Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/ArxGq_kltFKX5YUm3DRNAjYGQGc.roa
File: ArxGq_kltFKX5YUm3DRNAjYGQGc.roa (raw, json)
Hash identifier: 5XM5lzW30JX9FmEqPAciFGZ+SNFRk053GOf+9YREVN4=
Subject key identifier: 02:BC:46:AB:F9:25:B4:52:97:E5:85:26:DC:34:4D:02:36:06:40:67
Certificate issuer: /CN=29390ec0adca5f0743d181145c7899f991fb65e0
Certificate serial: 019957FF563E178594B44AE5673EBB46C6F7
Authority key identifier: 29:39:0E:C0:AD:CA:5F:07:43:D1:81:14:5C:78:99:F9:91:FB:65:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/ArxGq_kltFKX5YUm3DRNAjYGQGc.roa
Signing time: Wed 17 Sep 2025 14:06:15 +0000
ROA not before: Wed 17 Sep 2025 14:06:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2854
IP address blocks: 2a00:1ec8:61::/48 maxlen: 48
2a00:1ec8:63::/48 maxlen: 48
2a00:1ec8:66::/48 maxlen: 48
2a00:1ec8:77::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.crl
rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.mft
rsync://rpki.ripe.net/repository/DEFAULT/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:57:ff:56:3e:17:85:94:b4:4a:e5:67:3e:bb:46:c6:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29390ec0adca5f0743d181145c7899f991fb65e0
Validity
Not Before: Sep 17 14:06:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=02bc46abf925b45297e58526dc344d0236064067
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:4a:92:14:62:a2:06:1c:63:7c:e2:4f:f0:64:
43:62:19:38:43:35:62:73:6d:9c:bd:f8:ec:ed:f8:
e9:0d:84:e6:be:71:96:27:90:f7:17:ea:ca:7d:62:
ac:56:d3:ab:48:52:0e:42:c1:a1:80:4d:7d:15:72:
ba:a5:60:6b:7e:4a:12:0e:ce:80:7d:d2:c3:6d:fa:
be:e5:62:84:61:43:8a:7f:e0:e5:f3:30:08:57:af:
0c:b9:4a:80:9a:81:8c:75:36:06:1a:03:31:09:53:
12:7f:31:27:11:22:96:7a:f8:a5:70:8f:b2:05:7f:
0a:08:c8:f2:d5:e6:2f:25:fa:d2:44:2e:bd:58:27:
e1:a4:c6:35:9a:e1:cf:ab:91:fe:b8:56:a2:57:de:
98:3a:48:06:26:94:db:ac:81:b8:2c:28:87:1a:77:
3a:16:54:76:fe:c0:91:6b:27:ba:a8:12:79:0f:cf:
b3:ac:67:ac:c5:64:4d:40:4c:42:1b:14:24:6a:2b:
64:e5:94:61:97:2c:02:2c:b8:71:23:c1:3d:df:8a:
eb:b5:ab:c1:50:7d:a7:73:81:ae:12:d7:e2:a0:b9:
0c:14:e4:b8:1e:9f:ca:87:a3:e7:15:65:3b:f1:d1:
8a:68:3b:31:c2:3f:7e:ab:b8:b4:c1:ae:f5:23:43:
94:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:BC:46:AB:F9:25:B4:52:97:E5:85:26:DC:34:4D:02:36:06:40:67
X509v3 Authority Key Identifier:
keyid:29:39:0E:C0:AD:CA:5F:07:43:D1:81:14:5C:78:99:F9:91:FB:65:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/ArxGq_kltFKX5YUm3DRNAjYGQGc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a00:1ec8:61::/48
2a00:1ec8:63::/48
2a00:1ec8:66::/48
2a00:1ec8:77::/48
