Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/HgbDaGl_dkfMIIO1C9s2L9NOzSg.roa
File: HgbDaGl_dkfMIIO1C9s2L9NOzSg.roa (raw, json)
Hash identifier: CP/AnD4mezfkqsYxRHEd0JgpU0j/68uy3v3lvvhQXTc=
Subject key identifier: 1E:06:C3:68:69:7F:76:47:CC:20:83:B5:0B:DB:36:2F:D3:4E:CD:28
Certificate issuer: /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial: 019976685833B8B7E07E744CFDD72DDF22CF
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/HgbDaGl_dkfMIIO1C9s2L9NOzSg.roa
Signing time: Tue 23 Sep 2025 11:49:33 +0000
ROA not before: Tue 23 Sep 2025 11:49:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12389
IP address blocks: 2a09:6285::/32 maxlen: 32
2a13:3880::/32 maxlen: 32
2a13:3881::/32 maxlen: 32
2a13:3882::/32 maxlen: 32
2a13:3883::/32 maxlen: 32
2a13:3884::/32 maxlen: 32
2a13:3885::/32 maxlen: 32
2a13:3886::/32 maxlen: 32
2a13:3887::/32 maxlen: 32
2a13:93c2::/32 maxlen: 32
2a13:93c4::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:76:68:58:33:b8:b7:e0:7e:74:4c:fd:d7:2d:df:22:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Validity
Not Before: Sep 23 11:49:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1e06c368697f7647cc2083b50bdb362fd34ecd28
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:4c:6b:15:e1:50:15:c7:05:ed:ec:c4:09:04:
95:c3:3a:7e:a9:3d:09:82:8f:6c:d1:e5:0f:d6:df:
a0:80:8f:32:97:13:f1:3f:6a:c5:5c:b2:e3:02:31:
44:63:b7:66:ac:64:87:45:38:d3:2b:eb:fa:0f:db:
70:49:ff:47:29:3f:f4:2c:38:22:d5:86:e1:60:81:
84:19:ab:f0:02:9a:50:ed:aa:2a:32:c1:34:dc:d4:
8a:ba:23:95:31:4b:23:f4:50:70:ad:3b:13:a8:ac:
83:28:b3:cb:c8:25:e8:cd:76:f7:bc:ac:41:e2:5f:
56:41:51:c8:15:45:d4:18:94:84:62:d8:f1:9d:d0:
e2:43:bb:fb:80:0b:58:ab:96:e9:4c:23:24:86:76:
8d:a3:4b:d8:88:aa:32:03:85:06:24:c7:e3:e7:cd:
16:9a:b8:ce:f7:9f:65:5d:c6:46:28:a3:17:aa:e2:
57:98:c3:71:59:27:e8:9d:e2:41:be:e9:5d:ad:00:
96:a6:d7:26:10:d8:71:18:ca:7f:c5:e1:df:da:b8:
b5:8f:0b:13:2a:fc:8d:ed:0c:d5:5b:80:7e:b6:4f:
b5:64:bd:a9:46:55:e9:aa:48:27:c3:69:8d:7b:f1:
89:7e:ef:ba:70:d8:05:c4:d1:03:b3:23:e5:1a:c1:
dd:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:06:C3:68:69:7F:76:47:CC:20:83:B5:0B:DB:36:2F:D3:4E:CD:28
X509v3 Authority Key Identifier:
keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/HgbDaGl_dkfMIIO1C9s2L9NOzSg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:6285::/32
2a13:3880::/29
2a13:93c2::/32
2a13:93c4::/32
Signature Algorithm: sha256WithRSAEncryption
50:44:af:d4:e2:b6:04:ce:35:69:23:5f:09:84:0c:58:df:6c:
c3:98:93:c4:ac:cc:9c:29:51:70:b1:48:9d:ca:16:63:03:04:
97:fc:2b:a9:69:79:35:0a:df:c7:7d:0c:10:f2:f3:2d:6e:dd:
9c:19:8e:59:ad:a8:b6:cc:07:fd:47:ab:36:86:62:14:b4:28:
a5:c3:f7:bc:27:46:41:e1:cd:95:8c:15:08:86:fe:1a:33:bf:
2a:ee:71:bd:a9:30:39:a9:77:31:7b:56:08:48:2a:51:ed:56:
70:bb:d1:45:30:fa:b3:81:13:de:1e:29:f3:e1:86:c8:b3:c2:
74:a4:a7:5f:06:58:b7:c2:5f:42:2b:4e:96:ea:3b:f3:63:ca:
b2:d7:f1:b8:5e:25:08:7e:a7:cd:b7:c6:3b:a6:60:c2:3e:4b:
e5:dc:0e:4d:5e:75:4a:2a:dc:35:f8:73:78:a2:5a:c5:0f:13:
d9:35:bc:51:db:43:44:4f:01:fc:b2:f6:89:27:61:2f:17:2d:
3d:16:e4:03:8b:31:0a:3e:36:29:c6:a4:d7:7a:ff:9c:6d:ed:
ce:89:f0:2b:19:ea:81:ae:d7:a9:e6:1e:96:58:88:89:bb:0f:
71:f9:a3:cd:3e:b5:22:1e:11:20:16:ab:4e:3b:45:b7:80:86:
45:c2:f4:cb
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZl2aFgzuLfgfnRM/dct3yLPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwOTIzMTE0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTA2YzM2ODY5N2Y3NjQ3Y2MyMDgzYjUwYmRiMzYyZmQzNGVjZDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoExrFeFQFccF7ezECQSVwzp+qT0J
go9s0eUP1t+ggI8ylxPxP2rFXLLjAjFEY7dmrGSHRTjTK+v6D9twSf9HKT/0LDgi
1YbhYIGEGavwAppQ7aoqMsE03NSKuiOVMUsj9FBwrTsTqKyDKLPLyCXozXb3vKxB
4l9WQVHIFUXUGJSEYtjxndDiQ7v7gAtYq5bpTCMkhnaNo0vYiKoyA4UGJMfj580W
mrjO959lXcZGKKMXquJXmMNxWSfoneJBvuldrQCWptcmENhxGMp/xeHf2ri1jwsT
KvyN7QzVW4B+tk+1ZL2pRlXpqkgnw2mNe/GJfu+6cNgFxNEDsyPlGsHdqQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFB4Gw2hpf3ZHzCCDtQvbNi/TTs0oMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvSGdiRGFHbF9ka2ZNSUlPMUM5czJMOU5PelNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUAKglihQMF
AyoTOIADBQAqE5PCAwUAKhOTxDANBgkqhkiG9w0BAQsFAAOCAQEAUESv1OK2BM41
aSNfCYQMWN9sw5iTxKzMnClRcLFIncoWYwMEl/wrqWl5NQrfx30MEPLzLW7dnBmO
Wa2otswH/UerNoZiFLQopcP3vCdGQeHNlYwVCIb+GjO/Ku5xvakwOal3MXtWCEgq
Ue1WcLvRRTD6s4ET3h4p8+GGyLPCdKSnXwZYt8JfQitOluo782PKstfxuF4lCH6n
zbfGO6Zgwj5L5dwOTV51SircNfhzeKJaxQ8T2TW8UdtDRE8B/LL2iSdhLxctPRbk
A4sxCj42Kcak13r/nG3tzonwKxnqga7XqeYelliIibsPcfmjzT61Ih4RIBarTjtF
t4CGRcL0yw==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:04:29 2025 by rpki-client