Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/fnP97-K5e0spzAHkfpzS7NoD9Ds.roa
File: fnP97-K5e0spzAHkfpzS7NoD9Ds.roa (raw, json)
Hash identifier: wyZFCBeVIhoNQXOEQL6jtOnIb8X1RT3QrCS3XSJFIsw=
Subject key identifier: 7E:73:FD:EF:E2:B9:7B:4B:29:CC:01:E4:7E:9C:D2:EC:DA:03:F4:3B
Certificate issuer: /CN=f62eeb879085c94194297dd9e4cd249cd2516515
Certificate serial: 01985F99C2677988CE79A2D464546DB50B0A
Authority key identifier: F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/fnP97-K5e0spzAHkfpzS7NoD9Ds.roa
Signing time: Thu 31 Jul 2025 08:29:28 +0000
ROA not before: Thu 31 Jul 2025 08:29:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42473
IP address blocks: 159.195.0.0/16 maxlen: 32
2a0a:4cc0::/43 maxlen: 43
2a0a:4cc0:40::/43 maxlen: 43
2a0a:4cc0:80::/43 maxlen: 43
2a0a:4cc0:c0::/43 maxlen: 43
2a0a:4cc0:2000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.mft
rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:5f:99:c2:67:79:88:ce:79:a2:d4:64:54:6d:b5:0b:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f62eeb879085c94194297dd9e4cd249cd2516515
Validity
Not Before: Jul 31 08:29:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7e73fdefe2b97b4b29cc01e47e9cd2ecda03f43b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:98:fe:1f:37:29:4b:cb:84:73:97:ad:0f:35:
3d:f9:07:a7:40:79:12:99:03:78:c1:d6:49:ae:da:
00:d9:25:c1:44:a5:ed:9d:6b:4c:7b:e1:30:34:2f:
f2:d2:0e:22:1b:a6:5b:7f:96:c4:f9:a5:6c:01:ef:
53:f8:c6:74:55:31:18:b2:4b:e2:48:41:f8:d9:da:
b5:69:02:d6:df:65:7a:c0:ab:95:b3:05:3d:51:66:
ac:19:33:5e:e9:3a:94:f5:a4:a6:12:d0:e6:4d:7b:
d6:39:b1:43:32:f1:51:10:c5:0a:99:9a:4a:03:73:
28:4e:e2:3d:48:ad:29:aa:f3:7c:39:dc:ba:a0:53:
78:be:bc:d5:d4:78:11:b4:5a:2a:31:37:ac:6c:68:
c4:70:73:4b:ff:0a:e7:2b:18:5d:d8:c9:9b:6d:91:
7f:10:20:8a:58:6c:57:7a:b3:ae:54:26:e5:89:de:
7e:ff:28:03:69:da:cc:ea:e4:48:9b:b6:ac:f1:af:
f7:cd:f4:03:36:b0:8a:0e:9c:55:10:e3:02:c5:3b:
6c:a4:b6:8e:bf:b5:c9:0d:54:da:fd:c5:ff:1c:85:
16:5e:ff:c2:f2:87:d1:ac:78:95:b9:43:d3:71:f6:
4e:18:b3:d0:84:f0:e7:65:4d:80:99:5e:41:e2:65:
76:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:73:FD:EF:E2:B9:7B:4B:29:CC:01:E4:7E:9C:D2:EC:DA:03:F4:3B
X509v3 Authority Key Identifier:
keyid:F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/fnP97-K5e0spzAHkfpzS7NoD9Ds.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.195.0.0/16
IPv6:
2a0a:4cc0::/43
2a0a:4cc0:40::/43
2a0a:4cc0:80::/43
2a0a:4cc0:c0::/43
2a0a:4cc0:2000::/48
