Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/ZxLJFiXHuIPaMWq_3dumTdGFFrI.roa
File: ZxLJFiXHuIPaMWq_3dumTdGFFrI.roa (raw, json)
Hash identifier: yPkIgx/WC/GjKsiXt9xoN2QBUTEMY4P7nasPSO+YbbA=
Subject key identifier: 67:12:C9:16:25:C7:B8:83:DA:31:6A:BF:DD:DB:A6:4D:D1:85:16:B2
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 0199684C7003088B16783124083BD6425061
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/ZxLJFiXHuIPaMWq_3dumTdGFFrI.roa
Signing time: Sat 20 Sep 2025 18:04:23 +0000
ROA not before: Sat 20 Sep 2025 18:04:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 59642
IP address blocks: 84.32.64.0/24 maxlen: 24
84.32.96.0/24 maxlen: 24
84.32.101.0/24 maxlen: 24
84.32.102.0/24 maxlen: 24
84.32.103.0/24 maxlen: 24
84.32.104.0/24 maxlen: 24
84.32.184.0/22 maxlen: 24
84.32.188.0/22 maxlen: 22
88.216.61.0/24 maxlen: 24
88.216.63.0/24 maxlen: 24
88.216.187.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:68:4c:70:03:08:8b:16:78:31:24:08:3b:d6:42:50:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Sep 20 18:04:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6712c91625c7b883da316abfdddba64dd18516b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:94:2a:cf:71:00:46:80:d1:fc:93:f8:92:2d:
e7:b0:c0:d7:55:a1:6a:2b:40:26:e9:d6:50:d5:58:
57:85:e6:cb:9e:cb:2f:a3:5d:b5:18:8f:4f:2c:68:
9c:cb:86:9f:53:81:13:90:06:cb:90:73:e5:3c:cf:
01:dc:16:5a:cf:bc:0c:84:ef:ef:84:d0:ba:e6:c5:
88:b9:bf:3f:64:52:47:6c:7f:51:9c:fb:4d:10:ec:
f6:10:60:1f:50:69:a1:f9:c5:3a:ce:c7:90:51:12:
e8:88:a5:85:f0:b0:6c:b3:7b:03:0d:a3:be:dc:75:
5e:7c:b9:65:15:2f:fd:c3:2d:9d:9b:8d:28:ec:11:
9f:47:da:e8:97:7d:3f:f2:67:4e:ae:64:74:02:39:
54:90:53:6e:06:3c:38:9a:46:db:bc:13:fa:fd:78:
72:2b:5e:d4:5b:5d:57:69:d5:72:55:b1:ee:ea:ab:
39:ea:8f:b8:04:04:36:2f:7b:31:86:c3:31:fe:4b:
36:5d:ff:0b:a5:3c:20:a9:34:3f:de:19:1c:60:3b:
df:ab:23:7b:2b:a4:19:46:12:74:b4:81:1d:6f:34:
90:7f:1d:c8:d6:64:0e:3d:1d:2a:02:c9:8f:2a:82:
0a:8a:05:3b:ad:f3:8c:af:a7:d0:39:a4:c1:16:f7:
8d:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:12:C9:16:25:C7:B8:83:DA:31:6A:BF:DD:DB:A6:4D:D1:85:16:B2
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/ZxLJFiXHuIPaMWq_3dumTdGFFrI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.64.0/24
84.32.96.0/24
84.32.101.0-84.32.104.255
84.32.184.0/21
88.216.61.0/24
88.216.63.0/24
88.216.187.0/24
Signature Algorithm: sha256WithRSAEncryption
0e:c2:fb:5f:57:2d:a4:98:cb:d6:3d:31:08:f1:ad:6b:cd:4b:
5d:11:5c:18:cd:3c:cf:8c:59:7f:a9:55:da:86:bc:04:90:d0:
c7:50:d3:0a:58:3c:30:0e:54:86:f5:c8:62:8d:57:03:9b:7c:
aa:62:26:1b:d0:44:f7:94:86:cb:b3:bb:e3:29:3a:eb:f8:c1:
e5:ef:7a:29:7d:d5:8a:5a:1a:f3:a5:07:8b:0d:c9:ae:d6:f3:
4a:dd:00:02:25:0b:0e:43:59:22:9b:30:da:c3:40:92:d1:bb:
48:e7:eb:39:10:2b:2e:dd:82:55:df:d4:1d:43:8a:06:6b:54:
58:e3:45:e7:ee:20:29:c2:1a:e1:c2:cf:fc:d0:d6:c0:35:70:
53:22:77:5f:40:b2:88:86:60:3d:09:64:ed:ae:e1:15:4d:7a:
f0:0e:53:bd:80:bc:e5:03:e5:ef:72:5a:6c:79:3d:99:49:e1:
27:08:08:21:e6:a5:46:ef:40:bf:d9:43:7f:93:d4:d6:3b:7d:
f8:ee:b0:e3:2b:33:b1:72:6f:ac:62:a1:a7:0f:34:53:43:34:
89:bb:ad:fd:4d:04:6c:90:b8:33:52:d6:ce:ec:ef:29:b6:da:
ca:ee:8e:af:32:19:8b:1f:f7:09:11:cc:d9:ff:d2:d1:a7:72:
40:79:f7:e1
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZloTHADCIsWeDEkCDvWQlBhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwOTIwMTgwNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzEyYzkxNjI1YzdiODgzZGEzMTZhYmZkZGRiYTY0ZGQxODUxNmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJQqz3EARoDR/JP4ki3nsMDXVaFq
K0Am6dZQ1VhXhebLnssvo121GI9PLGicy4afU4ETkAbLkHPlPM8B3BZaz7wMhO/v
hNC65sWIub8/ZFJHbH9RnPtNEOz2EGAfUGmh+cU6zseQURLoiKWF8LBss3sDDaO+
3HVefLllFS/9wy2dm40o7BGfR9rol30/8mdOrmR0AjlUkFNuBjw4mkbbvBP6/Xhy
K17UW11XadVyVbHu6qs56o+4BAQ2L3sxhsMx/ks2Xf8LpTwgqTQ/3hkcYDvfqyN7
K6QZRhJ0tIEdbzSQfx3I1mQOPR0qAsmPKoIKigU7rfOMr6fQOaTBFveNIQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFGcSyRYlx7iD2jFqv93bpk3RhRayMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvWnhMSkZpWEh1SVBhTVdxXzNkdW1UZEdGRnJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAVCBAAwQA
VCBgMAwDBABUIGUDBABUIGgDBANUILgDBABY2D0DBABY2D8DBABY2LswDQYJKoZI
hvcNAQELBQADggEBAA7C+19XLaSYy9Y9MQjxrWvNS10RXBjNPM+MWX+pVdqGvASQ
0MdQ0wpYPDAOVIb1yGKNVwObfKpiJhvQRPeUhsuzu+MpOuv4weXveil91YpaGvOl
B4sNya7W80rdAAIlCw5DWSKbMNrDQJLRu0jn6zkQKy7dglXf1B1DigZrVFjjRefu
ICnCGuHCz/zQ1sA1cFMid19AsoiGYD0JZO2u4RVNevAOU72AvOUD5e9yWmx5PZlJ
4ScICCHmpUbvQL/ZQ3+T1NY7ffjusOMrM7Fyb6xioacPNFNDNIm7rf1NBGyQuDNS
1s7s7ym22srujq8yGYsf9wkRzNn/0tGnckB59+E=
-----END CERTIFICATE-----
Generated at Mon Oct 20 00:07:25 2025 by rpki-client