Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/SnB27P4aE00JP6FbecTTod9K1rk.roa
File: SnB27P4aE00JP6FbecTTod9K1rk.roa (raw, json)
Hash identifier: 5E+ZR3tJKvaUJ0xYE7TDulpUYo4F5Unw9Ys//QosG5Y=
Subject key identifier: 4A:70:76:EC:FE:1A:13:4D:09:3F:A1:5B:79:C4:D3:A1:DF:4A:D6:B9
Certificate issuer: /CN=3016b10d0ac218017c749394e4f2519cf2c0514e
Certificate serial: 0197A0B0B05FB0CDEDA0289AAA563B74031C
Authority key identifier: 30:16:B1:0D:0A:C2:18:01:7C:74:93:94:E4:F2:51:9C:F2:C0:51:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MBaxDQrCGAF8dJOU5PJRnPLAUU4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/SnB27P4aE00JP6FbecTTod9K1rk.roa
Signing time: Tue 24 Jun 2025 06:47:03 +0000
ROA not before: Tue 24 Jun 2025 06:47:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44489
IP address blocks: 45.85.172.0/22 maxlen: 22
95.129.240.0/21 maxlen: 21
213.129.128.0/19 maxlen: 19
213.129.128.0/21 maxlen: 21
213.129.136.0/21 maxlen: 21
213.129.144.0/21 maxlen: 21
213.129.152.0/21 maxlen: 21
2a03:f300::/29 maxlen: 29
2a03:f300::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/MBaxDQrCGAF8dJOU5PJRnPLAUU4.crl
rsync://rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/MBaxDQrCGAF8dJOU5PJRnPLAUU4.mft
rsync://rpki.ripe.net/repository/DEFAULT/MBaxDQrCGAF8dJOU5PJRnPLAUU4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Jun 2025 03:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:a0:b0:b0:5f:b0:cd:ed:a0:28:9a:aa:56:3b:74:03:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3016b10d0ac218017c749394e4f2519cf2c0514e
Validity
Not Before: Jun 24 06:47:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4a7076ecfe1a134d093fa15b79c4d3a1df4ad6b9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:4c:9a:68:8d:a3:ef:19:47:b3:8b:8d:0d:a4:
82:58:28:3f:fe:13:29:7c:18:0f:0e:c3:10:3f:c7:
cf:7a:c4:a9:f3:38:8e:e4:53:ba:08:83:83:1e:ce:
96:ca:7f:22:6c:c9:6f:f0:74:c1:2d:c0:37:f8:e9:
7f:e3:8d:cf:8b:f7:66:9b:07:87:ad:86:b6:09:ae:
b9:b4:f6:4d:cf:7b:83:eb:e0:4f:d0:61:05:f0:45:
f1:0e:8c:a0:6f:2c:cb:bd:d9:b2:3e:81:0e:f8:af:
ca:51:fc:06:3d:44:a3:4b:a3:51:c8:a0:d3:82:79:
41:e2:87:df:46:c3:8d:5b:1b:5b:f9:21:31:28:54:
34:a3:4c:82:a9:ac:7f:25:6b:b4:d9:56:54:5e:66:
c7:bd:e1:97:76:97:e9:99:fc:f9:92:01:dc:c5:73:
15:ee:58:1f:2c:43:18:39:41:9a:15:32:df:be:18:
69:96:5a:5f:ba:f1:1a:4c:fa:9c:c2:5d:2e:d8:0f:
e1:49:e6:0f:0d:7d:9f:36:2f:5f:0b:9a:cd:85:d8:
b4:86:38:27:6a:ad:d5:00:6c:9d:20:89:68:67:1c:
ef:b5:a5:6b:b9:c9:e2:d3:41:4b:1d:99:91:73:be:
f2:a6:11:e7:47:8d:da:db:ca:bb:2b:f0:a3:c7:be:
9c:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:70:76:EC:FE:1A:13:4D:09:3F:A1:5B:79:C4:D3:A1:DF:4A:D6:B9
X509v3 Authority Key Identifier:
