Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/ly_AxUwwGayHz1D1tXiXd6I2K-o.roa
File: ly_AxUwwGayHz1D1tXiXd6I2K-o.roa (raw, json)
Hash identifier: stdA2q0pp81tad1unWJbT9WVVFHdWvlWDO33rK55EMo=
Subject key identifier: 97:2F:C0:C5:4C:30:19:AC:87:CF:50:F5:B5:78:97:77:A2:36:2B:EA
Certificate issuer: /CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Certificate serial: 01996217146F52243BA7BE080FDC3E052600
Authority key identifier: 2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/ly_AxUwwGayHz1D1tXiXd6I2K-o.roa
Signing time: Fri 19 Sep 2025 13:08:23 +0000
ROA not before: Fri 19 Sep 2025 13:08:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 30788
IP address blocks: 2a07:d940::/29 maxlen: 29
2a0a:f8c0::/29 maxlen: 29
2a0b:2a80::/29 maxlen: 29
2a0c:7b80::/32 maxlen: 32
2a0f:a380::/29 maxlen: 29
2a11:52c0::/29 maxlen: 29
2a11:8d80::/29 maxlen: 29
2a12:5640::/29 maxlen: 29
2a12:e580::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.mft
rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:62:17:14:6f:52:24:3b:a7:be:08:0f:dc:3e:05:26:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Validity
Not Before: Sep 19 13:08:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=972fc0c54c3019ac87cf50f5b5789777a2362bea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:18:89:96:7e:71:55:a6:e7:97:9b:43:f7:e3:
44:fc:9c:ce:c4:1e:7d:f7:7e:fc:36:e5:06:11:cf:
25:ae:6e:c5:f8:4d:b0:fb:ab:83:f4:0d:c2:d6:a0:
a1:ac:cc:08:c2:62:95:f6:0a:df:7d:9d:36:8a:ed:
67:78:96:89:2e:2d:21:a7:70:ed:dc:88:e5:f7:a0:
e3:bb:74:a8:69:9f:65:64:4f:77:7d:cd:49:34:e1:
ad:8a:de:32:a3:5d:5f:35:5b:b9:38:27:41:74:ee:
2a:f2:33:f5:d3:d3:7b:da:27:19:13:6e:01:5c:a8:
40:d3:9b:f0:44:1f:ea:8f:e7:36:85:f8:51:38:0f:
e7:fb:0c:32:ed:ed:6e:7a:3d:41:2f:9c:84:cc:91:
6a:a1:8e:1f:24:f7:34:c7:9b:05:aa:4c:10:42:44:
f9:f6:7e:65:d1:f2:7b:5a:8c:22:9f:7d:d6:c5:2d:
fb:a6:71:75:21:75:d3:ed:70:c6:8b:b2:a9:f4:c1:
64:31:ff:37:9e:ee:d9:d8:93:ab:0b:68:2c:b9:db:
09:de:92:ab:5b:28:4e:06:c7:47:31:e9:23:83:19:
ec:5b:67:10:c9:ad:fc:10:65:56:60:9b:01:13:25:
bd:31:be:1b:f2:81:aa:70:81:b6:ee:65:e6:2a:98:
56:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:2F:C0:C5:4C:30:19:AC:87:CF:50:F5:B5:78:97:77:A2:36:2B:EA
X509v3 Authority Key Identifier:
keyid:2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/ly_AxUwwGayHz1D1tXiXd6I2K-o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a07:d940::/29
2a0a:f8c0::/29
2a0b:2a80::/29
2a0c:7b80::/32
2a0f:a380::/29
2a11:52c0::/29
2a11:8d80::/29
