Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/PzNxqQdkgSpGYxNc-jAx_r3OQ5w.roa
File: PzNxqQdkgSpGYxNc-jAx_r3OQ5w.roa (raw, json)
Hash identifier: TE0cVIygdHu8nD6ddQO4pl85tRSyEis9fR0YP4iCrQg=
Subject key identifier: 3F:33:71:A9:07:64:81:2A:46:63:13:5C:FA:30:31:FE:BD:CE:43:9C
Certificate issuer: /CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
Certificate serial: 01987F66F35D48870DB7D5E19F9BC444CC9F
Authority key identifier: BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/PzNxqQdkgSpGYxNc-jAx_r3OQ5w.roa
Signing time: Wed 06 Aug 2025 12:41:50 +0000
ROA not before: Wed 06 Aug 2025 12:41:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213861
IP address blocks: 2a09:a207::/32 maxlen: 32
2a09:a501::/32 maxlen: 32
2a09:a503::/32 maxlen: 32
2a0d:fcc4::/32 maxlen: 32
2a14:a401::/32 maxlen: 32
2a14:a406::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl
rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.mft
rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 13:02:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:7f:66:f3:5d:48:87:0d:b7:d5:e1:9f:9b:c4:44:cc:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
Validity
Not Before: Aug 6 12:41:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3f3371a90764812a4663135cfa3031febdce439c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:e9:ec:28:bd:dc:da:a8:e3:17:c0:a3:d5:bf:
67:d8:8a:2f:90:df:ea:61:d1:65:5c:b3:75:8c:26:
56:32:ed:2a:ba:c7:c3:a4:c5:9e:a8:be:3c:47:e6:
c3:c9:b0:73:85:da:34:c6:cc:33:ba:60:a0:5b:20:
a8:3e:ef:26:96:43:48:cd:14:31:b3:bb:b4:c0:7a:
2b:04:81:80:eb:f2:8d:4f:0d:0e:2f:6f:83:27:d4:
d1:08:d8:48:6a:69:d3:cf:42:c5:fb:39:77:10:2e:
08:e7:8c:c6:51:de:2e:87:d2:88:70:15:cb:fe:dc:
0b:df:69:4b:2a:13:2f:29:05:fe:8e:c2:a6:84:67:
09:c0:9c:b1:cb:53:86:cf:f5:a5:6e:fb:cd:f1:6a:
91:6c:28:f6:ba:33:69:6c:24:a6:ab:0e:8b:90:79:
38:03:16:de:f2:b2:5a:24:24:fc:01:92:f3:c3:41:
14:f6:e1:2a:1a:16:e8:13:10:a7:fc:9d:04:3a:d4:
00:7a:a0:b4:2d:47:4e:7e:aa:eb:f1:b9:1e:32:02:
39:e8:c1:ed:e1:52:8a:f2:c5:c8:66:ad:db:64:6e:
fa:eb:9b:61:fd:7d:99:96:6d:02:08:c4:e3:5b:5f:
50:ef:fe:29:3a:9d:73:53:44:90:5e:ba:dd:68:72:
0e:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:33:71:A9:07:64:81:2A:46:63:13:5C:FA:30:31:FE:BD:CE:43:9C
X509v3 Authority Key Identifier:
keyid:BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/PzNxqQdkgSpGYxNc-jAx_r3OQ5w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:a207::/32
2a09:a501::/32
2a09:a503::/32
