Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/VczOYK23SIrQwSfO7WNvNHITrEQ.roa
File: VczOYK23SIrQwSfO7WNvNHITrEQ.roa (raw, json)
Hash identifier: vE9e17sANr8/qzhWCh8RdI6FabALXXTALY3d06XGM3g=
Subject key identifier: 55:CC:CE:60:AD:B7:48:8A:D0:C1:27:CE:ED:63:6F:34:72:13:AC:44
Certificate issuer: /CN=3ef325ef4cbaa66cc71ffcc6880877e76e149afd
Certificate serial: 019782CC04ACBF0E2EE932EAAB3B8C3C20E5
Authority key identifier: 3E:F3:25:EF:4C:BA:A6:6C:C7:1F:FC:C6:88:08:77:E7:6E:14:9A:FD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PvMl70y6pmzHH_zGiAh3524Umv0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/VczOYK23SIrQwSfO7WNvNHITrEQ.roa
Signing time: Wed 18 Jun 2025 11:28:17 +0000
ROA not before: Wed 18 Jun 2025 11:28:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34347
IP address blocks: 80.92.112.0/20 maxlen: 20
152.89.72.0/22 maxlen: 22
156.67.192.0/21 maxlen: 21
185.35.180.0/22 maxlen: 22
185.176.156.0/23 maxlen: 23
185.203.212.0/22 maxlen: 22
195.149.216.0/21 maxlen: 21
2a02:28e8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/PvMl70y6pmzHH_zGiAh3524Umv0.crl
rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/PvMl70y6pmzHH_zGiAh3524Umv0.mft
rsync://rpki.ripe.net/repository/DEFAULT/PvMl70y6pmzHH_zGiAh3524Umv0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 03 Jul 2025 11:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:82:cc:04:ac:bf:0e:2e:e9:32:ea:ab:3b:8c:3c:20:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3ef325ef4cbaa66cc71ffcc6880877e76e149afd
Validity
Not Before: Jun 18 11:28:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=55ccce60adb7488ad0c127ceed636f347213ac44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:2e:62:85:98:a4:de:2f:07:3f:e2:f2:83:45:
e5:30:0a:02:22:5c:ed:3e:f7:5c:85:41:33:6f:d2:
5e:31:ab:30:40:4f:dc:a1:53:25:ab:15:11:d8:f4:
ab:0e:c3:64:8c:13:ff:3d:05:39:ca:7b:ac:10:d6:
f4:ab:8c:43:63:28:08:94:64:c2:1f:89:b2:a1:cd:
74:21:eb:67:28:56:61:c2:dc:42:e7:c9:4c:5f:94:
20:f0:3b:a8:13:41:f6:91:4d:a6:ac:44:1b:81:64:
1c:07:c6:a1:09:83:ca:b3:1d:7b:a9:ee:dc:37:e4:
46:18:b4:18:f5:92:76:b0:1c:a5:26:3d:10:68:1a:
2c:3a:bb:fc:c8:00:17:f0:a3:96:67:7a:60:0e:c4:
7d:a2:8c:d1:44:bb:f4:23:d8:e5:48:97:a3:0b:40:
28:96:ae:ef:46:2a:3d:4b:7b:6a:39:17:82:5e:64:
50:f1:0e:49:3d:ac:6c:69:09:77:0c:5c:95:7c:d1:
0c:d2:52:d7:02:de:eb:a8:84:72:39:8d:19:9f:d4:
8c:eb:e4:b9:cb:8d:0b:78:32:b4:7f:0a:77:12:92:
d6:93:a7:bf:0f:9c:0b:96:c5:56:4c:48:a5:c0:ca:
e2:64:a0:3d:97:a9:59:eb:26:e0:7c:6b:88:6a:88:
f2:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:CC:CE:60:AD:B7:48:8A:D0:C1:27:CE:ED:63:6F:34:72:13:AC:44
X509v3 Authority Key Identifier:
keyid:3E:F3:25:EF:4C:BA:A6:6C:C7:1F:FC:C6:88:08:77:E7:6E:14:9A:FD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PvMl70y6pmzHH_zGiAh3524Umv0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/VczOYK23SIrQwSfO7WNvNHITrEQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/PvMl70y6pmzHH_zGiAh3524Umv0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.92.112.0/20
