Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/38pIrQ1QnBg71pfob_zDIDUIiFQ.roa
File: 38pIrQ1QnBg71pfob_zDIDUIiFQ.roa (raw, json)
Hash identifier: U9USjryy/F+R/DZGDivAyocf94409+iay7FO0stAHGw=
Subject key identifier: DF:CA:48:AD:0D:50:9C:18:3B:D6:97:E8:6F:FC:C3:20:35:08:88:54
Certificate issuer: /CN=4b9331fa7be470dc179e16c306e98c6c731a575c
Certificate serial: 01988D50E0DE33A56648BADB73E27EF66CDF
Authority key identifier: 4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/38pIrQ1QnBg71pfob_zDIDUIiFQ.roa
Signing time: Sat 09 Aug 2025 05:32:24 +0000
ROA not before: Sat 09 Aug 2025 05:32:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21859
IP address blocks: 140.150.9.0/24 maxlen: 24
140.150.17.0/24 maxlen: 24
146.103.69.0/24 maxlen: 24
146.103.70.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl
rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.mft
rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:8d:50:e0:de:33:a5:66:48:ba:db:73:e2:7e:f6:6c:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b9331fa7be470dc179e16c306e98c6c731a575c
Validity
Not Before: Aug 9 05:32:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dfca48ad0d509c183bd697e86ffcc32035088854
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:29:5b:b0:5e:bf:4c:99:f1:5c:8c:6b:94:ca:
72:e1:91:5e:a1:82:c7:53:e1:be:52:f1:99:07:4f:
3a:21:c2:f4:24:17:6a:04:55:13:75:72:54:a8:b5:
60:96:8f:f4:1b:08:00:bc:04:7e:c1:63:1a:43:02:
3c:05:48:6a:ff:26:f7:2f:60:31:9e:04:c1:fc:7e:
12:13:6c:5f:00:2b:9f:4c:ac:a7:35:11:b7:d5:d1:
a3:cf:8d:5b:cb:e7:93:4d:ab:9f:5f:59:d5:0c:fd:
2c:88:c5:e6:77:f5:18:d8:f5:c9:b9:56:64:f6:1a:
c4:36:d4:27:df:9a:94:86:d5:95:ab:84:ca:53:5c:
7a:b0:f8:5a:96:3c:d1:5c:c0:12:3c:05:9d:14:35:
41:c5:48:b8:2d:28:04:90:21:63:db:23:bb:a4:e9:
f7:d6:e9:28:d7:46:ca:f4:93:a6:52:61:41:d6:46:
8d:54:f7:cd:9e:06:dd:03:74:87:40:de:55:7c:0d:
e7:64:41:d1:05:72:7b:bf:ef:b1:7d:16:c8:fb:ad:
2e:69:09:79:c3:c8:79:2a:2f:a6:ba:68:77:cc:69:
cf:9a:af:1d:8a:23:30:c3:d7:a8:4e:a6:87:36:9e:
ef:93:6e:4d:0d:0a:94:44:67:e7:aa:8e:73:eb:f5:
74:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:CA:48:AD:0D:50:9C:18:3B:D6:97:E8:6F:FC:C3:20:35:08:88:54
X509v3 Authority Key Identifier:
keyid:4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/38pIrQ1QnBg71pfob_zDIDUIiFQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
140.150.9.0/24
140.150.17.0/24
146.103.69.0-146.103.70.255
