Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/3x4lyNPFV_PxlA3wI9Ks-6pzfts.roa
File: 3x4lyNPFV_PxlA3wI9Ks-6pzfts.roa (raw, json)
Hash identifier: /RTGCKhsNS1R75WUzsn5pnztjjekAC7jsZZLRjCrE5s=
Subject key identifier: DF:1E:25:C8:D3:C5:57:F3:F1:94:0D:F0:23:D2:AC:FB:AA:73:7E:DB
Certificate issuer: /CN=1e95a069669ed5a766eee8ebdc32e39fb148410b
Certificate serial: 01973B40E3E5C6F304D12BCC65AF91882392
Authority key identifier: 1E:95:A0:69:66:9E:D5:A7:66:EE:E8:EB:DC:32:E3:9F:B1:48:41:0B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/3x4lyNPFV_PxlA3wI9Ks-6pzfts.roa
Signing time: Wed 04 Jun 2025 14:03:17 +0000
ROA not before: Wed 04 Jun 2025 14:03:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39728
IP address blocks: 91.217.4.0/23 maxlen: 24
176.113.224.0/19 maxlen: 19
178.214.160.0/19 maxlen: 19
178.216.232.0/21 maxlen: 21
185.178.245.0/24 maxlen: 24
194.31.152.0/22 maxlen: 24
195.8.56.0/23 maxlen: 23
2a07:6900::/48 maxlen: 48
2a07:6900:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.crl
rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.mft
rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 09 Jun 2025 03:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:3b:40:e3:e5:c6:f3:04:d1:2b:cc:65:af:91:88:23:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1e95a069669ed5a766eee8ebdc32e39fb148410b
Validity
Not Before: Jun 4 14:03:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=df1e25c8d3c557f3f1940df023d2acfbaa737edb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:9c:0d:7e:4b:7e:82:52:b4:0d:08:06:51:83:
a8:77:a8:1d:eb:99:7b:21:20:ca:ab:40:c1:cc:cc:
e4:89:5e:d0:ed:4f:a9:14:90:14:6c:88:6c:6c:12:
ac:48:04:88:e2:68:14:a6:13:53:82:7e:bd:e2:7b:
8f:03:8c:25:5d:02:95:db:3e:c6:cf:b0:3c:f3:51:
37:bf:98:fc:fb:28:67:96:7e:8c:ca:9a:e9:4d:b1:
4d:ea:85:46:ab:c7:5e:73:69:88:36:d9:d1:5e:a0:
2d:c3:1c:d7:69:ac:c3:17:a3:39:af:5d:24:4d:97:
fd:d2:b0:0c:a4:27:05:a4:05:40:45:75:be:5a:3e:
b4:20:19:97:a7:ea:f0:bb:f7:0e:42:00:c3:5d:de:
7b:f0:63:3b:7a:30:5a:eb:f9:1e:b2:19:eb:eb:5b:
b7:d2:60:c1:b8:5c:aa:73:c4:52:9a:f7:dc:b2:f9:
10:a9:ad:4c:f8:56:d6:ec:5f:cf:a0:7e:97:b6:c3:
5e:77:41:d1:f9:cf:be:e9:03:8e:2f:dc:4f:86:8d:
a8:d7:0f:66:93:f3:41:32:86:ac:e7:ef:30:2c:5c:
aa:b6:9f:e7:f1:77:8f:5e:7c:f5:21:76:f5:b2:72:
19:ff:29:8f:6c:b8:f4:7c:0f:ff:49:0f:04:62:ea:
92:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:1E:25:C8:D3:C5:57:F3:F1:94:0D:F0:23:D2:AC:FB:AA:73:7E:DB
X509v3 Authority Key Identifier:
keyid:1E:95:A0:69:66:9E:D5:A7:66:EE:E8:EB:DC:32:E3:9F:B1:48:41:0B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/3x4lyNPFV_PxlA3wI9Ks-6pzfts.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.217.4.0/23
176.113.224.0/19
178.214.160.0/19
