Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/pIq4SZw2Svh3QOShxoTk15XsP8I.roa
File: pIq4SZw2Svh3QOShxoTk15XsP8I.roa (raw, json)
Hash identifier: 7+fT26kynb0u9jWu0Oa/khgp+953vZ0+uc0j+qVL1gw=
Subject key identifier: A4:8A:B8:49:9C:36:4A:F8:77:40:E4:A1:C6:84:E4:D7:95:EC:3F:C2
Certificate issuer: /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial: 0199332430011EE7FEDC709415BDDE51F760
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/pIq4SZw2Svh3QOShxoTk15XsP8I.roa
Signing time: Wed 10 Sep 2025 10:20:33 +0000
ROA not before: Wed 10 Sep 2025 10:20:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12389
IP address blocks: 2a04:c106::/32 maxlen: 32
2a09:3801::/32 maxlen: 32
2a10:d8c0::/32 maxlen: 32
2a11:b85::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:33:24:30:01:1e:e7:fe:dc:70:94:15:bd:de:51:f7:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Validity
Not Before: Sep 10 10:20:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a48ab8499c364af87740e4a1c684e4d795ec3fc2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:41:98:9c:2c:53:c1:8e:bf:ae:b7:e9:85:bb:
5b:37:9e:4b:66:e8:22:db:17:42:d6:05:cb:eb:4d:
77:ef:bb:2f:0c:70:59:6b:11:80:9e:2c:c5:ee:a0:
1b:86:6a:84:31:4c:21:00:a8:ec:64:83:65:68:79:
62:90:c8:52:fd:d2:a3:8f:0f:55:f3:a4:06:61:87:
34:36:fb:7f:7a:88:63:2e:57:8b:59:99:ed:c1:76:
85:0a:3e:2c:83:cf:1d:c5:e9:b2:46:ee:f5:63:f1:
2e:c2:d8:9e:81:35:c7:6b:76:0d:8d:0d:4e:2e:bd:
0d:38:31:7d:9b:6a:7d:8e:ed:b2:4c:13:b5:d2:5c:
ef:79:55:54:ab:76:1b:08:97:5b:e9:c4:23:53:3f:
7d:2e:04:e2:83:19:6b:87:c5:cb:5a:88:76:52:90:
a5:af:34:ba:f5:9b:16:48:8a:ff:10:73:2e:a9:ec:
1e:b3:9f:92:03:f1:ca:e1:b0:39:49:01:2d:a3:65:
cf:43:8b:59:38:a2:86:c6:6f:33:38:45:e5:61:66:
b8:e6:59:d0:94:f4:a6:8a:03:c3:af:8e:26:2a:4a:
ed:25:c1:8b:1d:12:3a:76:0d:96:79:d1:01:3f:44:
f1:4f:8d:0d:39:3d:e1:b0:36:bc:0d:70:42:78:d6:
07:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:8A:B8:49:9C:36:4A:F8:77:40:E4:A1:C6:84:E4:D7:95:EC:3F:C2
X509v3 Authority Key Identifier:
keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/pIq4SZw2Svh3QOShxoTk15XsP8I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a04:c106::/32
2a09:3801::/32
2a10:d8c0::/32
2a11:b85::/32
Signature Algorithm: sha256WithRSAEncryption
1a:d7:9c:8e:52:43:ce:6d:9f:6a:3e:15:9f:60:39:cc:3d:34:
34:42:d9:a6:e5:c2:36:bc:75:72:81:31:e0:82:c6:37:5e:ac:
5c:bd:0a:2c:be:0e:56:50:61:00:2f:aa:7b:37:5f:f9:93:10:
05:86:f6:e5:94:e1:66:bf:15:cd:cb:93:26:e9:60:0c:0a:98:
13:55:69:07:c0:29:3a:4d:22:a2:a0:1f:fe:12:d7:42:19:66:
e2:37:bd:d7:b7:a3:d9:8e:c7:4f:4b:50:77:ed:60:e9:4f:72:
51:b0:5a:46:2d:45:40:af:70:fb:9c:e8:9e:27:ad:3a:eb:68:
04:0a:fd:9a:56:23:34:7b:c7:4f:e1:06:82:26:b7:57:28:21:
c7:ae:82:74:a8:f6:54:5d:00:17:39:81:a1:19:76:79:25:de:
80:a8:4a:d4:20:65:26:7c:04:12:74:c4:b9:af:b8:81:4a:2a:
3a:76:0f:5a:c8:a0:bf:6a:7f:c9:9a:d2:96:c3:e2:52:13:73:
e7:ad:83:59:18:1d:a8:26:84:dc:c3:d7:58:d5:cb:38:37:70:
00:6f:04:9d:ca:92:15:a3:00:86:80:ac:e1:d2:00:b1:e6:92:
15:eb:d0:c4:32:09:2c:da:ce:4c:84:d9:0c:b3:e2:9d:af:8e:
a5:ed:84:c3
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZkzJDABHuf+3HCUFb3eUfdgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjUwOTEwMTAyMDMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDhhYjg0OTljMzY0YWY4Nzc0MGU0YTFjNjg0ZTRkNzk1ZWMzZmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkGYnCxTwY6/rrfphbtbN55LZugi
2xdC1gXL601377svDHBZaxGAnizF7qAbhmqEMUwhAKjsZINlaHlikMhS/dKjjw9V
86QGYYc0Nvt/eohjLleLWZntwXaFCj4sg88dxemyRu71Y/EuwtiegTXHa3YNjQ1O
Lr0NODF9m2p9ju2yTBO10lzveVVUq3YbCJdb6cQjUz99LgTigxlrh8XLWoh2UpCl
rzS69ZsWSIr/EHMuqewes5+SA/HK4bA5SQEto2XPQ4tZOKKGxm8zOEXlYWa45lnQ
lPSmigPDr44mKkrtJcGLHRI6dg2WedEBP0TxT40NOT3hsDa8DXBCeNYHCwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFKSKuEmcNkr4d0DkocaE5NeV7D/CMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvcElxNFNadzJTdmgzUU9TaHhvVGsxNVhzUDhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUAKgTBBgMF
ACoJOAEDBQAqENjAAwUAKhELhTANBgkqhkiG9w0BAQsFAAOCAQEAGtecjlJDzm2f
aj4Vn2A5zD00NELZpuXCNrx1coEx4ILGN16sXL0KLL4OVlBhAC+qezdf+ZMQBYb2
5ZThZr8VzcuTJulgDAqYE1VpB8ApOk0ioqAf/hLXQhlm4je917ej2Y7HT0tQd+1g
6U9yUbBaRi1FQK9w+5zonietOutoBAr9mlYjNHvHT+EGgia3Vyghx66CdKj2VF0A
FzmBoRl2eSXegKhK1CBlJnwEEnTEua+4gUoqOnYPWsigv2p/yZrSlsPiUhNz562D
WRgdqCaE3MPXWNXLODdwAG8EncqSFaMAhoCs4dIAseaSFevQxDIJLNrOTITZDLPi
na+Ope2Eww==
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:58:15 2025 by rpki-client