Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/269290-59ff-4233-8fa0-27550b219507/1/4YFKATy6NlpuD5RARFf6ucU0LYc.roa
File: 4YFKATy6NlpuD5RARFf6ucU0LYc.roa (raw, json)
Hash identifier: RSRzqoF+x6rPSJR8eSY+ztT3IgSla9/aJupP6hQ26Bc=
Subject key identifier: E1:81:4A:01:3C:BA:36:5A:6E:0F:94:40:44:57:FA:B9:C5:34:2D:87
Certificate issuer: /CN=ff1a0a7554385703974ae15ef947bc54c0b89c95
Certificate serial: 0198CBF89B23DF24ECED39B023C42DA4BF7E
Authority key identifier: FF:1A:0A:75:54:38:57:03:97:4A:E1:5E:F9:47:BC:54:C0:B8:9C:95
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_xoKdVQ4VwOXSuFe-Ue8VMC4nJU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3c/269290-59ff-4233-8fa0-27550b219507/1/4YFKATy6NlpuD5RARFf6ucU0LYc.roa
Signing time: Thu 21 Aug 2025 09:32:04 +0000
ROA not before: Thu 21 Aug 2025 09:32:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25181
IP address blocks: 195.2.36.0/23 maxlen: 23
195.2.38.0/23 maxlen: 23
195.2.40.0/23 maxlen: 24
195.2.41.0/24 maxlen: 24
2a00:1310::/32 maxlen: 48
2a00:1310:110::/48 maxlen: 48
2a00:1310:301::/48 maxlen: 48
2a00:1310:802::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3c/269290-59ff-4233-8fa0-27550b219507/1/_xoKdVQ4VwOXSuFe-Ue8VMC4nJU.crl
rsync://rpki.ripe.net/repository/DEFAULT/3c/269290-59ff-4233-8fa0-27550b219507/1/_xoKdVQ4VwOXSuFe-Ue8VMC4nJU.mft
rsync://rpki.ripe.net/repository/DEFAULT/_xoKdVQ4VwOXSuFe-Ue8VMC4nJU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 23:01:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:cb:f8:9b:23:df:24:ec:ed:39:b0:23:c4:2d:a4:bf:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff1a0a7554385703974ae15ef947bc54c0b89c95
Validity
Not Before: Aug 21 09:32:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e1814a013cba365a6e0f94404457fab9c5342d87
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:d1:96:8c:28:05:18:5d:cc:f6:bc:15:3b:ad:
b1:32:69:6f:7e:93:92:ce:ca:b9:6a:1d:cb:db:bf:
77:49:8f:60:be:40:47:29:08:01:c0:52:e7:b6:50:
97:27:ee:12:cb:05:3b:28:4b:55:92:99:cd:66:8b:
b5:7f:fb:f9:01:7f:27:f9:83:cc:f0:54:70:c2:6a:
c3:3b:70:86:86:5b:69:ab:18:8e:ac:78:0d:e5:33:
81:39:4f:ea:25:2e:e1:e8:d3:ed:68:bc:00:d8:44:
3b:46:c3:2d:79:78:29:02:8c:11:16:3e:96:47:f8:
33:fe:5d:34:5b:39:c7:a7:ff:1c:b7:65:26:55:3c:
03:6e:62:a8:5c:ec:19:ae:01:6a:f5:d8:65:84:5d:
39:66:8f:bf:ac:46:02:38:89:fa:fe:27:31:6a:12:
ba:95:ef:f3:1b:83:71:4d:79:7e:d3:e0:67:1c:cb:
49:7b:05:82:0b:e6:45:9e:43:3b:02:a2:bb:93:7e:
e1:5d:61:ae:b3:45:68:ff:cc:47:b6:52:ab:e9:b4:
ac:27:fe:ba:79:05:12:95:0e:2d:b5:cc:8b:1f:62:
74:97:c2:ca:2a:05:62:b4:66:8b:36:b0:40:16:00:
ce:5e:eb:a7:08:53:23:f7:8a:d7:76:c4:7a:3f:52:
9b:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:81:4A:01:3C:BA:36:5A:6E:0F:94:40:44:57:FA:B9:C5:34:2D:87
X509v3 Authority Key Identifier:
keyid:FF:1A:0A:75:54:38:57:03:97:4A:E1:5E:F9:47:BC:54:C0:B8:9C:95
