Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/iVFWKpRKrZrvXfyBPCiicWzEtLc.roa
File: iVFWKpRKrZrvXfyBPCiicWzEtLc.roa (raw, json)
Hash identifier: ySfsYFD8sJUIiFlWUtE2uw6TxmR7ZrKTk3Ot39sI2WQ=
Subject key identifier: 89:51:56:2A:94:4A:AD:9A:EF:5D:FC:81:3C:28:A2:71:6C:C4:B4:B7
Certificate issuer: /CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Certificate serial: 0199332F2BAABE4A5BA28E05013C34589CBB
Authority key identifier: 36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/iVFWKpRKrZrvXfyBPCiicWzEtLc.roa
Signing time: Wed 10 Sep 2025 10:32:33 +0000
ROA not before: Wed 10 Sep 2025 10:32:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12389
IP address blocks: 2a11:f840::/32 maxlen: 32
2a11:f841::/32 maxlen: 32
2a11:f842::/32 maxlen: 32
2a11:f843::/32 maxlen: 32
2a11:f844::/32 maxlen: 32
2a11:f845::/32 maxlen: 32
2a11:f846::/32 maxlen: 32
2a11:f847::/32 maxlen: 32
2a12:2d40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl
rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.mft
rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:33:2f:2b:aa:be:4a:5b:a2:8e:05:01:3c:34:58:9c:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Validity
Not Before: Sep 10 10:32:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8951562a944aad9aef5dfc813c28a2716cc4b4b7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:6b:6d:4f:6a:47:e6:5b:dd:ee:03:55:33:3d:
45:20:b1:82:19:c6:d3:24:f9:e9:69:84:77:0c:51:
cf:2d:6d:30:35:7b:11:b7:ec:39:d1:f8:87:1c:ac:
43:45:85:4c:5b:aa:8c:3f:50:90:ae:0e:ad:44:fc:
59:ea:72:78:64:5a:b0:90:49:ab:ba:78:d9:71:54:
1d:8f:93:6d:9a:9f:ed:1c:b5:00:a2:2c:7c:ab:bd:
fb:c1:41:dd:64:fa:c7:bd:cb:5d:81:f3:bd:9c:3c:
fe:c5:4c:c1:46:3f:b5:a3:d8:2c:cf:43:07:c0:82:
d9:f5:d7:d3:d4:f8:55:eb:7e:c2:c1:d7:56:ad:b1:
9b:54:f7:8d:a1:c6:ff:05:e9:82:98:10:c3:6e:ec:
e6:3e:1a:52:69:6e:d4:88:ab:1a:32:c0:61:d4:99:
d8:0e:53:3e:61:ef:b8:b1:43:fa:29:ef:fd:10:e0:
c4:66:8a:29:88:38:0d:4e:62:fe:98:1a:f4:15:64:
28:56:99:8e:da:eb:e7:39:e7:9b:0d:76:23:e2:39:
bf:3c:02:c1:07:43:29:fa:88:02:26:15:be:fb:9c:
52:7d:0f:f4:22:53:69:8a:1e:e8:fe:af:f6:99:4b:
bc:35:69:e6:c5:6a:a3:7d:d3:4a:f2:10:97:8e:97:
a8:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:51:56:2A:94:4A:AD:9A:EF:5D:FC:81:3C:28:A2:71:6C:C4:B4:B7
X509v3 Authority Key Identifier:
keyid:36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/iVFWKpRKrZrvXfyBPCiicWzEtLc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:f840::/29
