Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/dm_4rLvs19bHeX6ud1PCnss6mNc.roa
File: dm_4rLvs19bHeX6ud1PCnss6mNc.roa (raw, json)
Hash identifier: UYZOMRe5/c0+iSfW3SBi7RxSDhhtYho5snLiVM/hU78=
Subject key identifier: 76:6F:F8:AC:BB:EC:D7:D6:C7:79:7E:AE:77:53:C2:9E:CB:3A:98:D7
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 0199E2BD90D94A53B650E3A3138E1D7ED0D4
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/dm_4rLvs19bHeX6ud1PCnss6mNc.roa
Signing time: Tue 14 Oct 2025 12:41:38 +0000
ROA not before: Tue 14 Oct 2025 12:41:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 84.32.7.0/24 maxlen: 24
84.32.8.0/24 maxlen: 24
84.32.20.0/22 maxlen: 24
84.32.46.0/24 maxlen: 24
84.32.47.0/24 maxlen: 24
84.32.63.0/24 maxlen: 24
84.32.148.0/23 maxlen: 24
84.32.150.0/23 maxlen: 24
84.32.151.0/24 maxlen: 24
84.32.174.0/23 maxlen: 24
84.32.214.0/23 maxlen: 24
84.32.230.0/24 maxlen: 24
84.32.231.0/24 maxlen: 24
84.32.244.0/23 maxlen: 24
84.32.246.0/23 maxlen: 24
88.216.22.0/23 maxlen: 24
88.216.44.0/24 maxlen: 24
88.216.45.0/24 maxlen: 24
88.216.66.0/23 maxlen: 24
88.216.93.0/24 maxlen: 24
88.216.130.0/23 maxlen: 24
88.216.134.0/23 maxlen: 24
88.216.215.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e2:bd:90:d9:4a:53:b6:50:e3:a3:13:8e:1d:7e:d0:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Oct 14 12:41:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=766ff8acbbecd7d6c7797eae7753c29ecb3a98d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:f6:30:80:6b:a2:6b:83:52:95:0d:46:2c:fb:
08:12:e2:4a:07:af:2f:9c:19:84:90:24:00:ba:1f:
49:45:88:c5:0a:5b:5b:a7:d9:c8:12:71:2a:e8:03:
bd:73:22:0e:37:2c:ae:ff:b0:47:26:0b:1f:1a:17:
b5:f1:a7:98:36:d1:79:01:a4:57:ba:1d:3f:89:37:
72:37:34:84:3e:b6:e9:3f:da:27:8f:35:c5:ac:8e:
31:08:19:8c:4b:41:3d:98:5a:96:a6:44:fd:e7:b5:
cb:bd:07:d6:66:ae:ac:ef:7c:a7:fe:92:08:5c:a8:
53:8c:d2:fb:20:24:88:cd:15:fe:9f:35:20:14:96:
57:03:c7:d2:17:60:c2:9e:f2:84:cd:a6:58:38:0f:
08:df:f5:e7:4d:92:d1:79:aa:74:16:d5:48:91:71:
e6:76:9f:f7:53:18:6b:1e:a9:db:cc:f4:3d:4b:cd:
64:a8:3c:56:6e:7a:34:5d:6e:64:96:fe:4b:d8:e0:
04:f7:54:9b:1d:12:81:7d:ff:c3:ff:3a:8a:a4:27:
0f:ac:81:1f:90:5a:f6:2a:2c:23:1f:02:34:c9:32:
28:26:08:01:d4:8a:aa:91:8b:73:cd:c3:ad:8d:58:
f6:70:01:a2:8d:7d:68:ed:c1:01:18:28:82:d0:b4:
6a:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:6F:F8:AC:BB:EC:D7:D6:C7:79:7E:AE:77:53:C2:9E:CB:3A:98:D7
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/dm_4rLvs19bHeX6ud1PCnss6mNc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.7.0-84.32.8.255
