
Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/CikwBtDrpk_Y04YCbOYT8RF-nag.roa
File: CikwBtDrpk_Y04YCbOYT8RF-nag.roa (raw, json)
Hash identifier: FALNdfrlSyLhlDyqgC3nieyWRWeKqBpM0mehDp7pdN0=
Subject key identifier: 0A:29:30:06:D0:EB:A6:4F:D8:D3:86:02:6C:E6:13:F1:11:7E:9D:A8
Certificate issuer: /CN=855be74d09d9b05251dad2c9696793c04b40f241
Certificate serial: 0199C958E230DCD7D20C8248D2806A7C53A3
Authority key identifier: 85:5B:E7:4D:09:D9:B0:52:51:DA:D2:C9:69:67:93:C0:4B:40:F2:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hVvnTQnZsFJR2tLJaWeTwEtA8kE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/CikwBtDrpk_Y04YCbOYT8RF-nag.roa
Signing time: Thu 09 Oct 2025 14:21:09 +0000
ROA not before: Thu 09 Oct 2025 14:21:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210570
IP address blocks: 2a12:7c6:abc::/48 maxlen: 48
2a12:7c6:affe::/48 maxlen: 48
2a12:7c6:c001::/48 maxlen: 48
2a12:7c6:d001::/48 maxlen: 48
2a12:7c6:e001::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/hVvnTQnZsFJR2tLJaWeTwEtA8kE.crl
rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/hVvnTQnZsFJR2tLJaWeTwEtA8kE.mft
rsync://rpki.ripe.net/repository/DEFAULT/hVvnTQnZsFJR2tLJaWeTwEtA8kE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 20:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:c9:58:e2:30:dc:d7:d2:0c:82:48:d2:80:6a:7c:53:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=855be74d09d9b05251dad2c9696793c04b40f241
Validity
Not Before: Oct 9 14:21:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0a293006d0eba64fd8d386026ce613f1117e9da8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:3a:59:28:10:a6:5a:a0:70:5d:14:46:5e:88:
d6:9f:0b:c5:00:7b:43:3a:0b:ae:63:e6:3a:d6:6f:
3a:81:76:bb:2b:a4:07:b5:31:b0:b9:0c:51:b0:a5:
07:21:fd:98:3e:d0:b6:fa:ff:e0:0b:e5:19:15:ba:
b2:3e:80:11:f0:f5:75:95:ac:1d:28:bd:3c:7e:f1:
1a:21:51:e4:2a:88:15:f5:0e:9c:e5:60:97:df:f3:
e3:65:36:4b:62:f7:b0:a6:f5:76:21:7f:9e:ad:54:
dd:3d:ea:84:1f:a7:19:dd:95:1d:ed:30:04:52:61:
11:ba:5b:a2:c9:e7:ae:fe:b2:af:57:9e:66:d8:c5:
e0:6e:2b:43:39:5c:d4:ea:02:4c:cb:34:dc:ca:e0:
ae:6a:3b:51:02:2e:8f:c7:b7:c9:95:53:81:21:a9:
b3:a8:1a:e9:4c:5a:a4:75:3a:22:1f:8f:7d:e6:96:
9f:a4:25:6a:46:bb:aa:16:32:97:99:3f:a3:ab:a6:
90:be:a6:87:ed:7d:7f:f9:28:5c:66:5e:f6:90:33:
b1:45:db:a9:5f:9c:64:17:f4:66:0a:0d:4c:12:08:
22:13:2c:77:bc:86:5c:d8:5a:fd:7c:31:02:68:f1:
5c:d3:ce:b3:b1:e6:c8:a0:a2:ce:54:45:8c:da:9b:
4b:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:29:30:06:D0:EB:A6:4F:D8:D3:86:02:6C:E6:13:F1:11:7E:9D:A8
X509v3 Authority Key Identifier:
keyid:85:5B:E7:4D:09:D9:B0:52:51:DA:D2:C9:69:67:93:C0:4B:40:F2:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hVvnTQnZsFJR2tLJaWeTwEtA8kE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/CikwBtDrpk_Y04YCbOYT8RF-nag.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/hVvnTQnZsFJR2tLJaWeTwEtA8kE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:7c6:abc::/48