152.89.72.0/22
156.67.192.0/21
185.35.180.0/22
185.176.156.0/23
185.203.212.0/22
195.149.216.0/21
IPv6:
2a02:28e8::/32
Signature Algorithm: sha256WithRSAEncryption
04:63:1b:bb:84:0f:4d:8f:be:4d:0c:31:ff:9f:09:cd:5f:e0:
38:bc:c7:32:8f:70:6a:93:ca:39:5a:c0:72:aa:5c:d3:e2:8d:
ec:bf:d4:28:3a:dd:0f:d8:ea:1b:89:dc:fa:f3:d6:d2:9c:ea:
c0:ab:bb:d9:dd:72:01:2c:b0:7f:e7:09:bf:b9:78:6b:0f:ba:
35:22:ce:7f:f2:d1:47:bb:ae:9e:39:0e:19:33:de:c9:c1:bc:
03:29:d8:68:3b:44:1c:67:1d:be:51:ac:a8:24:78:77:e8:e1:
8c:26:c1:20:14:cb:d2:de:23:c0:69:9c:ef:6d:29:89:67:1d:
a3:51:a6:3e:85:9c:13:37:76:79:5a:b3:d2:2b:ab:31:44:cf:
1f:17:b9:d6:02:80:e8:b0:da:9b:aa:1a:fe:4b:e3:6f:ac:ed:
1c:d3:0c:fe:1e:18:a8:ea:db:0b:15:17:6b:99:f4:e9:23:2f:
68:08:61:bc:6a:6c:52:37:e5:b8:ec:37:a4:fb:fa:e9:4a:b1:
d3:17:ef:ef:35:ab:62:6d:ae:29:6b:36:01:45:8c:0c:dd:df:
03:ec:ee:3e:9e:8a:f7:d9:dc:48:97:39:31:9e:ca:a6:f4:85:
68:e7:b1:8d:61:4d:a7:3d:71:c1:23:ee:27:1b:9e:68:db:a4:
a5:1a:18:63
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZeCzASsvw4u6TLqqzuMPCDlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZjMyNWVmNGNiYWE2NmNjNzFmZmNjNjg4MDg3N2U3NmUx
NDlhZmQwHhcNMjUwNjE4MTEyODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWNjY2U2MGFkYjc0ODhhZDBjMTI3Y2VlZDYzNmYzNDcyMTNhYzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsy5ihZik3i8HP+Lyg0XlMAoCIlzt
PvdchUEzb9JeMaswQE/coVMlqxUR2PSrDsNkjBP/PQU5ynusENb0q4xDYygIlGTC
H4myoc10IetnKFZhwtxC58lMX5Qg8DuoE0H2kU2mrEQbgWQcB8ahCYPKsx17qe7c
N+RGGLQY9ZJ2sBylJj0QaBosOrv8yAAX8KOWZ3pgDsR9oozRRLv0I9jlSJejC0Ao
lq7vRio9S3tqOReCXmRQ8Q5JPaxsaQl3DFyVfNEM0lLXAt7rqIRyOY0Zn9SM6+S5
y40LeDK0fwp3EpLWk6e/D5wLlsVWTEilwMriZKA9l6lZ6ybgfGuIaojyIQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFFXMzmCtt0iK0MEnzu1jbzRyE6xEMB8GA1UdIwQY
MBaAFD7zJe9MuqZsxx/8xogId+duFJr9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHZNbDcweTZwbXpISF96R2lBaDM1MjRVbXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS80ZmQwOTAtNmZhZS00YTZhLThmOWUt
MzRkNzE0ODVjNTQ3LzEvVmN6T1lLMjNTSXJRd1NmTzdXTnZOSElUckVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS80ZmQwOTAtNmZhZS00YTZhLThmOWUtMzRkNzE0ODVjNTQ3
LzEvUHZNbDcweTZwbXpISF96R2lBaDM1MjRVbXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEUFxwAwQC
mFlIAwQDnEPAAwQCuSO0AwQBubCcAwQCucvUAwQDw5XYMA0EAgACMAcDBQAqAijo
MA0GCSqGSIb3DQEBCwUAA4IBAQAEYxu7hA9Nj75NDDH/nwnNX+A4vMcyj3Bqk8o5
WsByqlzT4o3sv9QoOt0P2Oobidz689bSnOrAq7vZ3XIBLLB/5wm/uXhrD7o1Is5/
8tFHu66eOQ4ZM97JwbwDKdhoO0QcZx2+UayoJHh36OGMJsEgFMvS3iPAaZzvbSmJ
Zx2jUaY+hZwTN3Z5WrPSK6sxRM8fF7nWAoDosNqbqhr+S+NvrO0c0wz+Hhio6tsL
FRdrmfTpIy9oCGG8amxSN+W47Dek+/rpSrHTF+/vNatiba4pazYBRYwM3d8D7O4+
nor32dxIlzkxnsqm9IVo57GNYU2nPXHBI+4nG55o26SlGhhj
-----END CERTIFICATE-----
Generated at Wed Jul 2 19:15:25 2025 by rpki-client