Signature Algorithm: sha256WithRSAEncryption
1f:3f:fd:87:cb:8b:bf:89:b0:6e:e9:8f:39:d2:bd:6c:86:fa:
37:f5:f3:a5:9c:7f:5c:75:53:7c:b3:e5:7a:8b:ed:49:48:4a:
3e:e3:c3:b1:cf:b3:d5:67:cb:ef:05:bc:96:33:b6:df:54:2c:
e0:db:84:32:56:5e:70:b9:f1:b4:5a:f9:8c:3f:0a:df:8c:a9:
5f:b1:4c:73:ab:8e:b0:48:39:3f:da:d7:0f:35:76:1b:98:5b:
33:6f:f7:a6:60:7e:72:a1:a9:0c:54:95:08:55:5e:0a:71:63:
bb:c4:d7:b4:25:c5:d9:49:20:09:89:8d:e4:de:f4:65:8d:62:
07:36:df:93:d1:e5:33:e5:e7:2f:bf:71:ad:86:41:47:4b:ce:
c7:b2:63:8d:42:88:55:c5:8d:c2:9c:c3:d0:ae:b3:9c:49:5a:
e2:42:00:ff:2e:90:f0:af:24:64:a2:ac:6d:c8:49:71:fe:8a:
d2:8e:2e:c2:49:37:26:dc:8c:aa:97:a5:bd:a4:53:a1:a3:ec:
74:30:23:a4:8b:db:7c:eb:fc:97:a3:8d:f3:46:4e:72:eb:d4:
d5:49:e2:fe:40:d3:a0:9e:93:23:46:0e:76:e3:b5:a6:d1:13:
c9:08:ba:c1:00:4f:6c:3f:38:4c:76:b9:aa:08:12:9b:99:0e:
84:a3:e2:e0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZhfmcJneYjOeaLUZFRttQsKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MmVlYjg3OTA4NWM5NDE5NDI5N2RkOWU0Y2QyNDljZDI1
MTY1MTUwHhcNMjUwNzMxMDgyOTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTczZmRlZmUyYjk3YjRiMjljYzAxZTQ3ZTljZDJlY2RhMDNmNDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpj+HzcpS8uEc5etDzU9+QenQHkS
mQN4wdZJrtoA2SXBRKXtnWtMe+EwNC/y0g4iG6Zbf5bE+aVsAe9T+MZ0VTEYskvi
SEH42dq1aQLW32V6wKuVswU9UWasGTNe6TqU9aSmEtDmTXvWObFDMvFREMUKmZpK
A3MoTuI9SK0pqvN8Ody6oFN4vrzV1HgRtFoqMTesbGjEcHNL/wrnKxhd2MmbbZF/
ECCKWGxXerOuVCblid5+/ygDadrM6uRIm7as8a/3zfQDNrCKDpxVEOMCxTtspLaO
v7XJDVTa/cX/HIUWXv/C8ofRrHiVuUPTcfZOGLPQhPDnZU2AmV5B4mV2RQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFH5z/e/iuXtLKcwB5H6c0uzaA/Q7MB8GA1UdIwQY
MBaAFPYu64eQhclBlCl92eTNJJzSUWUVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzIt
NWZiZjlhMjliNmUxLzEvZm5QOTctSzVlMHNwekFIa2ZwelM3Tm9EOURzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzItNWZiZjlhMjliNmUx
LzEvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjALBAIAATAFAwMAn8MwMwQC
AAIwLQMHBSoKTMAAAAMHBSoKTMAAQAMHBSoKTMAAgAMHBSoKTMAAwAMHACoKTMAg
ADANBgkqhkiG9w0BAQsFAAOCAQEAHz/9h8uLv4mwbumPOdK9bIb6N/XzpZx/XHVT
fLPleovtSUhKPuPDsc+z1WfL7wW8ljO231Qs4NuEMlZecLnxtFr5jD8K34ypX7FM
c6uOsEg5P9rXDzV2G5hbM2/3pmB+cqGpDFSVCFVeCnFju8TXtCXF2UkgCYmN5N70
ZY1iBzbfk9HlM+XnL79xrYZBR0vOx7JjjUKIVcWNwpzD0K6znEla4kIA/y6Q8K8k
ZKKsbchJcf6K0o4uwkk3JtyMqpelvaRToaPsdDAjpIvbfOv8l6ON80ZOcuvU1Uni
/kDToJ6TI0YOduO1ptETyQi6wQBPbD84THa5qggSm5kOhKPi4A==
-----END CERTIFICATE-----
Generated at Sat Aug 23 13:51:16 2025 by rpki-client