2a12:2d40::/29
Signature Algorithm: sha256WithRSAEncryption
78:1f:43:3d:eb:9b:97:4e:1e:a4:0b:02:69:e5:50:5b:db:c5:
ca:26:72:98:b2:47:45:e2:d4:8b:eb:f6:16:9b:d2:a9:22:40:
3b:ec:0a:d0:b8:7c:9c:38:f8:ae:de:db:ee:8b:3d:de:d7:88:
32:6f:bf:46:5d:20:4b:c7:56:50:38:41:2d:74:a3:d1:36:89:
4f:01:ec:bd:ae:3d:62:44:76:40:da:e0:1f:d6:bd:2c:68:49:
d4:8d:e7:7e:d2:db:e6:5b:5b:b2:86:de:1a:2e:2a:5a:b3:d0:
1e:b3:0a:10:8d:d0:8e:62:15:a7:1d:42:ea:28:b1:ed:61:60:
f4:ff:9e:0f:64:10:01:b5:6d:24:3b:f5:f5:76:ac:b7:a0:4b:
c9:a0:56:c6:28:d9:ab:7e:87:83:94:9b:ef:23:ca:82:3d:27:
73:10:7c:95:19:e9:32:d3:d7:86:83:a0:0d:72:ec:ee:29:a6:
b5:a7:84:24:f0:35:e9:87:bd:09:23:59:b0:8b:1d:24:36:e0:
01:1b:dd:77:c7:39:48:c7:2e:44:db:50:b5:57:d5:86:a3:47:
62:a8:b7:ce:29:59:5b:ab:79:b6:f8:72:f9:1a:bb:5e:e4:ff:
7d:79:12:ed:a1:04:de:fa:d7:8d:05:f4:1b:58:21:21:d4:36:
d0:de:f9:c6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZkzLyuqvkpboo4FATw0WJy7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Mzc2OWY4NjQ0YTVhNzE4YWU2MmIwNThkZDFmYjYyY2I1
YTNjMjAwHhcNMjUwOTEwMTAzMjMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTUxNTYyYTk0NGFhZDlhZWY1ZGZjODEzYzI4YTI3MTZjYzRiNGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWttT2pH5lvd7gNVMz1FILGCGcbT
JPnpaYR3DFHPLW0wNXsRt+w50fiHHKxDRYVMW6qMP1CQrg6tRPxZ6nJ4ZFqwkEmr
unjZcVQdj5Ntmp/tHLUAoix8q737wUHdZPrHvctdgfO9nDz+xUzBRj+1o9gsz0MH
wILZ9dfT1PhV637CwddWrbGbVPeNocb/BemCmBDDbuzmPhpSaW7UiKsaMsBh1JnY
DlM+Ye+4sUP6Ke/9EODEZoopiDgNTmL+mBr0FWQoVpmO2uvnOeebDXYj4jm/PALB
B0Mp+ogCJhW++5xSfQ/0IlNpih7o/q/2mUu8NWnmxWqjfdNK8hCXjpeo7wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIlRViqUSq2a7138gTwoonFsxLS3MB8GA1UdIwQY
MBaAFDY3afhkSlpxiuYrBY3R+2LLWjwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYt
Mzk5ZmM5NjkzYjIyLzEvaVZGV0twUktyWnJ2WGZ5QlBDaWljV3pFdExjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYtMzk5ZmM5NjkzYjIy
LzEvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhH4QAMF
AyoSLUAwDQYJKoZIhvcNAQELBQADggEBAHgfQz3rm5dOHqQLAmnlUFvbxcomcpiy
R0Xi1Ivr9hab0qkiQDvsCtC4fJw4+K7e2+6LPd7XiDJvv0ZdIEvHVlA4QS10o9E2
iU8B7L2uPWJEdkDa4B/WvSxoSdSN537S2+ZbW7KG3houKlqz0B6zChCN0I5iFacd
Quoose1hYPT/ng9kEAG1bSQ79fV2rLegS8mgVsYo2at+h4OUm+8jyoI9J3MQfJUZ
6TLT14aDoA1y7O4pprWnhCTwNemHvQkjWbCLHSQ24AEb3XfHOUjHLkTbULVX1Yaj
R2Kot84pWVurebb4cvkau17k/315Eu2hBN76140F9BtYISHUNtDe+cY=
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:59:32 2025 by rpki-client