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_xoKdVQ4VwOXSuFe-Ue8VMC4nJU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/269290-59ff-4233-8fa0-27550b219507/1/4YFKATy6NlpuD5RARFf6ucU0LYc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/269290-59ff-4233-8fa0-27550b219507/1/_xoKdVQ4VwOXSuFe-Ue8VMC4nJU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.2.36.0-195.2.41.255
IPv6:
2a00:1310::/32
Signature Algorithm: sha256WithRSAEncryption
b7:10:18:6a:55:90:58:47:81:5f:ce:1e:a4:e8:a9:4e:bb:63:
25:39:6c:30:b7:3f:46:f9:cb:7c:da:44:b7:9a:d8:26:59:8a:
2a:0b:3b:66:78:da:ec:8c:25:fc:e8:0e:d0:c9:17:f3:92:d4:
d5:88:07:eb:53:2c:89:3a:bd:d4:83:44:17:0e:29:83:7d:d2:
0e:d5:e3:1e:c3:45:71:0d:60:ab:02:a0:bd:f6:33:8b:a9:7a:
3d:1f:23:24:be:c2:ad:24:a3:4e:c9:68:b9:19:c1:40:2c:47:
cb:cd:57:45:a6:2e:05:58:bc:87:6a:f3:5c:55:1e:2f:34:0a:
16:80:dc:2b:b5:d7:2e:35:da:ee:4f:43:f0:ef:62:60:82:4c:
31:2c:04:0a:e4:de:7a:0a:72:67:ae:e6:b0:23:90:78:a5:ad:
d7:99:27:e9:5a:da:f4:20:d8:22:1b:c1:35:ee:ab:35:c6:bc:
54:39:95:9e:54:91:35:50:ab:87:b4:4c:b3:44:9d:6e:f6:17:
46:ac:a3:ab:8f:80:4e:a8:0f:60:ba:cf:ce:96:95:d8:5c:af:
43:78:6d:c3:7f:36:67:ba:58:08:bc:9a:8c:1e:25:d2:b4:6d:
43:90:e4:f0:90:72:e3:63:67:6b:5c:5e:8b:9a:95:58:4f:0c:
5d:64:cd:82
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZjL+Jsj3yTs7TmwI8QtpL9+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMWEwYTc1NTQzODU3MDM5NzRhZTE1ZWY5NDdiYzU0YzBi
ODljOTUwHhcNMjUwODIxMDkzMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTgxNGEwMTNjYmEzNjVhNmUwZjk0NDA0NDU3ZmFiOWM1MzQyZDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldGWjCgFGF3M9rwVO62xMmlvfpOS
zsq5ah3L2793SY9gvkBHKQgBwFLntlCXJ+4SywU7KEtVkpnNZou1f/v5AX8n+YPM
8FRwwmrDO3CGhltpqxiOrHgN5TOBOU/qJS7h6NPtaLwA2EQ7RsMteXgpAowRFj6W
R/gz/l00WznHp/8ct2UmVTwDbmKoXOwZrgFq9dhlhF05Zo+/rEYCOIn6/icxahK6
le/zG4NxTXl+0+BnHMtJewWCC+ZFnkM7AqK7k37hXWGus0Vo/8xHtlKr6bSsJ/66
eQUSlQ4ttcyLH2J0l8LKKgVitGaLNrBAFgDOXuunCFMj94rXdsR6P1KbzQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFOGBSgE8ujZabg+UQERX+rnFNC2HMB8GA1UdIwQY
MBaAFP8aCnVUOFcDl0rhXvlHvFTAuJyVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3hvS2RWUTRWd09YU3VGZS1VZThWTUM0bkpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8yNjkyOTAtNTlmZi00MjMzLThmYTAt
Mjc1NTBiMjE5NTA3LzEvNFlGS0FUeTZObHB1RDVSQVJGZjZ1Y1UwTFljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8yNjkyOTAtNTlmZi00MjMzLThmYTAtMjc1NTBiMjE5NTA3
LzEvX3hvS2RWUTRWd09YU3VGZS1VZThWTUM0bkpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBALDAiQD
BAHDAigwDQQCAAIwBwMFACoAExAwDQYJKoZIhvcNAQELBQADggEBALcQGGpVkFhH
gV/OHqToqU67YyU5bDC3P0b5y3zaRLea2CZZiioLO2Z42uyMJfzoDtDJF/OS1NWI
B+tTLIk6vdSDRBcOKYN90g7V4x7DRXENYKsCoL32M4upej0fIyS+wq0ko07JaLkZ
wUAsR8vNV0WmLgVYvIdq81xVHi80ChaA3Cu11y412u5PQ/DvYmCCTDEsBArk3noK
cmeu5rAjkHilrdeZJ+la2vQg2CIbwTXuqzXGvFQ5lZ5UkTVQq4e0TLNEnW72F0as
o6uPgE6oD2C6z86Wldhcr0N4bcN/Nme6WAi8moweJdK0bUOQ5PCQcuNjZ2tcXoua
lVhPDF1kzYI=
-----END CERTIFICATE-----
Generated at Sun Aug 24 06:46:23 2025 by rpki-client