Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/4XG6DuE-VOpXPlm1OM2r12JgRic.roa
File: 4XG6DuE-VOpXPlm1OM2r12JgRic.roa (raw, json)
Hash identifier: A9cZGvYN3HxFKk3EJisSEe/6Tu/3YVMhQqYAsXSqvsk=
Subject key identifier: E1:71:BA:0E:E1:3E:54:EA:57:3E:59:B5:38:CD:AB:D7:62:60:46:27
Certificate issuer: /CN=a18164d9961a16d2eff773f5027821e9d2bd3740
Certificate serial: 019A531652A1B3437956632D00A2F3D4F6AC
Authority key identifier: A1:81:64:D9:96:1A:16:D2:EF:F7:73:F5:02:78:21:E9:D2:BD:37:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oYFk2ZYaFtLv93P1Angh6dK9N0A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/4XG6DuE-VOpXPlm1OM2r12JgRic.roa
Signing time: Wed 05 Nov 2025 08:16:02 +0000
ROA not before: Wed 05 Nov 2025 08:16:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42652
IP address blocks: 5.45.0.0/21 maxlen: 21
5.100.128.0/20 maxlen: 20
37.157.40.0/21 maxlen: 21
46.165.128.0/18 maxlen: 18
77.244.96.0/20 maxlen: 20
89.21.96.0/19 maxlen: 19
109.75.208.0/20 maxlen: 20
128.0.96.0/21 maxlen: 21
128.0.100.0/22 maxlen: 22
131.117.144.0/20 maxlen: 20
131.117.152.0/22 maxlen: 22
156.67.128.0/20 maxlen: 20
156.67.128.0/22 maxlen: 22
156.67.132.0/22 maxlen: 22
156.67.136.0/22 maxlen: 22
156.67.140.0/22 maxlen: 22
178.76.128.0/18 maxlen: 18
185.7.208.0/22 maxlen: 22
185.18.128.0/22 maxlen: 22
185.74.180.0/22 maxlen: 22
188.210.0.0/18 maxlen: 18
188.210.56.0/22 maxlen: 22
188.210.60.0/22 maxlen: 22
212.43.64.0/19 maxlen: 19
2a01:5c0::/32 maxlen: 32
2a02:6d40::/32 maxlen: 32
2a03:4920::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/oYFk2ZYaFtLv93P1Angh6dK9N0A.crl
rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/oYFk2ZYaFtLv93P1Angh6dK9N0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/oYFk2ZYaFtLv93P1Angh6dK9N0A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:53:16:52:a1:b3:43:79:56:63:2d:00:a2:f3:d4:f6:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a18164d9961a16d2eff773f5027821e9d2bd3740
Validity
Not Before: Nov 5 08:16:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e171ba0ee13e54ea573e59b538cdabd762604627
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:0f:be:fc:35:1a:b8:00:a5:d2:9d:59:e8:e9:
9d:41:fc:88:94:1a:67:c4:00:cf:c4:b3:55:27:c9:
85:16:8c:06:d3:c5:bc:74:2a:23:9b:4e:de:2f:e3:
95:76:df:78:74:d5:70:85:12:1c:2f:40:78:fb:68:
93:61:41:f6:e7:20:fa:cf:37:90:bf:cb:f4:f6:f3:
9d:60:bd:79:0e:3d:bf:a7:e8:8c:1d:cb:81:56:33:
aa:16:d8:4f:7a:d2:ef:bd:df:9e:0e:e3:69:d5:b4:
8a:b0:b4:51:f9:1d:b0:66:1f:28:ac:31:c6:45:fd:
c3:10:01:54:45:2b:f4:cf:01:08:8a:56:c3:1d:2a:
0a:2f:db:1c:dc:4d:61:63:69:c0:93:52:bd:ac:e6:
a4:7c:ff:45:1a:0a:6f:05:c7:77:8f:e3:31:45:4a:
0a:fb:1e:d0:ff:f5:68:8f:ab:00:a6:b8:5b:9b:8f:
87:a3:3f:30:bc:c0:1a:eb:af:dd:9f:4a:f9:ed:a5:
29:70:5e:69:a8:69:5d:47:34:6d:d7:4f:f5:4a:8d:
69:64:89:55:b1:05:76:6d:b9:64:6f:a3:30:f1:4e:
a2:e5:6f:84:72:5a:43:44:10:20:4b:d2:71:72:e2:
2a:05:37:15:e3:14:de:ca:58:1c:0c:1f:ca:41:a6:
c6:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:71:BA:0E:E1:3E:54:EA:57:3E:59:B5:38:CD:AB:D7:62:60:46:27
X509v3 Authority Key Identifier:
