Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/1-U24YoFDsuuShDi4ApdQTT5IMSA.roa
File: 1-U24YoFDsuuShDi4ApdQTT5IMSA.roa (raw, json)
Hash identifier: K7cEqE02b+xI1XUlHvWHxRKeaptvlvGBOL9vBMLV1o0=
Subject key identifier: F9:4D:B8:62:81:43:B2:EB:92:84:38:B8:02:97:50:4D:3E:48:31:20
Certificate issuer: /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial: 0199AF603397C9BB903B34F2B8539238407F
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/1-U24YoFDsuuShDi4ApdQTT5IMSA.roa
Signing time: Sat 04 Oct 2025 13:19:01 +0000
ROA not before: Sat 04 Oct 2025 13:19:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213771
IP address blocks: 2a14:67c1:80::/46 maxlen: 48
2a14:67c1:84::/46 maxlen: 48
2a14:67c1:88::/46 maxlen: 48
2a14:67c1:8c::/46 maxlen: 48
2a14:67c1:c100::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 06:01:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:af:60:33:97:c9:bb:90:3b:34:f2:b8:53:92:38:40:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Validity
Not Before: Oct 4 13:19:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f94db8628143b2eb928438b80297504d3e483120
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:24:bf:7f:1b:ea:06:ad:33:62:f0:45:17:72:
99:82:39:4a:43:40:91:d3:70:d5:23:05:2c:d9:8a:
7e:d0:c0:46:c1:ef:79:af:5a:ef:18:ae:ee:d8:51:
25:e1:c0:e6:66:a6:0b:44:f1:21:6f:6a:5f:8d:94:
e0:09:31:ad:e0:93:e1:f2:7b:b0:c9:ef:22:8a:cc:
24:57:90:98:dd:0f:97:8a:5a:2b:f5:0b:c8:a8:f4:
a5:84:eb:70:9c:dc:cb:26:62:90:c9:96:10:95:da:
d7:9b:18:1f:59:50:1b:1a:ad:b8:fc:b1:9e:47:d1:
b0:cc:bc:9a:18:51:1c:92:a4:9d:61:fc:e3:7c:1a:
7f:4f:5f:58:5f:ef:b8:d2:66:dc:b3:4a:03:4f:9f:
6a:b9:e4:29:48:31:3a:05:bc:f5:f5:11:59:b1:20:
28:11:fb:78:5d:1b:46:b9:5e:0f:ae:26:fa:00:0c:
bb:eb:f7:4a:f0:bd:76:ac:35:87:53:a2:a4:6d:44:
27:9e:cc:ad:48:13:b7:21:cf:2b:b0:42:79:7f:65:
0e:cc:68:a4:2f:5d:fd:0e:8b:bf:69:27:ec:0d:93:
a2:8d:59:5e:0e:0d:81:d4:fe:c7:ba:b9:ef:30:9d:
38:12:37:80:d5:94:b7:8f:3b:06:51:e0:a6:7e:17:
c6:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:4D:B8:62:81:43:B2:EB:92:84:38:B8:02:97:50:4D:3E:48:31:20
X509v3 Authority Key Identifier:
keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/1-U24YoFDsuuShDi4ApdQTT5IMSA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:67c1:80::/44
2a14:67c1:c100::/40
Signature Algorithm: sha256WithRSAEncryption
46:c0:a4:0d:bf:77:ee:d0:75:a8:8b:83:3f:61:bf:2f:ed:3c:
31:28:98:3a:4e:c4:6e:94:51:07:49:44:f4:9c:8c:74:e4:d5:
c9:9b:3a:da:69:a9:9d:a7:c1:61:33:55:8e:a0:ff:40:c6:66:
82:8f:93:3c:bb:c1:8b:d9:4f:fa:49:31:cb:9e:dc:07:b7:1e:
cf:f7:df:b9:5a:54:3d:f6:a5:83:f4:4d:50:ce:44:3e:04:94:
18:cd:16:53:d5:ec:8b:c2:31:88:ce:da:08:6a:05:79:c1:59:
3d:6f:c9:b7:41:ce:7a:1c:15:51:9d:c0:64:08:af:d9:ee:a5:
e6:ac:f7:e0:10:a2:3b:2a:ee:30:45:d7:b0:0c:f8:fb:39:59:
50:4f:85:49:3d:1e:46:61:12:bf:0d:6b:a9:47:62:01:bd:9d:
e9:6d:47:aa:cf:e4:4f:a1:1a:88:09:d0:58:2a:10:e5:b7:86:
1d:46:3b:e1:71:f5:b9:27:57:56:a5:9e:44:fe:9a:47:86:1e:
de:25:95:80:44:81:5f:51:dc:7e:e5:df:2f:4b:b8:20:d5:8b:
c6:96:73:ba:89:42:ea:cf:c1:eb:1e:90:17:d0:57:4d:50:f6:
c7:6e:f1:5d:9f:e9:a0:2b:7d:56:c9:db:c2:85:29:32:31:89:
46:e3:71:25
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZmvYDOXybuQOzTyuFOSOEB/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUxMDA0MTMxOTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTRkYjg2MjgxNDNiMmViOTI4NDM4YjgwMjk3NTA0ZDNlNDgzMTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSS/fxvqBq0zYvBFF3KZgjlKQ0CR
03DVIwUs2Yp+0MBGwe95r1rvGK7u2FEl4cDmZqYLRPEhb2pfjZTgCTGt4JPh8nuw
ye8iiswkV5CY3Q+Xilor9QvIqPSlhOtwnNzLJmKQyZYQldrXmxgfWVAbGq24/LGe
R9GwzLyaGFEckqSdYfzjfBp/T19YX++40mbcs0oDT59queQpSDE6Bbz19RFZsSAo
Eft4XRtGuV4Prib6AAy76/dK8L12rDWHU6KkbUQnnsytSBO3Ic8rsEJ5f2UOzGik
L139Dou/aSfsDZOijVleDg2B1P7HurnvMJ04EjeA1ZS3jzsGUeCmfhfGOQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPlNuGKBQ7LrkoQ4uAKXUE0+SDEgMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvMS1VMjRZb0ZEc3V1U2hEaTRBcGRRVFQ1SU1TQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDAvNzMyYjZjLTQ4ZTQtNDM1MC04YTU2LWY2Y2M0ZWYwZjdk
Zi8xL1pfTWIza1pSWTBmMDdmeS1NTzJzbWduazRPQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAqBggrBgEFBQcBBwEB/wQbMBkwFwQCAAIwEQMHBCoUZ8EA
gAMGACoUZ8HBMA0GCSqGSIb3DQEBCwUAA4IBAQBGwKQNv3fu0HWoi4M/Yb8v7Twx
KJg6TsRulFEHSUT0nIx05NXJmzraaamdp8FhM1WOoP9AxmaCj5M8u8GL2U/6STHL
ntwHtx7P99+5WlQ99qWD9E1QzkQ+BJQYzRZT1eyLwjGIztoIagV5wVk9b8m3Qc56
HBVRncBkCK/Z7qXmrPfgEKI7Ku4wRdewDPj7OVlQT4VJPR5GYRK/DWupR2IBvZ3p
bUeqz+RPoRqICdBYKhDlt4YdRjvhcfW5J1dWpZ5E/ppHhh7eJZWARIFfUdx+5d8v
S7gg1YvGlnO6iULqz8HrHpAX0FdNUPbHbvFdn+mgK31WydvChSkyMYlG43El
-----END CERTIFICATE-----
Generated at Mon Oct 20 15:47:49 2025 by rpki-client