Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/38R6j4WZRDh7lxPPfaHYnBOsF1k.roa
File: 38R6j4WZRDh7lxPPfaHYnBOsF1k.roa (raw, json)
Hash identifier: pi9e0CEvNyyq1XO56Ym08oOogdD/KO/PuJZczLywo88=
Subject key identifier: DF:C4:7A:8F:85:99:44:38:7B:97:13:CF:7D:A1:D8:9C:13:AC:17:59
Certificate issuer: /CN=4593b9ac0a486b0037765d605c8b1c8104046f0a
Certificate serial: 0199589AF98374C90F9A1602612747A66963
Authority key identifier: 45:93:B9:AC:0A:48:6B:00:37:76:5D:60:5C:8B:1C:81:04:04:6F:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RZO5rApIawA3dl1gXIscgQQEbwo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/38R6j4WZRDh7lxPPfaHYnBOsF1k.roa
Signing time: Wed 17 Sep 2025 16:56:15 +0000
ROA not before: Wed 17 Sep 2025 16:56:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13335
IP address blocks: 158.94.212.0/24 maxlen: 24
158.94.213.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/RZO5rApIawA3dl1gXIscgQQEbwo.crl
rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/RZO5rApIawA3dl1gXIscgQQEbwo.mft
rsync://rpki.ripe.net/repository/DEFAULT/RZO5rApIawA3dl1gXIscgQQEbwo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:58:9a:f9:83:74:c9:0f:9a:16:02:61:27:47:a6:69:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4593b9ac0a486b0037765d605c8b1c8104046f0a
Validity
Not Before: Sep 17 16:56:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dfc47a8f859944387b9713cf7da1d89c13ac1759
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:24:fb:6a:7f:b2:bf:f0:7c:d5:a4:4f:69:48:
9b:94:3a:74:1a:28:d0:27:7d:c9:9b:09:b1:0a:7a:
50:8d:8e:41:64:bf:0e:b1:29:67:86:c6:83:fa:5c:
be:a3:04:90:ce:e8:c7:85:0f:b1:46:8b:17:36:b7:
fb:f1:db:ca:ba:06:5d:84:5f:83:dc:51:4f:54:d2:
80:7a:ef:87:fd:cd:26:91:b2:79:2d:bd:bf:fb:a5:
57:de:4f:ad:4c:24:89:0a:82:78:4d:de:06:90:bb:
74:b0:a7:1e:58:bc:e9:88:dc:02:11:52:0d:cd:93:
8f:f7:09:8e:d8:41:43:8d:a6:a6:57:5c:20:73:f2:
2b:08:c4:08:3b:c7:ff:df:03:48:a9:ed:02:a9:f9:
0a:04:bc:79:d7:05:8d:ed:5f:98:d6:71:62:48:a9:
48:a2:77:66:0f:97:2a:21:00:bd:fa:d8:86:2e:c1:
ba:66:e2:1b:70:9a:87:8a:00:e6:14:91:b2:9e:dc:
c7:39:5b:a7:1b:8d:d6:72:b7:46:28:8b:2b:48:21:
bb:5e:d5:53:b1:fa:03:7c:13:2c:b2:4e:f8:62:b4:
df:6e:62:75:26:bf:e5:8b:bf:b8:1d:25:9c:de:ad:
81:a5:ef:e4:6c:d7:d8:f3:1f:4a:9e:7c:37:12:84:
4f:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:C4:7A:8F:85:99:44:38:7B:97:13:CF:7D:A1:D8:9C:13:AC:17:59
X509v3 Authority Key Identifier:
keyid:45:93:B9:AC:0A:48:6B:00:37:76:5D:60:5C:8B:1C:81:04:04:6F:0A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RZO5rApIawA3dl1gXIscgQQEbwo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/38R6j4WZRDh7lxPPfaHYnBOsF1k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/RZO5rApIawA3dl1gXIscgQQEbwo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
