Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/T3WVNDq5fB7durp2xzBnS3GvikA.roa
File: T3WVNDq5fB7durp2xzBnS3GvikA.roa (raw, json)
Hash identifier: yDIX+9j0VmuYreUTlBxWuulf2dZWF2rW9eLhkcZnsyo=
Subject key identifier: 4F:75:95:34:3A:B9:7C:1E:DD:BA:BA:76:C7:30:67:4B:71:AF:8A:40
Certificate issuer: /CN=3a839936aeeff288678e772633020fa259bd9cf2
Certificate serial: 019995D3B150A722776D43EE27A8360C4C4E
Authority key identifier: 3A:83:99:36:AE:EF:F2:88:67:8E:77:26:33:02:0F:A2:59:BD:9C:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OoOZNq7v8ohnjncmMwIPolm9nPI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/T3WVNDq5fB7durp2xzBnS3GvikA.roa
Signing time: Mon 29 Sep 2025 14:15:02 +0000
ROA not before: Mon 29 Sep 2025 14:15:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47753
IP address blocks: 146.19.210.0/24 maxlen: 24
185.66.213.0/24 maxlen: 24
212.52.22.0/24 maxlen: 24
2001:678:dd0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/OoOZNq7v8ohnjncmMwIPolm9nPI.crl
rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/OoOZNq7v8ohnjncmMwIPolm9nPI.mft
rsync://rpki.ripe.net/repository/DEFAULT/OoOZNq7v8ohnjncmMwIPolm9nPI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:01:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:95:d3:b1:50:a7:22:77:6d:43:ee:27:a8:36:0c:4c:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3a839936aeeff288678e772633020fa259bd9cf2
Validity
Not Before: Sep 29 14:15:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4f7595343ab97c1eddbaba76c730674b71af8a40
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:f0:6b:db:01:8d:2d:dd:62:13:4d:e1:b9:a3:
02:74:ff:6d:46:84:7f:8a:67:a4:89:36:e5:dd:0c:
11:a5:9d:09:5a:ef:12:58:af:21:6d:f1:e1:b1:a4:
ab:fe:74:90:2d:2a:fe:b9:92:e9:15:cc:c9:91:62:
29:3b:f9:46:e3:30:8c:36:59:cc:ee:84:94:8a:41:
cf:30:72:cb:ca:4c:5c:0d:d7:d7:9e:01:87:e2:16:
fe:6e:48:c4:d7:7b:b1:85:66:f5:ef:e9:61:8e:c8:
2b:18:74:ab:53:0c:c7:3a:d3:27:22:d2:f1:d9:68:
2e:b0:b3:73:93:93:fc:61:a9:3b:bd:a8:87:b6:f9:
d8:61:d1:d8:b9:8d:28:f4:29:ff:f7:3b:13:70:d2:
b3:1c:b3:7c:14:5b:03:81:ec:c1:84:c8:df:ed:fc:
a7:55:86:8f:78:87:d7:66:c6:6b:9e:8e:33:1a:f2:
c7:76:e8:31:ab:a7:f7:3c:84:1b:57:73:33:46:06:
9e:82:11:e6:be:e2:4d:8d:c5:a8:ec:ed:4d:b7:c4:
16:d6:52:b7:fa:29:d5:84:da:b2:36:08:05:8c:af:
71:08:c6:2e:6a:4e:61:a6:ce:48:0c:45:0d:40:7d:
7d:4d:05:a1:86:20:f9:8f:f5:7d:a3:b0:48:7e:f4:
67:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:75:95:34:3A:B9:7C:1E:DD:BA:BA:76:C7:30:67:4B:71:AF:8A:40
X509v3 Authority Key Identifier:
keyid:3A:83:99:36:AE:EF:F2:88:67:8E:77:26:33:02:0F:A2:59:BD:9C:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OoOZNq7v8ohnjncmMwIPolm9nPI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/T3WVNDq5fB7durp2xzBnS3GvikA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/OoOZNq7v8ohnjncmMwIPolm9nPI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
