Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/QLSi2rt1O1JSB2xvplp7PlveXtg.roa
File: QLSi2rt1O1JSB2xvplp7PlveXtg.roa (raw, json)
Hash identifier: CJckh9U7g4k22Y1px/S9+LFwlSJ6Nh0bfkakMVUbycs=
Subject key identifier: 40:B4:A2:DA:BB:75:3B:52:52:07:6C:6F:A6:5A:7B:3E:5B:DE:5E:D8
Certificate issuer: /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial: 0199E4732FED3843A3D93242093CC4E2D21B
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/QLSi2rt1O1JSB2xvplp7PlveXtg.roa
Signing time: Tue 14 Oct 2025 20:39:38 +0000
ROA not before: Tue 14 Oct 2025 20:39:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205866
IP address blocks: 2a11:1540::/29 maxlen: 29
2a11:3441::/32 maxlen: 32
2a11:4a80::/29 maxlen: 29
2a11:8946::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e4:73:2f:ed:38:43:a3:d9:32:42:09:3c:c4:e2:d2:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Validity
Not Before: Oct 14 20:39:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=40b4a2dabb753b5252076c6fa65a7b3e5bde5ed8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:f4:6b:af:7e:fb:cf:e7:3b:09:77:8b:e3:7e:
ed:33:86:03:a7:a6:bd:bb:ab:b2:39:1c:55:76:64:
71:52:bd:b9:80:6e:41:57:eb:d1:eb:86:df:c3:a0:
83:2f:ca:7a:3f:b8:0b:f2:3f:d7:ad:fc:35:e8:5e:
57:7b:89:2d:80:f8:23:ac:54:62:57:05:16:71:32:
55:63:39:f9:a0:43:4e:55:15:41:be:06:f5:a6:db:
8c:c9:e1:42:37:e4:fc:e1:ab:9e:76:c9:31:93:b1:
b6:b2:fc:33:fa:fb:43:8f:20:f0:d6:c4:ae:d3:28:
c9:33:41:58:65:fd:d8:c6:88:16:a7:3b:32:d7:13:
45:97:72:54:45:87:54:90:92:64:c8:ef:1d:56:6a:
0c:d3:c2:7f:44:5a:3c:6d:7d:fd:41:72:4f:20:2b:
64:0c:10:6a:1e:88:48:91:76:b6:08:12:cb:bd:06:
bb:e4:92:9a:08:67:c0:dc:6b:11:bc:95:dd:af:5f:
83:d4:e8:26:39:0d:8d:fa:44:1e:eb:c7:4b:43:a3:
91:d1:de:9a:5d:5d:2c:e1:8d:a4:20:85:3a:dd:9f:
fe:62:7f:4e:d0:59:af:bd:98:a9:99:09:b7:66:8e:
f1:8b:ef:9b:23:7b:63:ec:dc:70:ae:c8:13:33:14:
cb:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:B4:A2:DA:BB:75:3B:52:52:07:6C:6F:A6:5A:7B:3E:5B:DE:5E:D8
X509v3 Authority Key Identifier:
keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/QLSi2rt1O1JSB2xvplp7PlveXtg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:1540::/29
2a11:3441::/32
2a11:4a80::/29
2a11:8946::/32
Signature Algorithm: sha256WithRSAEncryption
71:4b:1d:6c:27:96:b2:2f:fb:07:4e:7f:0c:e0:57:f4:4c:d6:
17:45:bd:c3:0b:fc:aa:0f:7c:7a:62:54:85:32:f4:b4:d3:ff:
84:63:42:95:55:ef:69:2c:b6:77:c4:b1:8d:f5:cb:09:d0:96:
da:be:02:cf:22:44:17:8f:d0:9c:95:70:ef:bb:68:a8:c7:26:
df:82:22:9f:70:f6:76:54:1e:36:48:c1:69:06:70:55:3e:7e:
2a:b2:2a:f0:bf:fb:f4:27:96:fa:e7:6c:19:60:b6:42:f7:8a:
ab:78:fb:b7:5d:c5:92:29:52:cd:eb:81:41:f6:87:08:37:0a:
cb:01:e6:e5:d4:91:59:54:68:0e:e3:3e:f8:a0:a7:fb:a5:8c:
56:8f:d1:e2:73:37:59:16:7d:7b:93:0a:31:5b:0f:7e:cf:ec:
dc:4c:26:88:05:fc:78:0e:06:86:bf:d3:79:03:60:6e:1e:46:
ce:5b:15:65:e0:b3:94:1f:d2:cc:cf:0d:ce:16:d4:66:46:fa:
89:2c:61:0c:5c:55:4e:d0:2b:71:09:44:29:94:20:fb:b6:31:
dd:f1:8f:3c:b2:95:0e:c9:37:74:a4:39:23:05:13:10:9a:ff:
d5:7e:02:76:0d:17:ff:bf:97:7f:4c:f4:c4:2b:b3:dc:2b:50:
a7:18:29:f2
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZnkcy/tOEOj2TJCCTzE4tIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUxMDE0MjAzOTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGI0YTJkYWJiNzUzYjUyNTIwNzZjNmZhNjVhN2IzZTViZGU1ZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfRrr377z+c7CXeL437tM4YDp6a9
u6uyORxVdmRxUr25gG5BV+vR64bfw6CDL8p6P7gL8j/Xrfw16F5Xe4ktgPgjrFRi
VwUWcTJVYzn5oENOVRVBvgb1ptuMyeFCN+T84auedskxk7G2svwz+vtDjyDw1sSu
0yjJM0FYZf3YxogWpzsy1xNFl3JURYdUkJJkyO8dVmoM08J/RFo8bX39QXJPICtk
DBBqHohIkXa2CBLLvQa75JKaCGfA3GsRvJXdr1+D1OgmOQ2N+kQe68dLQ6OR0d6a
XV0s4Y2kIIU63Z/+Yn9O0FmvvZipmQm3Zo7xi++bI3tj7NxwrsgTMxTLQQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFEC0otq7dTtSUgdsb6Zaez5b3l7YMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvUUxTaTJydDFPMUpTQjJ4dnBscDdQbHZlWHRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUDKhEVQAMF
ACoRNEEDBQMqEUqAAwUAKhGJRjANBgkqhkiG9w0BAQsFAAOCAQEAcUsdbCeWsi/7
B05/DOBX9EzWF0W9wwv8qg98emJUhTL0tNP/hGNClVXvaSy2d8SxjfXLCdCW2r4C
zyJEF4/QnJVw77toqMcm34Iin3D2dlQeNkjBaQZwVT5+KrIq8L/79CeW+udsGWC2
QveKq3j7t13FkilSzeuBQfaHCDcKywHm5dSRWVRoDuM++KCn+6WMVo/R4nM3WRZ9
e5MKMVsPfs/s3EwmiAX8eA4Ghr/TeQNgbh5GzlsVZeCzlB/SzM8NzhbUZkb6iSxh
DFxVTtArcQlEKZQg+7Yx3fGPPLKVDsk3dKQ5IwUTEJr/1X4Cdg0X/7+Xf0z0xCuz
3CtQpxgp8g==
-----END CERTIFICATE-----
Generated at Mon Oct 20 10:00:14 2025 by rpki-client