Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/THythJBp9HlvhR4Ucra3aB5a1rw.roa
File: THythJBp9HlvhR4Ucra3aB5a1rw.roa (raw, json)
Hash identifier: s/hqAL5pfO/TIJ20hhiLhrBaWL37u8uzz5dP4J4SZhw=
Subject key identifier: 4C:7C:AD:84:90:69:F4:79:6F:85:1E:14:72:B6:B7:68:1E:5A:D6:BC
Certificate issuer: /CN=3ef325ef4cbaa66cc71ffcc6880877e76e149afd
Certificate serial: 019874B35F298FCA267867759EFCC5FF8FAE
Authority key identifier: 3E:F3:25:EF:4C:BA:A6:6C:C7:1F:FC:C6:88:08:77:E7:6E:14:9A:FD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PvMl70y6pmzHH_zGiAh3524Umv0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/THythJBp9HlvhR4Ucra3aB5a1rw.roa
Signing time: Mon 04 Aug 2025 10:49:29 +0000
ROA not before: Mon 04 Aug 2025 10:49:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34347
IP address blocks: 80.92.112.0/20 maxlen: 20
152.89.72.0/22 maxlen: 22
156.67.192.0/21 maxlen: 21
185.35.180.0/22 maxlen: 22
185.88.200.0/23 maxlen: 23
185.176.156.0/23 maxlen: 23
185.203.212.0/22 maxlen: 22
195.149.216.0/21 maxlen: 21
2a02:28e8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/PvMl70y6pmzHH_zGiAh3524Umv0.crl
rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/PvMl70y6pmzHH_zGiAh3524Umv0.mft
rsync://rpki.ripe.net/repository/DEFAULT/PvMl70y6pmzHH_zGiAh3524Umv0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 08 Aug 2025 01:01:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:74:b3:5f:29:8f:ca:26:78:67:75:9e:fc:c5:ff:8f:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3ef325ef4cbaa66cc71ffcc6880877e76e149afd
Validity
Not Before: Aug 4 10:49:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4c7cad849069f4796f851e1472b6b7681e5ad6bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:62:2f:5e:a2:d8:bf:8c:21:c3:c9:56:4c:e3:
d6:16:5f:68:9e:84:0e:74:6e:73:73:85:f5:9a:63:
2f:0f:45:bf:dc:9f:c4:7e:a3:f8:af:46:87:79:41:
07:34:93:28:98:0e:67:e5:92:1d:37:7e:7b:0e:23:
c3:1b:e2:aa:c6:7d:30:d4:bf:5d:37:74:1d:8a:71:
92:a6:e2:21:43:74:b6:a8:69:79:42:dd:48:26:0c:
a9:a4:d3:4c:d4:8b:8f:93:ba:b3:0a:fd:7a:31:5f:
52:81:f5:ce:9f:0e:bb:8d:cd:b2:be:ae:62:26:fd:
bf:12:95:9e:4f:20:ed:38:d9:cc:93:fb:66:6f:4c:
7c:5c:47:c8:c8:f9:9d:a9:09:e9:fd:be:2a:5e:4f:
fe:16:f0:6b:9e:5d:a2:12:3b:57:7d:42:6c:8c:6f:
7a:d2:d6:57:fc:61:ff:ef:17:34:b6:81:bc:93:ec:
3c:2b:04:1b:3b:5b:a1:15:cf:cd:08:c3:01:85:99:
a6:07:b1:56:be:2f:29:da:30:e1:2e:35:5b:b3:1f:
72:27:96:33:bb:9e:87:0f:df:d0:dc:59:fc:fc:0b:
6e:1d:c6:d4:e3:e2:6c:4c:e9:d5:ee:7f:7d:ea:ab:
de:f0:80:2e:e8:db:b9:c9:6a:18:02:d0:44:4c:11:
d5:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:7C:AD:84:90:69:F4:79:6F:85:1E:14:72:B6:B7:68:1E:5A:D6:BC
X509v3 Authority Key Identifier:
keyid:3E:F3:25:EF:4C:BA:A6:6C:C7:1F:FC:C6:88:08:77:E7:6E:14:9A:FD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PvMl70y6pmzHH_zGiAh3524Umv0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/THythJBp9HlvhR4Ucra3aB5a1rw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/PvMl70y6pmzHH_zGiAh3524Umv0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.92.112.0/20
