Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/BKn0AMetoz-GRf7DMOclE7zd84Q.roa
File: BKn0AMetoz-GRf7DMOclE7zd84Q.roa (raw, json)
Hash identifier: p65tUz5ATLoVVdJQJL8jVNw4WKujwhnme3FhUqlcPrM=
Subject key identifier: 04:A9:F4:00:C7:AD:A3:3F:86:45:FE:C3:30:E7:25:13:BC:DD:F3:84
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 0199C7DD6099F49CFB7CF310C09D3F8E4021
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/BKn0AMetoz-GRf7DMOclE7zd84Q.roa
Signing time: Thu 09 Oct 2025 07:26:38 +0000
ROA not before: Thu 09 Oct 2025 07:26:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214159
IP address blocks: 84.32.48.0/22 maxlen: 24
84.32.49.0/24 maxlen: 24
84.32.50.0/24 maxlen: 24
84.32.99.0/24 maxlen: 24
84.32.208.0/24 maxlen: 24
84.32.217.0/24 maxlen: 24
88.216.60.0/24 maxlen: 24
88.216.214.0/24 maxlen: 24
88.216.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:c7:dd:60:99:f4:9c:fb:7c:f3:10:c0:9d:3f:8e:40:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Oct 9 07:26:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=04a9f400c7ada33f8645fec330e72513bcddf384
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:be:bd:e1:48:dc:fc:09:31:86:59:c3:03:d0:
4c:e7:de:c4:54:7d:7d:51:87:3a:5d:33:55:52:3d:
c4:cc:f4:7f:7d:f3:f9:44:cc:ac:5f:c5:c0:37:4c:
d2:4c:52:33:83:9d:01:cf:fc:75:ff:23:33:3e:db:
69:37:0c:51:e1:dc:66:a7:08:df:5a:52:47:ca:8e:
e7:1c:5d:07:ed:d5:3c:12:50:f3:67:3d:2b:dc:6f:
71:f4:d8:1b:08:4a:42:f8:c6:1e:ea:32:63:eb:61:
14:54:c2:e5:b7:21:60:62:a5:4e:d9:76:8f:63:3a:
7b:3b:6e:c1:ec:8e:fd:c6:4a:a8:08:4e:07:3a:cc:
64:2f:cd:d3:24:d0:b6:54:9f:43:51:41:1c:02:6b:
43:c0:a3:f4:7d:dc:1a:61:40:d8:3f:c6:85:c2:13:
4a:b8:8d:a8:b1:13:ee:43:a6:df:a0:df:0a:74:9e:
32:2b:ba:53:3a:c9:57:a7:88:f7:ec:4a:20:01:87:
6d:4a:c9:c8:6b:17:56:18:ae:8c:a8:c5:74:a0:6d:
49:4c:26:07:75:1f:62:be:c9:77:73:64:52:e5:e0:
d9:ae:9d:7c:46:de:83:c0:2f:e8:4b:5e:70:32:0a:
dd:c4:a7:11:f9:83:70:48:40:f8:5f:fb:4a:2e:c3:
4f:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:A9:F4:00:C7:AD:A3:3F:86:45:FE:C3:30:E7:25:13:BC:DD:F3:84
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/BKn0AMetoz-GRf7DMOclE7zd84Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.48.0/22
84.32.99.0/24
84.32.208.0/24
84.32.217.0/24
88.216.60.0/24
88.216.214.0/24
88.216.223.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:2e:7b:a8:a8:8e:97:4a:f1:5b:fe:40:80:cc:1f:8a:9d:9b:
8e:a3:7f:71:d4:20:00:1d:ed:86:70:31:28:d6:d5:16:8d:9a:
3b:e6:3c:56:1e:0d:69:9e:c7:9d:31:ea:2d:01:cb:ed:2f:ec:
c2:5f:15:70:c7:48:e7:1b:b8:ae:a7:56:12:57:16:45:d6:05:
41:73:65:39:7c:2c:5e:b6:c5:d0:c1:29:69:11:89:14:d3:49:
15:8f:de:0d:be:6e:ee:98:bc:05:58:f6:aa:c4:cb:e9:81:c7:
27:15:10:ae:46:73:f6:43:ed:b3:05:55:60:ab:cd:05:f6:70:
a3:2a:f7:03:28:86:8c:db:bb:f6:da:d2:1f:b4:3f:77:67:89:
90:2f:09:14:62:c5:05:43:d6:2f:4b:e2:9b:b4:c7:45:dd:34:
70:1e:a2:f5:3e:5f:d7:f2:fa:ee:d2:84:cb:6b:8c:8f:73:1c:
f8:ee:cd:f5:8b:d7:37:d8:cb:eb:98:ac:88:5e:22:21:21:90:
43:82:82:f9:33:3e:ee:ad:23:8e:d6:a2:09:fd:3c:62:6d:4a:
b4:78:d8:cf:3f:27:28:a9:c7:fa:65:21:ef:88:bc:ab:1a:3e:
e1:8e:cf:6e:ef:dc:8b:0a:9e:33:dc:e7:35:b2:13:46:40:17:
4d:fd:b3:08
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZnH3WCZ9Jz7fPMQwJ0/jkAhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUxMDA5MDcyNjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGE5ZjQwMGM3YWRhMzNmODY0NWZlYzMzMGU3MjUxM2JjZGRmMzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqb694Ujc/AkxhlnDA9BM597EVH19
UYc6XTNVUj3EzPR/ffP5RMysX8XAN0zSTFIzg50Bz/x1/yMzPttpNwxR4dxmpwjf
WlJHyo7nHF0H7dU8ElDzZz0r3G9x9NgbCEpC+MYe6jJj62EUVMLltyFgYqVO2XaP
Yzp7O27B7I79xkqoCE4HOsxkL83TJNC2VJ9DUUEcAmtDwKP0fdwaYUDYP8aFwhNK
uI2osRPuQ6bfoN8KdJ4yK7pTOslXp4j37EogAYdtSsnIaxdWGK6MqMV0oG1JTCYH
dR9ivsl3c2RS5eDZrp18Rt6DwC/oS15wMgrdxKcR+YNwSED4X/tKLsNPcQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFASp9ADHraM/hkX+wzDnJRO83fOEMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvQktuMEFNZXRvei1HUmY3RE1PY2xFN3pkODRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCVCAwAwQA
VCBjAwQAVCDQAwQAVCDZAwQAWNg8AwQAWNjWAwQAWNjfMA0GCSqGSIb3DQEBCwUA
A4IBAQBOLnuoqI6XSvFb/kCAzB+KnZuOo39x1CAAHe2GcDEo1tUWjZo75jxWHg1p
nsedMeotAcvtL+zCXxVwx0jnG7iup1YSVxZF1gVBc2U5fCxetsXQwSlpEYkU00kV
j94Nvm7umLwFWPaqxMvpgccnFRCuRnP2Q+2zBVVgq80F9nCjKvcDKIaM27v22tIf
tD93Z4mQLwkUYsUFQ9YvS+KbtMdF3TRwHqL1Pl/X8vru0oTLa4yPcxz47s31i9c3
2MvrmKyIXiIhIZBDgoL5Mz7urSOO1qIJ/TxibUq0eNjPPycoqcf6ZSHviLyrGj7h
js9u79yLCp4z3Oc1shNGQBdN/bMI
-----END CERTIFICATE-----
Generated at Mon Oct 20 00:04:47 2025 by rpki-client