Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/UdUz-kT-b500-FTrkpKhOG9_Lzg.roa
File: UdUz-kT-b500-FTrkpKhOG9_Lzg.roa (raw, json)
Hash identifier: 0R7mO9NcYxR+lIBqqxDSdOzb7Oi6PF6Gf+MJjbPBZOg=
Subject key identifier: 51:D5:33:FA:44:FE:6F:9D:34:F8:54:EB:92:92:A1:38:6F:7F:2F:38
Certificate issuer: /CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
Certificate serial: 0199719524FBA7F237A04494E35EF85992D4
Authority key identifier: B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/UdUz-kT-b500-FTrkpKhOG9_Lzg.roa
Signing time: Mon 22 Sep 2025 13:20:23 +0000
ROA not before: Mon 22 Sep 2025 13:20:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57675
IP address blocks: 37.32.64.0/24 maxlen: 24
37.32.65.0/24 maxlen: 24
37.32.66.0/24 maxlen: 24
37.32.67.0/24 maxlen: 24
37.32.68.0/24 maxlen: 24
37.32.69.0/24 maxlen: 24
37.32.70.0/24 maxlen: 24
2a0f:1300::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl
rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.mft
rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:71:95:24:fb:a7:f2:37:a0:44:94:e3:5e:f8:59:92:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
Validity
Not Before: Sep 22 13:20:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=51d533fa44fe6f9d34f854eb9292a1386f7f2f38
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:ac:71:90:47:d5:1d:f4:07:51:ea:e6:8f:1c:
ff:36:95:1a:88:f8:94:6c:84:78:19:2d:83:4c:ff:
ab:f0:5f:1a:cb:5e:87:5e:29:f4:36:0e:c4:c6:18:
32:ad:df:10:b1:23:08:f2:1d:e0:87:a7:83:6e:a9:
2f:b5:4d:33:42:30:c2:02:ac:ed:ef:48:bc:88:fe:
65:c2:b5:7e:1f:9b:39:8e:ab:cf:78:8b:66:95:63:
a1:02:e8:83:ee:2f:5c:4d:b2:bf:84:8c:45:06:7c:
ed:59:71:15:7a:5e:3b:df:39:77:3f:81:fd:f2:88:
82:4a:f1:3d:aa:16:82:94:a5:56:0c:f8:c9:91:15:
23:1a:3d:a6:84:87:1e:e5:bd:cb:df:f1:d2:3d:79:
ea:ea:ee:12:6d:93:2e:4f:00:83:2b:a0:36:ab:ed:
6a:f4:05:5f:5d:f0:d8:0e:1d:dd:7a:03:8a:c7:ab:
ec:3b:27:33:53:a7:41:e9:0d:b0:7e:ca:cb:ea:cb:
45:ef:a6:16:fd:3a:2e:4e:b2:83:42:f3:51:ba:1f:
77:65:35:99:cf:dd:d6:94:03:f2:84:f2:35:51:eb:
fe:99:b0:85:85:a4:86:11:49:7a:f2:5a:c6:5d:96:
0b:f0:8b:ec:8c:a4:9d:09:9e:0b:d5:1e:13:5a:df:
15:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:D5:33:FA:44:FE:6F:9D:34:F8:54:EB:92:92:A1:38:6F:7F:2F:38
X509v3 Authority Key Identifier:
keyid:B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/UdUz-kT-b500-FTrkpKhOG9_Lzg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.32.64.0-37.32.70.255