2a0d:fcc4::/32
2a14:a401::/32
2a14:a406::/32
Signature Algorithm: sha256WithRSAEncryption
27:f3:2f:ae:de:24:70:32:bd:cd:a1:fd:b2:8b:20:33:c7:74:
13:07:12:89:80:e1:a0:b0:4a:3e:27:40:2d:8e:57:9c:76:36:
0a:d7:50:eb:41:b3:0d:57:cc:04:ea:76:31:fd:a7:64:f2:e8:
29:94:1f:bb:2b:56:0f:48:69:65:2a:6e:48:48:f7:0d:98:76:
35:d3:b9:df:d8:01:cb:3c:e7:2a:6a:7c:7e:01:17:ce:0d:e1:
f8:89:ee:35:e5:09:74:66:fa:e2:27:3b:21:49:af:1c:18:d7:
f7:77:a1:14:86:fc:66:70:f5:e2:b5:2f:56:ec:b8:fa:77:7b:
4d:84:05:4a:a4:ee:92:bf:5f:6e:3a:9a:7e:a6:b7:aa:e2:bc:
f6:f2:8e:a1:52:91:b3:b7:25:62:fb:ec:13:66:33:30:0b:c3:
f0:6e:42:fe:3a:6d:3b:48:05:1e:03:e9:55:48:bb:5a:9b:67:
a6:9f:5c:a0:3b:97:8e:04:77:a4:de:23:30:ae:e2:1b:44:1c:
dc:df:88:8a:f0:15:a7:73:fe:69:0d:08:65:e0:ce:cb:bb:e9:
4e:00:cd:07:3d:96:da:50:6b:f2:33:25:43:87:30:a8:6f:27:
3a:74:4d:b1:e0:e6:aa:e5:8b:d5:62:5c:c4:67:46:23:86:72:
d6:15:95:c8
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZh/ZvNdSIcNt9Xhn5vERMyfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYTBmMjU4ZWVmNGIyYmY0YmJhYTg0MzBjMWU1OGNhOGMx
ODhlYTcwHhcNMjUwODA2MTI0MTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjMzNzFhOTA3NjQ4MTJhNDY2MzEzNWNmYTMwMzFmZWJkY2U0MzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuensKL3c2qjjF8Cj1b9n2IovkN/q
YdFlXLN1jCZWMu0qusfDpMWeqL48R+bDybBzhdo0xswzumCgWyCoPu8mlkNIzRQx
s7u0wHorBIGA6/KNTw0OL2+DJ9TRCNhIamnTz0LF+zl3EC4I54zGUd4uh9KIcBXL
/twL32lLKhMvKQX+jsKmhGcJwJyxy1OGz/WlbvvN8WqRbCj2ujNpbCSmqw6LkHk4
Axbe8rJaJCT8AZLzw0EU9uEqGhboExCn/J0EOtQAeqC0LUdOfqrr8bkeMgI56MHt
4VKK8sXIZq3bZG7665th/X2Zlm0CCMTjW19Q7/4pOp1zU0SQXrrdaHIOSQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFD8zcakHZIEqRmMTXPowMf69zkOcMB8GA1UdIwQY
MBaAFLqg8lju9LK/S7qoQwweWMqMGI6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEt
ZTU3NjhkNmIxODJjLzEvUHpOeHFRZGtnU3BHWXhOYy1qQXhfcjNPUTV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEtZTU3NjhkNmIxODJj
LzEvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAAjAqAwUAKgmiBwMF
ACoJpQEDBQAqCaUDAwUAKg38xAMFACoUpAEDBQAqFKQGMA0GCSqGSIb3DQEBCwUA
A4IBAQAn8y+u3iRwMr3Nof2yiyAzx3QTBxKJgOGgsEo+J0AtjlecdjYK11DrQbMN
V8wE6nYx/adk8ugplB+7K1YPSGllKm5ISPcNmHY107nf2AHLPOcqanx+ARfODeH4
ie415Ql0ZvriJzshSa8cGNf3d6EUhvxmcPXitS9W7Lj6d3tNhAVKpO6Sv19uOpp+
preq4rz28o6hUpGztyVi++wTZjMwC8PwbkL+Om07SAUeA+lVSLtam2emn1ygO5eO
BHek3iMwruIbRBzc34iK8BWnc/5pDQhl4M7Lu+lOAM0HPZbaUGvyMyVDhzCobyc6
dE2x4Oaq5YvVYlzEZ0YjhnLWFZXI
-----END CERTIFICATE-----
Generated at Sat Aug 23 20:22:00 2025 by rpki-client