keyid:A1:81:64:D9:96:1A:16:D2:EF:F7:73:F5:02:78:21:E9:D2:BD:37:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oYFk2ZYaFtLv93P1Angh6dK9N0A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/4XG6DuE-VOpXPlm1OM2r12JgRic.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/oYFk2ZYaFtLv93P1Angh6dK9N0A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.45.0.0/21
5.100.128.0/20
37.157.40.0/21
46.165.128.0/18
77.244.96.0/20
89.21.96.0/19
109.75.208.0/20
128.0.96.0/21
131.117.144.0/20
156.67.128.0/20
178.76.128.0/18
185.7.208.0/22
185.18.128.0/22
185.74.180.0/22
188.210.0.0/18
212.43.64.0/19
IPv6:
2a01:5c0::/32
2a02:6d40::/32
2a03:4920::/32
Signature Algorithm: sha256WithRSAEncryption
57:f8:d2:29:2d:1b:76:ad:48:ca:33:0e:ff:26:84:79:c3:b7:
fd:10:23:9f:84:6b:c6:e8:4e:ca:75:76:27:59:7e:8f:6a:8c:
84:b9:c2:85:6c:57:1d:83:e0:ff:da:64:b7:a1:98:46:69:66:
a0:38:00:94:24:77:80:58:dd:22:36:4c:0d:c3:37:e2:75:a9:
39:3b:c7:9b:aa:63:f5:cf:69:d7:97:68:8a:0c:d7:5e:7a:dd:
f8:4a:7f:87:3b:df:8e:bb:55:6e:cc:a0:17:ed:af:22:e7:44:
13:5c:21:81:fc:a8:75:23:5b:fc:94:06:6c:2b:a8:dc:84:3c:
4e:90:f5:23:9c:3d:9c:8d:25:af:f2:32:31:d4:55:60:1c:bc:
8b:75:5c:3e:e1:c3:c1:94:c0:2e:b9:1e:22:01:02:92:68:3e:
dc:ca:5f:60:b6:14:bc:05:ca:0c:dd:49:7b:4c:83:a1:e6:57:
fe:c9:42:86:7c:4e:9c:f9:d9:61:44:73:f5:5c:8e:7f:d3:0c:
02:74:53:58:dd:d2:9f:52:64:83:f3:1c:88:be:5c:5d:e4:78:
ae:e1:c2:e6:00:9a:20:bf:b0:da:14:6d:73:07:b9:67:8c:78:
8a:b6:c5:d8:db:34:ac:f9:db:60:b4:f7:ad:9a:31:bb:56:2f:
3c:37:cc:46
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZpTFlKhs0N5VmMtAKLz1PasMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExODE2NGQ5OTYxYTE2ZDJlZmY3NzNmNTAyNzgyMWU5ZDJi
ZDM3NDAwHhcNMjUxMTA1MDgxNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTcxYmEwZWUxM2U1NGVhNTczZTU5YjUzOGNkYWJkNzYyNjA0NjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxg++/DUauACl0p1Z6OmdQfyIlBpn
xADPxLNVJ8mFFowG08W8dCojm07eL+OVdt94dNVwhRIcL0B4+2iTYUH25yD6zzeQ
v8v09vOdYL15Dj2/p+iMHcuBVjOqFthPetLvvd+eDuNp1bSKsLRR+R2wZh8orDHG
Rf3DEAFURSv0zwEIilbDHSoKL9sc3E1hY2nAk1K9rOakfP9FGgpvBcd3j+MxRUoK
+x7Q//Voj6sAprhbm4+Hoz8wvMAa66/dn0r57aUpcF5pqGldRzRt10/1So1pZIlV
sQV2bblkb6Mw8U6i5W+EclpDRBAgS9JxcuIqBTcV4xTeylgcDB/KQabG/wIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFOFxug7hPlTqVz5ZtTjNq9diYEYnMB8GA1UdIwQY
MBaAFKGBZNmWGhbS7/dz9QJ4IenSvTdAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1lGazJaWWFGdEx2OTNQMUFuZ2g2ZEs5TjBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9iOGVkMmQtMzU0NS00NTk5LTk3ZTUt
MTUyMzgwM2ZhZGFmLzEvNFhHNkR1RS1WT3BYUGxtMU9NMnIxMkpnUmljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9iOGVkMmQtMzU0NS00NTk5LTk3ZTUtMTUyMzgwM2ZhZGFm
LzEvb1lGazJaWWFGdEx2OTNQMUFuZ2g2ZEs5TjBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGYBggrBgEFBQcBBwEB/wSBiDCBhTBmBAIAATBgAwQDBS0A
AwQEBWSAAwQDJZ0oAwQGLqWAAwQETfRgAwQFWRVgAwQEbUvQAwQDgABgAwQEg3WQ
AwQEnEOAAwQGskyAAwQCuQfQAwQCuRKAAwQCuUq0AwQGvNIAAwQF1CtAMBsEAgAC
MBUDBQAqAQXAAwUAKgJtQAMFACoDSSAwDQYJKoZIhvcNAQELBQADggEBAFf40ikt
G3atSMozDv8mhHnDt/0QI5+Ea8boTsp1didZfo9qjIS5woVsVx2D4P/aZLehmEZp
ZqA4AJQkd4BY3SI2TA3DN+J1qTk7x5uqY/XPadeXaIoM11563fhKf4c73467VW7M
oBftryLnRBNcIYH8qHUjW/yUBmwrqNyEPE6Q9SOcPZyNJa/yMjHUVWAcvIt1XD7h
w8GUwC65HiIBApJoPtzKX2C2FLwFygzdSXtMg6HmV/7JQoZ8Tpz52WFEc/Vcjn/T
DAJ0U1jd0p9SZIPzHIi+XF3keK7hwuYAmiC/sNoUbXMHuWeMeIq2xdjbNKz522C0
962aMbtWLzw3zEY=
-----END CERTIFICATE-----
Generated at Wed Nov 5 19:37:51 2025 by rpki-client