Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Q8JjPpr4cv4KyQY_yD-F7ouhrt0.roa
File: Q8JjPpr4cv4KyQY_yD-F7ouhrt0.roa (raw, json)
Hash identifier: w3FUbp3cs6cwMuZSLU+iZc0RzzN7hV4mQeqQkxWzgiY=
Subject key identifier: 43:C2:63:3E:9A:F8:72:FE:0A:C9:06:3F:C8:3F:85:EE:8B:A1:AE:DD
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 01975A0B94F1D9816CBFDA878F392030A16C
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Q8JjPpr4cv4KyQY_yD-F7ouhrt0.roa
Signing time: Tue 10 Jun 2025 13:33:17 +0000
ROA not before: Tue 10 Jun 2025 13:33:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 84.32.7.0/24 maxlen: 24
84.32.8.0/24 maxlen: 24
84.32.20.0/22 maxlen: 24
84.32.46.0/24 maxlen: 24
84.32.47.0/24 maxlen: 24
84.32.48.0/22 maxlen: 24
84.32.64.0/24 maxlen: 24
84.32.104.0/24 maxlen: 24
84.32.108.0/22 maxlen: 24
84.32.148.0/23 maxlen: 24
84.32.150.0/23 maxlen: 24
84.32.151.0/24 maxlen: 24
84.32.174.0/23 maxlen: 24
84.32.214.0/23 maxlen: 24
84.32.217.0/24 maxlen: 24
84.32.223.0/24 maxlen: 24
84.32.230.0/24 maxlen: 24
84.32.244.0/23 maxlen: 24
84.32.246.0/23 maxlen: 24
88.216.22.0/23 maxlen: 24
88.216.44.0/24 maxlen: 24
88.216.45.0/24 maxlen: 24
88.216.60.0/22 maxlen: 24
88.216.66.0/23 maxlen: 24
88.216.90.0/24 maxlen: 24
88.216.93.0/24 maxlen: 24
88.216.127.0/24 maxlen: 24
88.216.130.0/23 maxlen: 24
88.216.134.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:5a:0b:94:f1:d9:81:6c:bf:da:87:8f:39:20:30:a1:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Jun 10 13:33:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=43c2633e9af872fe0ac9063fc83f85ee8ba1aedd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:07:65:1a:bb:3a:05:72:c8:09:67:03:46:89:
49:da:28:71:27:24:dd:2e:d8:7e:cf:bc:bc:2f:61:
a4:37:5d:4b:b2:e0:c9:53:c0:b7:c6:af:4f:9c:82:
0d:3b:fd:54:84:3b:d5:fa:af:8a:f8:eb:04:cf:34:
94:5f:44:4a:1a:51:25:2b:a7:1b:59:91:a7:36:cd:
04:0a:e7:35:b8:14:76:90:9f:92:5d:3d:99:28:09:
35:0c:e8:94:30:af:1c:37:27:96:54:16:93:6f:4e:
29:15:49:8d:b6:c7:f0:14:a5:bb:dd:a3:4e:c3:8d:
4f:83:88:01:d6:e2:b5:0f:f1:c8:3e:bf:d5:52:0c:
90:6b:11:15:a8:4c:41:36:93:25:67:81:02:bf:33:
f7:d9:c7:81:6e:ad:cf:69:d1:37:8b:9a:9d:05:22:
d6:22:54:47:4f:95:8e:f8:e7:49:24:b6:6b:d7:9f:
70:a4:ac:8b:d3:31:cd:60:ca:9a:f4:a2:6e:90:a2:
37:1c:a3:db:26:e7:8b:ca:98:39:57:d0:37:6c:51:
f5:63:4d:29:32:5f:bc:96:d4:06:be:da:8e:20:31:
d9:dd:3c:85:06:6e:06:b6:60:22:ba:09:90:c6:e5:
c9:1e:34:52:27:de:78:19:63:d3:e7:af:ac:88:2e:
d6:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:C2:63:3E:9A:F8:72:FE:0A:C9:06:3F:C8:3F:85:EE:8B:A1:AE:DD
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Q8JjPpr4cv4KyQY_yD-F7ouhrt0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.7.0-84.32.8.255