Signature Algorithm: sha256WithRSAEncryption
2b:c9:84:86:8b:72:fe:4f:f1:d4:85:b8:fa:6d:36:af:09:25:
f5:39:62:3c:4e:3e:e2:c2:17:50:5b:62:e2:78:ab:a7:13:d9:
e1:da:fe:2e:2e:1b:19:e7:a7:b5:f4:91:1e:13:8b:fd:66:0a:
0b:5f:f5:e6:b6:27:19:7f:b0:8f:5f:fc:00:01:91:63:7e:35:
fd:85:26:f1:15:1b:6b:84:bb:af:51:64:98:51:95:63:12:61:
ac:7d:d2:f2:c1:b9:f3:bb:3c:a4:a2:d2:27:6b:43:28:f6:43:
e3:49:9d:76:39:ba:50:31:0c:01:89:52:6f:6d:a0:6b:5b:a6:
08:cf:55:e5:72:6c:83:56:d6:a7:63:5c:d2:b3:b7:70:af:59:
ba:bd:6f:57:5e:dd:e1:f8:b6:5a:91:89:17:9d:da:b5:a5:6b:
52:3f:b6:53:42:32:10:62:fe:ef:57:32:25:8f:ed:bd:6f:0e:
d9:b9:03:08:31:82:58:e7:a2:cc:df:6e:71:e7:2b:05:31:dd:
1c:ee:84:96:b6:2d:4c:e1:32:45:0e:cb:6b:75:97:fa:49:6d:
fd:1c:8b:fe:96:21:d5:12:8b:75:ce:5e:c9:42:a9:1a:cf:ab:
91:28:aa:84:f3:5f:52:b5:a5:f7:0b:cf:ab:26:dd:0f:02:68:
57:16:ea:65
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZiNUODeM6VmSLrbc+J+9mzfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTMzMWZhN2JlNDcwZGMxNzllMTZjMzA2ZTk4YzZjNzMx
YTU3NWMwHhcNMjUwODA5MDUzMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmNhNDhhZDBkNTA5YzE4M2JkNjk3ZTg2ZmZjYzMyMDM1MDg4ODU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ClbsF6/TJnxXIxrlMpy4ZFeoYLH
U+G+UvGZB086IcL0JBdqBFUTdXJUqLVglo/0GwgAvAR+wWMaQwI8BUhq/yb3L2Ax
ngTB/H4SE2xfACufTKynNRG31dGjz41by+eTTaufX1nVDP0siMXmd/UY2PXJuVZk
9hrENtQn35qUhtWVq4TKU1x6sPhaljzRXMASPAWdFDVBxUi4LSgEkCFj2yO7pOn3
1uko10bK9JOmUmFB1kaNVPfNngbdA3SHQN5VfA3nZEHRBXJ7v++xfRbI+60uaQl5
w8h5Ki+mumh3zGnPmq8diiMww9eoTqaHNp7vk25NDQqURGfnqo5z6/V0pQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFN/KSK0NUJwYO9aX6G/8wyA1CIhUMB8GA1UdIwQY
MBaAFEuTMfp75HDcF54WwwbpjGxzGldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjIt
OGIyYjQ3MzhiMWNjLzEvMzhwSXJRMVFuQmc3MXBmb2JfekRJRFVJaUZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjItOGIyYjQ3MzhiMWNj
LzEvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAjJYJAwQA
jJYRMAwDBACSZ0UDBACSZ0YwDQYJKoZIhvcNAQELBQADggEBACvJhIaLcv5P8dSF
uPptNq8JJfU5YjxOPuLCF1BbYuJ4q6cT2eHa/i4uGxnnp7X0kR4Ti/1mCgtf9ea2
Jxl/sI9f/AABkWN+Nf2FJvEVG2uEu69RZJhRlWMSYax90vLBufO7PKSi0idrQyj2
Q+NJnXY5ulAxDAGJUm9toGtbpgjPVeVybINW1qdjXNKzt3CvWbq9b1de3eH4tlqR
iRed2rWla1I/tlNCMhBi/u9XMiWP7b1vDtm5AwgxgljnoszfbnHnKwUx3RzuhJa2
LUzhMkUOy2t1l/pJbf0ci/6WIdUSi3XOXslCqRrPq5EoqoTzX1K1pfcLz6sm3Q8C
aFcW6mU=
-----END CERTIFICATE-----
Generated at Sat Aug 23 15:22:53 2025 by rpki-client