Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/p9P5K0xM7gOW6zydCPng3SuZ7n8.roa
File: p9P5K0xM7gOW6zydCPng3SuZ7n8.roa (raw, json)
Hash identifier: K3+viqWr57xtQCGB1qA5AN7lD3i18qG/Hk+RK0nKQIo=
Subject key identifier: A7:D3:F9:2B:4C:4C:EE:03:96:EB:3C:9D:08:F9:E0:DD:2B:99:EE:7F
Certificate issuer: /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial: 0198C3E46FA22B9ED4C9750D377031AC9ACF
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/p9P5K0xM7gOW6zydCPng3SuZ7n8.roa
Signing time: Tue 19 Aug 2025 19:53:04 +0000
ROA not before: Tue 19 Aug 2025 19:53:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42375
IP address blocks: 2a11:c540::/29 maxlen: 29
2a11:e7c0::/29 maxlen: 29
2a12:1880::/29 maxlen: 29
2a12:4500::/29 maxlen: 29
2a12:5580::/29 maxlen: 29
2a12:6600::/29 maxlen: 29
2a12:8800::/29 maxlen: 29
2a12:9700::/29 maxlen: 29
2a12:9e00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 04:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:c3:e4:6f:a2:2b:9e:d4:c9:75:0d:37:70:31:ac:9a:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Validity
Not Before: Aug 19 19:53:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a7d3f92b4c4cee0396eb3c9d08f9e0dd2b99ee7f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:b3:82:d1:88:c8:5a:bc:ed:4f:dc:43:8b:63:
9d:00:ad:53:8a:99:05:1d:1f:17:b2:47:f8:72:21:
87:d1:a9:b8:b7:3d:51:3f:a1:83:63:fc:63:bd:36:
fa:db:25:b1:b7:d1:ca:09:64:d0:45:79:6a:fa:69:
b2:31:d4:63:74:3d:55:67:ef:1f:ef:c6:e8:38:b0:
0b:31:59:75:3f:86:18:18:17:a0:6f:06:41:76:20:
c4:00:66:18:b6:15:d8:0a:d9:40:a4:f9:27:2f:47:
b5:c5:6a:d1:26:a4:fa:49:5f:f0:c2:96:8a:52:6c:
d8:fe:5f:af:bb:80:83:e1:d6:a5:b1:ce:0f:c2:7d:
bf:bf:26:e6:b5:8d:30:92:a0:2e:7a:e2:17:fc:1f:
73:16:40:c3:3d:b0:9e:e9:58:b5:b7:2e:fb:ba:de:
a3:e2:87:80:19:33:2d:47:55:41:83:d0:1e:23:4c:
22:91:80:d8:3c:cc:96:5f:1e:60:c9:d4:71:23:ed:
36:b2:cb:9f:1b:f9:ef:c0:b1:46:bb:93:3a:8e:bb:
6f:67:81:2e:83:dc:99:8e:6c:a1:91:c2:ee:d8:c8:
20:e8:8b:e4:74:3e:c3:75:5f:d5:62:7b:7c:5b:cb:
cc:8a:1e:a6:26:ec:c8:b6:6b:be:a8:d2:b8:b3:b0:
2c:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:D3:F9:2B:4C:4C:EE:03:96:EB:3C:9D:08:F9:E0:DD:2B:99:EE:7F
X509v3 Authority Key Identifier:
keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/p9P5K0xM7gOW6zydCPng3SuZ7n8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:c540::/29
2a11:e7c0::/29
