Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/DbXBf5p8tTJG8CWaR7E8NFvBtmw.roa
File: DbXBf5p8tTJG8CWaR7E8NFvBtmw.roa (raw, json)
Hash identifier: zvio/AkaDLR3zLqDkEE+8LoA5UKejy+HxnTsa0uQfns=
Subject key identifier: 0D:B5:C1:7F:9A:7C:B5:32:46:F0:25:9A:47:B1:3C:34:5B:C1:B6:6C
Certificate issuer: /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial: 01987946549C2D25C1B1C627A04FFB950F67
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/DbXBf5p8tTJG8CWaR7E8NFvBtmw.roa
Signing time: Tue 05 Aug 2025 08:08:28 +0000
ROA not before: Tue 05 Aug 2025 08:08:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 158.173.4.0/24 maxlen: 24
158.173.5.0/24 maxlen: 24
158.173.6.0/24 maxlen: 24
158.173.7.0/24 maxlen: 24
158.173.16.0/24 maxlen: 24
158.173.17.0/24 maxlen: 24
158.173.18.0/24 maxlen: 24
158.173.19.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 07 Aug 2025 11:00:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:79:46:54:9c:2d:25:c1:b1:c6:27:a0:4f:fb:95:0f:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Validity
Not Before: Aug 5 08:08:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0db5c17f9a7cb53246f0259a47b13c345bc1b66c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:14:72:c0:b7:66:9c:d7:cf:cc:1c:d5:c7:f2:
d1:24:ef:1a:76:a0:79:db:ef:71:ad:55:30:35:0a:
bb:98:3e:f1:96:cb:22:40:d2:3d:5f:5b:1a:b5:9f:
55:a2:ec:4e:4b:8c:aa:61:b9:b5:fa:da:88:23:08:
cb:57:e4:08:5b:80:79:2a:5b:56:8f:26:d7:b5:ba:
e2:25:43:5a:cd:fc:eb:c0:9b:d6:82:e5:c3:ce:c3:
ab:a6:90:f3:80:77:e3:95:f5:b0:4c:e5:62:c5:ba:
05:a1:6f:ee:86:fd:ee:0f:76:d8:f8:02:aa:72:41:
f1:98:65:d3:0a:ed:4c:89:ee:84:a1:29:44:e6:a6:
77:61:4d:f3:1e:08:5d:78:34:64:a5:7b:0a:50:f5:
81:98:8d:6f:e1:ed:d0:9f:1b:9a:52:f8:bf:d2:c5:
3d:4c:1c:60:59:2a:df:8c:a5:da:5a:58:9a:30:d3:
ea:98:b8:c9:5b:1e:29:48:70:92:d1:af:7b:b1:5e:
97:fb:48:ce:ff:0e:b3:fd:18:03:53:f0:8d:d2:ab:
1d:b9:be:8e:da:cd:92:01:9d:17:1d:f4:04:55:45:
78:81:3c:de:d9:83:39:e3:8a:67:c1:19:34:22:69:
06:e4:eb:64:f0:fd:6c:b5:fa:b4:e6:35:e8:d9:30:
f6:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:B5:C1:7F:9A:7C:B5:32:46:F0:25:9A:47:B1:3C:34:5B:C1:B6:6C
X509v3 Authority Key Identifier:
keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/DbXBf5p8tTJG8CWaR7E8NFvBtmw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
158.173.4.0/22
158.173.16.0/22
Signature Algorithm: sha256WithRSAEncryption
54:6a:e4:e2:5a:9b:92:e4:3c:c7:7b:9d:3d:41:5e:95:09:78:
15:5b:b0:a1:53:f4:f3:75:45:1f:f1:bd:b6:c0:96:65:04:f7:
44:bf:98:f4:dd:f3:f0:e6:b2:5a:10:bb:30:8a:6d:e4:42:4a:
1e:a8:1a:24:0f:28:8f:bb:21:09:55:e9:28:fe:fe:d9:e6:06:
ef:24:6f:6c:aa:61:4c:3b:39:b9:8e:22:6b:a8:c9:1b:a3:03:
ac:3d:2b:27:26:ab:ff:5e:8f:9f:a2:ac:b7:a0:46:51:55:b3:
bc:6f:94:d8:78:95:18:a6:63:12:8b:05:f9:e3:4f:94:0b:3c:
8a:52:6c:8d:5d:af:08:80:83:d5:5b:47:92:2c:1c:dd:be:e0:
4f:ac:96:01:37:34:c1:51:da:cc:d6:4a:23:91:40:e1:65:7c:
26:32:01:60:fe:ff:71:70:23:74:65:82:38:9f:f4:8e:f1:9f:
59:26:2f:be:7e:48:f1:6f:7b:04:b7:00:b0:22:18:de:31:e2:
cb:95:80:cc:77:05:c1:73:aa:78:d9:87:5a:59:e3:47:de:ba:
db:33:7f:89:ca:32:4d:8e:0e:72:92:c8:67:b7:63:d9:a7:fa:
f3:51:7e:81:28:aa:70:32:17:82:90:00:83:19:de:3b:37:fd:
5c:0d:64:25
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZh5RlScLSXBscYnoE/7lQ9nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjUwODA1MDgwODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGI1YzE3ZjlhN2NiNTMyNDZmMDI1OWE0N2IxM2MzNDViYzFiNjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRRywLdmnNfPzBzVx/LRJO8adqB5
2+9xrVUwNQq7mD7xlssiQNI9X1satZ9VouxOS4yqYbm1+tqIIwjLV+QIW4B5KltW
jybXtbriJUNazfzrwJvWguXDzsOrppDzgHfjlfWwTOVixboFoW/uhv3uD3bY+AKq
ckHxmGXTCu1Mie6EoSlE5qZ3YU3zHghdeDRkpXsKUPWBmI1v4e3QnxuaUvi/0sU9
TBxgWSrfjKXaWliaMNPqmLjJWx4pSHCS0a97sV6X+0jO/w6z/RgDU/CN0qsdub6O
2s2SAZ0XHfQEVUV4gTze2YM544pnwRk0ImkG5Otk8P1stfq05jXo2TD2xQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA21wX+afLUyRvAlmkexPDRbwbZsMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvRGJYQmY1cDh0VEpHOENXYVI3RThORnZCdG13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCnq0EAwQC
nq0QMA0GCSqGSIb3DQEBCwUAA4IBAQBUauTiWpuS5DzHe509QV6VCXgVW7ChU/Tz
dUUf8b22wJZlBPdEv5j03fPw5rJaELswim3kQkoeqBokDyiPuyEJVeko/v7Z5gbv
JG9sqmFMOzm5jiJrqMkbowOsPSsnJqv/Xo+foqy3oEZRVbO8b5TYeJUYpmMSiwX5
40+UCzyKUmyNXa8IgIPVW0eSLBzdvuBPrJYBNzTBUdrM1kojkUDhZXwmMgFg/v9x
cCN0ZYI4n/SO8Z9ZJi++fkjxb3sEtwCwIhjeMeLLlYDMdwXBc6p42YdaWeNH3rrb
M3+JyjJNjg5ykshnt2PZp/rzUX6BKKpwMheCkACDGd47N/1cDWQl
-----END CERTIFICATE-----
Generated at Wed Aug 6 19:25:18 2025 by rpki-client