Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/4bb7f4-9709-4109-b30e-24116cb6e986/1/3v4XT_Zkb0JR6zbO2RFLVtIvqcM.roa
File: 3v4XT_Zkb0JR6zbO2RFLVtIvqcM.roa (raw, json)
Hash identifier: aLhicbgV4nIT1UVqMuVw+q4GdC1H71gXhIrWh3frlJs=
Subject key identifier: DE:FE:17:4F:F6:64:6F:42:51:EB:36:CE:D9:11:4B:56:D2:2F:A9:C3
Certificate issuer: /CN=048b0c33776663cb4321a108f2f4d1635b5d2d8a
Certificate serial: 0199AE797A91F32D36F640B343E099A4875D
Authority key identifier: 04:8B:0C:33:77:66:63:CB:43:21:A1:08:F2:F4:D1:63:5B:5D:2D:8A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BIsMM3dmY8tDIaEI8vTRY1tdLYo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/4bb7f4-9709-4109-b30e-24116cb6e986/1/3v4XT_Zkb0JR6zbO2RFLVtIvqcM.roa
Signing time: Sat 04 Oct 2025 09:07:00 +0000
ROA not before: Sat 04 Oct 2025 09:07:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204310
IP address blocks: 185.253.172.0/22 maxlen: 22
185.253.172.0/24 maxlen: 24
185.253.175.0/24 maxlen: 24
2a0c:3ec0::/29 maxlen: 29
2a0c:3ec0::/32 maxlen: 32
2a0c:3ec7::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/38/4bb7f4-9709-4109-b30e-24116cb6e986/1/BIsMM3dmY8tDIaEI8vTRY1tdLYo.crl
rsync://rpki.ripe.net/repository/DEFAULT/38/4bb7f4-9709-4109-b30e-24116cb6e986/1/BIsMM3dmY8tDIaEI8vTRY1tdLYo.mft
rsync://rpki.ripe.net/repository/DEFAULT/BIsMM3dmY8tDIaEI8vTRY1tdLYo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 17:01:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:ae:79:7a:91:f3:2d:36:f6:40:b3:43:e0:99:a4:87:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=048b0c33776663cb4321a108f2f4d1635b5d2d8a
Validity
Not Before: Oct 4 09:07:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=defe174ff6646f4251eb36ced9114b56d22fa9c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:fe:07:da:86:cb:28:2f:64:59:09:97:03:cb:
f6:40:b0:4d:b3:c3:b5:e2:85:a9:2e:cc:0a:1f:b1:
f6:84:9a:d8:28:b9:ae:ba:16:40:c5:34:43:d7:c2:
5e:43:b7:92:56:4b:59:be:06:61:94:9f:07:be:fa:
db:4a:46:e1:47:49:d4:0d:ec:ee:d2:15:7d:d9:f0:
62:b3:11:ac:fc:2d:dc:29:17:46:84:5d:7a:14:bb:
a3:01:de:dc:79:f6:97:1b:63:57:09:e8:21:18:70:
22:a1:f5:6b:17:82:f8:f8:2b:82:8e:bc:c2:a1:09:
35:d8:f2:93:0d:75:32:7d:7d:65:37:c8:12:cd:11:
79:e9:f4:63:75:44:5d:e2:e7:d8:41:ea:d8:8a:4a:
01:62:41:7e:9f:b0:35:47:bc:9d:9e:ac:99:27:06:
62:8f:01:85:63:3e:7b:e7:75:65:16:6c:ca:be:91:
21:c3:3c:47:a9:a8:4c:06:e2:05:ce:60:de:8f:8d:
18:42:55:52:75:26:d6:75:20:47:bd:c7:fa:26:73:
cc:60:ab:e3:5c:20:38:d7:63:aa:9a:17:a8:5e:0d:
e5:45:75:ad:0d:80:08:05:97:ff:05:7c:d5:1b:79:
ec:d3:69:5b:f9:85:99:e8:6f:11:b6:67:bb:87:82:
9a:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:FE:17:4F:F6:64:6F:42:51:EB:36:CE:D9:11:4B:56:D2:2F:A9:C3
X509v3 Authority Key Identifier:
