:
47:9f:c0:ed:d0:94:a8:b9:6e:da:76:17:22:c4:0a:74:32:d9:
9e:c0:ce:44:cf:99:29:77:a5:d0:a9:5b:15:64:cd:96:f3:a2:
24:3b:eb:5e:29:69:16:3c:84:e6:c2:d1:85:06:38:21:69:c6:
6c:d3:d8:c2:40:93:3a:b3:14:50:70:39:e9:ac:ec:8f:ef:3e:
9c:f8:f8:1e:7c:a4:f5:fe:0d:0f:af:c6:cd:b9:41:08:1f:7a:
a1:0b:0e:38:3e:29:5b:99:01:79:03:43:7d:d0:a7:e0:1f:4c:
3f:7d:53:49:69:ae:72:c9:18:f0:e5:10:87:4d:9b:a9:54:c7:
d8:33:37:d8:40:2e:50:57:76:6b:f8:3c:c2:38:03:98:28:28:
11:ee:a2:c4:e0:81:02:fb:8d:cf:4b:a1:8d:6a:15:84:15:c4:
92:6c:a5:0c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZh1SYWCMyt645rG/FyQR+RNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZGU2Mzg2ODRjNjQ1ZmVkZDYwMGVkM2M1MGNkZjMxMGIx
MTZkM2UwHhcNMjUwODA0MTMzMzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzMxNzg2ZjdiMDg1ZGVkYzNjYzU3NTc2MDg4NzgwYzAwOWYzNzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHqY/QpZ9eiCV7y+8haB+5AR7ag9
nifehYDt4Mu2TV1APe5/Ff2MlVztY01E7dJQIc2WwwsklftqJMjAq1xWKnsDmOsP
M0OJwQIscJBI9Izx5ItlDjq1NWPq4tmqPjnbP13cFIEdMVZILN8JWe9IOtXL1rEU
HxYMwd4gcNl1LBTMG6HxYHYPPMzvPcJBqCWn9lMJbPc5dw8LKL7XdOn7FsiMiab9
3eQQV34/3O4hOFxwEmD8g7/YTdb9PPeeE4YpWMfNm1glid+J4oY7wziXq/qniZs/
Nj3jC8oNxONg30SR93uYhDl19d/9PSFpK7QFRz+FNg23cZdKJMDwRFIVVwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEcxeG97CF3tw8xXV2CIeAwAnzckMB8GA1UdIwQY
MBaAFDveY4aExkX+3WAO08UM3zELEW0+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzk1amhvVEdSZjdkWUE3VHhRemZNUXNSYlQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS82MmIxNWQtZWU1MC00NTBiLThlMmQt
MDk3YjA1MTBkM2UyLzEvUnpGNGIzc0lYZTNEekZkWFlJaDREQUNmTnlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS82MmIxNWQtZWU1MC00NTBiLThlMmQtMDk3YjA1MTBkM2Uy
LzEvTzk1amhvVEdSZjdkWUE3VHhRemZNUXNSYlQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEk73AMA0E
AgACMAcDBQMqCXAAMA0GCSqGSIb3DQEBCwUAA4IBAQB7HIPHoNLW7YSky/Ar43M5
1CC4lIcqz6PWhADtjlm0rxjlZUvLP8Rc4r70lo+dNcI1gO/QcmSSfrljfYvWDZT4
oihGE8vJeIJWaEziV4/01JtYK0rzt44ihYxHn8Dt0JSouW7adhcixAp0MtmewM5E
z5kpd6XQqVsVZM2W86IkO+teKWkWPITmwtGFBjghacZs09jCQJM6sxRQcDnprOyP
7z6c+PgefKT1/g0Pr8bNuUEIH3qhCw44PilbmQF5A0N90KfgH0w/fVNJaa5yyRjw
5RCHTZupVMfYMzfYQC5QV3Zr+DzCOAOYKCgR7qLE4IEC+43PS6GNahWEFcSSbKUM
-----END CERTIFICATE-----
Generated at Thu Aug 7 00:43:43 2025 by rpki-client