Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/4cYZBaSCfKx4xdTyV36QiAtkYH8.roa
File: 4cYZBaSCfKx4xdTyV36QiAtkYH8.roa (raw, json)
Hash identifier: 4TbdTxLmlk8EX546dkAWoaHsA8UX5a3+NdKi5edH1kY=
Subject key identifier: E1:C6:19:05:A4:82:7C:AC:78:C5:D4:F2:57:7E:90:88:0B:64:60:7F
Certificate issuer: /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial: 01987F7DADAAA394F5925042E6CCCA998B42
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/4cYZBaSCfKx4xdTyV36QiAtkYH8.roa
Signing time: Wed 06 Aug 2025 13:06:39 +0000
ROA not before: Wed 06 Aug 2025 13:06:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9123
IP address blocks: 92.51.20.0/24 maxlen: 24
92.51.22.0/24 maxlen: 24
92.51.23.0/24 maxlen: 24
92.51.38.0/24 maxlen: 24
92.51.39.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 10:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:7f:7d:ad:aa:a3:94:f5:92:50:42:e6:cc:ca:99:8b:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Validity
Not Before: Aug 6 13:06:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e1c61905a4827cac78c5d4f2577e90880b64607f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:5b:b8:7e:48:fb:d3:0e:fb:67:56:22:b9:4c:
e0:b9:32:35:be:98:e8:6f:94:c5:d7:50:e6:7f:3e:
9e:4d:6d:07:6c:c2:d8:8c:f6:4c:fc:bf:b4:19:22:
83:01:e2:5d:d8:6b:00:97:83:63:53:06:70:9d:49:
e3:c0:e3:a7:22:c5:73:0f:0e:d4:30:ba:38:99:c8:
4a:ab:2b:f4:80:33:d1:62:37:68:e0:61:4d:12:66:
83:df:17:e4:52:0e:80:d1:5d:35:e9:64:74:f4:be:
9e:1c:33:ea:4d:ae:1f:53:55:e5:38:b1:b1:7f:66:
a3:eb:79:c3:65:14:30:c2:6a:52:bc:ae:e3:1c:35:
3f:ac:9b:70:af:b8:ed:69:0c:e1:9c:70:2b:18:cb:
9f:cc:16:d6:c0:b5:aa:53:ba:d5:aa:f3:f0:b5:bf:
2e:d8:f2:98:d2:4c:37:41:5d:e6:80:31:eb:9c:92:
63:70:85:d9:db:51:3f:02:25:fe:18:d0:01:d9:10:
ee:65:61:90:0e:10:df:85:bb:f7:85:9e:ab:b0:4d:
94:6b:d4:14:e6:b8:fd:73:23:e0:9f:4c:41:5e:d4:
34:b5:4f:1e:f8:1c:f3:fa:f9:5d:7c:27:0c:d4:ab:
41:0c:6e:fa:be:af:6d:4f:5d:96:82:d5:84:8e:ab:
6e:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:C6:19:05:A4:82:7C:AC:78:C5:D4:F2:57:7E:90:88:0B:64:60:7F
X509v3 Authority Key Identifier:
keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/4cYZBaSCfKx4xdTyV36QiAtkYH8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.51.20.0/24
92.51.22.0/23
92.51.38.0/23
Signature Algorithm: sha256WithRSAEncryption
93:2a:1d:c9:6c:dc:31:8e:cd:a9:0f:3d:4d:1b:f6:f4:a4:b9:
1e:42:54:09:fd:23:da:b0:83:a1:5c:ba:5c:ed:7a:34:f6:13:
ba:b9:41:f7:77:66:0d:ca:68:02:2f:e7:63:56:05:09:e1:81:
79:3c:ad:08:22:6c:88:0e:c9:b6:a8:1f:d6:02:5d:3f:c9:ec:
b5:6e:6b:46:4a:8a:53:02:b6:61:51:43:7e:62:35:f7:ed:57:
74:d7:bd:0f:7b:f5:13:54:63:99:52:50:7d:c8:55:7f:fd:6a:
11:68:2f:18:1a:0a:59:63:e5:87:e6:55:91:24:26:bd:24:dd:
9c:71:9b:e9:e0:b1:40:82:c8:e7:26:30:cd:6e:3c:00:62:52:
ba:04:39:d3:7d:f2:65:de:e9:fc:db:11:17:1c:41:82:94:97:
e9:00:b4:d3:d7:f0:04:fa:fd:ad:1d:a3:b7:87:38:30:52:4a:
e7:d5:9f:78:f4:f9:b3:02:00:d2:0e:2b:8b:4e:20:f9:4b:66:
ac:19:2c:24:5b:3e:14:8f:58:c6:7f:6b:95:d2:11:c9:93:82:
13:1d:01:cc:f9:57:53:6c:a0:79:0a:fb:12:f5:3a:ec:ed:0d:
22:9a:2e:ed:f6:ea:86:80:c7:a9:31:c1:05:39:94:29:a2:30:
70:3a:29:bf
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZh/fa2qo5T1klBC5szKmYtCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjUwODA2MTMwNjM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWM2MTkwNWE0ODI3Y2FjNzhjNWQ0ZjI1NzdlOTA4ODBiNjQ2MDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlu4fkj70w77Z1YiuUzguTI1vpjo
b5TF11Dmfz6eTW0HbMLYjPZM/L+0GSKDAeJd2GsAl4NjUwZwnUnjwOOnIsVzDw7U
MLo4mchKqyv0gDPRYjdo4GFNEmaD3xfkUg6A0V016WR09L6eHDPqTa4fU1XlOLGx
f2aj63nDZRQwwmpSvK7jHDU/rJtwr7jtaQzhnHArGMufzBbWwLWqU7rVqvPwtb8u
2PKY0kw3QV3mgDHrnJJjcIXZ21E/AiX+GNAB2RDuZWGQDhDfhbv3hZ6rsE2Ua9QU
5rj9cyPgn0xBXtQ0tU8e+Bzz+vldfCcM1KtBDG76vq9tT12WgtWEjqtuRwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOHGGQWkgnyseMXU8ld+kIgLZGB/MB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEvNGNZWkJhU0NmS3g0eGRUeVYzNlFpQXRrWUg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXDMUAwQB
XDMWAwQBXDMmMA0GCSqGSIb3DQEBCwUAA4IBAQCTKh3JbNwxjs2pDz1NG/b0pLke
QlQJ/SPasIOhXLpc7Xo09hO6uUH3d2YNymgCL+djVgUJ4YF5PK0IImyIDsm2qB/W
Al0/yey1bmtGSopTArZhUUN+YjX37Vd0170Pe/UTVGOZUlB9yFV//WoRaC8YGgpZ
Y+WH5lWRJCa9JN2ccZvp4LFAgsjnJjDNbjwAYlK6BDnTffJl3un82xEXHEGClJfp
ALTT1/AE+v2tHaO3hzgwUkrn1Z949PmzAgDSDiuLTiD5S2asGSwkWz4Uj1jGf2uV
0hHJk4ITHQHM+VdTbKB5CvsS9Trs7Q0imi7t9uqGgMepMcEFOZQpojBwOim/
-----END CERTIFICATE-----
Generated at Sat Aug 23 16:14:17 2025 by rpki-client