Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/320baf-59dc-46a2-af7d-d819ced5d35a/1/S4M1yLaoUkBNpr3z25JQH_BGArI.roa
File: S4M1yLaoUkBNpr3z25JQH_BGArI.roa (raw, json)
Hash identifier: u9aDojpNlhB36wlUGghNH/x88dKTjNyPYfwfTMBmtv4=
Subject key identifier: 4B:83:35:C8:B6:A8:52:40:4D:A6:BD:F3:DB:92:50:1F:F0:46:02:B2
Certificate issuer: /CN=c5119e75200392f1a2f08be990732d8047b28b09
Certificate serial: 019980060AA3519304F146DBC206FAF0109D
Authority key identifier: C5:11:9E:75:20:03:92:F1:A2:F0:8B:E9:90:73:2D:80:47:B2:8B:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xRGedSADkvGi8IvpkHMtgEeyiwk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/320baf-59dc-46a2-af7d-d819ced5d35a/1/S4M1yLaoUkBNpr3z25JQH_BGArI.roa
Signing time: Thu 25 Sep 2025 08:38:23 +0000
ROA not before: Thu 25 Sep 2025 08:38:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57388
IP address blocks: 130.0.24.0/21 maxlen: 21
130.0.24.0/22 maxlen: 24
130.0.24.0/24 maxlen: 24
130.0.25.0/24 maxlen: 24
130.0.26.0/24 maxlen: 24
130.0.27.0/24 maxlen: 24
130.0.28.0/22 maxlen: 24
130.0.28.0/24 maxlen: 24
130.0.30.0/24 maxlen: 24
130.0.31.0/24 maxlen: 24
185.85.152.0/22 maxlen: 24
2a02:dd00::/29 maxlen: 48
2a02:dd00:1a::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/320baf-59dc-46a2-af7d-d819ced5d35a/1/xRGedSADkvGi8IvpkHMtgEeyiwk.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/320baf-59dc-46a2-af7d-d819ced5d35a/1/xRGedSADkvGi8IvpkHMtgEeyiwk.mft
rsync://rpki.ripe.net/repository/DEFAULT/xRGedSADkvGi8IvpkHMtgEeyiwk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:80:06:0a:a3:51:93:04:f1:46:db:c2:06:fa:f0:10:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c5119e75200392f1a2f08be990732d8047b28b09
Validity
Not Before: Sep 25 08:38:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4b8335c8b6a852404da6bdf3db92501ff04602b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:08:18:99:f4:26:f1:ff:a0:cc:ad:11:85:75:
67:2e:7d:ea:97:65:f7:1a:30:76:73:9e:cc:94:23:
7e:94:cb:ec:19:7d:f7:83:83:e4:89:e4:24:c6:60:
88:53:93:07:e2:f0:e3:4e:25:0e:c5:71:dc:e8:8b:
84:f7:e1:06:06:dc:24:48:e3:3c:3d:30:ee:5f:a2:
db:c5:b0:c7:ea:c5:36:62:a7:3a:77:77:94:1c:33:
68:e2:34:a5:f7:ef:90:c2:ee:f7:fa:e7:69:ab:9d:
6a:b4:37:94:6c:4a:d2:db:4a:fe:93:85:c9:d9:3c:
07:e1:c0:9e:6b:d3:a2:30:7f:a1:5b:c4:01:46:16:
72:4b:6e:58:91:3c:a0:34:fa:8f:be:1e:75:3f:ca:
56:b6:4e:85:62:e6:1b:c0:58:b0:34:dc:1e:85:24:
5e:9d:eb:2a:31:46:ec:30:08:54:7a:14:9a:db:5a:
4c:cc:2a:55:03:49:4b:d1:92:8a:bd:df:20:52:29:
a7:9a:32:e3:e1:dc:ef:cd:c0:86:57:80:21:9b:8d:
4b:cc:59:ca:57:a8:68:1c:7a:99:4a:ff:c9:52:42:
09:f5:7c:bf:80:64:ee:a1:49:55:14:8b:6d:c7:75:
82:1c:65:25:ef:ac:1d:66:7f:61:dd:df:71:92:50:
ed:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:83:35:C8:B6:A8:52:40:4D:A6:BD:F3:DB:92:50:1F:F0:46:02:B2
X509v3 Authority Key Identifier:
keyid:C5:11:9E:75:20:03:92:F1:A2:F0:8B:E9:90:73:2D:80:47:B2:8B:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xRGedSADkvGi8IvpkHMtgEeyiwk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/320baf-59dc-46a2-af7d-d819ced5d35a/1/S4M1yLaoUkBNpr3z25JQH_BGArI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/320baf-59dc-46a2-af7d-d819ced5d35a/1/xRGedSADkvGi8IvpkHMtgEeyiwk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
130.0.24.0/21
185.85.152.0/22
IPv6:
2a02:dd00::/29
Signature Algorithm: sha256WithRSAEncryption
b7:1f:bc:b6:3f:87:50:70:30:3f:8c:d7:59:8c:eb:5e:a4:58:
94:fc:d0:b7:a8:66:83:b2:75:05:bb:60:02:06:a3:6a:d5:d9:
60:6f:da:aa:fa:03:db:4c:e5:8a:59:c2:ba:28:74:12:ed:42:
58:58:3d:42:04:83:d1:88:8a:f3:0e:e5:70:80:da:fc:b9:4e:
ce:dd:36:d3:12:1b:66:0a:2e:98:28:3f:e2:5c:a4:ff:3e:1c:
cb:e8:0f:26:48:77:43:df:30:40:36:a9:4f:27:a9:49:80:d5:
8b:1a:36:39:18:a0:49:6d:bf:6e:4a:b8:c7:67:cc:9d:2d:78:
75:58:dc:c7:33:09:37:e7:a5:6d:ef:55:86:5c:99:c2:da:90:
a4:19:a7:2f:2f:1e:fd:11:a2:d6:24:9d:47:45:d7:93:57:e9:
13:18:86:68:d8:cf:f8:ba:b8:be:b6:75:72:0f:02:ef:b5:80:
8c:16:5f:bb:16:8b:83:b8:43:af:43:a2:6c:c4:42:e3:14:cc:
2c:3e:03:1b:6d:50:7c:91:9a:be:48:f7:52:bf:3a:07:dc:02:
48:7a:f5:b4:8a:72:f8:2c:e7:8a:5a:48:85:d8:61:60:ae:bc:
5e:72:b9:81:52:05:d4:13:a1:46:5f:b6:f2:db:8b:77:69:58:
8f:64:65:6e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZmABgqjUZME8Ubbwgb68BCdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1MTE5ZTc1MjAwMzkyZjFhMmYwOGJlOTkwNzMyZDgwNDdi
MjhiMDkwHhcNMjUwOTI1MDgzODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjgzMzVjOGI2YTg1MjQwNGRhNmJkZjNkYjkyNTAxZmYwNDYwMmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAgYmfQm8f+gzK0RhXVnLn3ql2X3
GjB2c57MlCN+lMvsGX33g4PkieQkxmCIU5MH4vDjTiUOxXHc6IuE9+EGBtwkSOM8
PTDuX6LbxbDH6sU2Yqc6d3eUHDNo4jSl9++Qwu73+udpq51qtDeUbErS20r+k4XJ
2TwH4cCea9OiMH+hW8QBRhZyS25YkTygNPqPvh51P8pWtk6FYuYbwFiwNNwehSRe
nesqMUbsMAhUehSa21pMzCpVA0lL0ZKKvd8gUimnmjLj4dzvzcCGV4Ahm41LzFnK
V6hoHHqZSv/JUkIJ9Xy/gGTuoUlVFIttx3WCHGUl76wdZn9h3d9xklDt7wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEuDNci2qFJATaa989uSUB/wRgKyMB8GA1UdIwQY
MBaAFMURnnUgA5LxovCL6ZBzLYBHsosJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFJHZWRTQURrdkdpOEl2cGtITXRnRWV5aXdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8zMjBiYWYtNTlkYy00NmEyLWFmN2Qt
ZDgxOWNlZDVkMzVhLzEvUzRNMXlMYW9Va0JOcHIzejI1SlFIX0JHQXJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8zMjBiYWYtNTlkYy00NmEyLWFmN2QtZDgxOWNlZDVkMzVh
LzEveFJHZWRTQURrdkdpOEl2cGtITXRnRWV5aXdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDggAYAwQC
uVWYMA0EAgACMAcDBQMqAt0AMA0GCSqGSIb3DQEBCwUAA4IBAQC3H7y2P4dQcDA/
jNdZjOtepFiU/NC3qGaDsnUFu2ACBqNq1dlgb9qq+gPbTOWKWcK6KHQS7UJYWD1C
BIPRiIrzDuVwgNr8uU7O3TbTEhtmCi6YKD/iXKT/PhzL6A8mSHdD3zBANqlPJ6lJ
gNWLGjY5GKBJbb9uSrjHZ8ydLXh1WNzHMwk356Vt71WGXJnC2pCkGacvLx79EaLW
JJ1HRdeTV+kTGIZo2M/4uri+tnVyDwLvtYCMFl+7FouDuEOvQ6JsxELjFMwsPgMb
bVB8kZq+SPdSvzoH3AJIevW0inL4LOeKWkiF2GFgrrxecrmBUgXUE6FGX7by24t3
aViPZGVu
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:58:07 2025 by rpki-client