Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/iTJFlrSsWbholkyOYEXXgVs3FiY.roa
File: iTJFlrSsWbholkyOYEXXgVs3FiY.roa (raw, json)
Hash identifier: Jl4uUb/G3mQj8xIpDsHAVqtzDEj+sUXfj7G+zwRxdNk=
Subject key identifier: 89:32:45:96:B4:AC:59:B8:68:96:4C:8E:60:45:D7:81:5B:37:16:26
Certificate issuer: /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial: 01993AB8D4A1F2B13129AA605ED385CC1E53
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/iTJFlrSsWbholkyOYEXXgVs3FiY.roa
Signing time: Thu 11 Sep 2025 21:40:15 +0000
ROA not before: Thu 11 Sep 2025 21:40:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204490
IP address blocks: 2a0e:f04::/32 maxlen: 32
2a0e:f07::/32 maxlen: 32
2a11:15c1::/32 maxlen: 32
2a11:3180::/32 maxlen: 32
2a11:4a04::/32 maxlen: 32
2a11:4a07::/32 maxlen: 32
2a11:7883::/32 maxlen: 32
2a11:8500::/32 maxlen: 32
2a11:8507::/32 maxlen: 32
2a12:4144::/32 maxlen: 32
2a12:4147::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:3a:b8:d4:a1:f2:b1:31:29:aa:60:5e:d3:85:cc:1e:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Validity
Not Before: Sep 11 21:40:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=89324596b4ac59b868964c8e6045d7815b371626
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:8e:40:95:be:c3:cc:e8:d7:26:16:fd:96:df:
aa:b7:46:03:8d:47:97:0c:85:e3:52:3a:74:2f:cd:
0d:76:b7:09:4c:40:ac:5d:a0:96:89:f5:7d:3c:ba:
82:a0:54:8d:a8:2c:f8:76:b1:2e:cf:98:10:5e:00:
8c:7a:ce:8e:a7:05:84:21:8a:ac:cb:8f:1e:2d:44:
22:c1:9a:ac:d8:76:84:dd:08:d2:09:1f:79:66:66:
bc:9e:ce:2c:3a:0a:4c:78:ac:91:ad:4b:30:f2:fb:
20:b2:8b:a0:f8:d1:3f:99:83:eb:f1:ed:5a:f2:1f:
a6:5c:79:63:f0:fe:5e:e2:4b:b8:2e:93:71:7b:73:
21:96:f2:ff:8c:21:1b:a1:d6:73:07:36:41:e4:7f:
a6:f7:a1:46:d6:ed:27:2d:23:d3:9f:c2:e3:bf:81:
96:28:28:5a:d7:28:54:d8:09:27:93:7c:49:eb:b3:
c5:83:f6:bb:07:0f:3b:13:33:8c:db:81:0a:4a:8b:
df:6d:e8:8f:1e:b4:67:5b:30:12:45:58:bb:a9:87:
6f:df:df:93:41:51:67:3f:99:c2:95:3b:be:b4:8f:
a1:9a:9e:8c:bc:17:5e:c8:31:5a:2f:59:61:6f:42:
56:8b:fc:23:34:74:45:6d:d6:c1:ac:a9:13:d4:f5:
93:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:32:45:96:B4:AC:59:B8:68:96:4C:8E:60:45:D7:81:5B:37:16:26
X509v3 Authority Key Identifier:
keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/iTJFlrSsWbholkyOYEXXgVs3FiY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:f04::/32
2a0e:f07::/32
2a11:15c1::/32
2a11:3180::/32
