Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LA4mkd-pIT6yxqBp1qjUnw1ltOI.roa
File: LA4mkd-pIT6yxqBp1qjUnw1ltOI.roa (raw, json)
Hash identifier: VdKokGaXWTq5GkYAE61TWg2um3auZCXuvcXbtRpnrUo=
Subject key identifier: 2C:0E:26:91:DF:A9:21:3E:B2:C6:A0:69:D6:A8:D4:9F:0D:65:B4:E2
Certificate issuer: /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial: 019898DA5EECBE3A407B0AB103B31E73BA05
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LA4mkd-pIT6yxqBp1qjUnw1ltOI.roa
Signing time: Mon 11 Aug 2025 11:18:24 +0000
ROA not before: Mon 11 Aug 2025 11:18:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58061
IP address blocks: 170.168.4.0/24 maxlen: 24
170.168.5.0/24 maxlen: 24
170.168.26.0/24 maxlen: 24
170.168.27.0/24 maxlen: 24
170.168.32.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 11:02:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:98:da:5e:ec:be:3a:40:7b:0a:b1:03:b3:1e:73:ba:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Validity
Not Before: Aug 11 11:18:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2c0e2691dfa9213eb2c6a069d6a8d49f0d65b4e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:b0:6c:ed:61:a5:3e:f2:10:f9:88:16:07:84:
99:ba:b6:10:f9:6b:a6:36:97:de:fc:3d:4f:de:63:
38:8e:2b:ad:aa:d7:57:6e:1f:14:ee:ef:6e:f5:a6:
17:4a:ec:e7:f7:d8:6f:d1:d1:47:12:75:e7:ec:1c:
3f:72:79:ef:97:82:93:13:c0:73:73:9b:2a:70:a3:
75:11:9a:36:9d:8d:2a:d6:1c:86:31:fa:9a:ab:06:
15:e5:a5:78:3d:27:06:12:e3:88:7c:0a:76:b7:2f:
48:08:cf:b2:7a:69:a1:08:29:b4:95:5b:ed:83:24:
a0:e1:ab:c6:5c:f8:d4:d4:b9:bc:e7:3a:ed:8f:de:
7f:f1:99:20:c7:b0:78:47:4f:08:1d:2d:44:ae:29:
a3:a0:88:e9:0f:db:27:bd:f5:ba:20:f2:50:cd:f6:
d5:80:d2:b8:cd:3a:c7:52:d3:43:7d:b9:31:4c:9f:
9d:62:63:1f:7f:b2:9b:47:c9:d0:38:83:c4:12:0b:
10:2c:78:d0:08:52:56:27:7b:11:92:84:20:48:7a:
98:3e:99:68:26:94:32:c0:3e:ac:80:f8:17:42:be:
a3:f7:06:79:45:02:08:59:0f:63:37:99:d8:d6:74:
46:0b:1b:fe:85:00:2c:3d:37:31:d4:eb:b1:8a:bd:
29:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:0E:26:91:DF:A9:21:3E:B2:C6:A0:69:D6:A8:D4:9F:0D:65:B4:E2
X509v3 Authority Key Identifier:
keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LA4mkd-pIT6yxqBp1qjUnw1ltOI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
170.168.4.0/23
170.168.26.0/23
170.168.32.0/24
Signature Algorithm: sha256WithRSAEncryption
83:a4:9c:77:fe:44:c8:af:40:1d:eb:14:83:87:9d:2b:fe:27:
8c:19:d5:7d:2c:67:6a:6d:6b:45:27:72:b9:b7:16:a7:3a:80:
69:64:be:87:de:50:f2:34:b9:f8:53:d5:c6:d9:ea:2a:9d:70:
74:27:df:5a:e8:11:de:d5:89:10:af:97:ef:85:2b:ab:6b:e2:
2f:3c:aa:8b:3e:85:94:fb:84:f1:3a:83:87:2e:95:19:fa:1c:
1f:da:2c:af:28:a9:0a:eb:1c:5e:ae:c6:c5:22:3a:e5:5f:26:
87:9c:1c:2b:6e:27:19:6d:40:6c:d1:9e:5f:74:22:99:81:9e:
a4:e6:fb:e8:a7:04:ec:f1:4d:29:67:9a:cb:6e:3d:15:30:ff:
b9:ac:0e:76:24:72:bd:39:69:34:06:3a:cb:31:59:0f:36:2d:
59:87:8e:dc:09:ca:86:93:95:ad:dd:2d:8f:eb:fa:44:9b:a1:
43:8a:33:05:e3:89:7c:9b:75:a2:bd:af:86:7b:74:38:2e:d2:
b3:f3:54:32:40:74:28:26:63:87:3e:6e:e1:e6:f1:59:b4:30:
d4:23:9a:98:f0:03:16:0a:3d:06:88:22:dc:6c:e3:12:80:e7:
8e:1a:83:f2:7e:e8:b7:af:42:33:45:5d:c8:78:f4:ad:ab:0e:
c7:27:28:35
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZiY2l7svjpAewqxA7Mec7oFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwODExMTExODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzBlMjY5MWRmYTkyMTNlYjJjNmEwNjlkNmE4ZDQ5ZjBkNjViNGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA47Bs7WGlPvIQ+YgWB4SZurYQ+Wum
Npfe/D1P3mM4jiutqtdXbh8U7u9u9aYXSuzn99hv0dFHEnXn7Bw/cnnvl4KTE8Bz
c5sqcKN1EZo2nY0q1hyGMfqaqwYV5aV4PScGEuOIfAp2ty9ICM+yemmhCCm0lVvt
gySg4avGXPjU1Lm85zrtj95/8Zkgx7B4R08IHS1ErimjoIjpD9snvfW6IPJQzfbV
gNK4zTrHUtNDfbkxTJ+dYmMff7KbR8nQOIPEEgsQLHjQCFJWJ3sRkoQgSHqYPplo
JpQywD6sgPgXQr6j9wZ5RQIIWQ9jN5nY1nRGCxv+hQAsPTcx1Ouxir0pfwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCwOJpHfqSE+ssagadao1J8NZbTiMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvTEE0bWtkLXBJVDZ5eHFCcDFxalVudzFsdE9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBqqgEAwQB
qqgaAwQAqqggMA0GCSqGSIb3DQEBCwUAA4IBAQCDpJx3/kTIr0Ad6xSDh50r/ieM
GdV9LGdqbWtFJ3K5txanOoBpZL6H3lDyNLn4U9XG2eoqnXB0J99a6BHe1YkQr5fv
hSura+IvPKqLPoWU+4TxOoOHLpUZ+hwf2iyvKKkK6xxersbFIjrlXyaHnBwrbicZ
bUBs0Z5fdCKZgZ6k5vvopwTs8U0pZ5rLbj0VMP+5rA52JHK9OWk0BjrLMVkPNi1Z
h47cCcqGk5Wt3S2P6/pEm6FDijMF44l8m3Wiva+Ge3Q4LtKz81QyQHQoJmOHPm7h
5vFZtDDUI5qY8AMWCj0GiCLcbOMSgOeOGoPyfui3r0IzRV3IePStqw7HJyg1
-----END CERTIFICATE-----
Generated at Sat Aug 23 21:32:55 2025 by rpki-client