Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/2f977a-c0db-437e-9f60-5592360e3e8e/1/k4w-6jVNy-8iNTxThqtVK8dHfNM.roa
File: k4w-6jVNy-8iNTxThqtVK8dHfNM.roa (raw, json)
Hash identifier: i49dbw3SszheCL/rtxIrLH6ESMYCJl9JAeSfGhPrYzs=
Subject key identifier: 93:8C:3E:EA:35:4D:CB:EF:22:35:3C:53:86:AB:55:2B:C7:47:7C:D3
Certificate issuer: /CN=cab936b35f92cdec5e90df33bdc508661c27b455
Certificate serial: 01977EC6F70D0843F26EAB8F47338477C81E
Authority key identifier: CA:B9:36:B3:5F:92:CD:EC:5E:90:DF:33:BD:C5:08:66:1C:27:B4:55
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yrk2s1-SzexekN8zvcUIZhwntFU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/2f977a-c0db-437e-9f60-5592360e3e8e/1/k4w-6jVNy-8iNTxThqtVK8dHfNM.roa
Signing time: Tue 17 Jun 2025 16:44:17 +0000
ROA not before: Tue 17 Jun 2025 16:44:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214089
IP address blocks: 45.94.100.0/22 maxlen: 22
45.94.103.0/24 maxlen: 24
193.178.44.0/22 maxlen: 22
193.178.44.0/24 maxlen: 24
193.178.45.0/24 maxlen: 24
193.178.46.0/24 maxlen: 24
193.178.47.0/24 maxlen: 24
2a12:b840::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a7/2f977a-c0db-437e-9f60-5592360e3e8e/1/yrk2s1-SzexekN8zvcUIZhwntFU.crl
rsync://rpki.ripe.net/repository/DEFAULT/a7/2f977a-c0db-437e-9f60-5592360e3e8e/1/yrk2s1-SzexekN8zvcUIZhwntFU.mft
rsync://rpki.ripe.net/repository/DEFAULT/yrk2s1-SzexekN8zvcUIZhwntFU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Jun 2025 07:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:7e:c6:f7:0d:08:43:f2:6e:ab:8f:47:33:84:77:c8:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cab936b35f92cdec5e90df33bdc508661c27b455
Validity
Not Before: Jun 17 16:44:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=938c3eea354dcbef22353c5386ab552bc7477cd3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:bf:a2:73:84:45:12:87:4c:ca:35:33:60:84:
78:fc:61:15:da:4a:6e:12:f8:e9:27:30:d3:cd:23:
6d:0d:7b:1d:ea:26:65:10:34:84:c5:7f:75:ce:28:
9d:4d:17:de:a3:46:0e:1e:b0:8c:8b:af:ca:ab:69:
eb:dc:91:b6:9c:49:b2:62:7b:26:06:3a:f5:29:08:
cf:59:0f:8f:ad:a1:3e:1d:09:c1:35:f2:6d:06:03:
1b:a3:27:04:7b:ce:18:3a:75:07:d4:12:6a:8e:ae:
b3:4b:26:a6:06:f0:b6:32:01:d1:d6:6b:3b:51:05:
ae:23:07:e1:aa:5d:f7:3e:e2:8c:37:92:37:7f:14:
61:81:a9:c1:24:e2:ab:49:c2:f6:1b:63:a9:07:2a:
0d:f0:0c:ba:90:88:46:d4:7d:c7:39:4e:bc:31:6f:
ab:04:b9:72:a5:9d:21:47:40:59:6b:c3:60:5c:1d:
59:b5:18:83:0b:f3:0f:81:a6:c3:8a:df:ba:71:11:
79:b9:6d:ee:5a:2b:df:cd:8f:35:d5:df:22:3f:92:
bc:dc:bc:7d:95:5e:eb:d6:2f:41:3d:84:d1:c3:39:
cb:64:3c:2a:16:7a:7b:b0:5d:a9:4c:4d:dc:f5:90:
02:71:94:eb:5e:ab:de:5c:76:62:5d:31:0e:9e:ce:
e8:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:8C:3E:EA:35:4D:CB:EF:22:35:3C:53:86:AB:55:2B:C7:47:7C:D3
X509v3 Authority Key Identifier:
keyid:CA:B9:36:B3:5F:92:CD:EC:5E:90:DF:33:BD:C5:08:66:1C:27:B4:55
