Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/WDVG9qgGmUCExAmaVN7-HabCa1s.roa
File: WDVG9qgGmUCExAmaVN7-HabCa1s.roa (raw, json)
Hash identifier: lMqzyM0M1lJ1wDmuPvuZhJJXNlGzWMITbRyz307ZLz4=
Subject key identifier: 58:35:46:F6:A8:06:99:40:84:C4:09:9A:54:DE:FE:1D:A6:C2:6B:5B
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 0199C3A5FA322FD3C627FD2AF18759C84017
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/WDVG9qgGmUCExAmaVN7-HabCa1s.roa
Signing time: Wed 08 Oct 2025 11:47:38 +0000
ROA not before: Wed 08 Oct 2025 11:47:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204770
IP address blocks: 84.32.32.0/24 maxlen: 24
84.32.34.0/24 maxlen: 24
84.32.48.0/24 maxlen: 24
84.32.70.0/24 maxlen: 24
84.32.71.0/24 maxlen: 24
84.32.128.0/22 maxlen: 32
84.32.220.0/24 maxlen: 24
88.216.39.0/24 maxlen: 24
88.216.68.0/24 maxlen: 24
88.216.198.0/24 maxlen: 24
88.216.210.0/24 maxlen: 24
88.216.222.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:c3:a5:fa:32:2f:d3:c6:27:fd:2a:f1:87:59:c8:40:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Oct 8 11:47:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=583546f6a806994084c4099a54defe1da6c26b5b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:1f:1a:aa:f7:70:44:15:b9:bd:f6:64:ba:4a:
7c:08:59:e0:23:22:74:5b:c9:b7:ed:3c:d3:92:fa:
82:31:32:16:a0:be:83:1a:21:7f:1d:d5:66:89:20:
6d:86:c7:16:bb:74:15:04:87:18:b8:12:1b:22:04:
ba:66:24:65:c6:7b:50:35:a2:94:2e:a1:d5:ae:00:
34:70:5d:60:5b:fc:f9:40:fe:20:32:39:58:0f:44:
92:d7:2d:1f:b1:92:df:53:20:c2:23:1c:6c:d3:c4:
89:84:d7:95:d3:ab:5c:a6:6b:e9:b4:1b:94:f9:9c:
92:1d:33:c4:b1:7b:3c:fb:f2:50:ef:9b:92:c6:a3:
ad:0b:51:ba:56:0f:3d:a6:55:63:71:f8:2e:71:dd:
a7:62:85:4e:20:fd:99:69:13:2a:0e:3e:78:32:1e:
58:99:7c:ce:62:e4:e9:7a:4f:fc:76:66:08:aa:ce:
5e:08:72:f2:3e:38:a9:4a:10:24:94:a1:75:4f:5a:
e9:66:a2:41:c0:8f:7d:c8:98:85:39:86:ce:11:32:
c7:f0:ed:02:77:48:2c:f7:db:c4:d6:0f:ce:71:ef:
4e:e0:68:38:29:52:b2:85:c6:a0:a4:32:b5:c0:be:
e4:c1:6e:16:45:5e:8d:ed:97:08:42:59:6a:88:81:
dc:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:35:46:F6:A8:06:99:40:84:C4:09:9A:54:DE:FE:1D:A6:C2:6B:5B
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/WDVG9qgGmUCExAmaVN7-HabCa1s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.32.0/24
84.32.34.0/24
84.32.48.0/24
84.32.70.0/23
84.32.128.0/22