84.32.20.0/22
84.32.46.0-84.32.51.255
84.32.64.0/24
84.32.104.0/24
84.32.108.0/22
84.32.148.0/22
84.32.174.0/23
84.32.214.0/23
84.32.217.0/24
84.32.223.0/24
84.32.230.0/24
84.32.244.0/22
88.216.22.0/23
88.216.44.0/23
88.216.60.0/22
88.216.66.0/23
88.216.90.0/24
88.216.93.0/24
88.216.127.0/24
88.216.130.0/23
88.216.134.0/23
Signature Algorithm: sha256WithRSAEncryption
45:76:cf:d2:a7:05:0a:9a:9c:c3:56:6c:a3:fc:01:ec:39:43:
08:20:f1:94:a4:4e:81:c3:fc:f5:ac:85:62:09:15:41:02:fd:
46:57:4a:97:a7:db:b1:3b:aa:74:f4:d9:a1:2f:62:14:bc:18:
78:50:83:1f:a0:d7:14:17:bd:c7:0c:4f:fc:e2:c7:97:85:3e:
2c:a7:44:39:1b:d0:f7:21:8f:ee:25:80:eb:2e:6e:8e:b5:f9:
1c:36:a7:93:9e:95:c1:d2:52:a9:40:fb:bb:90:62:6b:08:cc:
d1:8d:12:e9:12:ed:b9:ca:ca:9d:95:ad:e8:de:7e:2c:e0:63:
99:11:ae:1b:c8:4e:2a:92:93:63:fa:3d:15:5c:5a:de:86:74:
83:55:ef:8c:02:44:a7:aa:b0:ef:3d:bf:9a:8e:37:f1:e1:88:
a7:33:34:ce:06:a3:ee:0a:11:79:86:ff:c7:98:2f:53:e3:82:
ec:1b:57:02:a3:24:98:a5:b1:89:45:27:6b:6b:ad:91:d2:41:
09:fd:35:aa:8c:1a:35:d3:a0:2a:9f:f4:4d:46:38:2d:16:24:
53:87:9e:20:9c:40:f4:2d:7b:eb:b4:50:4f:be:7b:73:07:36:
e5:b6:97:b6:37:a6:42:12:12:66:64:6d:23:13:d1:b0:68:53:
e2:9f:56:8f
-----BEGIN CERTIFICATE-----
MIIFkDCCBHigAwIBAgISAZdaC5Tx2YFsv9qHjzkgMKFsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwNjEwMTMzMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2MyNjMzZTlhZjg3MmZlMGFjOTA2M2ZjODNmODVlZThiYTFhZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAdlGrs6BXLICWcDRolJ2ihxJyTd
Lth+z7y8L2GkN11LsuDJU8C3xq9PnIINO/1UhDvV+q+K+OsEzzSUX0RKGlElK6cb
WZGnNs0ECuc1uBR2kJ+SXT2ZKAk1DOiUMK8cNyeWVBaTb04pFUmNtsfwFKW73aNO
w41Pg4gB1uK1D/HIPr/VUgyQaxEVqExBNpMlZ4ECvzP32ceBbq3PadE3i5qdBSLW
IlRHT5WO+OdJJLZr159wpKyL0zHNYMqa9KJukKI3HKPbJueLypg5V9A3bFH1Y00p
Ml+8ltQGvtqOIDHZ3TyFBm4GtmAiugmQxuXJHjRSJ954GWPT56+siC7WXwIDAQAB
o4ICnDCCApgwHQYDVR0OBBYEFEPCYz6a+HL+CskGP8g/he6Loa7dMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvUThKalBwcjRjdjRLeVFZX3lELUY3b3VocnQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGxBggrBgEFBQcBBwEB/wSBoTCBnjCBmwQCAAEwgZQwDAME
AFQgBwMEAFQgCAMEAlQgFDAMAwQBVCAuAwQCVCAwAwQAVCBAAwQAVCBoAwQCVCBs
AwQCVCCUAwQBVCCuAwQBVCDWAwQAVCDZAwQAVCDfAwQAVCDmAwQCVCD0AwQBWNgW
AwQBWNgsAwQCWNg8AwQBWNhCAwQAWNhaAwQAWNhdAwQAWNh/AwQBWNiCAwQBWNiG
MA0GCSqGSIb3DQEBCwUAA4IBAQBFds/SpwUKmpzDVmyj/AHsOUMIIPGUpE6Bw/z1
rIViCRVBAv1GV0qXp9uxO6p09NmhL2IUvBh4UIMfoNcUF73HDE/84seXhT4sp0Q5
G9D3IY/uJYDrLm6OtfkcNqeTnpXB0lKpQPu7kGJrCMzRjRLpEu25ysqdla3o3n4s
4GOZEa4byE4qkpNj+j0VXFrehnSDVe+MAkSnqrDvPb+ajjfx4YinMzTOBqPuChF5
hv/HmC9T44LsG1cCoySYpbGJRSdra62R0kEJ/TWqjBo106Aqn/RNRjgtFiRTh54g
nED0LXvrtFBPvntzBzbltpe2N6ZCEhJmZG0jE9GwaFPin1aP
-----END CERTIFICATE-----
Generated at Sat Jun 14 12:51:12 2025 by rpki-client