178.216.232.0/21
185.178.245.0/24
194.31.152.0/22
195.8.56.0/23
IPv6:
2a07:6900::/47
Signature Algorithm: sha256WithRSAEncryption
28:9e:ba:c7:20:29:35:82:69:a1:50:da:24:af:4b:e9:a2:76:
9f:b1:1b:44:b3:3b:1e:52:1a:05:7b:69:ef:fd:8a:d3:f2:54:
79:e5:11:d8:e5:4e:95:87:d8:60:a7:35:b5:15:0f:35:6a:03:
1c:37:e8:8c:bb:91:64:a3:36:5f:c7:dc:b4:81:30:5c:06:3c:
c1:06:de:d8:93:1c:08:68:16:9e:d0:59:8f:fa:63:22:56:62:
dd:fb:ed:9a:e2:0c:bd:43:04:e3:f2:9b:86:5d:7a:5e:07:a2:
b5:06:2b:c7:59:18:9d:4b:f0:54:15:a1:17:de:a3:cf:97:6f:
4d:7d:01:c7:c7:69:74:df:30:38:2c:8c:43:f1:98:f6:0d:b3:
e0:df:5c:66:64:e8:9b:c1:99:2c:2f:5c:76:4f:c3:da:ac:fb:
db:0d:ff:2f:36:bb:d2:0c:17:0e:79:b2:27:d2:d0:be:68:56:
53:a4:b8:61:24:ce:74:80:5f:f6:23:71:db:f5:db:fe:2f:38:
46:20:01:f0:a4:9e:58:f8:e0:d9:69:6b:02:46:a0:fa:27:1a:
20:32:b7:66:c7:73:64:92:0f:ce:2e:e3:7c:b4:37:6e:25:20:
25:fb:a3:f9:0c:ab:fe:44:86:32:a7:a9:28:9c:56:d3:f8:0b:
3c:7a:ad:e1
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZc7QOPlxvME0SvMZa+RiCOSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOTVhMDY5NjY5ZWQ1YTc2NmVlZThlYmRjMzJlMzlmYjE0
ODQxMGIwHhcNMjUwNjA0MTQwMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjFlMjVjOGQzYzU1N2YzZjE5NDBkZjAyM2QyYWNmYmFhNzM3ZWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5wNfkt+glK0DQgGUYOod6gd65l7
ISDKq0DBzMzkiV7Q7U+pFJAUbIhsbBKsSASI4mgUphNTgn694nuPA4wlXQKV2z7G
z7A881E3v5j8+yhnln6MyprpTbFN6oVGq8dec2mINtnRXqAtwxzXaazDF6M5r10k
TZf90rAMpCcFpAVARXW+Wj60IBmXp+rwu/cOQgDDXd578GM7ejBa6/keshnr61u3
0mDBuFyqc8RSmvfcsvkQqa1M+FbW7F/PoH6XtsNed0HR+c++6QOOL9xPho2o1w9m
k/NBMoas5+8wLFyqtp/n8XePXnz1IXb1snIZ/ymPbLj0fA//SQ8EYuqSJwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFN8eJcjTxVfz8ZQN8CPSrPuqc37bMB8GA1UdIwQY
MBaAFB6VoGlmntWnZu7o69wy45+xSEELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBXZ2FXYWUxYWRtN3VqcjNETGpuN0ZJUVFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8xMDc0NTYtZGY1My00MjRkLTkzMjAt
OTMzYmZhNTkyYjFkLzEvM3g0bHlOUEZWX1B4bEEzd0k5S3MtNnB6ZnRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8xMDc0NTYtZGY1My00MjRkLTkzMjAtOTMzYmZhNTkyYjFk
LzEvSHBXZ2FXYWUxYWRtN3VqcjNETGpuN0ZJUVFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAwBAIAATAqAwQBW9kEAwQF
sHHgAwQFstagAwQDstjoAwQAubL1AwQCwh+YAwQBwwg4MA8EAgACMAkDBwEqB2kA
AAAwDQYJKoZIhvcNAQELBQADggEBACieuscgKTWCaaFQ2iSvS+midp+xG0SzOx5S
GgV7ae/9itPyVHnlEdjlTpWH2GCnNbUVDzVqAxw36Iy7kWSjNl/H3LSBMFwGPMEG
3tiTHAhoFp7QWY/6YyJWYt377ZriDL1DBOPym4Zdel4HorUGK8dZGJ1L8FQVoRfe
o8+Xb019AcfHaXTfMDgsjEPxmPYNs+DfXGZk6JvBmSwvXHZPw9qs+9sN/y82u9IM
Fw55sifS0L5oVlOkuGEkznSAX/Yjcdv12/4vOEYgAfCknlj44NlpawJGoPonGiAy
t2bHc2SSD84u43y0N24lICX7o/kMq/5EhjKnqSicVtP4Czx6reE=
-----END CERTIFICATE-----
Generated at Sun Jun 8 12:06:12 2025 by rpki-client