Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/89090c-53b1-41be-a338-3831f3ed1ca8/1/4YqKA_NWl67P1UUsYLLewOce3N4.roa
File: 4YqKA_NWl67P1UUsYLLewOce3N4.roa (raw, json)
Hash identifier: jzpkFPCa8z2EEBKsdTK/EMaQenQwoVIoEp37mrkYSlo=
Subject key identifier: E1:8A:8A:03:F3:56:97:AE:CF:D5:45:2C:60:B2:DE:C0:E7:1E:DC:DE
Certificate issuer: /CN=d7c60a54e03c9f815cc33afd45d3c4db9af76f16
Certificate serial: 0199E990B503A409302A6C7EA5E816D753F9
Authority key identifier: D7:C6:0A:54:E0:3C:9F:81:5C:C3:3A:FD:45:D3:C4:DB:9A:F7:6F:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/18YKVOA8n4Fcwzr9RdPE25r3bxY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/89090c-53b1-41be-a338-3831f3ed1ca8/1/4YqKA_NWl67P1UUsYLLewOce3N4.roa
Signing time: Wed 15 Oct 2025 20:29:58 +0000
ROA not before: Wed 15 Oct 2025 20:29:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 4755
IP address blocks: 185.33.114.0/24 maxlen: 24
202.162.49.0/24 maxlen: 24
202.162.52.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b0/89090c-53b1-41be-a338-3831f3ed1ca8/1/18YKVOA8n4Fcwzr9RdPE25r3bxY.crl
rsync://rpki.ripe.net/repository/DEFAULT/b0/89090c-53b1-41be-a338-3831f3ed1ca8/1/18YKVOA8n4Fcwzr9RdPE25r3bxY.mft
rsync://rpki.ripe.net/repository/DEFAULT/18YKVOA8n4Fcwzr9RdPE25r3bxY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e9:90:b5:03:a4:09:30:2a:6c:7e:a5:e8:16:d7:53:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d7c60a54e03c9f815cc33afd45d3c4db9af76f16
Validity
Not Before: Oct 15 20:29:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e18a8a03f35697aecfd5452c60b2dec0e71edcde
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:99:eb:b9:2c:bd:91:59:ba:1a:ab:61:14:85:
81:f7:a8:54:58:2f:3f:77:be:fe:28:9f:0d:67:5a:
c8:bb:1d:ab:b1:15:e6:f0:9d:16:99:b2:e6:1c:bc:
83:b9:1e:96:72:ba:22:04:ab:12:ee:3c:1e:03:d4:
de:17:9c:25:ef:46:8e:e1:2f:8c:d5:2c:fb:28:9c:
dc:9a:b5:f5:d2:d7:20:2c:0d:b7:da:95:72:02:68:
b7:0d:75:d7:e8:fd:a9:76:39:b3:09:58:54:68:f5:
0d:66:97:2d:86:3e:d1:5f:2a:fe:c5:1a:ab:8f:1f:
fd:a1:98:d4:20:01:53:7f:fd:3b:1b:8a:85:4f:93:
67:6c:77:6e:90:14:10:f7:3c:f7:8f:73:db:cf:64:
54:1d:ff:71:c6:17:a0:ba:cc:45:e2:64:7e:b4:44:
30:da:6c:02:e4:d1:15:71:4c:d0:be:6e:bb:92:4c:
de:ca:9f:68:39:6c:ba:26:46:73:bb:49:88:a2:9a:
b6:ed:d2:81:5b:1a:9f:69:04:30:ea:e5:40:65:f8:
9a:bc:31:25:24:ca:61:34:31:93:8b:d1:9b:bc:3b:
87:c0:02:b0:ed:b8:c5:dc:2c:f4:64:43:17:b9:b4:
46:1f:94:48:af:fd:ba:0e:63:53:f4:ba:5f:30:21:
d6:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:8A:8A:03:F3:56:97:AE:CF:D5:45:2C:60:B2:DE:C0:E7:1E:DC:DE
X509v3 Authority Key Identifier:
keyid:D7:C6:0A:54:E0:3C:9F:81:5C:C3:3A:FD:45:D3:C4:DB:9A:F7:6F:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/18YKVOA8n4Fcwzr9RdPE25r3bxY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/89090c-53b1-41be-a338-3831f3ed1ca8/1/4YqKA_NWl67P1UUsYLLewOce3N4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/89090c-53b1-41be-a338-3831f3ed1ca8/1/18YKVOA8n4Fcwzr9RdPE25r3bxY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.33.114.0/24
