Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/3d013e-9e58-465e-87bb-072fca5ffebe/1/_d5sQjAqDWf1j4CIit8rsE25AME.roa
File: _d5sQjAqDWf1j4CIit8rsE25AME.roa (raw, json)
Hash identifier: RxeX2YNDuil9ac/AHR6OmQjklSZPEl3KjGtvZpjNDfk=
Subject key identifier: FD:DE:6C:42:30:2A:0D:67:F5:8F:80:88:8A:DF:2B:B0:4D:B9:00:C1
Certificate issuer: /CN=ebb016f46de2db5cc3116599ee871c76c2c834c6
Certificate serial: 0199383620EC17D30C1C4C3E44ACBE943B3F
Authority key identifier: EB:B0:16:F4:6D:E2:DB:5C:C3:11:65:99:EE:87:1C:76:C2:C8:34:C6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/67AW9G3i21zDEWWZ7occdsLINMY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/3d013e-9e58-465e-87bb-072fca5ffebe/1/_d5sQjAqDWf1j4CIit8rsE25AME.roa
Signing time: Thu 11 Sep 2025 09:58:15 +0000
ROA not before: Thu 11 Sep 2025 09:58:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209102
IP address blocks: 2.56.128.0/24 maxlen: 24
2.56.129.0/24 maxlen: 24
2.56.130.0/24 maxlen: 24
2a09:c3c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c0/3d013e-9e58-465e-87bb-072fca5ffebe/1/67AW9G3i21zDEWWZ7occdsLINMY.crl
rsync://rpki.ripe.net/repository/DEFAULT/c0/3d013e-9e58-465e-87bb-072fca5ffebe/1/67AW9G3i21zDEWWZ7occdsLINMY.mft
rsync://rpki.ripe.net/repository/DEFAULT/67AW9G3i21zDEWWZ7occdsLINMY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:38:36:20:ec:17:d3:0c:1c:4c:3e:44:ac:be:94:3b:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ebb016f46de2db5cc3116599ee871c76c2c834c6
Validity
Not Before: Sep 11 09:58:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fdde6c42302a0d67f58f80888adf2bb04db900c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:49:33:72:16:28:54:3d:53:ef:f6:50:00:6b:
c3:4b:ff:cd:e0:12:9a:f2:e9:d6:eb:7e:99:f4:70:
04:e9:1c:fa:ad:c8:80:18:1c:ab:60:45:ef:a0:0c:
8e:87:70:aa:d6:9f:29:f2:aa:1a:c5:77:bc:90:f9:
a4:50:e8:f7:b3:82:cd:c9:7f:09:f6:04:cf:16:91:
34:52:a8:23:de:1c:34:cd:6d:63:db:f5:ad:f1:95:
50:e6:ab:c6:11:9c:04:df:12:d6:4f:96:ed:62:d2:
33:df:49:d8:54:d9:c8:5d:2d:5c:81:d7:00:5a:60:
5d:87:00:50:f4:c9:46:93:e6:82:50:7b:ea:14:0e:
fc:9b:ae:95:36:55:6a:c4:5b:58:d3:45:b5:23:29:
43:85:4f:40:6c:a9:60:bb:6b:f1:bf:41:65:c8:6d:
fe:07:d8:17:65:71:41:f8:30:c5:6a:73:61:e5:90:
5f:01:40:e9:e6:bb:0d:09:cd:2f:f9:f4:6a:23:61:
c4:fe:17:b2:4d:a0:55:fd:30:75:bb:3c:47:6e:d7:
ab:11:0c:82:81:ba:2c:88:48:72:c2:6f:32:33:86:
fa:ac:d2:4f:2f:91:8f:eb:27:37:6f:c6:a1:d4:d4:
40:84:14:d8:d2:98:98:fb:a5:f7:2d:5a:38:cf:2e:
9a:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:DE:6C:42:30:2A:0D:67:F5:8F:80:88:8A:DF:2B:B0:4D:B9:00:C1
X509v3 Authority Key Identifier:
keyid:EB:B0:16:F4:6D:E2:DB:5C:C3:11:65:99:EE:87:1C:76:C2:C8:34:C6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/67AW9G3i21zDEWWZ7occdsLINMY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/3d013e-9e58-465e-87bb-072fca5ffebe/1/_d5sQjAqDWf1j4CIit8rsE25AME.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/3d013e-9e58-465e-87bb-072fca5ffebe/1/67AW9G3i21zDEWWZ7occdsLINMY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.128.0-2.56.130.255