2a11:4a04::/32
2a11:4a07::/32
2a11:7883::/32
2a11:8500::/32
2a11:8507::/32
2a12:4144::/32
2a12:4147::/32
Signature Algorithm: sha256WithRSAEncryption
0e:cb:ad:50:c0:f0:8c:5f:de:bf:fd:67:ff:1f:46:24:2d:3c:
f9:5b:8a:e0:89:01:12:af:02:9c:ba:80:2b:27:6e:ed:ee:80:
8b:e1:94:9a:cc:68:3f:46:42:13:54:3f:7b:a8:eb:d2:1b:3e:
7d:6a:4d:73:c6:f2:9f:ca:da:59:3c:f9:6a:96:7e:86:a0:c2:
a2:2f:fb:c9:9f:20:57:6b:92:9e:44:dc:11:49:be:26:b1:62:
53:46:84:23:b2:df:72:7f:5f:4c:f9:07:5e:84:82:b7:91:88:
63:43:a1:e7:3a:c8:ed:f6:a6:d3:1c:35:2a:f3:d0:b8:5b:46:
52:d2:ae:fd:d0:25:ac:f3:35:54:e4:08:23:2d:b8:bd:c6:cd:
92:7c:4f:d8:60:e8:a9:36:31:d3:44:6e:74:5d:cd:27:2f:29:
ae:13:72:1d:ff:fd:b0:c9:5c:42:3a:ca:8b:e5:f8:dd:b2:27:
61:16:4e:92:f5:c4:94:45:e8:47:2c:ec:70:75:d9:46:a0:ee:
44:55:75:de:42:e8:f9:58:e1:f9:4c:d7:26:61:ea:da:57:41:
95:48:bf:10:bc:2a:73:38:b0:8f:96:7c:f5:bf:03:2f:8a:44:
d2:4b:2c:a7:7b:c0:1c:6b:b3:6b:36:5a:ec:23:c1:76:e3:b4:
84:f6:99:2a
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZk6uNSh8rExKapgXtOFzB5TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwOTExMjE0MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTMyNDU5NmI0YWM1OWI4Njg5NjRjOGU2MDQ1ZDc4MTViMzcxNjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoo5Alb7DzOjXJhb9lt+qt0YDjUeX
DIXjUjp0L80NdrcJTECsXaCWifV9PLqCoFSNqCz4drEuz5gQXgCMes6OpwWEIYqs
y48eLUQiwZqs2HaE3QjSCR95Zma8ns4sOgpMeKyRrUsw8vsgsoug+NE/mYPr8e1a
8h+mXHlj8P5e4ku4LpNxe3MhlvL/jCEbodZzBzZB5H+m96FG1u0nLSPTn8Ljv4GW
KCha1yhU2Aknk3xJ67PFg/a7Bw87EzOM24EKSovfbeiPHrRnWzASRVi7qYdv39+T
QVFnP5nClTu+tI+hmp6MvBdeyDFaL1lhb0JWi/wjNHRFbdbBrKkT1PWTzQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFIkyRZa0rFm4aJZMjmBF14FbNxYmMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvaVRKRmxyU3NXYmhvbGt5T1lFWFhnVnMzRmlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwUAKg4PBAMF
ACoODwcDBQAqERXBAwUAKhExgAMFACoRSgQDBQAqEUoHAwUAKhF4gwMFACoRhQAD
BQAqEYUHAwUAKhJBRAMFACoSQUcwDQYJKoZIhvcNAQELBQADggEBAA7LrVDA8Ixf
3r/9Z/8fRiQtPPlbiuCJARKvApy6gCsnbu3ugIvhlJrMaD9GQhNUP3uo69IbPn1q
TXPG8p/K2lk8+WqWfoagwqIv+8mfIFdrkp5E3BFJviaxYlNGhCOy33J/X0z5B16E
greRiGNDoec6yO32ptMcNSrz0LhbRlLSrv3QJazzNVTkCCMtuL3GzZJ8T9hg6Kk2
MdNEbnRdzScvKa4Tch3//bDJXEI6yovl+N2yJ2EWTpL1xJRF6Ecs7HB12Uag7kRV
dd5C6PlY4flM1yZh6tpXQZVIvxC8KnM4sI+WfPW/Ay+KRNJLLKd7wBxrs2s2Wuwj
wXbjtIT2mSo=
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:49:26 2025 by rpki-client