Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/28c3d1-8a90-4068-bb27-33abc53c0e79/1/RZ_4-lCargPhDnsOSk7--hEov_g.roa
File: RZ_4-lCargPhDnsOSk7--hEov_g.roa (raw, json)
Hash identifier: gD59YlfjEOMaA7jKCDG57LDieQBZUtUGKFnW719fGG8=
Subject key identifier: 45:9F:F8:FA:50:9A:AE:03:E1:0E:7B:0E:4A:4E:FE:FA:11:28:BF:F8
Certificate issuer: /CN=887a5f0486b18a2448f2358a2746c1abd9fb2e5e
Certificate serial: 0197786695B8C838A9077596E0F09681023B
Authority key identifier: 88:7A:5F:04:86:B1:8A:24:48:F2:35:8A:27:46:C1:AB:D9:FB:2E:5E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iHpfBIaxiiRI8jWKJ0bBq9n7Ll4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/28c3d1-8a90-4068-bb27-33abc53c0e79/1/RZ_4-lCargPhDnsOSk7--hEov_g.roa
Signing time: Mon 16 Jun 2025 11:01:18 +0000
ROA not before: Mon 16 Jun 2025 11:01:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34177
IP address blocks: 89.39.124.0/24 maxlen: 24
185.88.68.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2d/28c3d1-8a90-4068-bb27-33abc53c0e79/1/iHpfBIaxiiRI8jWKJ0bBq9n7Ll4.crl
rsync://rpki.ripe.net/repository/DEFAULT/2d/28c3d1-8a90-4068-bb27-33abc53c0e79/1/iHpfBIaxiiRI8jWKJ0bBq9n7Ll4.mft
rsync://rpki.ripe.net/repository/DEFAULT/iHpfBIaxiiRI8jWKJ0bBq9n7Ll4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Jun 2025 04:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:78:66:95:b8:c8:38:a9:07:75:96:e0:f0:96:81:02:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=887a5f0486b18a2448f2358a2746c1abd9fb2e5e
Validity
Not Before: Jun 16 11:01:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=459ff8fa509aae03e10e7b0e4a4efefa1128bff8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:6b:c3:d0:12:a5:9b:06:f7:59:61:88:f2:2b:
0e:bf:0e:5e:a6:d2:85:de:51:f6:4a:a3:46:18:18:
c3:c6:d1:1f:23:1b:ee:81:7e:f6:db:db:67:78:fc:
7a:9f:b3:9a:ad:c4:d4:0c:28:a3:fa:c2:92:b5:af:
c3:3b:90:17:81:07:8a:f5:79:fe:ed:8e:c8:41:b4:
21:49:ff:77:e0:17:68:b3:e9:4e:77:ce:11:6d:a6:
1e:2c:d1:e0:48:5a:cf:1d:f5:4a:82:c4:47:83:c1:
bd:9c:f5:dc:e6:53:5c:6c:8b:f0:08:b4:08:1a:30:
8d:8d:02:a9:50:d1:de:a7:97:c9:ed:3f:11:cb:6d:
37:ce:2f:1d:0d:0c:1d:eb:ba:4a:1b:e2:6b:11:44:
59:9d:38:65:65:82:f3:e6:d3:16:4d:8a:6d:9a:a2:
74:f7:f7:14:ea:d2:56:e8:b1:6f:02:31:be:f9:75:
d0:b9:1b:51:0e:f6:0f:ad:f0:fa:21:9b:b6:03:4f:
ab:37:d0:09:c4:91:f3:76:ca:54:21:08:6a:5e:ef:
31:74:62:77:60:df:27:ac:6f:48:e1:be:0c:c2:43:
07:80:8a:f3:0f:5a:1f:13:22:d2:94:22:42:80:39:
1b:e9:80:ef:01:1f:8a:ac:0e:ee:e9:6d:6c:b6:c6:
7f:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:9F:F8:FA:50:9A:AE:03:E1:0E:7B:0E:4A:4E:FE:FA:11:28:BF:F8
X509v3 Authority Key Identifier:
