Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/z7QCcsplgO9PpBTc_2RE7j2eIA0.roa
File: z7QCcsplgO9PpBTc_2RE7j2eIA0.roa (raw, json)
Hash identifier: e5DQJUh9ainCcKeSWdEjJCc8XHMb0I2fNJp0csrqV0g=
Subject key identifier: CF:B4:02:72:CA:65:80:EF:4F:A4:14:DC:FF:64:44:EE:3D:9E:20:0D
Certificate issuer: /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial: 0199B5CF3A086C30F586A4CE3C423A40E2B2
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/z7QCcsplgO9PpBTc_2RE7j2eIA0.roa
Signing time: Sun 05 Oct 2025 19:18:00 +0000
ROA not before: Sun 05 Oct 2025 19:18:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 62513
IP address blocks: 2a0f:b240::/46 maxlen: 48
2a0f:b240:8::/46 maxlen: 48
2a0f:b240:1000::/36 maxlen: 48
2a0f:b240:2000::/36 maxlen: 48
2a0f:b240:3000::/36 maxlen: 48
2a0f:b240:4000::/36 maxlen: 48
2a0f:b240:5800::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 19:01:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:b5:cf:3a:08:6c:30:f5:86:a4:ce:3c:42:3a:40:e2:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Validity
Not Before: Oct 5 19:18:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cfb40272ca6580ef4fa414dcff6444ee3d9e200d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:68:6e:99:9d:4b:b4:2c:20:10:9c:1f:fb:e6:
30:cd:5f:fc:1d:c7:8c:8c:b6:fb:50:37:11:b4:ee:
b6:89:36:45:a7:55:43:72:80:65:fe:5b:2b:53:68:
23:cc:b1:c7:a9:49:aa:f4:4f:cd:ea:8f:b9:35:8b:
26:60:bf:a4:82:36:e4:9b:c7:6e:a4:81:94:0d:56:
f3:73:7e:7b:d9:e3:22:3b:92:e6:6e:f8:01:fd:4e:
d8:20:e2:4d:d6:53:23:ff:44:1c:7e:48:15:38:a8:
01:cc:5f:d5:42:af:41:af:40:e0:5a:fc:c3:65:81:
40:f9:4d:44:0f:89:1a:01:72:81:1d:fa:06:26:41:
f5:2a:b8:f2:d5:74:d2:9c:e9:f9:23:15:71:26:46:
9a:d6:2a:e4:b1:34:69:36:a5:e3:c7:c0:bb:1e:55:
fd:2f:5a:dc:63:ef:7c:7c:89:f4:6f:34:00:a8:25:
d0:9e:38:d7:d1:7f:ed:70:9b:ce:e3:af:d6:08:a4:
90:31:31:4c:1d:d0:b3:35:f6:0f:99:1e:19:37:ca:
72:0c:f8:2b:35:79:6e:d7:47:33:6e:57:9f:f6:e6:
0a:cb:eb:ec:33:dc:7b:73:f8:35:8c:b7:ea:1a:56:
ee:8f:10:dd:13:2f:bc:f9:62:6a:a0:bc:91:77:56:
1b:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:B4:02:72:CA:65:80:EF:4F:A4:14:DC:FF:64:44:EE:3D:9E:20:0D
X509v3 Authority Key Identifier:
keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/z7QCcsplgO9PpBTc_2RE7j2eIA0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:b240::/46
2a0f:b240:8::/46
2a0f:b240:1000::-2a0f:b240:4fff:ffff:ffff:ffff:ffff:ffff
2a0f:b240:5800::/40
Signature Algorithm: sha256WithRSAEncryption
83:18:33:75:8d:4f:31:b0:0b:f0:f0:02:ed:fe:23:bc:fc:6c:
70:7e:74:1c:eb:38:e4:25:fc:7d:01:62:e2:8f:b1:18:5c:78:
48:1c:6a:9e:57:91:81:aa:4d:78:85:b2:b0:0e:b1:f5:5d:80:
00:9e:2d:2f:fd:64:90:bb:2a:12:2d:fb:b9:7c:0d:5a:a9:10:
54:b0:4a:02:1c:0e:d4:03:5e:85:48:ae:2e:83:d7:23:f9:5e:
29:4c:4f:01:58:7a:66:f6:9e:62:a4:9b:63:37:f3:cc:df:56:
11:49:b8:51:7c:45:43:87:6b:79:00:6d:a9:9c:2f:4e:93:ac:
99:7f:59:86:65:19:3f:42:0d:d3:fb:1f:73:5a:e8:4f:f7:d3:
b4:ea:71:4c:90:93:a1:31:e2:b6:b1:61:81:35:d6:02:65:e9:
11:08:db:b5:49:50:5f:92:10:0f:0f:99:7e:dd:11:05:3f:49:
63:c1:70:c2:32:09:a0:ec:87:6a:18:6c:68:ad:b5:ee:26:56:
c7:44:45:f5:b1:03:e1:03:6b:47:fc:60:14:6e:e7:7c:2e:ad:
a7:b4:5c:14:33:93:a6:98:00:95:97:d3:db:c7:d2:24:39:93:
60:4f:56:8c:73:f3:16:fb:a4:70:92:aa:22:58:00:b1:b6:7d:
b8:87:ee:8b
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZm1zzoIbDD1hqTOPEI6QOKyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDA1MTkxODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmI0MDI3MmNhNjU4MGVmNGZhNDE0ZGNmZjY0NDRlZTNkOWUyMDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWhumZ1LtCwgEJwf++YwzV/8HceM
jLb7UDcRtO62iTZFp1VDcoBl/lsrU2gjzLHHqUmq9E/N6o+5NYsmYL+kgjbkm8du
pIGUDVbzc3572eMiO5LmbvgB/U7YIOJN1lMj/0QcfkgVOKgBzF/VQq9Br0DgWvzD
ZYFA+U1ED4kaAXKBHfoGJkH1Krjy1XTSnOn5IxVxJkaa1irksTRpNqXjx8C7HlX9
L1rcY+98fIn0bzQAqCXQnjjX0X/tcJvO46/WCKSQMTFMHdCzNfYPmR4ZN8pyDPgr
NXlu10czblef9uYKy+vsM9x7c/g1jLfqGlbujxDdEy+8+WJqoLyRd1YbZwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFM+0AnLKZYDvT6QU3P9kRO49niANMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvejdRQ2NzcGxnTzlQcEJUY18yUkU3ajJlSUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAAjAsAwcCKg+yQAAA
AwcCKg+yQAAIMBADBgQqD7JAEAMGBCoPskBAAwYAKg+yQFgwDQYJKoZIhvcNAQEL
BQADggEBAIMYM3WNTzGwC/DwAu3+I7z8bHB+dBzrOOQl/H0BYuKPsRhceEgcap5X
kYGqTXiFsrAOsfVdgACeLS/9ZJC7KhIt+7l8DVqpEFSwSgIcDtQDXoVIri6D1yP5
XilMTwFYemb2nmKkm2M388zfVhFJuFF8RUOHa3kAbamcL06TrJl/WYZlGT9CDdP7
H3Na6E/307TqcUyQk6Ex4raxYYE11gJl6REI27VJUF+SEA8PmX7dEQU/SWPBcMIy
CaDsh2oYbGitte4mVsdERfWxA+EDa0f8YBRu53wurae0XBQzk6aYAJWX09vH0iQ5
k2BPVoxz8xb7pHCSqiJYALG2fbiH7os=
-----END CERTIFICATE-----
Generated at Mon Oct 20 03:43:07 2025 by rpki-client