Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/8hUBZAg1ot5uc88r_U7o-l-F-80.roa
File: 8hUBZAg1ot5uc88r_U7o-l-F-80.roa (raw, json)
Hash identifier: B5mgRRtKRDmMyhL6+Oo4zUe018eCsxxY80vBNBSKaAg=
Subject key identifier: F2:15:01:64:08:35:A2:DE:6E:73:CF:2B:FD:4E:E8:FA:5F:85:FB:CD
Certificate issuer: /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial: 0198D34F449358510602A625DFCD48858DA9
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/8hUBZAg1ot5uc88r_U7o-l-F-80.roa
Signing time: Fri 22 Aug 2025 19:44:04 +0000
ROA not before: Fri 22 Aug 2025 19:44:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205866
IP address blocks: 2a11:4640::/29 maxlen: 29
2a11:c443::/32 maxlen: 32
2a11:e540::/29 maxlen: 29
2a12:1145::/32 maxlen: 32
2a12:3ac0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 04:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:d3:4f:44:93:58:51:06:02:a6:25:df:cd:48:85:8d:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Validity
Not Before: Aug 22 19:44:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f21501640835a2de6e73cf2bfd4ee8fa5f85fbcd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:d7:8c:25:e4:af:9d:a2:10:9d:b8:b5:ff:5d:
a7:ce:c7:f0:6a:5e:c1:36:33:ce:ac:82:b0:79:84:
2d:9a:75:80:bd:3a:2a:45:f0:f4:06:49:0e:31:2b:
88:7f:1c:75:43:e4:c8:cd:5f:39:c0:ef:e3:9d:5a:
e9:82:15:94:d3:d6:f9:02:c7:3a:36:35:22:8d:2e:
60:97:5e:e8:2c:4c:8d:0d:97:67:72:20:50:55:c2:
e4:f8:6d:94:27:ee:40:50:18:a4:30:92:bc:7c:62:
3f:d2:1b:c3:43:a7:e6:c9:98:31:1d:7d:70:a1:4f:
93:f5:1e:12:3b:47:2c:bc:f1:bf:63:de:49:4c:16:
38:21:b1:e3:b8:eb:28:61:19:ab:6e:4f:86:af:e3:
fc:eb:48:85:1b:f3:5e:f8:38:25:fe:4c:f4:fd:1a:
72:dd:92:ba:c1:29:3a:77:86:48:03:86:ec:db:75:
23:bc:94:ad:5b:de:a8:fe:f3:fc:2f:c9:c3:9c:13:
39:4f:d0:34:2a:56:96:95:1f:4f:de:ef:ec:07:05:
af:df:83:90:43:97:a1:ab:e0:04:22:51:c9:1f:09:
80:93:03:24:8f:bd:2b:10:e2:e6:79:d4:b8:5c:6e:
1f:ec:8a:be:b8:eb:3a:23:d3:06:2b:82:f4:2d:2a:
ce:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:15:01:64:08:35:A2:DE:6E:73:CF:2B:FD:4E:E8:FA:5F:85:FB:CD
X509v3 Authority Key Identifier:
keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/8hUBZAg1ot5uc88r_U7o-l-F-80.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:4640::/29
2a11:c443::/32
2a11:e540::/29
2a12:1145::/32
2a12:3ac0::/32
Signature Algorithm: sha256WithRSAEncryption
91:22:bd:0c:49:fb:ea:f7:b4:e3:47:3c:dc:8a:f4:8e:8c:8b:
7f:97:2c:6e:e1:ef:d4:ea:3f:b6:dc:55:bd:bc:8f:ca:67:96:
fb:eb:25:ff:df:86:f9:cf:96:b3:0a:72:b0:9f:ce:7c:92:17:
a8:0f:83:99:41:94:61:b4:34:23:f3:91:b2:e2:91:20:72:f4:
e5:94:c7:5f:66:f6:00:37:1e:46:25:77:3b:09:f5:81:61:cb:
a4:81:48:d2:62:3b:ec:17:a7:7b:92:c8:30:d6:b8:f1:03:e0:
06:40:fb:2a:db:79:9e:b5:04:3f:e7:33:9e:ad:7c:88:fd:6d:
47:fb:7e:51:d0:ad:df:93:d2:80:1b:e2:4d:94:3f:1a:c8:18:
c3:fc:db:fb:68:db:28:37:2d:b9:af:bb:cb:46:45:10:1d:51:
c5:29:8b:d8:bc:26:14:22:3b:35:0b:55:1c:aa:5d:78:cd:14:
f3:79:d0:02:fe:be:28:43:be:2e:c9:44:3c:23:55:3d:20:07:
85:b3:60:2e:e4:7d:72:2a:85:b5:0c:3a:68:07:12:14:4c:53:
30:8a:70:48:21:eb:19:06:d3:36:2a:fa:d1:0d:6f:12:89:8d:
3e:62:20:68:af:01:5a:97:1e:98:81:e3:8b:de:a1:d4:1a:71:
16:8f:f7:87
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZjTT0STWFEGAqYl381IhY2pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwODIyMTk0NDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjE1MDE2NDA4MzVhMmRlNmU3M2NmMmJmZDRlZThmYTVmODVmYmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NeMJeSvnaIQnbi1/12nzsfwal7B
NjPOrIKweYQtmnWAvToqRfD0BkkOMSuIfxx1Q+TIzV85wO/jnVrpghWU09b5Asc6
NjUijS5gl17oLEyNDZdnciBQVcLk+G2UJ+5AUBikMJK8fGI/0hvDQ6fmyZgxHX1w
oU+T9R4SO0csvPG/Y95JTBY4IbHjuOsoYRmrbk+Gr+P860iFG/Ne+Dgl/kz0/Rpy
3ZK6wSk6d4ZIA4bs23UjvJStW96o/vP8L8nDnBM5T9A0KlaWlR9P3u/sBwWv34OQ
Q5ehq+AEIlHJHwmAkwMkj70rEOLmedS4XG4f7Iq+uOs6I9MGK4L0LSrOuQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFPIVAWQINaLebnPPK/1O6PpfhfvNMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvOGhVQlpBZzFvdDV1Yzg4cl9VN28tbC1GLTgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzApBAIAAjAjAwUDKhFGQAMF
ACoRxEMDBQMqEeVAAwUAKhIRRQMFACoSOsAwDQYJKoZIhvcNAQELBQADggEBAJEi
vQxJ++r3tONHPNyK9I6Mi3+XLG7h79TqP7bcVb28j8pnlvvrJf/fhvnPlrMKcrCf
znySF6gPg5lBlGG0NCPzkbLikSBy9OWUx19m9gA3HkYldzsJ9YFhy6SBSNJiO+wX
p3uSyDDWuPED4AZA+yrbeZ61BD/nM56tfIj9bUf7flHQrd+T0oAb4k2UPxrIGMP8
2/to2yg3Lbmvu8tGRRAdUcUpi9i8JhQiOzULVRyqXXjNFPN50AL+vihDvi7JRDwj
VT0gB4WzYC7kfXIqhbUMOmgHEhRMUzCKcEgh6xkG0zYq+tENbxKJjT5iIGivAVqX
HpiB44veodQacRaP94c=
-----END CERTIFICATE-----
Generated at Sat Aug 23 13:53:42 2025 by rpki-client