IPv6:
2a0f:1300::/29
Signature Algorithm: sha256WithRSAEncryption
2c:3e:8c:46:b8:bf:ef:3b:1d:be:57:cf:ac:d8:c0:5e:8b:e9:
ec:14:b1:4e:1f:7d:67:8e:25:6b:d8:10:b2:27:1f:f8:34:b9:
5c:f4:d6:84:b5:d2:2c:d8:c0:49:cd:83:cd:ab:ac:a8:ce:d3:
b1:09:91:14:4d:59:07:07:a0:4d:2c:8c:69:20:30:82:d5:e2:
34:14:42:ec:12:0f:0d:f9:1b:66:ed:af:fd:b2:56:7b:19:98:
70:30:53:63:b9:d3:51:20:54:21:76:2a:88:1e:6a:51:e3:c7:
fe:a9:99:c9:c4:48:db:54:25:9f:bf:cd:91:80:57:b7:90:fa:
26:ee:16:1b:1c:d9:3c:67:56:ca:d4:13:91:33:ab:91:f1:c1:
e1:5b:40:50:42:d4:df:07:a5:14:63:bd:1f:08:80:a6:a4:8b:
ea:df:67:87:f6:75:db:a4:8f:ca:92:bb:80:de:8f:bf:27:9d:
f1:54:18:6a:21:56:7f:4d:b1:9a:35:11:6f:54:8e:2b:19:bc:
50:84:72:66:8f:d7:ca:86:f7:ff:4e:67:43:70:ed:c3:fa:64:
8b:36:05:96:78:60:d1:58:34:0e:13:75:dc:70:ca:da:c8:6b:
3f:9c:19:9f:48:6f:33:4e:9f:0f:fe:66:f0:c7:4f:71:06:d1:
0a:7d:4c:35
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZlxlST7p/I3oESU4174WZLUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZTgyYmExNzE1ZDZhZWFlNWIwMTAyNzI1ZmZlMGM4MzQ3
MzVkN2QwHhcNMjUwOTIyMTMyMDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWQ1MzNmYTQ0ZmU2ZjlkMzRmODU0ZWI5MjkyYTEzODZmN2YyZjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKxxkEfVHfQHUermjxz/NpUaiPiU
bIR4GS2DTP+r8F8ay16HXin0Ng7Exhgyrd8QsSMI8h3gh6eDbqkvtU0zQjDCAqzt
70i8iP5lwrV+H5s5jqvPeItmlWOhAuiD7i9cTbK/hIxFBnztWXEVel473zl3P4H9
8oiCSvE9qhaClKVWDPjJkRUjGj2mhIce5b3L3/HSPXnq6u4SbZMuTwCDK6A2q+1q
9AVfXfDYDh3degOKx6vsOyczU6dB6Q2wfsrL6stF76YW/TouTrKDQvNRuh93ZTWZ
z93WlAPyhPI1Uev+mbCFhaSGEUl68lrGXZYL8IvsjKSdCZ4L1R4TWt8VIwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFFHVM/pE/m+dNPhU65KSoThvfy84MB8GA1UdIwQY
MBaAFLToK6FxXWrq5bAQJyX/4Mg0c119MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMt
YzdkMTk5MzBkNjZkLzEvVWRVei1rVC1iNTAwLUZUcmtwS2hPRzlfTHpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMtYzdkMTk5MzBkNjZk
LzEvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAYlIEAD
BAAlIEYwDQQCAAIwBwMFAyoPEwAwDQYJKoZIhvcNAQELBQADggEBACw+jEa4v+87
Hb5Xz6zYwF6L6ewUsU4ffWeOJWvYELInH/g0uVz01oS10izYwEnNg82rrKjO07EJ
kRRNWQcHoE0sjGkgMILV4jQUQuwSDw35G2btr/2yVnsZmHAwU2O501EgVCF2Koge
alHjx/6pmcnESNtUJZ+/zZGAV7eQ+ibuFhsc2TxnVsrUE5Ezq5HxweFbQFBC1N8H
pRRjvR8IgKaki+rfZ4f2ddukj8qSu4Dej78nnfFUGGohVn9NsZo1EW9UjisZvFCE
cmaP18qG9/9OZ0Nw7cP6ZIs2BZZ4YNFYNA4TddxwytrIaz+cGZ9IbzNOnw/+ZvDH
T3EG0Qp9TDU=
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:58:53 2025 by rpki-client