84.32.220.0/24
88.216.39.0/24
88.216.68.0/24
88.216.198.0/24
88.216.210.0/24
88.216.222.0/24
Signature Algorithm: sha256WithRSAEncryption
8c:e6:d6:33:3b:73:46:15:29:29:1c:c1:69:69:23:67:5e:f7:
03:f2:69:5b:cc:44:cb:41:29:69:18:0d:c4:c5:75:08:54:b4:
f5:26:be:40:b3:e1:dc:5c:a5:4e:81:5d:b9:72:27:8c:d7:cc:
24:1c:94:ee:9a:39:0a:b1:91:89:7c:0f:11:06:b7:1b:72:24:
8c:89:50:0a:db:50:52:74:e6:7d:6c:d8:56:35:71:5b:16:4b:
36:a8:f8:bb:e4:2b:f4:18:dd:a3:6e:4e:18:c5:de:b7:70:dc:
79:a1:ac:c2:f4:d0:cd:6e:59:41:6a:d1:b2:bf:45:a0:e8:96:
70:45:6a:df:78:09:55:d0:92:4d:dd:60:3d:0c:69:21:21:49:
5f:d2:29:d4:36:49:19:81:de:2e:1a:48:58:5e:d8:f7:97:1e:
01:63:28:e8:7d:96:21:d8:dd:30:2f:7e:97:0b:eb:a7:5e:ab:
7f:73:b0:2b:12:c0:ea:e2:40:81:6f:61:49:0b:d8:dc:60:0d:
05:74:3c:fa:5d:a4:e5:d4:5e:77:ab:93:25:07:48:ff:35:ec:
b8:1e:38:d1:ff:49:03:a9:7c:66:98:0e:a3:32:94:25:2f:3d:
10:ea:f1:3c:ac:4f:e9:24:47:5a:6b:73:6e:f5:4e:be:68:57:
d3:9e:d4:54
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZnDpfoyL9PGJ/0q8YdZyEAXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUxMDA4MTE0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODM1NDZmNmE4MDY5OTQwODRjNDA5OWE1NGRlZmUxZGE2YzI2YjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh8aqvdwRBW5vfZkukp8CFngIyJ0
W8m37TzTkvqCMTIWoL6DGiF/HdVmiSBthscWu3QVBIcYuBIbIgS6ZiRlxntQNaKU
LqHVrgA0cF1gW/z5QP4gMjlYD0SS1y0fsZLfUyDCIxxs08SJhNeV06tcpmvptBuU
+ZySHTPEsXs8+/JQ75uSxqOtC1G6Vg89plVjcfgucd2nYoVOIP2ZaRMqDj54Mh5Y
mXzOYuTpek/8dmYIqs5eCHLyPjipShAklKF1T1rpZqJBwI99yJiFOYbOETLH8O0C
d0gs99vE1g/Oce9O4Gg4KVKyhcagpDK1wL7kwW4WRV6N7ZcIQllqiIHcqwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFFg1RvaoBplAhMQJmlTe/h2mwmtbMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvV0RWRzlxZ0dtVUNFeEFtYVZONy1IYWJDYTFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAVCAgAwQA
VCAiAwQAVCAwAwQBVCBGAwQCVCCAAwQAVCDcAwQAWNgnAwQAWNhEAwQAWNjGAwQA
WNjSAwQAWNjeMA0GCSqGSIb3DQEBCwUAA4IBAQCM5tYzO3NGFSkpHMFpaSNnXvcD
8mlbzETLQSlpGA3ExXUIVLT1Jr5As+HcXKVOgV25cieM18wkHJTumjkKsZGJfA8R
BrcbciSMiVAK21BSdOZ9bNhWNXFbFks2qPi75Cv0GN2jbk4Yxd63cNx5oazC9NDN
bllBatGyv0Wg6JZwRWrfeAlV0JJN3WA9DGkhIUlf0inUNkkZgd4uGkhYXtj3lx4B
YyjofZYh2N0wL36XC+unXqt/c7ArEsDq4kCBb2FJC9jcYA0FdDz6XaTl1F53q5Ml
B0j/Ney4HjjR/0kDqXxmmA6jMpQlLz0Q6vE8rE/pJEdaa3Nu9U6+aFfTntRU
-----END CERTIFICATE-----
Generated at Mon Oct 20 00:04:46 2025 by rpki-client