Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/tVTdYwnYYp3b_eUhbVSQRQeadEU.roa
File: tVTdYwnYYp3b_eUhbVSQRQeadEU.roa (raw, json)
Hash identifier: 4Nl3NSw+3Qg0hgNeV3S8TaiNWf3yjru7QAcwwQS9RII=
Subject key identifier: B5:54:DD:63:09:D8:62:9D:DB:FD:E5:21:6D:54:90:45:07:9A:74:45
Certificate issuer: /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial: 0199C454D7447B9886D2D03C263388E79B20
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/tVTdYwnYYp3b_eUhbVSQRQeadEU.roa
Signing time: Wed 08 Oct 2025 14:58:38 +0000
ROA not before: Wed 08 Oct 2025 14:58:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213893
IP address blocks: 2a0d:d940:10::/48 maxlen: 48
2a0d:d940:11::/48 maxlen: 48
2a0d:d940:13::/48 maxlen: 48
2a0d:d940:14::/48 maxlen: 48
2a0d:d940:15::/48 maxlen: 48
2a0d:d940:18::/48 maxlen: 48
2a0d:d940:19::/48 maxlen: 48
2a0d:d940:1a::/48 maxlen: 48
2a0d:d940:1b::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:c4:54:d7:44:7b:98:86:d2:d0:3c:26:33:88:e7:9b:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Validity
Not Before: Oct 8 14:58:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b554dd6309d8629ddbfde5216d549045079a7445
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:69:65:ba:93:ba:bc:d6:a3:69:4d:da:be:00:
84:83:67:59:22:08:c6:0f:76:40:8f:ff:3b:ef:bd:
6d:a2:5e:89:74:c4:5c:09:a5:30:c4:06:27:34:91:
fb:95:7e:e1:d3:67:fa:19:ee:07:4e:bf:a1:f8:d9:
5e:2e:51:dd:1a:81:ba:99:40:8c:c2:89:57:d3:04:
8d:1f:38:64:2c:c5:ac:dd:b8:03:be:f4:16:bb:ea:
59:b7:6c:6c:b8:da:6c:75:03:78:48:70:5b:9e:1d:
9d:f5:69:88:aa:c1:d1:9a:39:86:0f:0c:1d:ee:d0:
70:b6:36:dc:1e:b0:f8:e0:79:f3:de:89:96:b1:d7:
4a:2e:fb:43:cd:90:c0:fd:e5:be:29:56:41:4f:5d:
04:5a:65:30:7c:6c:c2:86:2d:7f:fa:0c:e0:a5:9f:
df:c1:7e:7a:13:85:f5:7c:1b:3a:05:c3:77:9f:c8:
af:95:46:82:50:9f:2e:00:32:25:25:d6:5c:53:d9:
de:8f:61:ae:47:08:bc:a1:1e:d7:06:57:72:8e:c1:
d1:9a:b1:31:9f:6a:06:44:2a:8e:b0:c9:61:28:8e:
9e:7d:91:86:99:14:65:63:d4:8d:94:de:bb:8c:16:
cd:71:1f:1b:62:0c:d4:9d:fc:17:cc:d7:66:7b:2b:
47:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:54:DD:63:09:D8:62:9D:DB:FD:E5:21:6D:54:90:45:07:9A:74:45
X509v3 Authority Key Identifier:
keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/tVTdYwnYYp3b_eUhbVSQRQeadEU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0d:d940:10::/47
2a0d:d940:13::-2a0d:d940:15:ffff:ffff:ffff:ffff:ffff
2a0d:d940:18::/46
Signature Algorithm: sha256WithRSAEncryption
ae:d1:12:e8:a3:bb:13:59:8d:60:ea:dc:b2:18:c5:10:78:b2:
29:8a:13:5a:fc:36:67:e0:c3:85:81:32:04:68:91:22:05:2a:
4d:b0:62:bf:5e:c1:ba:1f:ff:ab:bb:61:6f:09:36:b5:a1:26:
88:b2:d0:d7:4b:80:2b:68:06:e4:22:15:6b:d3:32:fa:af:73:
e2:28:20:0e:e5:e1:69:b4:15:b0:1c:4d:1c:62:be:ef:a3:46:
55:2e:f5:d0:f2:6b:05:51:cb:d2:02:d4:cf:3b:ea:a3:14:d7:
73:eb:76:ab:50:9c:7d:63:bb:d5:f1:bf:a9:86:60:c7:51:a6:
a8:8d:d1:24:07:82:90:59:81:f2:fa:0f:38:c0:61:16:92:9d:
f0:44:02:b7:7b:a2:e9:d6:f6:e6:04:1e:dd:ed:8b:e4:b8:b7:
19:e4:73:0f:b6:95:23:a1:99:f4:d5:98:2d:f6:bf:30:87:24:
12:de:ed:56:6a:4c:ff:e1:30:6b:96:d0:c3:8f:bd:7e:33:14:
30:82:43:5a:ad:a6:c2:db:38:11:57:7a:73:33:7d:33:f6:53:
d5:7f:36:5e:d9:c4:6a:4f:36:0a:aa:60:92:a9:dd:c5:d2:01:
c2:43:ce:e2:e1:2c:f5:5e:52:17:35:73:d9:53:3d:1c:35:ef:
50:32:c7:9e
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZnEVNdEe5iG0tA8JjOI55sgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUxMDA4MTQ1ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTU0ZGQ2MzA5ZDg2MjlkZGJmZGU1MjE2ZDU0OTA0NTA3OWE3NDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmllupO6vNajaU3avgCEg2dZIgjG
D3ZAj/87771tol6JdMRcCaUwxAYnNJH7lX7h02f6Ge4HTr+h+NleLlHdGoG6mUCM
wolX0wSNHzhkLMWs3bgDvvQWu+pZt2xsuNpsdQN4SHBbnh2d9WmIqsHRmjmGDwwd
7tBwtjbcHrD44Hnz3omWsddKLvtDzZDA/eW+KVZBT10EWmUwfGzChi1/+gzgpZ/f
wX56E4X1fBs6BcN3n8ivlUaCUJ8uADIlJdZcU9nej2GuRwi8oR7XBldyjsHRmrEx
n2oGRCqOsMlhKI6efZGGmRRlY9SNlN67jBbNcR8bYgzUnfwXzNdmeytHDQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFLVU3WMJ2GKd2/3lIW1UkEUHmnRFMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvdFZUZFl3bllZcDNiX2VVaGJWU1FSUWVhZEVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAAjAmAwcBKg3ZQAAQ
MBIDBwAqDdlAABMDBwEqDdlAABQDBwIqDdlAABgwDQYJKoZIhvcNAQELBQADggEB
AK7REuijuxNZjWDq3LIYxRB4simKE1r8Nmfgw4WBMgRokSIFKk2wYr9ewbof/6u7
YW8JNrWhJoiy0NdLgCtoBuQiFWvTMvqvc+IoIA7l4Wm0FbAcTRxivu+jRlUu9dDy
awVRy9IC1M876qMU13PrdqtQnH1ju9Xxv6mGYMdRpqiN0SQHgpBZgfL6DzjAYRaS
nfBEArd7ounW9uYEHt3ti+S4txnkcw+2lSOhmfTVmC32vzCHJBLe7VZqTP/hMGuW
0MOPvX4zFDCCQ1qtpsLbOBFXenMzfTP2U9V/Nl7ZxGpPNgqqYJKp3cXSAcJDzuLh
LPVeUhc1c9lTPRw171Ayx54=
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:59:38 2025 by rpki-client