152.89.72.0/22
156.67.192.0/21
185.35.180.0/22
185.88.200.0/23
185.176.156.0/23
185.203.212.0/22
195.149.216.0/21
IPv6:
2a02:28e8::/32
Signature Algorithm: sha256WithRSAEncryption
af:7c:36:03:2f:71:ba:10:98:03:5d:dc:f7:7c:c0:b0:78:32:
fd:7c:5f:a6:0f:ed:60:5f:bd:09:60:51:94:de:d5:03:c4:8a:
d5:b4:dc:f4:b8:6f:52:eb:cc:ce:09:ae:8e:d2:38:0a:92:51:
26:bb:ac:33:8d:b4:8c:a5:fe:ca:29:21:09:95:e2:d7:bc:62:
3b:f6:ed:a7:35:27:31:9b:2e:ad:1f:cf:3a:f0:18:3a:ee:b4:
75:d0:2f:2f:a8:f2:da:c7:d9:bb:71:f3:33:11:72:05:51:80:
c4:bb:96:1d:0d:5a:58:a5:a7:01:0d:63:97:f8:82:c6:dc:70:
36:e5:c0:13:c2:cb:97:42:a1:61:28:29:79:18:bb:3a:26:96:
b6:7a:c1:d2:dc:ff:98:e2:4d:90:16:6e:f5:48:9d:5d:70:58:
67:84:08:39:37:c0:69:75:2a:ed:aa:5e:6d:68:e5:f8:f5:b0:
ce:94:22:7f:61:6a:76:1a:59:f3:9b:51:fe:52:27:c7:ad:09:
db:ba:bd:77:02:ce:6c:39:2a:6f:6b:a2:0a:fa:90:c6:f0:41:
e8:3b:18:1c:5e:3e:d4:15:a8:c6:db:aa:35:b0:58:c7:4f:0c:
89:a7:e8:26:5c:09:25:b0:fe:c5:51:d0:df:c8:1a:48:d3:08:
9a:87:a5:1c
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZh0s18pj8omeGd1nvzF/4+uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZjMyNWVmNGNiYWE2NmNjNzFmZmNjNjg4MDg3N2U3NmUx
NDlhZmQwHhcNMjUwODA0MTA0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzdjYWQ4NDkwNjlmNDc5NmY4NTFlMTQ3MmI2Yjc2ODFlNWFkNmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGIvXqLYv4whw8lWTOPWFl9onoQO
dG5zc4X1mmMvD0W/3J/EfqP4r0aHeUEHNJMomA5n5ZIdN357DiPDG+Kqxn0w1L9d
N3QdinGSpuIhQ3S2qGl5Qt1IJgyppNNM1IuPk7qzCv16MV9SgfXOnw67jc2yvq5i
Jv2/EpWeTyDtONnMk/tmb0x8XEfIyPmdqQnp/b4qXk/+FvBrnl2iEjtXfUJsjG96
0tZX/GH/7xc0toG8k+w8KwQbO1uhFc/NCMMBhZmmB7FWvi8p2jDhLjVbsx9yJ5Yz
u56HD9/Q3Fn8/AtuHcbU4+JsTOnV7n996qve8IAu6Nu5yWoYAtBETBHV7wIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFEx8rYSQafR5b4UeFHK2t2geWta8MB8GA1UdIwQY
MBaAFD7zJe9MuqZsxx/8xogId+duFJr9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHZNbDcweTZwbXpISF96R2lBaDM1MjRVbXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS80ZmQwOTAtNmZhZS00YTZhLThmOWUt
MzRkNzE0ODVjNTQ3LzEvVEh5dGhKQnA5SGx2aFI0VWNyYTNhQjVhMXJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS80ZmQwOTAtNmZhZS00YTZhLThmOWUtMzRkNzE0ODVjNTQ3
LzEvUHZNbDcweTZwbXpISF96R2lBaDM1MjRVbXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQEUFxwAwQC
mFlIAwQDnEPAAwQCuSO0AwQBuVjIAwQBubCcAwQCucvUAwQDw5XYMA0EAgACMAcD
BQAqAijoMA0GCSqGSIb3DQEBCwUAA4IBAQCvfDYDL3G6EJgDXdz3fMCweDL9fF+m
D+1gX70JYFGU3tUDxIrVtNz0uG9S68zOCa6O0jgKklEmu6wzjbSMpf7KKSEJleLX
vGI79u2nNScxmy6tH8868Bg67rR10C8vqPLax9m7cfMzEXIFUYDEu5YdDVpYpacB
DWOX+ILG3HA25cATwsuXQqFhKCl5GLs6Jpa2esHS3P+Y4k2QFm71SJ1dcFhnhAg5
N8BpdSrtql5taOX49bDOlCJ/YWp2Glnzm1H+UifHrQnbur13As5sOSpva6IK+pDG
8EHoOxgcXj7UFajG26o1sFjHTwyJp+gmXAklsP7FUdDfyBpI0wiah6Uc
-----END CERTIFICATE-----
Generated at Thu Aug 7 11:10:04 2025 by rpki-client