keyid:04:8B:0C:33:77:66:63:CB:43:21:A1:08:F2:F4:D1:63:5B:5D:2D:8A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIsMM3dmY8tDIaEI8vTRY1tdLYo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/4bb7f4-9709-4109-b30e-24116cb6e986/1/3v4XT_Zkb0JR6zbO2RFLVtIvqcM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/4bb7f4-9709-4109-b30e-24116cb6e986/1/BIsMM3dmY8tDIaEI8vTRY1tdLYo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.253.172.0/22
IPv6:
2a0c:3ec0::/29
Signature Algorithm: sha256WithRSAEncryption
8f:da:da:3b:b9:87:eb:37:9b:da:10:34:70:77:86:15:8c:58:
a9:57:67:1e:35:c3:90:3b:e3:96:3b:26:a3:4d:e2:90:3b:49:
17:96:09:95:89:61:d0:92:0d:f6:3f:8f:ec:bc:15:4f:f2:b4:
84:b2:40:bf:81:c0:0e:dc:6b:b6:69:96:f8:79:a7:50:8e:46:
6b:37:ba:b5:7d:ad:43:f3:13:b1:7c:5c:a3:a2:f1:73:8c:1d:
d2:f5:97:60:f2:8a:a9:ff:44:f3:80:40:b3:48:ce:56:58:bd:
0e:58:b5:ec:af:f3:e0:c0:6a:ef:a8:85:35:6d:36:8a:eb:c8:
88:7c:24:bc:5b:fa:d9:0a:e6:95:f8:62:39:8e:df:99:27:14:
66:7d:69:17:2f:c2:97:df:c5:34:c9:34:91:db:ca:30:fa:c1:
17:a5:54:da:09:9f:5b:9d:d1:d9:3c:1a:ae:f4:5d:7a:9b:fe:
36:ee:98:a3:fe:da:3f:71:81:5a:43:c8:cb:0b:d5:76:22:39:
aa:c7:8b:86:da:88:96:49:2e:cf:d1:90:bb:10:03:bb:f9:e1:
29:c3:3f:88:25:7c:47:e0:59:34:38:1a:80:6e:33:88:cf:a7:
24:91:25:53:09:3f:e5:6f:6b:53:31:63:d9:54:ca:53:bd:43:
e2:6b:30:ea
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZmueXqR8y029kCzQ+CZpIddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0OGIwYzMzNzc2NjYzY2I0MzIxYTEwOGYyZjRkMTYzNWI1
ZDJkOGEwHhcNMjUxMDA0MDkwNzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWZlMTc0ZmY2NjQ2ZjQyNTFlYjM2Y2VkOTExNGI1NmQyMmZhOWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlP4H2obLKC9kWQmXA8v2QLBNs8O1
4oWpLswKH7H2hJrYKLmuuhZAxTRD18JeQ7eSVktZvgZhlJ8HvvrbSkbhR0nUDezu
0hV92fBisxGs/C3cKRdGhF16FLujAd7cefaXG2NXCeghGHAiofVrF4L4+CuCjrzC
oQk12PKTDXUyfX1lN8gSzRF56fRjdURd4ufYQerYikoBYkF+n7A1R7ydnqyZJwZi
jwGFYz5753VlFmzKvpEhwzxHqahMBuIFzmDej40YQlVSdSbWdSBHvcf6JnPMYKvj
XCA412OqmheoXg3lRXWtDYAIBZf/BXzVG3ns02lb+YWZ6G8Rtme7h4KaDwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN7+F0/2ZG9CUes2ztkRS1bSL6nDMB8GA1UdIwQY
MBaAFASLDDN3ZmPLQyGhCPL00WNbXS2KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQklzTU0zZG1ZOHRESWFFSTh2VFJZMXRkTFlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC80YmI3ZjQtOTcwOS00MTA5LWIzMGUt
MjQxMTZjYjZlOTg2LzEvM3Y0WFRfWmtiMEpSNnpiTzJSRkxWdEl2cWNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC80YmI3ZjQtOTcwOS00MTA5LWIzMGUtMjQxMTZjYjZlOTg2
LzEvQklzTU0zZG1ZOHRESWFFSTh2VFJZMXRkTFlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuf2sMA0E
AgACMAcDBQMqDD7AMA0GCSqGSIb3DQEBCwUAA4IBAQCP2to7uYfrN5vaEDRwd4YV
jFipV2ceNcOQO+OWOyajTeKQO0kXlgmViWHQkg32P4/svBVP8rSEskC/gcAO3Gu2
aZb4eadQjkZrN7q1fa1D8xOxfFyjovFzjB3S9Zdg8oqp/0TzgECzSM5WWL0OWLXs
r/PgwGrvqIU1bTaK68iIfCS8W/rZCuaV+GI5jt+ZJxRmfWkXL8KX38U0yTSR28ow
+sEXpVTaCZ9bndHZPBqu9F16m/427pij/to/cYFaQ8jLC9V2Ijmqx4uG2oiWSS7P
0ZC7EAO7+eEpwz+IJXxH4Fk0OBqAbjOIz6ckkSVTCT/lb2tTMWPZVMpTvUPiazDq
-----END CERTIFICATE-----
Generated at Mon Oct 20 02:48:09 2025 by rpki-client