Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/PUFVgG5XTEBa1FkmtV4ycOrJNR8.roa
File: PUFVgG5XTEBa1FkmtV4ycOrJNR8.roa (raw, json)
Hash identifier: N9/tccWzTiDJqufWom2nX/Wb/C0jzwpdRD1YBVzLJfM=
Subject key identifier: 3D:41:55:80:6E:57:4C:40:5A:D4:59:26:B5:5E:32:70:EA:C9:35:1F
Certificate issuer: /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial: 0199E7582A77632D804AF50E9A4372232B95
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/PUFVgG5XTEBa1FkmtV4ycOrJNR8.roa
Signing time: Wed 15 Oct 2025 10:08:58 +0000
ROA not before: Wed 15 Oct 2025 10:08:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 2a0b:a4c0::/32 maxlen: 32
2a0b:a4c1::/32 maxlen: 32
2a0b:a4c2::/32 maxlen: 32
2a0b:a4c3::/32 maxlen: 32
2a0b:a4c4::/32 maxlen: 32
2a0b:a4c5::/32 maxlen: 32
2a0b:a4c6::/32 maxlen: 32
2a0b:a4c7::/32 maxlen: 32
2a0f:63c0::/32 maxlen: 32
2a0f:63c1::/32 maxlen: 32
2a0f:63c2::/32 maxlen: 32
2a0f:63c3::/32 maxlen: 32
2a0f:63c4::/32 maxlen: 32
2a0f:63c5::/32 maxlen: 32
2a0f:63c6::/32 maxlen: 32
2a0f:63c7::/32 maxlen: 32
2a0f:89c0::/32 maxlen: 32
2a0f:89c1::/32 maxlen: 32
2a0f:89c2::/32 maxlen: 32
2a0f:89c3::/32 maxlen: 32
2a0f:89c4::/32 maxlen: 32
2a0f:89c5::/32 maxlen: 32
2a0f:89c6::/32 maxlen: 32
2a0f:89c7::/32 maxlen: 32
2a10:7ac0::/32 maxlen: 32
2a10:7ac1::/32 maxlen: 32
2a10:7ac2::/32 maxlen: 32
2a10:7ac3::/32 maxlen: 32
2a10:7ac4::/32 maxlen: 32
2a10:7ac5::/32 maxlen: 32
2a10:7ac6::/32 maxlen: 32
2a10:7ac7::/32 maxlen: 32
2a13:d0c0::/32 maxlen: 32
2a13:d0c1::/32 maxlen: 32
2a13:d0c2::/32 maxlen: 32
2a13:d0c3::/32 maxlen: 32
2a13:d0c4::/32 maxlen: 32
2a13:d0c5::/32 maxlen: 32
2a13:d0c6::/32 maxlen: 32
2a13:d0c7::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 13:01:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e7:58:2a:77:63:2d:80:4a:f5:0e:9a:43:72:23:2b:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
Validity
Not Before: Oct 15 10:08:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3d4155806e574c405ad45926b55e3270eac9351f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:87:16:ae:7d:64:63:a4:1e:40:c4:a1:6e:31:
26:0f:24:89:98:a6:22:4c:50:d7:14:ac:b3:86:86:
9f:0e:bc:ef:9f:d8:f2:66:60:fa:da:ac:3b:8b:a3:
c5:dc:7c:8c:a8:d7:60:43:35:3f:49:4f:c2:d9:38:
7f:fd:f9:4c:67:cc:01:4d:c2:04:48:b7:6e:36:8a:
16:1c:ae:92:6a:44:64:23:bf:b1:d1:bf:45:99:e4:
ad:c8:76:4b:b2:20:21:36:3b:69:8c:49:7b:b7:d3:
b3:dd:11:9a:71:7d:40:58:a2:59:55:49:57:31:5f:
6c:bf:eb:7b:67:0c:11:e2:d0:4a:04:b7:61:be:2c:
00:33:b6:3e:e5:f3:b1:1c:c4:10:96:db:53:5b:3f:
00:73:09:64:b2:af:f9:0f:54:fe:96:f7:20:4d:c5:
75:56:98:a2:11:c0:61:39:a7:e8:21:e9:02:7a:45:
37:9d:ec:28:12:c9:05:ae:fa:3c:ba:66:44:a4:71:
a0:59:36:08:16:ec:4c:e6:6f:14:83:4f:2a:51:68:
10:52:35:c3:46:51:0a:b5:94:29:19:1b:f2:cb:c0:
8d:cb:a4:e2:6d:ae:8b:d5:88:6d:de:e2:f9:cf:97:
18:ca:fe:67:cd:33:50:da:19:6c:cf:30:cc:fa:2d:
06:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:41:55:80:6E:57:4C:40:5A:D4:59:26:B5:5E:32:70:EA:C9:35:1F
X509v3 Authority Key Identifier:
keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/PUFVgG5XTEBa1FkmtV4ycOrJNR8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0b:a4c0::/29
2a0f:63c0::/29
2a0f:89c0::/29
2a10:7ac0::/29
2a13:d0c0::/29
Signature Algorithm: sha256WithRSAEncryption
5a:07:d0:e9:de:4a:09:12:76:8d:66:06:08:23:f6:12:83:e7:
3a:51:ac:cd:9f:f6:21:85:35:98:b1:12:b7:09:92:ac:23:95:
c5:4f:2f:d9:39:a8:38:06:08:0d:e0:ba:3e:6a:f4:c8:3f:f6:
68:bc:f2:1f:1d:aa:d7:2b:8d:05:ae:37:0c:91:42:c0:b1:3e:
22:05:28:44:0c:40:c0:ab:4d:1b:2c:56:05:f2:f7:ba:7a:f1:
15:ec:cb:72:28:b9:11:ce:8d:68:07:7a:43:78:40:73:ac:a5:
c6:44:c5:0f:e0:a2:0b:fd:08:dc:b0:52:52:df:cf:f2:b9:0e:
c9:49:ab:5a:79:f1:50:1a:2b:80:c9:1e:dd:d9:38:62:98:48:
8a:6b:3f:c8:70:48:ab:de:12:0a:82:90:7a:89:d1:59:b0:96:
f3:13:07:44:81:e5:78:9d:7c:c8:f2:d6:3a:64:d9:10:ee:0a:
de:f5:a9:bd:a1:cd:6a:5c:a2:13:13:aa:7d:aa:4e:24:b1:41:
67:e5:0e:5d:c6:2c:08:86:1e:8e:de:35:1f:09:db:2a:aa:4f:
91:f4:53:07:d6:a3:a1:bf:db:f0:e0:e6:ea:97:a3:ff:ce:75:
50:51:c0:d3:55:7f:2f:8f:a3:12:fe:8e:60:1a:4b:72:9d:a3:
05:f6:91:f4
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZnnWCp3Yy2ASvUOmkNyIyuVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUxMDE1MTAwODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDQxNTU4MDZlNTc0YzQwNWFkNDU5MjZiNTVlMzI3MGVhYzkzNTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4cWrn1kY6QeQMShbjEmDySJmKYi
TFDXFKyzhoafDrzvn9jyZmD62qw7i6PF3HyMqNdgQzU/SU/C2Th//flMZ8wBTcIE
SLduNooWHK6SakRkI7+x0b9FmeStyHZLsiAhNjtpjEl7t9Oz3RGacX1AWKJZVUlX
MV9sv+t7ZwwR4tBKBLdhviwAM7Y+5fOxHMQQlttTWz8Acwlksq/5D1T+lvcgTcV1
VpiiEcBhOafoIekCekU3newoEskFrvo8umZEpHGgWTYIFuxM5m8Ug08qUWgQUjXD
RlEKtZQpGRvyy8CNy6Tiba6L1Yht3uL5z5cYyv5nzTNQ2hlszzDM+i0G2QIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFD1BVYBuV0xAWtRZJrVeMnDqyTUfMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvUFVGVmdHNVhURUJhMUZrbXRWNHljT3JKTlI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzApBAIAAjAjAwUDKgukwAMF
AyoPY8ADBQMqD4nAAwUDKhB6wAMFAyoT0MAwDQYJKoZIhvcNAQELBQADggEBAFoH
0OneSgkSdo1mBggj9hKD5zpRrM2f9iGFNZixErcJkqwjlcVPL9k5qDgGCA3guj5q
9Mg/9mi88h8dqtcrjQWuNwyRQsCxPiIFKEQMQMCrTRssVgXy97p68RXsy3IouRHO
jWgHekN4QHOspcZExQ/gogv9CNywUlLfz/K5DslJq1p58VAaK4DJHt3ZOGKYSIpr
P8hwSKveEgqCkHqJ0VmwlvMTB0SB5XidfMjy1jpk2RDuCt71qb2hzWpcohMTqn2q
TiSxQWflDl3GLAiGHo7eNR8J2yqqT5H0UwfWo6G/2/Dg5uqXo//OdVBRwNNVfy+P
oxL+jmAaS3KdowX2kfQ=
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:35:58 2025 by rpki-client