202.162.49.0/24
202.162.52.0/24
Signature Algorithm: sha256WithRSAEncryption
79:c7:16:3d:a1:ff:64:38:56:ce:3c:bb:8f:9c:df:9a:fe:6c:
20:67:83:05:27:95:11:96:bc:c9:f8:08:d7:48:02:13:d5:af:
a3:56:bc:7b:3d:ef:1d:f1:fa:56:a5:2a:9b:74:58:7e:cf:09:
e4:08:c4:95:14:c3:c1:fb:7c:5c:03:23:4a:10:04:02:70:76:
cc:6a:4d:de:c8:47:4a:5c:2a:08:12:37:6f:1b:f3:17:b8:14:
dd:f9:e4:a3:a9:6e:9d:45:6f:3a:8d:a6:bb:3f:bf:ab:4c:3d:
c2:d7:ff:f8:99:0e:85:8c:ac:bc:29:8a:5d:ca:25:ca:fa:75:
4b:71:56:0e:d7:b4:ff:23:e1:2a:05:a8:97:98:44:fd:0f:d3:
e0:b7:17:0e:48:5b:0a:b3:2b:20:02:b1:a2:51:34:fb:0c:ba:
25:e5:33:b9:ef:19:17:17:be:a0:0d:bc:56:47:4e:e0:6a:63:
a6:74:cb:b5:e2:f4:ed:46:c7:b0:2a:1f:27:30:70:52:69:f5:
0f:ba:34:cb:61:b2:3b:09:47:df:9c:30:a0:31:42:34:5e:57:
e3:cb:1d:60:77:3c:c2:93:36:54:bc:6d:43:fe:59:0b:18:78:
4e:69:d9:07:d8:ca:b8:c7:cd:58:18:4d:2c:12:e4:0d:11:58:
35:9b:ee:7d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZnpkLUDpAkwKmx+pegW11P5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3YzYwYTU0ZTAzYzlmODE1Y2MzM2FmZDQ1ZDNjNGRiOWFm
NzZmMTYwHhcNMjUxMDE1MjAyOTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMThhOGEwM2YzNTY5N2FlY2ZkNTQ1MmM2MGIyZGVjMGU3MWVkY2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJnruSy9kVm6GqthFIWB96hUWC8/
d77+KJ8NZ1rIux2rsRXm8J0WmbLmHLyDuR6WcroiBKsS7jweA9TeF5wl70aO4S+M
1Sz7KJzcmrX10tcgLA232pVyAmi3DXXX6P2pdjmzCVhUaPUNZpcthj7RXyr+xRqr
jx/9oZjUIAFTf/07G4qFT5NnbHdukBQQ9zz3j3Pbz2RUHf9xxhegusxF4mR+tEQw
2mwC5NEVcUzQvm67kkzeyp9oOWy6JkZzu0mIopq27dKBWxqfaQQw6uVAZfiavDEl
JMphNDGTi9GbvDuHwAKw7bjF3Cz0ZEMXubRGH5RIr/26DmNT9LpfMCHWLQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOGKigPzVpeuz9VFLGCy3sDnHtzeMB8GA1UdIwQY
MBaAFNfGClTgPJ+BXMM6/UXTxNua928WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMThZS1ZPQThuNEZjd3pyOVJkUEUyNXIzYnhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC84OTA5MGMtNTNiMS00MWJlLWEzMzgt
MzgzMWYzZWQxY2E4LzEvNFlxS0FfTldsNjdQMVVVc1lMTGV3T2NlM040LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC84OTA5MGMtNTNiMS00MWJlLWEzMzgtMzgzMWYzZWQxY2E4
LzEvMThZS1ZPQThuNEZjd3pyOVJkUEUyNXIzYnhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuSFyAwQA
yqIxAwQAyqI0MA0GCSqGSIb3DQEBCwUAA4IBAQB5xxY9of9kOFbOPLuPnN+a/mwg
Z4MFJ5URlrzJ+AjXSAIT1a+jVrx7Pe8d8fpWpSqbdFh+zwnkCMSVFMPB+3xcAyNK
EAQCcHbMak3eyEdKXCoIEjdvG/MXuBTd+eSjqW6dRW86jaa7P7+rTD3C1//4mQ6F
jKy8KYpdyiXK+nVLcVYO17T/I+EqBaiXmET9D9PgtxcOSFsKsysgArGiUTT7DLol
5TO57xkXF76gDbxWR07gamOmdMu14vTtRsewKh8nMHBSafUPujTLYbI7CUffnDCg
MUI0Xlfjyx1gdzzCkzZUvG1D/lkLGHhOadkH2Mq4x81YGE0sEuQNEVg1m+59
-----END CERTIFICATE-----
Generated at Mon Oct 20 03:53:02 2025 by rpki-client