Signature Algorithm: sha256WithRSAEncryption
58:a5:53:a8:28:ce:3b:5a:94:27:fc:d4:c5:cc:80:a5:87:f0:
55:c2:e4:10:6b:97:5f:b9:6b:39:de:8b:c4:e1:36:36:06:e0:
65:17:f1:1b:23:86:1c:e6:25:77:17:60:c1:0a:eb:9a:ca:d3:
5c:90:f4:9b:4b:ac:96:c5:47:e7:6c:06:6c:7c:ac:fd:c8:e0:
0b:0d:24:42:01:71:4b:98:52:83:61:ac:03:cd:4f:1d:9e:e5:
cb:da:62:74:b9:10:4c:d8:88:50:31:d9:ce:fd:39:9e:9f:a1:
eb:87:6f:04:5e:1c:33:d4:38:12:73:93:4f:c3:57:ee:02:bf:
3e:80:e6:5c:a3:de:1f:9c:79:95:42:27:cd:43:ae:ca:25:2a:
54:b7:87:2f:b3:a2:f8:13:32:86:2e:17:d6:b0:1e:e6:73:26:
bb:96:72:ef:2a:11:dd:fc:db:87:40:d3:21:e9:54:d0:2a:bb:
65:20:d6:fe:f7:f3:b2:ff:0a:44:6b:26:27:6e:bf:46:ad:e1:
62:d5:06:da:fe:5b:be:ae:9a:8b:34:0d:9d:fe:33:a7:0e:6b:
4e:11:07:f9:cf:66:c2:ba:cf:8c:0c:a2:c5:14:e2:87:8e:32:
c2:7f:99:05:90:60:ab:35:e7:6a:c6:bd:02:93:0b:c2:fc:84:
c8:f9:57:fd
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZlX/1Y+F4WUtErlZz67Rsb3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MzkwZWMwYWRjYTVmMDc0M2QxODExNDVjNzg5OWY5OTFm
YjY1ZTAwHhcNMjUwOTE3MTQwNjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmJjNDZhYmY5MjViNDUyOTdlNTg1MjZkYzM0NGQwMjM2MDY0MDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukqSFGKiBhxjfOJP8GRDYhk4QzVi
c22cvfjs7fjpDYTmvnGWJ5D3F+rKfWKsVtOrSFIOQsGhgE19FXK6pWBrfkoSDs6A
fdLDbfq+5WKEYUOKf+Dl8zAIV68MuUqAmoGMdTYGGgMxCVMSfzEnESKWevilcI+y
BX8KCMjy1eYvJfrSRC69WCfhpMY1muHPq5H+uFaiV96YOkgGJpTbrIG4LCiHGnc6
FlR2/sCRaye6qBJ5D8+zrGesxWRNQExCGxQkaitk5ZRhlywCLLhxI8E934rrtavB
UH2nc4GuEtfioLkMFOS4Hp/Kh6PnFWU78dGKaDsxwj9+q7i0wa71I0OUhwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFAK8Rqv5JbRSl+WFJtw0TQI2BkBnMB8GA1UdIwQY
MBaAFCk5DsCtyl8HQ9GBFFx4mfmR+2XgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1RrT3dLM0tYd2REMFlFVVhIaVotWkg3WmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9iMzEzOTItMmQxYy00OTM0LWE1OWUt
ZWQ0MzNhYWM3ODI4LzEvQXJ4R3Ffa2x0RktYNVlVbTNEUk5BallHUUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9iMzEzOTItMmQxYy00OTM0LWE1OWUtZWQ0MzNhYWM3ODI4
LzEvS1RrT3dLM0tYd2REMFlFVVhIaVotWkg3WmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAAjAkAwcAKgAeyABh
AwcAKgAeyABjAwcAKgAeyABmAwcAKgAeyAB3MA0GCSqGSIb3DQEBCwUAA4IBAQBY
pVOoKM47WpQn/NTFzIClh/BVwuQQa5dfuWs53ovE4TY2BuBlF/EbI4Yc5iV3F2DB
CuuaytNckPSbS6yWxUfnbAZsfKz9yOALDSRCAXFLmFKDYawDzU8dnuXL2mJ0uRBM
2IhQMdnO/Tmen6Hrh28EXhwz1DgSc5NPw1fuAr8+gOZco94fnHmVQifNQ67KJSpU
t4cvs6L4EzKGLhfWsB7mcya7lnLvKhHd/NuHQNMh6VTQKrtlINb+9/Oy/wpEayYn
br9GreFi1Qba/lu+rpqLNA2d/jOnDmtOEQf5z2bCus+MDKLFFOKHjjLCf5kFkGCr
Nedqxr0CkwvC/ITI+Vf9
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:04:38 2025 by rpki-client