Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tKbX8fWjftiRUNat60aQP9MW5H4.roa
File: tKbX8fWjftiRUNat60aQP9MW5H4.roa (raw, json)
Hash identifier: mt+rxTSzVvAF0FiEBR5IAD7zdsWGQWGGN40qpzJs+1A=
Subject key identifier: B4:A6:D7:F1:F5:A3:7E:D8:91:50:D6:AD:EB:46:90:3F:D3:16:E4:7E
Certificate issuer: /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial: 01999F954375BCC9F035664CDAC2C89ACC47
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tKbX8fWjftiRUNat60aQP9MW5H4.roa
Signing time: Wed 01 Oct 2025 11:43:03 +0000
ROA not before: Wed 01 Oct 2025 11:43:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214243
IP address blocks: 2a06:de00:7f1::/48 maxlen: 48
2a0e:97c0:471::/48 maxlen: 48
2a0e:97c0:4c0::/44 maxlen: 48
2a0e:97c0:4c1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:01:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:9f:95:43:75:bc:c9:f0:35:66:4c:da:c2:c8:9a:cc:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Validity
Not Before: Oct 1 11:43:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b4a6d7f1f5a37ed89150d6adeb46903fd316e47e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:1b:fb:e0:8a:58:a2:13:a4:cc:50:62:5d:1e:
95:d5:15:39:75:b4:b2:f4:27:c5:81:b3:b2:63:a6:
6e:97:aa:f7:18:e1:86:3c:f2:00:24:80:3d:20:7f:
9b:bd:6c:25:3c:65:2f:8c:35:16:51:33:6e:c9:26:
67:6a:7d:a4:85:d0:95:d7:6c:30:18:31:3d:b7:86:
ad:69:49:8e:fe:8b:f8:6c:52:41:2b:68:ef:d7:49:
f5:15:74:c9:6b:22:75:ed:d8:c0:39:ec:d2:bb:44:
9c:b5:b6:23:21:f8:a6:d2:5d:4d:f6:53:77:97:ae:
a6:be:90:37:d4:8b:bb:f5:17:43:55:9f:92:21:da:
e8:e6:c4:df:03:ca:b9:d2:7e:8d:44:4d:9a:16:91:
c0:65:f5:63:d0:a8:e2:05:a3:6c:dc:db:fc:ad:87:
8b:6d:08:91:b6:89:ec:4d:e5:82:cf:9d:1d:31:e5:
65:d7:e6:5e:2c:a2:a7:7a:27:97:c3:d5:c5:1d:36:
df:02:0e:a8:88:48:ff:a2:98:43:11:35:5c:58:36:
5b:0b:fa:16:7e:73:3a:b1:c1:07:db:0c:6e:81:d6:
8c:5a:fb:f5:53:67:7c:22:b3:d1:22:9f:c3:59:c4:
76:7c:dc:91:70:9d:d0:e3:f9:22:94:21:96:ff:23:
64:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:A6:D7:F1:F5:A3:7E:D8:91:50:D6:AD:EB:46:90:3F:D3:16:E4:7E
X509v3 Authority Key Identifier:
keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tKbX8fWjftiRUNat60aQP9MW5H4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a06:de00:7f1::/48
2a0e:97c0:471::/48
2a0e:97c0:4c0::/44
Signature Algorithm: sha256WithRSAEncryption
21:40:59:e3:56:8b:9a:67:aa:fa:a1:e0:ab:74:aa:ba:ba:db:
60:a3:f3:43:9c:5e:35:32:b0:4a:2a:f4:71:65:6f:76:b6:01:
40:87:d7:e2:7d:a5:45:c8:b8:c9:e1:ba:bf:78:be:47:9f:67:
e4:e4:d2:8c:1a:58:28:35:7a:bf:76:f7:c3:da:89:e5:60:8d:
c5:46:f2:97:c2:28:1f:e5:a1:26:55:ea:d3:d5:9e:4b:d8:f1:
f6:9d:2e:22:1d:de:1b:f0:8d:65:3f:a7:73:fc:c2:65:a2:0f:
8b:3c:67:80:e3:1f:e4:9f:fe:e7:65:db:d3:57:2e:33:3a:41:
68:5b:95:49:cc:ed:65:cb:cf:85:39:20:81:5c:91:8d:ee:c2:
08:2b:b2:a9:c3:cf:bd:26:0f:85:99:f2:c8:ba:18:f0:23:43:
e8:4a:31:a8:f3:19:91:aa:ad:f4:34:23:55:2d:e8:4b:82:d6:
88:6c:3d:5f:6c:4f:9a:df:72:ac:4f:0d:53:0c:a4:ff:9f:13:
0e:62:c9:7f:42:14:bc:30:31:8d:35:64:bf:2e:65:99:a7:d0:
cf:94:0a:10:fc:2b:94:d2:12:fa:c2:13:1c:81:00:df:74:39:
df:58:ed:57:20:b1:a3:97:2e:47:17:ca:a7:b8:31:2e:56:5a:
2b:9e:c6:5d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZmflUN1vMnwNWZM2sLImsxHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUxMDAxMTE0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGE2ZDdmMWY1YTM3ZWQ4OTE1MGQ2YWRlYjQ2OTAzZmQzMTZlNDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRv74IpYohOkzFBiXR6V1RU5dbSy
9CfFgbOyY6Zul6r3GOGGPPIAJIA9IH+bvWwlPGUvjDUWUTNuySZnan2khdCV12ww
GDE9t4ataUmO/ov4bFJBK2jv10n1FXTJayJ17djAOezSu0SctbYjIfim0l1N9lN3
l66mvpA31Iu79RdDVZ+SIdro5sTfA8q50n6NRE2aFpHAZfVj0KjiBaNs3Nv8rYeL
bQiRtonsTeWCz50dMeVl1+ZeLKKneieXw9XFHTbfAg6oiEj/ophDETVcWDZbC/oW
fnM6scEH2wxugdaMWvv1U2d8IrPRIp/DWcR2fNyRcJ3Q4/kilCGW/yNkYwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLSm1/H1o37YkVDWretGkD/TFuR+MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdEtiWDhmV2pmdGlSVU5hdDYwYVFQOU1XNUg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKgbeAAfx
AwcAKg6XwARxAwcEKg6XwATAMA0GCSqGSIb3DQEBCwUAA4IBAQAhQFnjVouaZ6r6
oeCrdKq6uttgo/NDnF41MrBKKvRxZW92tgFAh9fifaVFyLjJ4bq/eL5Hn2fk5NKM
GlgoNXq/dvfD2onlYI3FRvKXwigf5aEmVerT1Z5L2PH2nS4iHd4b8I1lP6dz/MJl
og+LPGeA4x/kn/7nZdvTVy4zOkFoW5VJzO1ly8+FOSCBXJGN7sIIK7Kpw8+9Jg+F
mfLIuhjwI0PoSjGo8xmRqq30NCNVLehLgtaIbD1fbE+a33KsTw1TDKT/nxMOYsl/
QhS8MDGNNWS/LmWZp9DPlAoQ/CuU0hL6whMcgQDfdDnfWO1XILGjly5HF8qnuDEu
VlornsZd
-----END CERTIFICATE-----
Generated at Sun Oct 19 18:34:11 2025 by rpki-client