Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/SGqR7-NUvAEVogscY-CAK6J21KE.roa
File: SGqR7-NUvAEVogscY-CAK6J21KE.roa (raw, json)
Hash identifier: X2CmxDVUZVVa0JFYlts3SwBBYG/8wgKZntgve8jmpjc=
Subject key identifier: 48:6A:91:EF:E3:54:BC:01:15:A2:0B:1C:63:E0:80:2B:A2:76:D4:A1
Certificate issuer: /CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
Certificate serial: 0198D34F4507D87C6145C788ED47AEAF07EC
Authority key identifier: BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/SGqR7-NUvAEVogscY-CAK6J21KE.roa
Signing time: Fri 22 Aug 2025 19:44:04 +0000
ROA not before: Fri 22 Aug 2025 19:44:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205828
IP address blocks: 2a09:a507::/32 maxlen: 32
2a0d:fcc7::/32 maxlen: 32
2a12:38c7::/32 maxlen: 32
2a12:39c1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl
rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.mft
rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 13:02:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:d3:4f:45:07:d8:7c:61:45:c7:88:ed:47:ae:af:07:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
Validity
Not Before: Aug 22 19:44:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=486a91efe354bc0115a20b1c63e0802ba276d4a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:5e:52:07:1c:36:fc:fb:24:fb:7a:0c:10:85:
28:85:67:0d:d3:68:07:3b:f0:9a:11:17:43:4a:6d:
3b:ce:20:fb:cf:87:40:ac:82:32:83:4c:45:77:1c:
a8:28:d6:3c:0f:54:f1:e4:70:fc:d7:43:56:f7:23:
b8:31:d6:92:6c:9d:98:86:e8:36:11:79:87:a6:24:
8c:67:2e:09:30:a6:da:fd:11:57:31:d6:ce:db:ef:
da:29:c0:3a:94:1d:37:a4:c4:a8:ff:6b:ba:3b:eb:
01:94:a9:7a:8c:e4:6b:c5:ea:80:b4:7f:30:a7:f5:
3c:0d:fa:2a:7b:93:b4:fe:45:07:eb:bb:24:31:b0:
c1:a1:f8:73:41:89:aa:42:09:07:b4:99:a5:2c:6b:
40:48:fd:23:58:94:3a:92:0f:0f:65:15:0e:27:36:
67:15:f1:df:c4:bf:79:dd:4b:3f:4f:32:3c:c7:e2:
3f:52:9e:1c:31:c6:e8:fe:4d:21:06:22:95:2c:82:
d5:66:25:f2:c9:21:87:2d:0f:b1:b2:80:bf:0e:e5:
eb:39:dc:6e:0f:08:1b:83:f0:3f:cb:5e:41:df:4b:
45:08:aa:93:bb:d5:4d:81:78:ca:ba:70:96:49:aa:
b6:7f:5f:18:ca:74:f5:f2:72:4b:c0:9c:50:88:c1:
c5:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:6A:91:EF:E3:54:BC:01:15:A2:0B:1C:63:E0:80:2B:A2:76:D4:A1
X509v3 Authority Key Identifier:
keyid:BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/SGqR7-NUvAEVogscY-CAK6J21KE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:a507::/32
2a0d:fcc7::/32
2a12:38c7::/32
2a12:39c1::/32
Signature Algorithm: sha256WithRSAEncryption
a4:eb:df:88:0f:36:0c:5d:3d:47:3d:85:da:66:e3:0c:63:eb:
b6:73:ba:2c:73:02:c0:ed:30:5d:52:16:07:61:40:39:aa:ba:
67:b6:f2:8f:b6:77:48:87:30:a7:10:e5:5b:36:d1:68:c3:1a:
d2:66:c3:70:3a:5e:a8:06:68:8f:af:37:ce:6a:9f:72:2e:30:
d8:d3:ba:ba:75:c2:0a:51:ef:c5:8a:94:73:3f:38:9d:9d:6a:
75:a2:8f:29:2c:52:09:9d:14:c5:d8:80:ba:2d:fd:3e:fd:c2:
47:c6:cb:41:61:7d:7d:5b:52:0a:93:62:92:75:d2:bf:56:c0:
d4:4d:9b:70:60:d3:45:36:d1:33:53:50:16:1f:9c:03:25:77:
5f:a9:20:93:0d:98:88:cc:49:1c:25:c8:cc:0a:4d:a6:a6:86:
a8:bf:d5:51:46:c1:bb:12:e7:7c:0b:62:ad:d3:02:81:c0:ec:
93:5b:90:10:83:a8:74:95:9a:2f:3d:48:59:40:e3:31:c9:20:
6b:8e:83:0f:42:13:d6:4c:27:10:4d:0e:93:15:18:db:82:79:
02:df:c6:60:62:25:0d:8e:fe:a5:ea:ba:f3:b0:0c:99:f3:27:
2e:1e:93:55:57:03:65:12:a6:80:5f:ac:0c:29:e7:41:3d:45:
ac:7d:b0:04
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZjTT0UH2HxhRceI7UeurwfsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYTBmMjU4ZWVmNGIyYmY0YmJhYTg0MzBjMWU1OGNhOGMx
ODhlYTcwHhcNMjUwODIyMTk0NDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODZhOTFlZmUzNTRiYzAxMTVhMjBiMWM2M2UwODAyYmEyNzZkNGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApV5SBxw2/Psk+3oMEIUohWcN02gH
O/CaERdDSm07ziD7z4dArIIyg0xFdxyoKNY8D1Tx5HD810NW9yO4MdaSbJ2Yhug2
EXmHpiSMZy4JMKba/RFXMdbO2+/aKcA6lB03pMSo/2u6O+sBlKl6jORrxeqAtH8w
p/U8Dfoqe5O0/kUH67skMbDBofhzQYmqQgkHtJmlLGtASP0jWJQ6kg8PZRUOJzZn
FfHfxL953Us/TzI8x+I/Up4cMcbo/k0hBiKVLILVZiXyySGHLQ+xsoC/DuXrOdxu
Dwgbg/A/y15B30tFCKqTu9VNgXjKunCWSaq2f18YynT18nJLwJxQiMHFEwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFEhqke/jVLwBFaILHGPggCuidtShMB8GA1UdIwQY
MBaAFLqg8lju9LK/S7qoQwweWMqMGI6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEt
ZTU3NjhkNmIxODJjLzEvU0dxUjctTlV2QUVWb2dzY1ktQ0FLNkoyMUtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEtZTU3NjhkNmIxODJj
LzEvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUAKgmlBwMF
ACoN/McDBQAqEjjHAwUAKhI5wTANBgkqhkiG9w0BAQsFAAOCAQEApOvfiA82DF09
Rz2F2mbjDGPrtnO6LHMCwO0wXVIWB2FAOaq6Z7byj7Z3SIcwpxDlWzbRaMMa0mbD
cDpeqAZoj683zmqfci4w2NO6unXCClHvxYqUcz84nZ1qdaKPKSxSCZ0UxdiAui39
Pv3CR8bLQWF9fVtSCpNiknXSv1bA1E2bcGDTRTbRM1NQFh+cAyV3X6kgkw2YiMxJ
HCXIzApNpqaGqL/VUUbBuxLnfAtirdMCgcDsk1uQEIOodJWaLz1IWUDjMckga46D
D0IT1kwnEE0OkxUY24J5At/GYGIlDY7+peq687AMmfMnLh6TVVcDZRKmgF+sDCnn
QT1FrH2wBA==
-----END CERTIFICATE-----
Generated at Sat Aug 23 20:21:41 2025 by rpki-client