84.32.20.0/22
84.32.46.0/23
84.32.63.0/24
84.32.148.0/22
84.32.174.0/23
84.32.214.0/23
84.32.230.0/23
84.32.244.0/22
88.216.22.0/23
88.216.44.0/23
88.216.66.0/23
88.216.93.0/24
88.216.130.0/23
88.216.134.0/23
88.216.215.0/24
Signature Algorithm: sha256WithRSAEncryption
a1:b7:e6:5c:8f:e7:cb:07:b7:29:75:8a:f5:8c:12:a9:38:54:
07:5c:62:82:51:8d:35:1e:07:de:aa:a9:90:bd:4c:8c:2d:0c:
e2:9b:6e:97:74:92:6b:1b:4b:6d:7a:cc:8e:0d:f2:00:94:f8:
b0:10:e2:49:17:a0:0c:33:93:35:78:6d:73:dd:dc:a5:1a:21:
87:2d:5b:b1:a7:38:78:e4:28:fc:55:83:00:84:2a:d8:f5:49:
2d:61:3e:bf:aa:49:74:39:8a:a1:4e:cd:22:41:3b:9c:2e:78:
85:c0:0b:76:a1:94:61:59:f2:84:57:48:7a:24:a9:6c:88:39:
f7:9a:56:42:bf:36:e2:3f:40:2c:27:a1:8d:99:98:eb:ed:54:
69:b3:bd:77:6b:30:32:a7:a8:1a:ba:31:15:0d:27:35:88:5b:
9b:e4:1b:fd:ec:b7:b0:83:3c:d1:e4:59:c0:ba:94:15:1c:a4:
c1:f4:8c:65:62:97:c2:07:ee:59:1e:cd:06:2d:f0:f2:74:04:
0b:94:3d:6c:fd:9f:54:10:26:8d:3c:ce:6b:0e:9a:3e:d2:fb:
4f:86:00:ed:37:ae:65:d1:fe:b0:60:0c:33:06:9b:46:dd:5e:
79:0f:fd:10:f9:6a:c3:c3:bd:5e:d8:17:5e:98:0f:25:42:c2:
ad:aa:04:1d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAZnivZDZSlO2UOOjE44dftDUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUxMDE0MTI0MTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjZmZjhhY2JiZWNkN2Q2Yzc3OTdlYWU3NzUzYzI5ZWNiM2E5OGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPYwgGuia4NSlQ1GLPsIEuJKB68v
nBmEkCQAuh9JRYjFCltbp9nIEnEq6AO9cyIONyyu/7BHJgsfGhe18aeYNtF5AaRX
uh0/iTdyNzSEPrbpP9onjzXFrI4xCBmMS0E9mFqWpkT957XLvQfWZq6s73yn/pII
XKhTjNL7ICSIzRX+nzUgFJZXA8fSF2DCnvKEzaZYOA8I3/XnTZLReap0FtVIkXHm
dp/3UxhrHqnbzPQ9S81kqDxWbno0XW5klv5L2OAE91SbHRKBff/D/zqKpCcPrIEf
kFr2KiwjHwI0yTIoJggB1IqqkYtzzcOtjVj2cAGijX1o7cEBGCiC0LRqqwIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFHZv+Ky77NfWx3l+rndTwp7LOpjXMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvZG1fNHJMdnMxOWJIZVg2dWQxUENuc3M2bU5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwbgQCAAEwaDAMAwQAVCAH
AwQAVCAIAwQCVCAUAwQBVCAuAwQAVCA/AwQCVCCUAwQBVCCuAwQBVCDWAwQBVCDm
AwQCVCD0AwQBWNgWAwQBWNgsAwQBWNhCAwQAWNhdAwQBWNiCAwQBWNiGAwQAWNjX
MA0GCSqGSIb3DQEBCwUAA4IBAQCht+Zcj+fLB7cpdYr1jBKpOFQHXGKCUY01Hgfe
qqmQvUyMLQzim26XdJJrG0ttesyODfIAlPiwEOJJF6AMM5M1eG1z3dylGiGHLVux
pzh45Cj8VYMAhCrY9UktYT6/qkl0OYqhTs0iQTucLniFwAt2oZRhWfKEV0h6JKls
iDn3mlZCvzbiP0AsJ6GNmZjr7VRps713azAyp6gaujEVDSc1iFub5Bv97LewgzzR
5FnAupQVHKTB9IxlYpfCB+5ZHs0GLfDydAQLlD1s/Z9UECaNPM5rDpo+0vtPhgDt
N65l0f6wYAwzBptG3V55D/0Q+WrDw71e2BdemA8lQsKtqgQd
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:21 2025 by rpki-client