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yrk2s1-SzexekN8zvcUIZhwntFU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/2f977a-c0db-437e-9f60-5592360e3e8e/1/k4w-6jVNy-8iNTxThqtVK8dHfNM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/2f977a-c0db-437e-9f60-5592360e3e8e/1/yrk2s1-SzexekN8zvcUIZhwntFU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.94.100.0/22
193.178.44.0/22
IPv6:
2a12:b840::/32
Signature Algorithm: sha256WithRSAEncryption
04:9b:d9:f2:52:1f:89:c1:70:b2:85:62:6a:cd:b8:62:3a:49:
5d:b4:bc:ff:e3:1a:75:51:4d:bc:a4:26:95:72:e5:46:25:b0:
ae:06:99:68:24:6e:bb:34:74:0f:92:38:2c:e2:21:c1:d1:c3:
8c:6f:4e:33:2b:2f:77:cd:e1:62:24:a1:c6:54:3b:20:49:cc:
b9:d8:75:2c:a0:a8:56:5d:4c:86:a8:09:a2:ad:94:58:50:b4:
fe:bc:11:d0:ee:55:07:59:9b:4c:37:aa:96:a1:91:4e:85:04:
78:bf:de:bd:a7:40:44:a4:e5:91:c9:2d:4a:f5:de:51:dd:23:
84:cb:01:c9:d5:cf:e8:a4:a2:ea:71:ca:bc:12:1b:60:1e:d7:
d5:dc:55:b9:ea:c1:c2:ff:0b:3f:9d:cb:b2:e5:ac:05:3a:34:
22:48:99:e5:61:89:ce:19:7c:8e:99:f3:48:19:50:5e:96:f6:
76:de:62:d8:6c:77:52:ff:33:c0:6c:9f:73:4b:06:b4:d4:91:
ff:d9:a4:28:9d:d2:fc:36:6e:a7:ab:d7:40:9b:a9:7e:2b:45:
d1:97:3b:d7:4f:3e:ca:1d:3a:00:ca:f6:d6:00:2b:08:cb:50:
47:71:c3:15:70:b5:79:37:b5:1b:c3:0c:3c:f7:08:c3:fa:92:
6b:cc:22:5b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZd+xvcNCEPybquPRzOEd8geMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhYjkzNmIzNWY5MmNkZWM1ZTkwZGYzM2JkYzUwODY2MWMy
N2I0NTUwHhcNMjUwNjE3MTY0NDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzhjM2VlYTM1NGRjYmVmMjIzNTNjNTM4NmFiNTUyYmM3NDc3Y2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2L+ic4RFEodMyjUzYIR4/GEV2kpu
EvjpJzDTzSNtDXsd6iZlEDSExX91ziidTRfeo0YOHrCMi6/Kq2nr3JG2nEmyYnsm
Bjr1KQjPWQ+PraE+HQnBNfJtBgMboycEe84YOnUH1BJqjq6zSyamBvC2MgHR1ms7
UQWuIwfhql33PuKMN5I3fxRhganBJOKrScL2G2OpByoN8Ay6kIhG1H3HOU68MW+r
BLlypZ0hR0BZa8NgXB1ZtRiDC/MPgabDit+6cRF5uW3uWivfzY811d8iP5K83Lx9
lV7r1i9BPYTRwznLZDwqFnp7sF2pTE3c9ZACcZTrXqveXHZiXTEOns7oYQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJOMPuo1TcvvIjU8U4arVSvHR3zTMB8GA1UdIwQY
MBaAFMq5NrNfks3sXpDfM73FCGYcJ7RVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXJrMnMxLVN6ZXhla044enZjVUlaaHdudEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8yZjk3N2EtYzBkYi00MzdlLTlmNjAt
NTU5MjM2MGUzZThlLzEvazR3LTZqVk55LThpTlR4VGhxdFZLOGRIZk5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8yZjk3N2EtYzBkYi00MzdlLTlmNjAtNTU5MjM2MGUzZThl
LzEveXJrMnMxLVN6ZXhla044enZjVUlaaHdudEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLV5kAwQC
wbIsMA0EAgACMAcDBQAqErhAMA0GCSqGSIb3DQEBCwUAA4IBAQAEm9nyUh+JwXCy
hWJqzbhiOkldtLz/4xp1UU28pCaVcuVGJbCuBploJG67NHQPkjgs4iHB0cOMb04z
Ky93zeFiJKHGVDsgScy52HUsoKhWXUyGqAmirZRYULT+vBHQ7lUHWZtMN6qWoZFO
hQR4v969p0BEpOWRyS1K9d5R3SOEywHJ1c/opKLqccq8EhtgHtfV3FW56sHC/ws/
ncuy5awFOjQiSJnlYYnOGXyOmfNIGVBelvZ23mLYbHdS/zPAbJ9zSwa01JH/2aQo
ndL8Nm6nq9dAm6l+K0XRlzvXTz7KHToAyvbWACsIy1BHccMVcLV5N7Ubwww89wjD
+pJrzCJb
-----END CERTIFICATE-----
Generated at Sun Jun 29 16:57:50 2025 by rpki-client