Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/vbkqK2A-5so6LdZx4ga1s9863ZI.roa
File: vbkqK2A-5so6LdZx4ga1s9863ZI.roa (raw, json)
Hash identifier: 533TjtomKdjh/jTDvd0XbmB2CfJKlZIVlQUKaugW/Ok=
Subject key identifier: BD:B9:2A:2B:60:3E:E6:CA:3A:2D:D6:71:E2:06:B5:B3:DF:3A:DD:92
Certificate issuer: /CN=b0b56d10ccad9d69c01856be0afaa17ec682acbf
Certificate serial: 01999C692EB21AA72966B1F4FF5C57E19EE4
Authority key identifier: B0:B5:6D:10:CC:AD:9D:69:C0:18:56:BE:0A:FA:A1:7E:C6:82:AC:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/vbkqK2A-5so6LdZx4ga1s9863ZI.roa
Signing time: Tue 30 Sep 2025 20:56:02 +0000
ROA not before: Tue 30 Sep 2025 20:56:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44620
IP address blocks: 158.94.216.0/24 maxlen: 24
176.97.219.0/24 maxlen: 24
217.11.164.0/24 maxlen: 24
217.11.165.0/24 maxlen: 24
2a01:f900::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.crl
rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.mft
rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 05:01:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:9c:69:2e:b2:1a:a7:29:66:b1:f4:ff:5c:57:e1:9e:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b0b56d10ccad9d69c01856be0afaa17ec682acbf
Validity
Not Before: Sep 30 20:56:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bdb92a2b603ee6ca3a2dd671e206b5b3df3add92
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:a5:d9:66:df:c9:b3:bc:ba:b9:fa:f7:d0:57:
a0:3c:e2:52:45:32:e6:ae:2c:39:c6:dc:ca:5e:20:
d2:71:3c:be:fc:b9:ff:71:47:48:71:56:cf:d0:da:
90:a3:b2:cb:b5:b6:9f:c7:b9:9e:11:cb:c7:d0:2c:
8d:d6:2c:6f:b8:cc:90:4e:40:01:87:69:06:96:1a:
3a:a6:fd:7d:a0:bd:b7:bb:ec:e4:08:20:8d:e7:ef:
4f:2d:8f:bc:eb:c1:ca:8c:03:52:d3:1a:c4:4d:42:
dc:c8:87:ac:38:f1:ad:a3:70:84:23:8e:e6:fe:95:
f4:17:f0:c2:e5:e3:1b:31:7a:cf:87:be:f3:04:31:
1b:4a:af:c6:85:cd:97:72:0f:96:ac:50:9f:31:32:
79:1c:6a:df:53:28:00:e3:ce:20:46:73:36:eb:6b:
89:f1:4d:6b:28:e1:13:58:cf:a7:fe:c9:24:23:13:
5c:8c:e0:8a:a4:f2:ae:01:8a:46:11:29:4a:8a:60:
23:c9:8e:ae:63:89:08:d7:6a:7e:2c:46:7b:1f:50:
f5:1a:89:fc:a7:0b:72:f8:8e:4c:77:e8:a4:83:cd:
23:ae:f0:74:78:77:41:fd:6a:79:f4:6c:b7:b5:c5:
90:f5:a1:ac:10:23:5e:b6:c8:1e:e6:7c:6f:fb:c1:
77:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:B9:2A:2B:60:3E:E6:CA:3A:2D:D6:71:E2:06:B5:B3:DF:3A:DD:92
X509v3 Authority Key Identifier:
keyid:B0:B5:6D:10:CC:AD:9D:69:C0:18:56:BE:0A:FA:A1:7E:C6:82:AC:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/vbkqK2A-5so6LdZx4ga1s9863ZI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
158.94.216.0/24
176.97.219.0/24
217.11.164.0/23
IPv6:
2a01:f900::/29
Signature Algorithm: sha256WithRSAEncryption
77:fa:6e:da:59:72:df:86:a9:fd:0b:8e:bf:d4:eb:45:cb:44:
30:bf:e1:1e:eb:bc:43:18:8d:d0:8a:db:85:51:48:3d:bd:2c:
83:ab:fb:8b:72:34:e7:c1:29:2f:e2:52:11:b1:dc:ba:f5:02:
87:d2:b3:1f:1a:11:e3:c3:87:91:bf:23:ad:ec:c5:e8:f7:0c:
b9:ec:15:2c:fe:1c:e8:ed:8a:d6:f2:a7:71:89:da:46:4c:07:
6a:b5:de:ba:49:bd:49:24:26:9d:2c:b6:c1:73:3a:81:d7:4d:
c0:86:d1:a1:c8:d6:2b:65:a3:ec:e4:16:99:61:b5:43:b8:ac:
95:1d:2b:b2:ac:22:60:b9:b6:f1:a0:5c:3e:f0:3e:eb:8d:c2:
d5:ae:09:0a:35:55:4d:2f:bf:ad:f9:59:c9:98:26:71:ae:a3:
3e:7e:30:36:29:d6:0d:80:1a:f8:de:e3:f1:4e:79:0b:9f:4a:
19:95:5e:cc:8a:25:56:85:7f:cb:ed:8b:5b:4e:07:4b:0e:87:
4a:07:c2:e6:40:df:91:dc:7f:02:32:3a:c9:ed:23:04:20:7d:
05:d1:02:f9:58:ed:c7:ff:33:e0:f6:2b:15:bf:42:40:92:69:
44:39:37:46:87:eb:8f:47:45:a5:6c:2a:be:74:d3:07:03:f2:
f3:3c:b4:69
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZmcaS6yGqcpZrH0/1xX4Z7kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjU2ZDEwY2NhZDlkNjljMDE4NTZiZTBhZmFhMTdlYzY4
MmFjYmYwHhcNMjUwOTMwMjA1NjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGI5MmEyYjYwM2VlNmNhM2EyZGQ2NzFlMjA2YjViM2RmM2FkZDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KXZZt/Js7y6ufr30FegPOJSRTLm
riw5xtzKXiDScTy+/Ln/cUdIcVbP0NqQo7LLtbafx7meEcvH0CyN1ixvuMyQTkAB
h2kGlho6pv19oL23u+zkCCCN5+9PLY+868HKjANS0xrETULcyIesOPGto3CEI47m
/pX0F/DC5eMbMXrPh77zBDEbSq/Ghc2Xcg+WrFCfMTJ5HGrfUygA484gRnM262uJ
8U1rKOETWM+n/skkIxNcjOCKpPKuAYpGESlKimAjyY6uY4kI12p+LEZ7H1D1Gon8
pwty+I5Md+ikg80jrvB0eHdB/Wp59Gy3tcWQ9aGsECNetsge5nxv+8F39QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFL25KitgPubKOi3WceIGtbPfOt2SMB8GA1UdIwQY
MBaAFLC1bRDMrZ1pwBhWvgr6oX7Ggqy/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xWdEVNeXRuV25BR0ZhLUN2cWhmc2FDckw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC82OTQwOWUtMWVjNC00ODlkLWI2MWYt
YTE5Y2M4YTc2ZDA0LzEvdmJrcUsyQS01c282TGRaeDRnYTFzOTg2M1pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC82OTQwOWUtMWVjNC00ODlkLWI2MWYtYTE5Y2M4YTc2ZDA0
LzEvc0xWdEVNeXRuV25BR0ZhLUN2cWhmc2FDckw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAnl7YAwQA
sGHbAwQB2QukMA0EAgACMAcDBQMqAfkAMA0GCSqGSIb3DQEBCwUAA4IBAQB3+m7a
WXLfhqn9C46/1OtFy0Qwv+Ee67xDGI3QituFUUg9vSyDq/uLcjTnwSkv4lIRsdy6
9QKH0rMfGhHjw4eRvyOt7MXo9wy57BUs/hzo7YrW8qdxidpGTAdqtd66Sb1JJCad
LLbBczqB103AhtGhyNYrZaPs5BaZYbVDuKyVHSuyrCJgubbxoFw+8D7rjcLVrgkK
NVVNL7+t+VnJmCZxrqM+fjA2KdYNgBr43uPxTnkLn0oZlV7MiiVWhX/L7YtbTgdL
DodKB8LmQN+R3H8CMjrJ7SMEIH0F0QL5WO3H/zPg9isVv0JAkmlEOTdGh+uPR0Wl
bCq+dNMHA/LzPLRp
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:02:18 2025 by rpki-client