keyid:88:7A:5F:04:86:B1:8A:24:48:F2:35:8A:27:46:C1:AB:D9:FB:2E:5E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iHpfBIaxiiRI8jWKJ0bBq9n7Ll4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/28c3d1-8a90-4068-bb27-33abc53c0e79/1/RZ_4-lCargPhDnsOSk7--hEov_g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/28c3d1-8a90-4068-bb27-33abc53c0e79/1/iHpfBIaxiiRI8jWKJ0bBq9n7Ll4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.39.124.0/24
185.88.68.0/22
Signature Algorithm: sha256WithRSAEncryption
a5:53:da:4e:28:81:c3:88:7b:0c:ee:65:c6:7b:3b:9a:78:8d:
d4:69:a3:03:08:16:e5:d7:56:08:70:86:96:88:88:db:5c:ec:
87:46:3a:3e:ef:0a:60:44:8d:a2:b4:34:52:52:74:d4:a2:54:
56:c8:41:22:bc:45:cd:e7:e0:a1:10:f6:bf:7f:d1:ae:d2:d1:
c0:2f:74:db:43:bf:bf:3b:81:ca:6c:c2:88:32:a0:1c:c1:8f:
d2:b6:63:52:7b:60:93:0c:4e:09:12:94:5f:eb:0e:d5:5d:5c:
34:2b:02:6c:13:42:b9:00:82:95:67:8b:dd:12:0a:a6:62:7a:
4e:d2:6d:57:c7:4a:b0:d0:5e:3d:bc:be:c6:31:d4:a9:1e:d6:
83:7b:3b:82:02:ed:32:78:06:d1:df:df:7b:d8:e9:76:6a:1b:
1a:8b:f0:72:e3:16:19:ac:cc:47:00:36:db:8c:fb:f6:ca:a2:
91:21:d5:f4:6d:f2:14:bf:06:79:cd:57:cf:16:e8:de:49:40:
a6:1e:8a:bf:23:7e:31:8a:b7:d0:95:35:8d:57:aa:65:78:5b:
91:8c:bf:14:f7:1e:5e:f5:bc:20:9a:70:ed:da:7f:7f:30:6a:
ce:2b:38:1d:4c:7d:43:f8:01:9c:21:dc:71:a0:74:58:e6:b7:
88:aa:84:70
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZd4ZpW4yDipB3WW4PCWgQI7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4N2E1ZjA0ODZiMThhMjQ0OGYyMzU4YTI3NDZjMWFiZDlm
YjJlNWUwHhcNMjUwNjE2MTEwMTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTlmZjhmYTUwOWFhZTAzZTEwZTdiMGU0YTRlZmVmYTExMjhiZmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmvD0BKlmwb3WWGI8isOvw5eptKF
3lH2SqNGGBjDxtEfIxvugX7229tnePx6n7OarcTUDCij+sKSta/DO5AXgQeK9Xn+
7Y7IQbQhSf934Bdos+lOd84RbaYeLNHgSFrPHfVKgsRHg8G9nPXc5lNcbIvwCLQI
GjCNjQKpUNHep5fJ7T8Ry203zi8dDQwd67pKG+JrEURZnThlZYLz5tMWTYptmqJ0
9/cU6tJW6LFvAjG++XXQuRtRDvYPrfD6IZu2A0+rN9AJxJHzdspUIQhqXu8xdGJ3
YN8nrG9I4b4MwkMHgIrzD1ofEyLSlCJCgDkb6YDvAR+KrA7u6W1stsZ/nQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEWf+PpQmq4D4Q57DkpO/voRKL/4MB8GA1UdIwQY
MBaAFIh6XwSGsYokSPI1iidGwavZ+y5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUhwZkJJYXhpaVJJOGpXS0owYkJxOW43TGw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8yOGMzZDEtOGE5MC00MDY4LWJiMjct
MzNhYmM1M2MwZTc5LzEvUlpfNC1sQ2FyZ1BoRG5zT1NrNy0taEVvdl9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8yOGMzZDEtOGE5MC00MDY4LWJiMjctMzNhYmM1M2MwZTc5
LzEvaUhwZkJJYXhpaVJJOGpXS0owYkJxOW43TGw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSd8AwQC
uVhEMA0GCSqGSIb3DQEBCwUAA4IBAQClU9pOKIHDiHsM7mXGezuaeI3UaaMDCBbl
11YIcIaWiIjbXOyHRjo+7wpgRI2itDRSUnTUolRWyEEivEXN5+ChEPa/f9Gu0tHA
L3TbQ7+/O4HKbMKIMqAcwY/StmNSe2CTDE4JEpRf6w7VXVw0KwJsE0K5AIKVZ4vd
EgqmYnpO0m1Xx0qw0F49vL7GMdSpHtaDezuCAu0yeAbR39972Ol2ahsai/By4xYZ
rMxHADbbjPv2yqKRIdX0bfIUvwZ5zVfPFujeSUCmHoq/I34xirfQlTWNV6pleFuR
jL8U9x5e9bwgmnDt2n9/MGrOKzgdTH1D+AGcIdxxoHRY5reIqoRw
-----END CERTIFICATE-----
Generated at Sun Jun 29 09:13:16 2025 by rpki-client