Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/rz4N95CrmRgEO1zjysAon4yFKAA.roa
File: rz4N95CrmRgEO1zjysAon4yFKAA.roa (raw, json)
Hash identifier: saVZv6bcY+zwNzfOK+c09gEbL5ZQ6JMTaAgizPOYSxA=
Subject key identifier: AF:3E:0D:F7:90:AB:99:18:04:3B:5C:E3:CA:C0:28:9F:8C:85:28:00
Certificate issuer: /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial: 0199D89BE013EE4C366702713D2DCCDFD1DA
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/rz4N95CrmRgEO1zjysAon4yFKAA.roa
Signing time: Sun 12 Oct 2025 13:28:38 +0000
ROA not before: Sun 12 Oct 2025 13:28:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44654
IP address blocks: 37.252.208.0/23 maxlen: 23
37.252.208.0/24 maxlen: 24
37.252.209.0/24 maxlen: 24
37.252.210.0/23 maxlen: 23
37.252.210.0/24 maxlen: 24
37.252.211.0/24 maxlen: 24
37.252.212.0/23 maxlen: 23
37.252.212.0/24 maxlen: 24
37.252.213.0/24 maxlen: 24
37.252.215.0/24 maxlen: 24
109.205.8.0/21 maxlen: 24
109.205.9.0/24 maxlen: 24
185.36.124.0/22 maxlen: 24
185.36.124.0/23 maxlen: 23
185.36.127.0/24 maxlen: 24
2a02:d8::/32 maxlen: 48
2a02:d8:8::/48 maxlen: 48
2a02:d8:9::/48 maxlen: 48
2a02:d8:a::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:d8:9b:e0:13:ee:4c:36:67:02:71:3d:2d:cc:df:d1:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
Validity
Not Before: Oct 12 13:28:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=af3e0df790ab9918043b5ce3cac0289f8c852800
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:0e:5d:ec:db:76:9d:05:aa:53:12:d1:80:99:
dd:94:b3:61:16:4c:be:14:60:12:bd:3f:9d:d1:8a:
31:11:d8:d1:a4:47:62:e8:50:89:a2:7e:1d:e1:50:
fa:6b:af:0b:75:d5:6a:58:d2:0a:5c:a7:43:6c:62:
45:d8:5b:37:58:de:c6:c5:95:9c:a9:32:1b:0f:03:
12:07:ea:e5:d5:85:5a:f6:89:18:75:c7:e4:93:d4:
98:1f:14:35:dc:62:66:59:ea:e9:06:6a:9a:90:2f:
42:82:13:c8:a8:53:4c:85:1b:62:ec:1f:8b:1d:ba:
10:5f:23:21:0c:a6:d5:95:7f:3c:e1:56:32:03:05:
56:3a:b2:5f:32:47:83:e0:d7:8e:40:89:1e:18:20:
74:72:0f:51:e5:be:ca:a6:c3:5c:61:85:40:42:2d:
e3:c1:8d:f3:0a:de:53:7f:ad:78:5f:4e:49:f2:cf:
53:b1:e8:0f:6b:28:85:8f:e7:37:ba:14:0e:24:c0:
08:ea:13:e7:96:1f:f1:70:bc:f4:5b:aa:01:57:04:
57:54:b8:9e:f3:6d:af:6b:3f:3f:5b:78:5b:ae:be:
4a:12:30:19:78:f9:a1:1f:56:36:8b:3c:7a:64:90:
a7:9f:cf:9a:45:b9:7f:4f:f8:31:bf:8a:3d:ef:64:
8d:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:3E:0D:F7:90:AB:99:18:04:3B:5C:E3:CA:C0:28:9F:8C:85:28:00
X509v3 Authority Key Identifier:
keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/rz4N95CrmRgEO1zjysAon4yFKAA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.252.208.0-37.252.213.255
37.252.215.0/24
109.205.8.0/21
185.36.124.0/22
IPv6:
2a02:d8::/32
Signature Algorithm: sha256WithRSAEncryption
11:37:18:b5:6e:08:28:03:41:6f:8a:01:70:42:b1:30:d3:2d:
4c:8c:9b:05:46:83:2c:1c:b8:e3:ad:7a:f7:87:4c:f8:e7:00:
c2:e7:a7:b4:89:d6:30:98:bc:0b:7a:56:42:8b:81:d8:ff:32:
af:f7:f4:01:eb:be:33:67:43:36:c5:17:e8:87:68:cb:72:4a:
29:2e:f9:52:49:21:ad:ed:74:32:b7:2c:d7:b1:ce:e1:a0:13:
a3:d5:28:64:e2:09:47:45:02:2b:00:31:43:eb:cf:36:a1:93:
af:10:c4:07:d5:db:5c:1e:7b:89:c2:cf:21:3d:b4:0e:38:55:
4b:aa:5e:44:3e:fa:70:9d:d5:18:a8:56:90:4a:41:d9:1c:e5:
82:75:5a:1d:00:01:80:38:a9:69:40:76:d0:cb:21:18:b8:cf:
66:77:b5:ee:df:6d:50:0f:9d:0c:91:68:09:f7:89:e1:1a:79:
b5:17:be:b2:7d:37:56:f0:08:7a:c7:03:0d:c8:d8:7b:32:1a:
a7:0e:87:d3:19:15:95:2a:dd:de:c5:01:7f:7b:a7:7e:62:94:
ab:73:ba:83:b5:90:5a:8b:02:5f:b8:1c:9f:96:6e:df:95:db:
83:9c:74:10:fe:32:88:e6:33:7a:79:3c:31:5f:dd:52:13:7c:
ed:76:36:46
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZnYm+AT7kw2ZwJxPS3M39HaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjUxMDEyMTMyODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjNlMGRmNzkwYWI5OTE4MDQzYjVjZTNjYWMwMjg5ZjhjODUyODAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuw5d7Nt2nQWqUxLRgJndlLNhFky+
FGASvT+d0YoxEdjRpEdi6FCJon4d4VD6a68LddVqWNIKXKdDbGJF2Fs3WN7GxZWc
qTIbDwMSB+rl1YVa9okYdcfkk9SYHxQ13GJmWerpBmqakC9CghPIqFNMhRti7B+L
HboQXyMhDKbVlX884VYyAwVWOrJfMkeD4NeOQIkeGCB0cg9R5b7KpsNcYYVAQi3j
wY3zCt5Tf614X05J8s9TsegPayiFj+c3uhQOJMAI6hPnlh/xcLz0W6oBVwRXVLie
822vaz8/W3hbrr5KEjAZePmhH1Y2izx6ZJCnn8+aRbl/T/gxv4o972SNSQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFK8+DfeQq5kYBDtc48rAKJ+MhSgAMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvcno0Tjk1Q3JtUmdFTzF6anlzQW9uNHlGS0FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgMAwDBAQl/NAD
BAEl/NQDBAAl/NcDBANtzQgDBAK5JHwwDQQCAAIwBwMFACoCANgwDQYJKoZIhvcN
AQELBQADggEBABE3GLVuCCgDQW+KAXBCsTDTLUyMmwVGgywcuOOteveHTPjnAMLn
p7SJ1jCYvAt6VkKLgdj/Mq/39AHrvjNnQzbFF+iHaMtySiku+VJJIa3tdDK3LNex
zuGgE6PVKGTiCUdFAisAMUPrzzahk68QxAfV21wee4nCzyE9tA44VUuqXkQ++nCd
1RioVpBKQdkc5YJ1Wh0AAYA4qWlAdtDLIRi4z2Z3te7fbVAPnQyRaAn3ieEaebUX
vrJ9N1bwCHrHAw3I2HsyGqcOh9MZFZUq3d7FAX97p35ilKtzuoO1kFqLAl+4HJ+W
bt+V24OcdBD+MojmM3p5PDFf3VITfO12NkY=
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:08:59 2025 by rpki-client