2a12:7c6:affe::/48
2a12:7c6:c001::/48
2a12:7c6:d001::/48
2a12:7c6:e001::/48
Signature Algorithm: sha256WithRSAEncryption
30:44:08:a3:db:64:a6:47:3f:20:28:60:20:76:d8:4d:90:56:
0b:bd:cc:3e:dc:28:a3:6a:8e:af:21:b9:84:2d:a7:69:37:10:
28:3c:e7:9e:af:1c:61:4f:76:6f:26:30:b4:63:3f:2a:3c:a4:
ff:92:69:95:0b:4c:53:da:95:c1:f4:16:d1:46:e5:d6:40:a3:
e3:de:1e:51:1e:8b:18:4c:e0:26:8b:cd:c5:8f:bc:31:99:a8:
b6:9d:59:bd:bf:5b:33:d4:5f:33:e6:da:f8:d9:5d:02:a8:7e:
4c:c7:0e:84:c8:31:89:20:00:6c:b8:7b:85:6b:f3:6d:02:68:
bd:bc:f2:60:7a:9f:4b:bf:46:a2:41:a2:ae:a0:37:a2:0d:c2:
4c:81:71:5a:76:12:7e:ed:c0:5e:6a:73:59:45:5f:ad:ab:43:
34:b6:2c:a4:ef:ed:ae:c8:61:68:77:e8:42:41:61:9a:c7:f9:
77:e8:6a:5b:2f:02:3b:67:a0:88:7d:15:e5:4f:37:b5:1e:73:
dc:b3:49:eb:84:c4:2d:f8:07:3b:bb:a3:3f:79:1f:a3:cd:0b:
4b:df:77:4a:be:fd:9a:02:62:a3:dd:7d:6d:76:f9:d9:02:bc:
c1:15:ed:cb:15:73:8d:a3:97:c6:6d:8b:93:dd:f0:4f:16:4b:
b2:83:5d:b6
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZnJWOIw3NfSDIJI0oBqfFOjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NWJlNzRkMDlkOWIwNTI1MWRhZDJjOTY5Njc5M2MwNGI0
MGYyNDEwHhcNMjUxMDA5MTQyMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTI5MzAwNmQwZWJhNjRmZDhkMzg2MDI2Y2U2MTNmMTExN2U5ZGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DpZKBCmWqBwXRRGXojWnwvFAHtD
OguuY+Y61m86gXa7K6QHtTGwuQxRsKUHIf2YPtC2+v/gC+UZFbqyPoAR8PV1lawd
KL08fvEaIVHkKogV9Q6c5WCX3/PjZTZLYvewpvV2IX+erVTdPeqEH6cZ3ZUd7TAE
UmERuluiyeeu/rKvV55m2MXgbitDOVzU6gJMyzTcyuCuajtRAi6Px7fJlVOBIamz
qBrpTFqkdToiH4995pafpCVqRruqFjKXmT+jq6aQvqaH7X1/+ShcZl72kDOxRdup
X5xkF/RmCg1MEggiEyx3vIZc2Fr9fDECaPFc086zsebIoKLOVEWM2ptLEwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFAopMAbQ66ZP2NOGAmzmE/ERfp2oMB8GA1UdIwQY
MBaAFIVb500J2bBSUdrSyWlnk8BLQPJBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFZ2blRRblpzRkpSMnRMSmFXZVR3RXRBOGtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC80OGQwOTItYTc2Yy00YzI4LWI4NGIt
MzlhZDgwZjU0MmEwLzEvQ2lrd0J0RHJwa19ZMDRZQ2JPWVQ4UkYtbmFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC80OGQwOTItYTc2Yy00YzI4LWI4NGItMzlhZDgwZjU0MmEw
LzEvaFZ2blRRblpzRkpSMnRMSmFXZVR3RXRBOGtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAzBAIAAjAtAwcAKhIHxgq8
AwcAKhIHxq/+AwcAKhIHxsABAwcAKhIHxtABAwcAKhIHxuABMA0GCSqGSIb3DQEB
CwUAA4IBAQAwRAij22SmRz8gKGAgdthNkFYLvcw+3Cijao6vIbmELadpNxAoPOee
rxxhT3ZvJjC0Yz8qPKT/kmmVC0xT2pXB9BbRRuXWQKPj3h5RHosYTOAmi83Fj7wx
mai2nVm9v1sz1F8z5tr42V0CqH5Mxw6EyDGJIABsuHuFa/NtAmi9vPJgep9Lv0ai
QaKuoDeiDcJMgXFadhJ+7cBeanNZRV+tq0M0tiyk7+2uyGFod+hCQWGax/l36Gpb
LwI7Z6CIfRXlTze1HnPcs0nrhMQt+Ac7u6M/eR+jzQtL33dKvv2aAmKj3X1tdvnZ
ArzBFe3LFXONo5fGbYuT3fBPFkuyg122
-----END CERTIFICATE-----
Generated at Tue Oct 21 04:25:02 2025 by rpki-client