146.19.210.0/24
185.66.213.0/24
212.52.22.0/24
IPv6:
2001:678:dd0::/48
Signature Algorithm: sha256WithRSAEncryption
4e:f6:99:9d:24:29:26:3d:0b:c2:ec:ee:c2:3c:c4:2e:e3:03:
cd:ba:19:39:00:de:3f:70:c6:22:cf:6f:52:8e:88:49:21:e3:
1e:6e:3e:97:5d:03:03:0d:37:9c:a1:53:f8:26:8f:28:b6:99:
28:c9:8e:2c:7d:85:57:b9:8b:a3:e4:ba:0c:9a:3c:38:95:4d:
bd:ad:cf:8e:d3:6e:62:0a:81:54:0e:cc:de:5e:c2:b9:78:40:
f2:a3:12:d1:80:14:f9:08:f9:18:35:b1:23:18:b5:0c:51:73:
16:5f:7c:72:11:00:8c:e1:10:cc:d7:98:f7:0b:73:4f:dc:f9:
06:a9:e6:ed:ed:cd:2b:9e:ba:c4:ba:91:4a:57:94:b6:c4:5c:
f0:01:df:4b:ec:c4:da:e0:88:f3:97:b7:72:73:29:86:be:f6:
c7:0d:e3:1c:ba:f2:8d:21:b6:04:77:12:f5:bf:75:34:5d:b8:
c2:38:ad:5d:72:7c:94:38:70:3f:a9:3d:15:ca:a6:69:3f:ef:
d6:36:d3:ef:1f:e9:17:84:3f:1d:ab:c9:ff:de:50:9a:83:39:
9f:2a:87:54:cf:43:65:5f:41:90:dd:bf:57:84:56:f2:1f:97:
29:20:32:62:b4:d7:60:e8:92:52:9e:38:94:a9:d4:d5:32:99:
da:50:5c:b6
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZmV07FQpyJ3bUPuJ6g2DExOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhODM5OTM2YWVlZmYyODg2NzhlNzcyNjMzMDIwZmEyNTli
ZDljZjIwHhcNMjUwOTI5MTQxNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjc1OTUzNDNhYjk3YzFlZGRiYWJhNzZjNzMwNjc0YjcxYWY4YTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/Br2wGNLd1iE03huaMCdP9tRoR/
imekiTbl3QwRpZ0JWu8SWK8hbfHhsaSr/nSQLSr+uZLpFczJkWIpO/lG4zCMNlnM
7oSUikHPMHLLykxcDdfXngGH4hb+bkjE13uxhWb17+lhjsgrGHSrUwzHOtMnItLx
2WgusLNzk5P8Yak7vaiHtvnYYdHYuY0o9Cn/9zsTcNKzHLN8FFsDgezBhMjf7fyn
VYaPeIfXZsZrno4zGvLHdugxq6f3PIQbV3MzRgaeghHmvuJNjcWo7O1Nt8QW1lK3
+inVhNqyNggFjK9xCMYuak5hps5IDEUNQH19TQWhhiD5j/V9o7BIfvRnJQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFE91lTQ6uXwe3bq6dscwZ0txr4pAMB8GA1UdIwQY
MBaAFDqDmTau7/KIZ453JjMCD6JZvZzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT29PWk5xN3Y4b2huam5jbU13SVBvbG05blBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My81YzY3NDUtNzY4ZS00ZDYxLWI2MDQt
ODM1ZjRlMzcyODNjLzEvVDNXVk5EcTVmQjdkdXJwMnh6Qm5TM0d2aWtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My81YzY3NDUtNzY4ZS00ZDYxLWI2MDQtODM1ZjRlMzcyODNj
LzEvT29PWk5xN3Y4b2huam5jbU13SVBvbG05blBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQAkhPSAwQA
uULVAwQA1DQWMA8EAgACMAkDBwAgAQZ4DdAwDQYJKoZIhvcNAQELBQADggEBAE72
mZ0kKSY9C8Ls7sI8xC7jA826GTkA3j9wxiLPb1KOiEkh4x5uPpddAwMNN5yhU/gm
jyi2mSjJjix9hVe5i6PkugyaPDiVTb2tz47TbmIKgVQOzN5ewrl4QPKjEtGAFPkI
+Rg1sSMYtQxRcxZffHIRAIzhEMzXmPcLc0/c+Qap5u3tzSueusS6kUpXlLbEXPAB
30vsxNrgiPOXt3JzKYa+9scN4xy68o0htgR3EvW/dTRduMI4rV1yfJQ4cD+pPRXK
pmk/79Y20+8f6ReEPx2ryf/eUJqDOZ8qh1TPQ2VfQZDdv1eEVvIflykgMmK012Do
klKeOJSp1NUymdpQXLY=
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:32:29 2025 by rpki-client