IPv6:
2a09:c3c0::/29
Signature Algorithm: sha256WithRSAEncryption
a0:2f:df:b9:dd:77:fd:5f:29:52:f0:e2:15:99:c8:9a:8c:14:
6c:1a:f0:b2:48:0c:7a:f7:88:83:9c:27:26:23:49:9a:a2:2e:
8b:f6:43:e8:d3:61:dd:e6:fb:cd:fb:f5:12:cc:22:a8:47:4b:
db:19:87:38:36:99:f6:f0:7f:39:60:61:5c:b4:b8:f6:55:db:
d0:d7:c1:ae:37:13:4e:93:17:c5:5e:62:3f:6e:41:26:43:c9:
a8:f8:0f:3a:f4:d8:85:4e:92:c2:a7:be:75:2a:c2:05:05:d7:
af:90:be:5d:93:ae:10:57:b6:91:64:88:43:b4:0d:ce:bf:21:
17:6d:13:27:b0:33:50:79:c5:57:32:01:68:08:7a:63:90:62:
cc:95:7f:88:72:e1:b3:7d:45:63:29:14:3a:68:26:2a:68:66:
07:42:9d:72:f0:b2:03:2b:81:af:18:5a:ff:01:fe:12:a1:1e:
b2:ad:7a:9e:cf:01:ec:58:f8:6c:68:ab:db:fb:77:f7:3a:85:
c3:78:58:4c:2a:c4:82:f7:aa:2d:57:12:86:6a:11:b8:60:6f:
5a:92:b5:9a:be:0d:20:b8:dd:22:48:16:d9:7f:14:c3:ca:7c:
3f:aa:02:3e:3a:8e:ed:d3:c2:06:23:92:94:35:e5:2c:dc:3c:
c9:40:3e:1a
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZk4NiDsF9MMHEw+RKy+lDs/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYjAxNmY0NmRlMmRiNWNjMzExNjU5OWVlODcxYzc2YzJj
ODM0YzYwHhcNMjUwOTExMDk1ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGRlNmM0MjMwMmEwZDY3ZjU4ZjgwODg4YWRmMmJiMDRkYjkwMGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA30kzchYoVD1T7/ZQAGvDS//N4BKa
8unW636Z9HAE6Rz6rciAGByrYEXvoAyOh3Cq1p8p8qoaxXe8kPmkUOj3s4LNyX8J
9gTPFpE0Uqgj3hw0zW1j2/Wt8ZVQ5qvGEZwE3xLWT5btYtIz30nYVNnIXS1cgdcA
WmBdhwBQ9MlGk+aCUHvqFA78m66VNlVqxFtY00W1IylDhU9AbKlgu2vxv0FlyG3+
B9gXZXFB+DDFanNh5ZBfAUDp5rsNCc0v+fRqI2HE/heyTaBV/TB1uzxHbterEQyC
gbosiEhywm8yM4b6rNJPL5GP6yc3b8ah1NRAhBTY0piY+6X3LVo4zy6avwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFP3ebEIwKg1n9Y+AiIrfK7BNuQDBMB8GA1UdIwQY
MBaAFOuwFvRt4ttcwxFlme6HHHbCyDTGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjdBVzlHM2kyMXpERVdXWjdvY2Nkc0xJTk1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8zZDAxM2UtOWU1OC00NjVlLTg3YmIt
MDcyZmNhNWZmZWJlLzEvX2Q1c1FqQXFEV2YxajRDSWl0OHJzRTI1QU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8zZDAxM2UtOWU1OC00NjVlLTg3YmItMDcyZmNhNWZmZWJl
LzEvNjdBVzlHM2kyMXpERVdXWjdvY2Nkc0xJTk1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAcCOIAD
BAACOIIwDQQCAAIwBwMFAyoJw8AwDQYJKoZIhvcNAQELBQADggEBAKAv37ndd/1f
KVLw4hWZyJqMFGwa8LJIDHr3iIOcJyYjSZqiLov2Q+jTYd3m+8379RLMIqhHS9sZ
hzg2mfbwfzlgYVy0uPZV29DXwa43E06TF8VeYj9uQSZDyaj4Dzr02IVOksKnvnUq
wgUF16+Qvl2TrhBXtpFkiEO0Dc6/IRdtEyewM1B5xVcyAWgIemOQYsyVf4hy4bN9
RWMpFDpoJipoZgdCnXLwsgMrga8YWv8B/hKhHrKtep7PAexY+Gxoq9v7d/c6hcN4
WEwqxIL3qi1XEoZqEbhgb1qStZq+DSC43SJIFtl/FMPKfD+qAj46ju3TwgYjkpQ1
5SzcPMlAPho=
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:04:28 2025 by rpki-client