Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/jDjNyFwAapaWNqqE1KH036qPjhc.roa
File: jDjNyFwAapaWNqqE1KH036qPjhc.roa (raw, json)
Hash identifier: Si6XelwLC+fA9YMEMfyBKiOqZ8i7VcTCq0MWUBgH77I=
Subject key identifier: 8C:38:CD:C8:5C:00:6A:96:96:36:AA:84:D4:A1:F4:DF:AA:8F:8E:17
Certificate issuer: /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial: 0199E4741A824824F7A4AEBF333B0563CD6C
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/jDjNyFwAapaWNqqE1KH036qPjhc.roa
Signing time: Tue 14 Oct 2025 20:40:38 +0000
ROA not before: Tue 14 Oct 2025 20:40:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215290
IP address blocks: 2a04:fa00::/29 maxlen: 29
2a11:3447::/32 maxlen: 32
2a11:3fc0::/29 maxlen: 29
2a12:2ec0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 12:40:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e4:74:1a:82:48:24:f7:a4:ae:bf:33:3b:05:63:cd:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Validity
Not Before: Oct 14 20:40:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8c38cdc85c006a969636aa84d4a1f4dfaa8f8e17
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:b1:05:66:2c:2c:49:2c:69:90:b8:fb:92:2a:
7b:af:bd:e8:65:8f:04:c8:9e:10:ab:6c:f7:af:1c:
f4:f6:2d:20:d5:62:92:71:9c:ba:b7:42:11:53:2d:
7c:74:9a:4e:b8:f2:d2:a6:55:c8:77:57:f9:99:7e:
f5:ff:be:c8:b2:b3:23:91:d7:5b:4a:53:16:e4:dc:
0c:0c:1f:e9:c5:0d:3c:0c:bc:3b:2f:f6:86:d6:65:
a8:d9:0d:5f:b2:d4:58:fb:b9:2c:6f:15:29:2e:a4:
43:29:bb:21:07:7d:45:07:c7:63:d8:61:28:d0:b4:
7c:30:bc:36:a1:8c:74:9d:ad:94:85:f1:8a:d2:37:
b0:54:cb:12:31:a1:81:2c:75:1b:bb:7d:df:d6:ea:
f0:76:c1:54:7d:95:c9:58:f0:d9:e0:bd:26:72:6b:
23:57:f5:64:58:ab:a7:ad:a0:36:78:bc:ea:4a:a3:
c2:13:25:31:bf:e3:91:0d:3c:6a:1b:c7:ca:06:21:
98:cb:3a:ab:31:44:52:90:8a:c7:8a:9d:cd:ec:0e:
72:d4:a2:93:9e:a6:f9:22:18:dd:cd:2e:d6:fa:de:
92:3f:6c:a5:d1:95:6c:c0:8e:ca:df:8e:eb:0b:6f:
06:87:58:b6:83:3f:67:0a:12:3e:a7:c2:fe:aa:1f:
40:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:38:CD:C8:5C:00:6A:96:96:36:AA:84:D4:A1:F4:DF:AA:8F:8E:17
X509v3 Authority Key Identifier:
keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/jDjNyFwAapaWNqqE1KH036qPjhc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a04:fa00::/29
2a11:3447::/32
2a11:3fc0::/29
2a12:2ec0::/29
Signature Algorithm: sha256WithRSAEncryption
8a:15:5b:dd:ec:81:83:c9:10:a4:e4:23:2b:2a:cd:d7:eb:ba:
33:43:2e:8f:35:af:65:d3:6b:b1:36:b8:69:03:f6:0b:0b:56:
f7:e9:71:13:45:c5:e8:05:49:47:ed:d8:9e:86:94:2a:20:5c:
e5:b0:b4:ec:9b:32:1d:b5:af:d2:b3:5d:73:1f:be:a7:3a:4e:
40:d3:33:b5:42:45:70:04:8f:b3:92:74:9c:a5:8e:35:00:bc:
00:58:c2:7f:cd:11:a1:ec:69:44:34:31:37:40:db:90:7c:1d:
ed:19:a2:a5:22:06:66:7e:54:2c:c8:65:f1:64:b1:3a:f2:0e:
f9:76:bf:e6:dd:5c:07:ff:41:8f:f5:76:30:81:12:54:07:16:
1b:06:1c:7e:8d:a6:58:8d:e3:16:0f:f0:f9:23:db:8e:f3:8e:
2f:73:f4:93:47:2e:c6:da:c7:2b:89:bb:4c:ea:e2:a4:12:f7:
6f:10:10:ce:37:da:0d:e4:44:79:91:f5:f3:11:de:1a:4b:11:
a1:7f:fb:8b:a9:96:35:da:6e:fe:54:38:fe:1b:4a:37:aa:00:
9d:cd:d7:aa:a4:54:2f:6d:12:85:8a:b1:81:ef:30:d1:3e:c6:
c4:72:38:37:bb:d6:fa:3e:91:62:d1:b7:84:7f:22:4e:70:28:
89:54:86:fd
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZnkdBqCSCT3pK6/MzsFY81sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUxMDE0MjA0MDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzM4Y2RjODVjMDA2YTk2OTYzNmFhODRkNGExZjRkZmFhOGY4ZTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbEFZiwsSSxpkLj7kip7r73oZY8E
yJ4Qq2z3rxz09i0g1WKScZy6t0IRUy18dJpOuPLSplXId1f5mX71/77IsrMjkddb
SlMW5NwMDB/pxQ08DLw7L/aG1mWo2Q1fstRY+7ksbxUpLqRDKbshB31FB8dj2GEo
0LR8MLw2oYx0na2UhfGK0jewVMsSMaGBLHUbu33f1urwdsFUfZXJWPDZ4L0mcmsj
V/VkWKunraA2eLzqSqPCEyUxv+ORDTxqG8fKBiGYyzqrMURSkIrHip3N7A5y1KKT
nqb5IhjdzS7W+t6SP2yl0ZVswI7K347rC28Gh1i2gz9nChI+p8L+qh9AXwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFIw4zchcAGqWljaqhNSh9N+qj44XMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvakRqTnlGd0FhcGFXTnFxRTFLSDAzNnFQamhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUDKgT6AAMF
ACoRNEcDBQMqET/AAwUDKhIuwDANBgkqhkiG9w0BAQsFAAOCAQEAihVb3eyBg8kQ
pOQjKyrN1+u6M0MujzWvZdNrsTa4aQP2CwtW9+lxE0XF6AVJR+3YnoaUKiBc5bC0
7JsyHbWv0rNdcx++pzpOQNMztUJFcASPs5J0nKWONQC8AFjCf80RoexpRDQxN0Db
kHwd7RmipSIGZn5ULMhl8WSxOvIO+Xa/5t1cB/9Bj/V2MIESVAcWGwYcfo2mWI3j
Fg/w+SPbjvOOL3P0k0cuxtrHK4m7TOripBL3bxAQzjfaDeREeZH18xHeGksRoX/7
i6mWNdpu/lQ4/htKN6oAnc3XqqRUL20ShYqxge8w0T7GxHI4N7vW+j6RYtG3hH8i
TnAoiVSG/Q==
-----END CERTIFICATE-----
Generated at Mon Oct 20 15:18:21 2025 by rpki-client