keyid:30:16:B1:0D:0A:C2:18:01:7C:74:93:94:E4:F2:51:9C:F2:C0:51:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MBaxDQrCGAF8dJOU5PJRnPLAUU4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/SnB27P4aE00JP6FbecTTod9K1rk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/MBaxDQrCGAF8dJOU5PJRnPLAUU4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.85.172.0/22
95.129.240.0/21
213.129.128.0/19
IPv6:
2a03:f300::/29
Signature Algorithm: sha256WithRSAEncryption
3f:73:22:eb:8f:c5:23:90:1e:a7:03:05:8a:77:e2:57:84:d7:
06:76:f4:a3:75:72:4c:0a:ec:39:c1:fd:d8:ba:05:f3:c5:06:
cf:7c:b7:12:2c:94:0e:98:9a:49:e3:cc:e0:33:ef:b1:77:4c:
b4:ea:1c:71:6a:5a:94:c2:7a:94:58:9d:5d:0b:2c:83:63:fc:
c3:f7:df:c2:4b:81:c5:1c:89:7f:5e:40:d4:ad:d9:e5:e9:69:
e4:c8:64:63:c7:1b:78:93:a7:1f:1a:32:00:c0:4c:cb:cf:2b:
50:14:34:77:d2:0e:f2:47:bf:0d:14:29:f2:be:41:af:d8:51:
d4:71:79:d8:c6:22:34:7a:6f:e4:e3:77:40:66:ed:14:e2:b0:
3c:4e:9f:36:59:25:40:22:1e:31:f3:bc:b3:ee:eb:ec:d5:9f:
9b:97:a0:fc:eb:e1:6c:16:eb:ab:92:fe:85:f6:0f:13:81:de:
88:ec:4f:df:41:70:b2:d3:03:27:1c:1b:90:44:fd:38:b5:b7:
84:4d:3e:a3:88:b0:77:c9:2b:15:b8:20:7f:73:5d:11:eb:78:
93:f9:50:de:71:9d:c1:4f:c1:59:4e:30:c0:35:bf:b5:ed:d1:
1e:a1:06:76:b4:66:00:19:6a:4e:f6:dc:89:dc:0c:cb:1d:8b:
00:15:6e:30
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZegsLBfsM3toCiaqlY7dAMcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMTZiMTBkMGFjMjE4MDE3Yzc0OTM5NGU0ZjI1MTljZjJj
MDUxNGUwHhcNMjUwNjI0MDY0NzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTcwNzZlY2ZlMWExMzRkMDkzZmExNWI3OWM0ZDNhMWRmNGFkNmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkyaaI2j7xlHs4uNDaSCWCg//hMp
fBgPDsMQP8fPesSp8ziO5FO6CIODHs6Wyn8ibMlv8HTBLcA3+Ol/443Pi/dmmweH
rYa2Ca65tPZNz3uD6+BP0GEF8EXxDoygbyzLvdmyPoEO+K/KUfwGPUSjS6NRyKDT
gnlB4offRsONWxtb+SExKFQ0o0yCqax/JWu02VZUXmbHveGXdpfpmfz5kgHcxXMV
7lgfLEMYOUGaFTLfvhhpllpfuvEaTPqcwl0u2A/hSeYPDX2fNi9fC5rNhdi0hjgn
aq3VAGydIIloZxzvtaVrucni00FLHZmRc77yphHnR43a28q7K/Cjx76cswIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFEpwduz+GhNNCT+hW3nE06HfSta5MB8GA1UdIwQY
MBaAFDAWsQ0KwhgBfHSTlOTyUZzywFFOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUJheERRckNHQUY4ZEpPVTVQSlJuUExBVVU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zZWI2NGEtZTZkZS00NWY1LWI2OGMt
NjkzNjc2MmQyZmNlLzEvU25CMjdQNGFFMDBKUDZGYmVjVFRvZDlLMXJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zZWI2NGEtZTZkZS00NWY1LWI2OGMtNjkzNjc2MmQyZmNl
LzEvTUJheERRckNHQUY4ZEpPVTVQSlJuUExBVVU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCLVWsAwQD
X4HwAwQF1YGAMA0EAgACMAcDBQMqA/MAMA0GCSqGSIb3DQEBCwUAA4IBAQA/cyLr
j8UjkB6nAwWKd+JXhNcGdvSjdXJMCuw5wf3YugXzxQbPfLcSLJQOmJpJ48zgM++x
d0y06hxxalqUwnqUWJ1dCyyDY/zD99/CS4HFHIl/XkDUrdnl6WnkyGRjxxt4k6cf
GjIAwEzLzytQFDR30g7yR78NFCnyvkGv2FHUcXnYxiI0em/k43dAZu0U4rA8Tp82
WSVAIh4x87yz7uvs1Z+bl6D86+FsFuurkv6F9g8Tgd6I7E/fQXCy0wMnHBuQRP04
tbeETT6jiLB3ySsVuCB/c10R63iT+VDecZ3BT8FZTjDANb+17dEeoQZ2tGYAGWpO
9tyJ3AzLHYsAFW4w
-----END CERTIFICATE-----
Generated at Sun Jun 29 10:20:24 2025 by rpki-client