158.94.212.0/23
Signature Algorithm: sha256WithRSAEncryption
23:bf:d8:b3:ff:4c:8a:ca:12:51:d1:2b:34:e6:95:ab:d1:5d:
c4:e2:cd:2e:23:db:a2:5c:ef:c3:7d:dc:4f:7a:01:8f:1f:b9:
8c:5d:86:cd:7e:66:c3:2c:88:7e:f3:ec:c1:3a:81:e8:ba:e0:
28:86:a9:4b:60:e7:0a:97:33:e8:bf:51:fb:7f:88:54:55:b6:
fc:75:c6:a3:ee:e1:ef:28:8f:e9:51:f7:dc:fa:72:8a:b3:86:
10:56:d8:85:c6:ed:d2:03:7c:43:e1:fc:13:67:44:fb:53:6b:
ac:a1:fe:27:a1:ce:76:0c:f8:92:fe:dc:af:e3:c5:39:16:74:
4f:11:f8:ca:80:e3:e4:32:94:fe:2b:16:01:d6:69:6a:f0:74:
f6:e1:79:ae:a3:9f:36:ad:0f:11:b8:dc:e6:f4:7a:ff:2c:ec:
9d:f5:39:a8:4e:15:30:da:64:1a:14:89:0e:dd:db:24:c9:2d:
68:62:2d:48:74:79:f4:6f:44:3e:63:05:d1:c4:af:bd:21:b8:
e1:55:ff:0a:fa:87:d4:62:9e:c3:17:06:26:d1:f9:11:73:6e:
5d:e7:61:3e:c5:b6:3b:2d:0b:60:d0:97:fe:aa:4f:4e:2e:37:
62:b3:fa:2f:13:f6:20:cd:5b:52:7e:00:9b:d5:db:47:d4:6c:
f8:e3:73:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlYmvmDdMkPmhYCYSdHpmljMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OTNiOWFjMGE0ODZiMDAzNzc2NWQ2MDVjOGIxYzgxMDQw
NDZmMGEwHhcNMjUwOTE3MTY1NjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmM0N2E4Zjg1OTk0NDM4N2I5NzEzY2Y3ZGExZDg5YzEzYWMxNzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqST7an+yv/B81aRPaUiblDp0GijQ
J33JmwmxCnpQjY5BZL8OsSlnhsaD+ly+owSQzujHhQ+xRosXNrf78dvKugZdhF+D
3FFPVNKAeu+H/c0mkbJ5Lb2/+6VX3k+tTCSJCoJ4Td4GkLt0sKceWLzpiNwCEVIN
zZOP9wmO2EFDjaamV1wgc/IrCMQIO8f/3wNIqe0CqfkKBLx51wWN7V+Y1nFiSKlI
ondmD5cqIQC9+tiGLsG6ZuIbcJqHigDmFJGyntzHOVunG43WcrdGKIsrSCG7XtVT
sfoDfBMssk74YrTfbmJ1Jr/li7+4HSWc3q2Bpe/kbNfY8x9Knnw3EoRPaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/Eeo+FmUQ4e5cTz32h2JwTrBdZMB8GA1UdIwQY
MBaAFEWTuawKSGsAN3ZdYFyLHIEEBG8KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlpPNXJBcElhd0EzZGwxZ1hJc2NnUVFFYndvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8wNWIwZDItMTZiYS00ZDcxLWEyMTgt
NDNlNmJmZjlhMjVlLzEvMzhSNmo0V1pSRGg3bHhQUGZhSFluQk9zRjFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8wNWIwZDItMTZiYS00ZDcxLWEyMTgtNDNlNmJmZjlhMjVl
LzEvUlpPNXJBcElhd0EzZGwxZ1hJc2NnUVFFYndvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBnl7UMA0G
CSqGSIb3DQEBCwUAA4IBAQAjv9iz/0yKyhJR0Ss05pWr0V3E4s0uI9uiXO/DfdxP
egGPH7mMXYbNfmbDLIh+8+zBOoHouuAohqlLYOcKlzPov1H7f4hUVbb8dcaj7uHv
KI/pUffc+nKKs4YQVtiFxu3SA3xD4fwTZ0T7U2usof4noc52DPiS/tyv48U5FnRP
EfjKgOPkMpT+KxYB1mlq8HT24Xmuo582rQ8RuNzm9Hr/LOyd9TmoThUw2mQaFIkO
3dskyS1oYi1IdHn0b0Q+YwXRxK+9IbjhVf8K+ofUYp7DFwYm0fkRc25d52E+xbY7
LQtg0Jf+qk9OLjdis/ovE/YgzVtSfgCb1dtH1Gz443Pe
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:10:04 2025 by rpki-client