2a12:1880::/29
2a12:4500::/29
2a12:5580::/29
2a12:6600::/29
2a12:8800::/29
2a12:9700::/29
2a12:9e00::/29
Signature Algorithm: sha256WithRSAEncryption
dc:bc:e1:89:0c:c7:67:b8:ed:be:36:e7:0c:d0:87:fe:0b:7f:
26:ba:44:92:dc:cc:01:51:87:33:ab:6a:3c:97:ae:4f:ec:dd:
3c:67:7d:54:fb:6e:52:e6:a3:b4:a4:dd:b6:b2:cf:b8:e2:37:
2d:21:9b:ab:ee:b1:94:68:42:88:d6:4d:16:dc:6c:35:b4:4e:
08:46:9d:6c:34:f3:a7:18:43:32:46:19:c1:c0:82:d8:29:82:
5e:5a:c7:05:e8:ab:ea:28:81:1a:73:93:8d:e5:97:cd:60:27:
e0:2b:ce:04:33:2b:ae:b4:1d:d2:c7:67:56:bd:e9:4b:26:63:
3b:d7:05:7f:a9:11:85:bb:5c:11:f5:9d:db:d3:8a:64:22:46:
8a:fd:25:96:4d:5e:f2:b4:c3:a5:1f:71:b9:ca:09:4d:67:dd:
48:ca:59:8d:b6:5b:de:f6:93:24:9d:5d:7d:1d:69:c5:f8:ff:
79:67:98:8c:b4:7c:02:4e:9d:38:b7:9d:a3:dd:51:17:f3:ae:
ae:0a:6b:fe:90:a0:bb:8f:8f:dc:52:33:bd:7b:b4:d3:ed:ff:
7f:80:9f:ba:06:6f:70:e3:fe:f7:0e:b2:37:c8:79:fc:6c:21:
9e:0b:9e:b5:de:72:97:38:c3:3e:15:df:c8:d6:ca:f9:57:3a:
71:0a:a3:d4
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZjD5G+iK57UyXUNN3AxrJrPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwODE5MTk1MzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2QzZjkyYjRjNGNlZTAzOTZlYjNjOWQwOGY5ZTBkZDJiOTllZTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbOC0YjIWrztT9xDi2OdAK1TipkF
HR8Xskf4ciGH0am4tz1RP6GDY/xjvTb62yWxt9HKCWTQRXlq+mmyMdRjdD1VZ+8f
78boOLALMVl1P4YYGBegbwZBdiDEAGYYthXYCtlApPknL0e1xWrRJqT6SV/wwpaK
UmzY/l+vu4CD4dalsc4Pwn2/vybmtY0wkqAueuIX/B9zFkDDPbCe6Vi1ty77ut6j
4oeAGTMtR1VBg9AeI0wikYDYPMyWXx5gydRxI+02ssufG/nvwLFGu5M6jrtvZ4Eu
g9yZjmyhkcLu2Mgg6IvkdD7DdV/VYnt8W8vMih6mJuzItmu+qNK4s7AsYQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFKfT+StMTO4Dlus8nQj54N0rme5/MB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvcDlQNUsweE03Z09XNnp5ZENQbmczU3VaN244LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAAjA/AwUDKhHFQAMF
AyoR58ADBQMqEhiAAwUDKhJFAAMFAyoSVYADBQMqEmYAAwUDKhKIAAMFAyoSlwAD
BQMqEp4AMA0GCSqGSIb3DQEBCwUAA4IBAQDcvOGJDMdnuO2+NucM0If+C38mukSS
3MwBUYczq2o8l65P7N08Z31U+25S5qO0pN22ss+44jctIZur7rGUaEKI1k0W3Gw1
tE4IRp1sNPOnGEMyRhnBwILYKYJeWscF6KvqKIEac5ON5ZfNYCfgK84EMyuutB3S
x2dWvelLJmM71wV/qRGFu1wR9Z3b04pkIkaK/SWWTV7ytMOlH3G5yglNZ91IylmN
tlve9pMknV19HWnF+P95Z5iMtHwCTp04t52j3VEX866uCmv+kKC7j4/cUjO9e7TT
7f9/gJ+6Bm9w4/73DrI3yHn8bCGeC5613nKXOMM+Fd/I1sr5VzpxCqPU
-----END CERTIFICATE-----
Generated at Sat Aug 23 14:24:24 2025 by rpki-client