2a12:5640::/29
2a12:e580::/29
Signature Algorithm: sha256WithRSAEncryption
67:5e:9c:dd:10:ac:f8:2d:27:18:24:d6:23:23:ce:92:22:39:
ae:f9:fc:43:2a:62:a9:c7:a5:ae:d0:1a:35:0a:94:56:0a:7f:
d4:1f:e4:36:cf:0d:be:be:b6:2a:ea:23:b0:80:9b:69:17:fc:
7d:e1:d5:ba:6d:87:a6:7e:fd:cd:82:ff:31:bd:9b:b3:b6:e2:
c4:91:b5:a2:b9:cc:6a:30:2a:ba:12:82:dc:ac:fe:76:66:eb:
2b:39:de:01:3b:67:d6:cf:1b:ff:9d:5f:68:c7:a5:f8:e8:01:
ba:84:55:d8:dc:ad:1d:9e:dc:79:1e:09:95:04:b3:ce:a1:f5:
c9:4b:de:be:87:57:ee:f3:96:05:d3:6a:5d:4f:0d:89:aa:30:
a4:72:2a:b8:51:ba:72:f2:46:38:34:bb:05:5a:ff:c5:04:79:
e2:21:ef:7c:5b:f7:7a:24:b1:16:12:d8:7f:68:79:e4:b4:2f:
dc:a1:b1:68:6e:b4:34:cc:29:d4:9a:84:e5:71:03:b5:46:00:
82:a8:13:47:ba:a9:33:fd:82:6c:98:9b:15:27:97:6d:93:76:
ea:4a:db:4d:f0:9a:bb:c4:81:af:67:c9:20:fa:6d:bc:57:01:
a3:6f:24:77:3c:0c:43:75:17:41:bd:ef:b6:31:0d:c3:32:dd:
a0:7d:34:34
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZliFxRvUiQ7p74ID9w+BSYAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMTE2NGE5YjUwMTNkNjJmMDUxMzQ0ZjZkZjkxZjEzYmM3
ZWNiMGYwHhcNMjUwOTE5MTMwODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzJmYzBjNTRjMzAxOWFjODdjZjUwZjViNTc4OTc3N2EyMzYyYmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohiJln5xVabnl5tD9+NE/JzOxB59
9378NuUGEc8lrm7F+E2w+6uD9A3C1qChrMwIwmKV9grffZ02iu1neJaJLi0hp3Dt
3Ijl96Dju3SoaZ9lZE93fc1JNOGtit4yo11fNVu5OCdBdO4q8jP109N72icZE24B
XKhA05vwRB/qj+c2hfhROA/n+wwy7e1uej1BL5yEzJFqoY4fJPc0x5sFqkwQQkT5
9n5l0fJ7Wowin33WxS37pnF1IXXT7XDGi7Kp9MFkMf83nu7Z2JOrC2gsudsJ3pKr
WyhOBsdHMekjgxnsW2cQya38EGVWYJsBEyW9Mb4b8oGqcIG27mXmKphWcQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFJcvwMVMMBmsh89Q9bV4l3eiNivqMB8GA1UdIwQY
MBaAFC4RZKm1AT1i8FE0T235HxO8fssPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEt
ZmQ3ZjE3YmIxYTVjLzEvbHlfQXhVd3dHYXlIejFEMXRYaVhkNkkySy1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEtZmQ3ZjE3YmIxYTVj
LzEvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAAjA/AwUDKgfZQAMF
AyoK+MADBQMqCyqAAwUAKgx7gAMFAyoPo4ADBQMqEVLAAwUDKhGNgAMFAyoSVkAD
BQMqEuWAMA0GCSqGSIb3DQEBCwUAA4IBAQBnXpzdEKz4LScYJNYjI86SIjmu+fxD
KmKpx6Wu0Bo1CpRWCn/UH+Q2zw2+vrYq6iOwgJtpF/x94dW6bYemfv3Ngv8xvZuz
tuLEkbWiucxqMCq6EoLcrP52ZusrOd4BO2fWzxv/nV9ox6X46AG6hFXY3K0dntx5
HgmVBLPOofXJS96+h1fu85YF02pdTw2JqjCkciq4Ubpy8kY4NLsFWv/FBHniIe98
W/d6JLEWEth/aHnktC/cobFobrQ0zCnUmoTlcQO1RgCCqBNHuqkz/YJsmJsVJ5dt
k3bqSttN8Jq7xIGvZ8kg+m28VwGjbyR3PAxDdRdBve+2MQ3DMt2gfTQ0
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:30:31 2025 by rpki-client