Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/0obZm5lfpXysgnUbM8Mg08vzjpo.roa
File: 0obZm5lfpXysgnUbM8Mg08vzjpo.roa (raw, json)
Hash identifier: XnxGOT24ZlUhMysNG6VKIVb0l+kI6jMme+bhSHbDvQA=
Subject key identifier: D2:86:D9:9B:99:5F:A5:7C:AC:82:75:1B:33:C3:20:D3:CB:F3:8E:9A
Certificate issuer: /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial: 0197AC18E7CBD47B5733E0F2B0E95C064A6E
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/0obZm5lfpXysgnUbM8Mg08vzjpo.roa
Signing time: Thu 26 Jun 2025 11:56:42 +0000
ROA not before: Thu 26 Jun 2025 11:56:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214168
IP address blocks: 2a11:4540::/29 maxlen: 29
2a11:8740::/29 maxlen: 29
2a11:a240::/29 maxlen: 29
2a11:bbc0::/29 maxlen: 29
2a12:d40::/29 maxlen: 29
2a12:8580::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 01 Jul 2025 13:40:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:ac:18:e7:cb:d4:7b:57:33:e0:f2:b0:e9:5c:06:4a:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Validity
Not Before: Jun 26 11:56:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d286d99b995fa57cac82751b33c320d3cbf38e9a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:c0:f6:28:2f:5d:83:af:5d:f7:7a:9d:73:34:
eb:92:54:94:25:ef:8a:3e:b8:44:b0:2e:6e:f0:6e:
41:b5:91:84:bf:9e:ad:3a:ff:3e:a3:dc:f2:fe:4b:
48:b6:ae:f9:27:20:5e:d0:55:a0:60:b5:f5:ba:19:
5a:cb:d6:22:11:ef:fa:73:ed:c5:76:07:0a:d0:69:
04:98:d3:48:c5:20:81:a2:1f:04:38:e8:1c:71:ff:
da:44:97:b8:b3:03:29:26:cb:3f:f5:c7:1d:7d:9b:
8f:42:a3:10:b4:85:1d:bd:66:88:2b:89:51:e5:a7:
a8:ea:1d:42:37:5b:cf:a4:cd:95:56:be:05:78:73:
92:4e:b5:99:dc:03:bf:17:e4:8a:bd:9d:50:a0:04:
da:e0:57:eb:53:af:50:f0:f0:8c:b2:33:a3:15:14:
6c:8a:07:2b:cc:b7:da:b8:97:54:71:ab:67:e3:e6:
31:90:92:95:64:b0:d2:43:f7:fe:d3:9e:1d:de:73:
29:b8:75:0e:72:94:3d:79:25:c7:42:fb:52:28:e4:
15:07:11:0b:2b:17:13:b7:42:12:4c:78:b5:1e:81:
91:fe:4a:89:19:98:8c:dc:bc:69:6f:db:15:e8:43:
6e:5c:a6:aa:59:e1:64:1b:e6:f9:5c:4e:55:66:31:
d0:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:86:D9:9B:99:5F:A5:7C:AC:82:75:1B:33:C3:20:D3:CB:F3:8E:9A
X509v3 Authority Key Identifier:
keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/0obZm5lfpXysgnUbM8Mg08vzjpo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:4540::/29
2a11:8740::/29
2a11:a240::/29
2a11:bbc0::/29
2a12:d40::/29
2a12:8580::/29
Signature Algorithm: sha256WithRSAEncryption
28:88:25:0d:1a:25:0f:95:bd:ad:50:64:97:81:92:5e:94:5f:
c1:7b:ad:02:cc:3a:2c:27:60:7a:10:66:2a:5c:21:85:cd:05:
d8:dd:8b:d6:ce:2a:2e:e8:cf:cc:e3:c4:16:2c:9c:51:bc:7a:
c1:83:bf:4a:14:87:11:ae:26:2d:58:8c:66:5d:66:91:5e:77:
43:25:a6:73:64:bf:16:e4:6f:87:e0:79:87:36:69:91:29:af:
6b:9a:bc:2b:0e:f8:f2:7f:1c:fc:e2:b5:6f:dd:e9:dc:72:2b:
6d:50:f1:32:63:2d:95:cd:0c:38:e8:bf:6a:20:0d:22:93:79:
25:57:ea:22:72:f8:16:89:31:47:36:b7:21:c6:ce:bd:01:3f:
1b:d9:f2:36:3f:6b:58:87:09:37:35:e8:be:22:7b:4d:ad:13:
67:11:40:b2:0a:d2:1d:7d:2f:94:be:dd:3b:80:a6:f4:a8:36:
7d:86:ee:19:e0:61:b6:ad:3c:77:08:60:65:e1:d1:ba:98:60:
17:3c:bb:49:53:f0:99:d6:a4:bc:1a:6d:b9:4c:d8:11:3e:58:
51:15:ef:d9:12:28:77:6d:de:30:f0:4d:be:af:a4:19:8e:e2:
33:7e:dc:85:58:c5:ce:f4:fd:e1:c0:04:50:fb:05:ad:6b:3e:
5c:d7:34:f0
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZesGOfL1HtXM+DysOlcBkpuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwNjI2MTE1NjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjg2ZDk5Yjk5NWZhNTdjYWM4Mjc1MWIzM2MzMjBkM2NiZjM4ZTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8D2KC9dg69d93qdczTrklSUJe+K
PrhEsC5u8G5BtZGEv56tOv8+o9zy/ktItq75JyBe0FWgYLX1uhlay9YiEe/6c+3F
dgcK0GkEmNNIxSCBoh8EOOgccf/aRJe4swMpJss/9ccdfZuPQqMQtIUdvWaIK4lR
5aeo6h1CN1vPpM2VVr4FeHOSTrWZ3AO/F+SKvZ1QoATa4FfrU69Q8PCMsjOjFRRs
igcrzLfauJdUcatn4+YxkJKVZLDSQ/f+054d3nMpuHUOcpQ9eSXHQvtSKOQVBxEL
KxcTt0ISTHi1HoGR/kqJGZiM3Lxpb9sV6ENuXKaqWeFkG+b5XE5VZjHQBwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNKG2ZuZX6V8rIJ1GzPDINPL846aMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvMG9iWm01bGZwWHlzZ25VYk04TWcwOHZ6anBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAAjAqAwUDKhFFQAMF
AyoRh0ADBQMqEaJAAwUDKhG7wAMFAyoSDUADBQMqEoWAMA0GCSqGSIb3DQEBCwUA
A4IBAQAoiCUNGiUPlb2tUGSXgZJelF/Be60CzDosJ2B6EGYqXCGFzQXY3YvWziou
6M/M48QWLJxRvHrBg79KFIcRriYtWIxmXWaRXndDJaZzZL8W5G+H4HmHNmmRKa9r
mrwrDvjyfxz84rVv3enccittUPEyYy2VzQw46L9qIA0ik3klV+oicvgWiTFHNrch
xs69AT8b2fI2P2tYhwk3Nei+IntNrRNnEUCyCtIdfS+Uvt07gKb0qDZ9hu4Z4GG2
rTx3CGBl4dG6mGAXPLtJU/CZ1qS8Gm25TNgRPlhRFe/ZEih3bd4w8E2+r6QZjuIz
ftyFWMXO9P3hwARQ+wWtaz5c1zTw
-----END CERTIFICATE-----
Generated at Mon Jun 30 18:33:41 2025 by rpki-client