Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/io1xlTrictoiAg25XieDOsF4cg4.roa
File: io1xlTrictoiAg25XieDOsF4cg4.roa (raw, json)
Hash identifier: BL3zyEmY4/LWh+C18a9B/ttwc0w74Pvj0LyvOcB7ki8=
Subject key identifier: 8A:8D:71:95:3A:E2:72:DA:22:02:0D:B9:5E:27:83:3A:C1:78:72:0E
Certificate issuer: /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial: 01989DAC7FCB54B9E3B93E7894D272B21354
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/io1xlTrictoiAg25XieDOsF4cg4.roa
Signing time: Tue 12 Aug 2025 09:46:24 +0000
ROA not before: Tue 12 Aug 2025 09:46:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206119
IP address blocks: 2a05:d742::/32 maxlen: 32
2a0a:37c2::/32 maxlen: 32
2a0b:a281::/32 maxlen: 32
2a0f:2380::/32 maxlen: 32
2a0f:3380::/32 maxlen: 32
2a0f:4580::/32 maxlen: 32
2a14:4480::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 12:50:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:9d:ac:7f:cb:54:b9:e3:b9:3e:78:94:d2:72:b2:13:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Validity
Not Before: Aug 12 09:46:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8a8d71953ae272da22020db95e27833ac178720e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:57:45:cc:2f:86:f3:9b:ae:bc:77:80:03:36:
5c:86:58:a7:e4:27:25:75:d4:1e:92:14:38:f2:cd:
13:9a:ff:b0:6e:1a:dc:58:02:03:8e:5e:97:12:bf:
b6:5d:11:11:91:ee:d9:78:00:a7:f7:60:da:a4:3f:
74:63:4c:47:d1:8f:9f:a3:d5:38:fa:ea:40:2d:c8:
b4:50:f9:16:20:a0:89:58:5d:4b:92:22:da:a2:ec:
57:91:ab:b1:fd:ab:d0:d3:b6:e4:a6:20:6a:be:83:
21:ab:ab:b2:6c:79:79:46:e4:cd:82:e8:cc:7e:14:
f1:06:31:f1:64:64:4c:8e:63:47:ff:4f:0f:45:8f:
35:0a:f6:98:f6:ad:12:b6:1c:92:d8:75:51:89:d9:
22:81:b4:47:b2:b2:e4:c7:b6:15:c0:cb:43:e0:92:
6a:44:80:8a:d3:28:28:dc:d2:17:d2:a0:26:86:6e:
90:11:9a:80:43:5a:79:01:2f:9f:76:14:fd:96:72:
ee:76:be:d8:73:fc:27:1a:11:81:d3:63:e4:72:16:
05:3b:cc:43:4c:d0:21:9a:91:0e:fd:9b:c5:28:a4:
6f:4b:e9:68:b9:06:57:d5:f1:e0:1d:c3:c3:d0:dd:
d6:38:e4:e2:c0:59:67:21:4f:90:01:2b:89:7e:a8:
09:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:8D:71:95:3A:E2:72:DA:22:02:0D:B9:5E:27:83:3A:C1:78:72:0E
X509v3 Authority Key Identifier:
keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/io1xlTrictoiAg25XieDOsF4cg4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d742::/32
2a0a:37c2::/32
2a0b:a281::/32
2a0f:2380::/32
2a0f:3380::/32
2a0f:4580::/32
2a14:4480::/32
Signature Algorithm: sha256WithRSAEncryption
5f:c1:e8:ae:1f:41:53:ca:09:97:60:ae:9a:ce:be:1a:0e:bd:
54:99:12:32:02:87:2a:ed:a3:3b:7c:98:b9:10:1b:78:ef:25:
a9:f0:cb:96:44:7d:ab:87:88:ea:90:50:16:78:62:a6:c4:12:
76:89:65:e4:3f:2c:41:d1:4e:b8:0e:a6:42:e2:96:e5:a8:2a:
86:dd:d1:fc:98:a6:c6:f2:43:b5:5d:2a:ad:3e:aa:df:da:8f:
3b:ac:49:68:fa:8e:34:a8:84:1f:a8:a8:5d:db:c7:95:d7:07:
d2:24:cc:77:6a:b3:e5:14:9f:18:c2:84:93:d5:e6:49:48:f9:
e5:75:16:bd:f1:03:0d:4e:ff:ca:fa:74:e1:ca:fd:fc:b0:2e:
66:fe:b9:c9:c0:8d:30:df:ce:91:3e:29:4f:b6:1c:b4:71:5f:
d9:b8:c6:ea:33:d2:70:31:11:b9:ed:ac:3a:66:ca:6a:c7:21:
8d:24:fc:ea:c3:77:db:8c:23:a3:60:e6:8c:14:17:2d:b9:2d:
31:bb:9d:12:94:ab:49:bc:a6:8a:63:27:cd:c1:3b:e4:a7:70:
ac:ad:14:c2:97:e9:ef:20:0e:ae:04:81:65:1b:e8:70:fc:8b:
da:18:ae:1b:d6:2e:1a:68:a3:38:30:93:e8:31:49:db:06:45:
f0:49:6e:bf
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZidrH/LVLnjuT54lNJyshNUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjUwODEyMDk0NjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YThkNzE5NTNhZTI3MmRhMjIwMjBkYjk1ZTI3ODMzYWMxNzg3MjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVdFzC+G85uuvHeAAzZchlin5Ccl
ddQekhQ48s0Tmv+wbhrcWAIDjl6XEr+2XRERke7ZeACn92DapD90Y0xH0Y+fo9U4
+upALci0UPkWIKCJWF1LkiLaouxXkaux/avQ07bkpiBqvoMhq6uybHl5RuTNgujM
fhTxBjHxZGRMjmNH/08PRY81CvaY9q0SthyS2HVRidkigbRHsrLkx7YVwMtD4JJq
RICK0ygo3NIX0qAmhm6QEZqAQ1p5AS+fdhT9lnLudr7Yc/wnGhGB02PkchYFO8xD
TNAhmpEO/ZvFKKRvS+louQZX1fHgHcPD0N3WOOTiwFlnIU+QASuJfqgJJwIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFIqNcZU64nLaIgINuV4ngzrBeHIOMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvaW8xeGxUcmljdG9pQWcyNVhpZURPc0Y0Y2c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAAjAxAwUAKgXXQgMF
ACoKN8IDBQAqC6KBAwUAKg8jgAMFACoPM4ADBQAqD0WAAwUAKhREgDANBgkqhkiG
9w0BAQsFAAOCAQEAX8Horh9BU8oJl2Cums6+Gg69VJkSMgKHKu2jO3yYuRAbeO8l
qfDLlkR9q4eI6pBQFnhipsQSdoll5D8sQdFOuA6mQuKW5agqht3R/JimxvJDtV0q
rT6q39qPO6xJaPqONKiEH6ioXdvHldcH0iTMd2qz5RSfGMKEk9XmSUj55XUWvfED
DU7/yvp04cr9/LAuZv65ycCNMN/OkT4pT7YctHFf2bjG6jPScDERue2sOmbKasch
jST86sN324wjo2DmjBQXLbktMbudEpSrSbymimMnzcE75KdwrK0Uwpfp7yAOrgSB
ZRvocPyL2hiuG9YuGmijODCT6DFJ2wZF8Eluvw==
-----END CERTIFICATE-----
Generated at Sat Aug 23 18:21:34 2025 by rpki-client