Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/THMadyBK4GjlyLOurBkCpjxyW38.roa
File: THMadyBK4GjlyLOurBkCpjxyW38.roa (raw, json)
Hash identifier: 2GIcBtGtXD516Z1MQtNHWhErfYokh2xxR5LYdNX6494=
Subject key identifier: 4C:73:1A:77:20:4A:E0:68:E5:C8:B3:AE:AC:19:02:A6:3C:72:5B:7F
Certificate issuer: /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial: 019A25047F7A539B11753E5C9DF1BBF9F2FF
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/THMadyBK4GjlyLOurBkCpjxyW38.roa
Signing time: Mon 27 Oct 2025 09:34:03 +0000
ROA not before: Mon 27 Oct 2025 09:34:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3320
IP address blocks: 84.232.29.0/24 maxlen: 24
84.236.247.0/24 maxlen: 24
86.104.25.0/24 maxlen: 24
88.148.121.0/24 maxlen: 24
89.32.161.0/24 maxlen: 24
89.35.149.0/24 maxlen: 24
89.44.64.0/24 maxlen: 24
89.45.244.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 08:48:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:25:04:7f:7a:53:9b:11:75:3e:5c:9d:f1:bb:f9:f2:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Validity
Not Before: Oct 27 09:34:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4c731a77204ae068e5c8b3aeac1902a63c725b7f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:36:a5:dc:61:81:10:ec:3a:5c:e5:b9:41:87:
1a:1d:48:6d:d0:3f:58:0c:64:93:78:d6:ea:a5:01:
bb:d6:d3:7d:a6:b3:93:a1:6e:fc:de:3d:29:8b:2f:
80:40:be:4e:e2:41:bf:e4:3b:77:b3:00:e3:7d:85:
19:30:57:30:e1:df:d6:0a:c1:7a:48:b3:66:c7:02:
be:ed:00:8a:c2:cf:17:74:84:90:2b:9a:b4:cf:c5:
25:ba:44:52:65:4a:58:cf:c0:ae:11:cc:6d:c5:aa:
d3:75:ce:ad:00:cf:a5:83:1e:b1:fe:5e:17:7e:bd:
4d:a1:ef:e9:bc:4f:e8:78:0e:ea:12:44:0b:3e:b7:
3d:c3:a2:1c:b2:81:9b:3f:11:17:ef:e5:79:f0:da:
68:05:f4:df:9d:6e:42:5e:4c:e1:4a:d5:8f:ae:54:
39:bf:02:5a:11:15:c3:a3:f3:c5:15:99:1f:d8:3e:
dc:32:6a:fd:5e:48:a2:c8:86:8d:79:e4:7d:53:16:
e6:3c:70:08:7b:64:00:52:8c:61:c7:44:98:6f:41:
c3:37:d6:a5:62:69:c7:30:32:13:5a:58:c7:2e:bb:
9d:59:de:49:d1:3a:ac:9b:68:d7:c2:bb:b9:1d:ce:
94:55:3f:cf:b4:a6:33:ba:a6:c1:a5:b0:03:f0:6f:
e6:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:73:1A:77:20:4A:E0:68:E5:C8:B3:AE:AC:19:02:A6:3C:72:5B:7F
X509v3 Authority Key Identifier:
keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/THMadyBK4GjlyLOurBkCpjxyW38.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.232.29.0/24
84.236.247.0/24
86.104.25.0/24
88.148.121.0/24
89.32.161.0/24
89.35.149.0/24
89.44.64.0/24
89.45.244.0/24
Signature Algorithm: sha256WithRSAEncryption
09:35:61:25:31:5f:48:62:92:5d:3a:a2:be:ef:75:b2:0c:34:
1f:e0:3a:ae:4f:c3:f6:7c:e6:9c:33:53:bc:81:38:cb:04:be:
db:96:17:a7:de:06:a9:eb:10:d1:7c:01:25:f9:8e:06:c7:50:
ac:b6:6c:49:39:f3:81:1c:38:14:7c:7f:36:32:d1:51:24:af:
b5:64:7c:e9:b1:1c:6d:ce:80:59:96:7e:4e:51:26:c1:3a:56:
50:bd:e4:8d:8c:ee:61:65:ae:dd:e2:0b:83:b7:c4:8a:a2:07:
65:53:0e:10:46:2a:f2:80:b7:8a:66:62:6e:46:20:67:05:fc:
7e:65:36:4a:f7:eb:d7:73:b0:5a:b3:38:b9:b2:66:6b:bd:48:
fe:d1:a2:81:24:57:ea:6d:bb:b8:41:ca:b2:24:99:82:9b:1b:
1c:61:08:3b:8c:51:d8:ff:53:c8:6e:a7:cc:00:2d:7f:ce:56:
26:7a:4a:bd:60:6b:0b:a9:fb:31:fb:93:fc:d9:2e:89:52:d3:
4e:56:87:9f:bc:07:d6:35:74:0c:16:10:98:0b:ed:2b:49:73:
2f:55:b1:80:16:f7:bc:8e:0b:6c:31:be:6c:72:16:3e:78:1d:
a4:5b:35:dd:5d:bf:f4:fb:37:9a:8a:9a:c3:d1:ac:69:52:be:
de:32:62:a4
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZolBH96U5sRdT5cnfG7+fL/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjUxMDI3MDkzNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzczMWE3NzIwNGFlMDY4ZTVjOGIzYWVhYzE5MDJhNjNjNzI1YjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDal3GGBEOw6XOW5QYcaHUht0D9Y
DGSTeNbqpQG71tN9prOToW783j0piy+AQL5O4kG/5Dt3swDjfYUZMFcw4d/WCsF6
SLNmxwK+7QCKws8XdISQK5q0z8UlukRSZUpYz8CuEcxtxarTdc6tAM+lgx6x/l4X
fr1Noe/pvE/oeA7qEkQLPrc9w6IcsoGbPxEX7+V58NpoBfTfnW5CXkzhStWPrlQ5
vwJaERXDo/PFFZkf2D7cMmr9XkiiyIaNeeR9UxbmPHAIe2QAUoxhx0SYb0HDN9al
YmnHMDITWljHLrudWd5J0Tqsm2jXwru5Hc6UVT/PtKYzuqbBpbAD8G/mbwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFExzGncgSuBo5cizrqwZAqY8clt/MB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvVEhNYWR5Qks0R2pseUxPdXJCa0Nwanh5VzM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAVOgdAwQA
VOz3AwQAVmgZAwQAWJR5AwQAWSChAwQAWSOVAwQAWSxAAwQAWS30MA0GCSqGSIb3
DQEBCwUAA4IBAQAJNWElMV9IYpJdOqK+73WyDDQf4DquT8P2fOacM1O8gTjLBL7b
lhen3gap6xDRfAEl+Y4Gx1CstmxJOfOBHDgUfH82MtFRJK+1ZHzpsRxtzoBZln5O
USbBOlZQveSNjO5hZa7d4guDt8SKogdlUw4QRirygLeKZmJuRiBnBfx+ZTZK9+vX
c7Baszi5smZrvUj+0aKBJFfqbbu4QcqyJJmCmxscYQg7jFHY/1PIbqfMAC1/zlYm
ekq9YGsLqfsx+5P82S6JUtNOVoefvAfWNXQMFhCYC+0rSXMvVbGAFve8jgtsMb5s
chY+eB2kWzXdXb/0+zeaiprD0axpUr7eMmKk
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:04:27 2025 by rpki-client