Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/a5gfgTeP-x4bUDx5BhzO2cV8yag.roa
File: a5gfgTeP-x4bUDx5BhzO2cV8yag.roa (raw, json)
Hash identifier: BFPBsN0dq6/41YmZei9+IYrKfkO+R3/+8CUzhFrd2Jc=
Subject key identifier: 6B:98:1F:81:37:8F:FB:1E:1B:50:3C:79:06:1C:CE:D9:C5:7C:C9:A8
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 01989DBC117D1F61BD8F22E8F1832E8CB21F
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/a5gfgTeP-x4bUDx5BhzO2cV8yag.roa
Signing time: Tue 12 Aug 2025 10:03:24 +0000
ROA not before: Tue 12 Aug 2025 10:03:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16125
IP address blocks: 84.32.9.0/24 maxlen: 24
84.32.25.0/24 maxlen: 24
84.32.97.0/24 maxlen: 24
84.32.178.0/23 maxlen: 23
84.32.209.0/24 maxlen: 24
84.32.214.0/24 maxlen: 24
84.32.215.0/24 maxlen: 24
84.32.248.0/24 maxlen: 24
88.216.127.0/24 maxlen: 24
88.216.197.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 17:19:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:9d:bc:11:7d:1f:61:bd:8f:22:e8:f1:83:2e:8c:b2:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Aug 12 10:03:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6b981f81378ffb1e1b503c79061cced9c57cc9a8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:43:ec:b4:e0:6c:99:79:f0:14:f7:bc:a1:c5:
05:b4:8c:21:aa:d1:39:bf:7c:15:41:95:7a:7f:1a:
2e:ee:35:b5:c9:16:3a:94:83:9b:4a:8f:98:ad:26:
41:4e:32:42:c3:b0:03:ed:b3:97:85:b1:fc:c9:07:
9f:4d:8b:31:f7:1d:77:a1:63:11:ff:a8:5d:71:d4:
95:5e:91:6e:b9:3d:72:68:ad:9d:83:44:96:14:b1:
b7:d9:9e:32:eb:99:6c:6a:bf:19:cb:a2:c1:13:31:
04:4e:e5:7a:6a:29:21:52:cd:30:60:c3:b4:d4:37:
1d:9c:2e:ef:d9:f0:73:67:66:f3:3a:db:9e:1f:e0:
6b:db:06:a8:b4:21:62:f2:77:64:46:c9:18:e7:38:
d4:f7:44:4b:6d:f8:8e:d0:5f:78:d2:89:86:ae:88:
cc:1f:1c:b2:db:ca:7f:e9:7b:49:5a:22:89:b1:77:
af:09:df:06:67:44:a4:49:53:39:35:96:f5:d0:ac:
b7:34:f2:e0:b7:09:c8:e2:64:f4:14:08:4a:94:65:
37:11:9d:b7:36:ca:f7:31:c7:f4:f8:14:7f:b7:b2:
ce:76:c7:f3:5a:fc:48:86:03:13:5b:b8:91:29:6e:
ed:0d:1b:a8:1f:19:76:32:33:fa:5a:0f:60:29:db:
fd:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:98:1F:81:37:8F:FB:1E:1B:50:3C:79:06:1C:CE:D9:C5:7C:C9:A8
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/a5gfgTeP-x4bUDx5BhzO2cV8yag.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.9.0/24
84.32.25.0/24
84.32.97.0/24
84.32.178.0/23
84.32.209.0/24
84.32.214.0/23
84.32.248.0/24
88.216.127.0/24
88.216.197.0/24
Signature Algorithm: sha256WithRSAEncryption
4c:d2:7b:97:1b:52:79:05:13:26:91:04:d0:9a:1a:10:ba:b3:
06:46:dd:42:1a:c6:13:74:2e:ff:b2:b7:f2:4f:a4:a0:da:ab:
d1:b6:09:8b:77:5c:64:02:da:a6:19:07:93:8f:b8:47:29:33:
94:66:16:09:05:17:67:97:0c:68:db:f2:e2:6a:45:0e:3b:90:
18:a9:ee:4b:48:62:ed:27:90:2b:23:a1:4e:dc:95:3f:6e:b8:
ab:ae:47:f1:28:46:aa:a6:8d:38:ad:fa:ed:1d:02:51:57:89:
e4:f2:74:93:e8:70:26:65:ee:14:d7:48:3e:c6:e5:d0:64:60:
95:bb:46:ae:05:31:38:07:15:31:46:9d:63:39:9e:a1:8b:66:
c8:c9:5c:6a:4f:87:51:26:86:d0:24:17:dc:1b:b1:63:db:63:
a5:85:2d:49:42:f9:83:f9:0c:80:1d:99:10:5d:c5:d3:57:69:
f6:e0:69:93:a6:0b:88:88:b1:03:a0:23:17:8d:5b:eb:73:4e:
9c:15:56:4a:3c:15:33:e2:a8:7e:f3:29:63:43:99:b6:97:3d:
51:3a:ad:fb:a7:d6:b5:3b:03:5b:55:d9:32:8c:51:97:16:65:
b3:1d:fc:e4:84:8f:73:23:32:cd:d5:33:45:03:d2:56:b7:42:
ad:f9:1c:e5
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZidvBF9H2G9jyLo8YMujLIfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwODEyMTAwMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yjk4MWY4MTM3OGZmYjFlMWI1MDNjNzkwNjFjY2VkOWM1N2NjOWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0PstOBsmXnwFPe8ocUFtIwhqtE5
v3wVQZV6fxou7jW1yRY6lIObSo+YrSZBTjJCw7AD7bOXhbH8yQefTYsx9x13oWMR
/6hdcdSVXpFuuT1yaK2dg0SWFLG32Z4y65lsar8Zy6LBEzEETuV6aikhUs0wYMO0
1DcdnC7v2fBzZ2bzOtueH+Br2waotCFi8ndkRskY5zjU90RLbfiO0F940omGrojM
Hxyy28p/6XtJWiKJsXevCd8GZ0SkSVM5NZb10Ky3NPLgtwnI4mT0FAhKlGU3EZ23
Nsr3Mcf0+BR/t7LOdsfzWvxIhgMTW7iRKW7tDRuoHxl2MjP6Wg9gKdv9CQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFGuYH4E3j/seG1A8eQYcztnFfMmoMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvYTVnZmdUZVAteDRiVUR4NUJoek8yY1Y4eWFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAVCAJAwQA
VCAZAwQAVCBhAwQBVCCyAwQAVCDRAwQBVCDWAwQAVCD4AwQAWNh/AwQAWNjFMA0G
CSqGSIb3DQEBCwUAA4IBAQBM0nuXG1J5BRMmkQTQmhoQurMGRt1CGsYTdC7/srfy
T6Sg2qvRtgmLd1xkAtqmGQeTj7hHKTOUZhYJBRdnlwxo2/LiakUOO5AYqe5LSGLt
J5ArI6FO3JU/brirrkfxKEaqpo04rfrtHQJRV4nk8nST6HAmZe4U10g+xuXQZGCV
u0auBTE4BxUxRp1jOZ6hi2bIyVxqT4dRJobQJBfcG7Fj22OlhS1JQvmD+QyAHZkQ
XcXTV2n24GmTpguIiLEDoCMXjVvrc06cFVZKPBUz4qh+8yljQ5m2lz1ROq37p9a1
OwNbVdkyjFGXFmWzHfzkhI9zIzLN1TNFA9JWt0Kt+Rzl
-----END CERTIFICATE-----
Generated at Sun Aug 24 03:07:25 2025 by rpki-client