Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/Kyzo0yj2Ir-GakHGd4-TMZBRSac.roa
File: Kyzo0yj2Ir-GakHGd4-TMZBRSac.roa (raw, json)
Hash identifier: JcoOgR1pBP0rCJCqmY/SxXH/u9kGd6L/wU/6myIexQw=
Subject key identifier: 2B:2C:E8:D3:28:F6:22:BF:86:6A:41:C6:77:8F:93:31:90:51:49:A7
Certificate issuer: /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial: 0197ADD5D9F797F82E0A632961A56490DC82
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/Kyzo0yj2Ir-GakHGd4-TMZBRSac.roa
Signing time: Thu 26 Jun 2025 20:02:42 +0000
ROA not before: Thu 26 Jun 2025 20:02:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206873
IP address blocks: 2a11:35c7::/32 maxlen: 32
2a11:d386::/32 maxlen: 32
2a12:24c4::/32 maxlen: 32
2a12:41c6::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:ad:d5:d9:f7:97:f8:2e:0a:63:29:61:a5:64:90:dc:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Validity
Not Before: Jun 26 20:02:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2b2ce8d328f622bf866a41c6778f9331905149a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:ba:7d:b9:84:72:5c:93:6d:0a:d0:ca:9c:02:
92:70:bd:c0:1b:02:61:fe:21:ed:08:1f:57:38:4a:
c2:63:55:49:94:0f:13:91:cb:b6:97:bf:27:79:41:
f6:74:10:6f:8c:a8:26:aa:d6:f3:85:73:5d:29:86:
c8:bb:71:56:20:81:be:f8:05:6a:0c:f5:bb:16:fc:
4d:aa:f9:58:e6:59:b7:8d:1c:65:b1:ce:bc:fc:bc:
74:51:d0:e9:96:8b:3e:64:98:43:6c:96:b1:38:41:
4f:65:fd:a9:17:4b:99:9e:ab:b8:82:36:4d:28:ea:
52:9a:ef:74:d8:28:82:12:ef:62:f0:7e:33:6e:c2:
23:3f:d8:13:a5:9a:55:eb:2e:32:24:73:6e:97:39:
81:f6:67:64:b0:1a:f5:d8:93:1e:ae:49:a9:13:d5:
33:4b:bb:85:19:a2:fc:d5:c6:3c:10:3b:06:ea:d2:
a0:8f:c9:f7:83:99:0f:9b:12:c1:67:c6:b3:cc:ea:
b3:be:d9:00:37:20:f9:2e:f9:b5:dd:3d:7c:1d:7d:
d6:2f:1b:d7:79:06:13:e3:2b:c1:10:65:bd:f7:ef:
99:0f:ac:66:31:85:1d:c1:b7:3b:a5:7e:da:a8:18:
df:30:bc:e1:58:f6:78:b4:18:7a:94:a5:bc:b4:f2:
87:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:2C:E8:D3:28:F6:22:BF:86:6A:41:C6:77:8F:93:31:90:51:49:A7
X509v3 Authority Key Identifier:
keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/Kyzo0yj2Ir-GakHGd4-TMZBRSac.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:35c7::/32
2a11:d386::/32
2a12:24c4::/32
2a12:41c6::/32
Signature Algorithm: sha256WithRSAEncryption
78:61:08:47:41:0c:7c:20:b9:b3:84:2c:d5:89:31:09:6c:bf:
cf:b1:35:17:b9:dd:ab:12:d2:76:fb:66:03:57:f7:11:f9:d4:
ad:b0:35:26:73:7b:d5:fc:2c:0c:f4:ae:e6:32:12:e7:21:6d:
87:7c:ee:2a:9c:45:4f:b9:5d:a3:9d:7c:ae:a6:95:a7:34:a9:
ee:95:cc:a7:18:8e:14:c8:c8:c5:ec:7d:14:47:b8:7b:93:a6:
47:a9:ec:c2:fb:69:5b:e8:29:c3:fe:2c:20:82:29:0f:02:99:
6a:1a:26:36:9f:f5:dc:f9:77:f9:43:3e:7e:c7:bf:20:e9:83:
f4:c9:07:22:17:6e:4f:ea:97:6d:3d:26:44:50:2b:a3:18:ec:
b0:e3:c5:17:1f:c6:7a:46:de:dc:aa:70:90:67:68:e6:48:7f:
cb:00:1a:e5:dd:5c:d5:74:a0:cc:0c:cb:6e:9d:31:e6:e7:77:
79:c6:26:ad:7a:af:e6:40:0a:1d:80:7f:4a:22:6c:8d:19:4f:
7b:51:3e:20:5f:3d:84:b6:a9:95:25:41:7a:74:cd:84:31:e3:
b3:4e:11:8c:64:73:2e:7a:9a:5a:51:6e:60:a9:d5:c0:0f:6d:
c2:b0:1b:9f:a0:6a:2a:a1:bd:55:01:d1:55:77:6e:b6:7d:fc:
c0:cb:65:5f
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZet1dn3l/guCmMpYaVkkNyCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjUwNjI2MjAwMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjJjZThkMzI4ZjYyMmJmODY2YTQxYzY3NzhmOTMzMTkwNTE0OWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrp9uYRyXJNtCtDKnAKScL3AGwJh
/iHtCB9XOErCY1VJlA8Tkcu2l78neUH2dBBvjKgmqtbzhXNdKYbIu3FWIIG++AVq
DPW7FvxNqvlY5lm3jRxlsc68/Lx0UdDplos+ZJhDbJaxOEFPZf2pF0uZnqu4gjZN
KOpSmu902CiCEu9i8H4zbsIjP9gTpZpV6y4yJHNulzmB9mdksBr12JMerkmpE9Uz
S7uFGaL81cY8EDsG6tKgj8n3g5kPmxLBZ8azzOqzvtkANyD5Lvm13T18HX3WLxvX
eQYT4yvBEGW99++ZD6xmMYUdwbc7pX7aqBjfMLzhWPZ4tBh6lKW8tPKHnQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFCss6NMo9iK/hmpBxnePkzGQUUmnMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvS3l6bzB5ajJJci1HYWtIR2Q0LVRNWkJSU2FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUAKhE1xwMF
ACoR04YDBQAqEiTEAwUAKhJBxjANBgkqhkiG9w0BAQsFAAOCAQEAeGEIR0EMfCC5
s4Qs1YkxCWy/z7E1F7ndqxLSdvtmA1f3EfnUrbA1JnN71fwsDPSu5jIS5yFth3zu
KpxFT7ldo518rqaVpzSp7pXMpxiOFMjIxex9FEe4e5OmR6nswvtpW+gpw/4sIIIp
DwKZahomNp/13Pl3+UM+fse/IOmD9MkHIhduT+qXbT0mRFAroxjssOPFFx/Gekbe
3KpwkGdo5kh/ywAa5d1c1XSgzAzLbp0x5ud3ecYmrXqv5kAKHYB/SiJsjRlPe1E+
IF89hLaplSVBenTNhDHjs04RjGRzLnqaWlFuYKnVwA9twrAbn6BqKqG9VQHRVXdu
tn38wMtlXw==
-----END CERTIFICATE-----
Generated at Sun Jun 29 05:10:19 2025 by rpki-client