Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/u_kbu4tkIYiihS4--NXiyToxNhs.roa
File: u_kbu4tkIYiihS4--NXiyToxNhs.roa (raw, json)
Hash identifier: txkFHVV6Yy9iysc9+92y5JAS1DKWEBihN2iYh4NZA9g=
Subject key identifier: BB:F9:1B:BB:8B:64:21:88:A2:85:2E:3E:F8:D5:E2:C9:3A:31:36:1B
Certificate issuer: /CN=979f5ca8c33f134c3c157d48b9c2ae4e91b630bf
Certificate serial: 0197D50C9B1117CDAE924366F6F2445B7EAB
Authority key identifier: 97:9F:5C:A8:C3:3F:13:4C:3C:15:7D:48:B9:C2:AE:4E:91:B6:30:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/u_kbu4tkIYiihS4--NXiyToxNhs.roa
Signing time: Fri 04 Jul 2025 10:47:42 +0000
ROA not before: Fri 04 Jul 2025 10:47:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50028
IP address blocks: 2a0f:d300::/48 maxlen: 48
2a0f:d301::/48 maxlen: 48
2a0f:d302::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.crl
rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.mft
rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Jul 2025 07:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:d5:0c:9b:11:17:cd:ae:92:43:66:f6:f2:44:5b:7e:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=979f5ca8c33f134c3c157d48b9c2ae4e91b630bf
Validity
Not Before: Jul 4 10:47:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bbf91bbb8b642188a2852e3ef8d5e2c93a31361b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:a9:5b:6f:85:43:e0:94:76:cf:62:a0:c2:35:
5e:db:1e:c0:ca:4f:27:43:5e:06:d3:c3:23:47:7b:
39:98:69:11:f0:e3:43:d7:02:b1:64:a0:80:1b:18:
4b:b3:b5:a4:f2:ae:16:c8:2c:91:c4:f8:98:b8:80:
93:3e:04:d1:2f:9e:47:7b:54:e5:26:73:18:09:09:
b1:27:44:96:15:cc:ce:81:6f:17:c4:73:0f:c8:97:
40:7e:3b:e6:c9:a4:99:2b:a1:e1:f0:80:62:37:80:
df:c8:6a:9c:b7:27:a8:6a:1b:17:8a:26:4d:22:98:
bd:4a:e6:2e:50:ee:de:c7:76:81:ed:6e:e8:de:24:
cc:a2:e8:da:e3:24:19:47:2b:53:68:2a:7e:35:b4:
b7:c4:bf:a0:bc:d6:c4:1f:9d:26:e4:78:68:45:37:
33:09:2a:aa:47:f0:c8:5e:25:7c:a3:44:b6:f4:43:
d1:7a:7c:88:e4:07:a6:5b:a0:9a:47:f8:5f:4f:25:
37:ef:0d:a7:50:d6:41:2d:1b:35:3e:d4:db:cc:d9:
10:2d:9d:bf:9b:34:7c:79:0f:13:7c:78:08:cb:bb:
03:22:9e:53:d9:97:49:0d:10:9a:21:2d:3e:b8:88:
ba:7f:fb:a4:20:b1:ca:55:05:33:a9:13:6c:92:44:
07:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:F9:1B:BB:8B:64:21:88:A2:85:2E:3E:F8:D5:E2:C9:3A:31:36:1B
X509v3 Authority Key Identifier:
keyid:97:9F:5C:A8:C3:3F:13:4C:3C:15:7D:48:B9:C2:AE:4E:91:B6:30:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/u_kbu4tkIYiihS4--NXiyToxNhs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:d300::/48
2a0f:d301::/48
2a0f:d302::/48
Signature Algorithm: sha256WithRSAEncryption
8e:28:d2:ad:8c:25:fb:2b:52:65:5e:ef:ba:e8:92:a1:e6:15:
58:77:32:1a:7c:61:cd:f5:99:74:85:ca:c5:a9:0d:23:0a:ff:
a4:3c:69:8f:b2:7d:05:01:47:a5:1e:8b:ac:08:f8:3d:a1:ad:
75:f9:92:0f:9d:bf:19:4a:19:f9:80:e5:28:bb:c5:f1:df:c7:
c7:09:50:9c:ba:db:75:6d:ee:d1:c4:09:15:9b:71:31:85:4d:
9a:84:96:79:dc:bd:5f:0f:65:7f:32:2f:4b:04:d6:7d:c3:1c:
0b:b6:4d:33:15:9a:31:56:2b:4f:56:1e:ad:c2:a4:41:49:08:
13:74:9d:30:f3:d3:3c:7f:10:13:e7:c4:15:41:b6:3a:9f:7d:
e0:b9:3a:c3:ba:62:67:bd:19:c1:f2:de:76:ae:f1:0a:bc:55:
31:91:c5:95:11:cc:c4:e0:a6:10:61:90:60:01:24:c8:81:8c:
98:79:95:50:f3:b4:28:c9:bc:5b:1a:a2:25:dd:26:f4:ec:ba:
8b:9f:69:4f:8b:90:32:81:7e:ee:c6:8b:e6:b6:13:10:f2:a0:
4a:65:cd:a2:f5:68:b8:14:9c:60:84:0d:51:c8:e0:56:59:07:
d9:9c:4b:dd:79:74:24:06:00:b3:01:87:c2:db:d5:a5:f2:1f:
66:b0:b4:d1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZfVDJsRF82ukkNm9vJEW36rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OWY1Y2E4YzMzZjEzNGMzYzE1N2Q0OGI5YzJhZTRlOTFi
NjMwYmYwHhcNMjUwNzA0MTA0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmY5MWJiYjhiNjQyMTg4YTI4NTJlM2VmOGQ1ZTJjOTNhMzEzNjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmalbb4VD4JR2z2KgwjVe2x7Ayk8n
Q14G08MjR3s5mGkR8OND1wKxZKCAGxhLs7Wk8q4WyCyRxPiYuICTPgTRL55He1Tl
JnMYCQmxJ0SWFczOgW8XxHMPyJdAfjvmyaSZK6Hh8IBiN4DfyGqctyeoahsXiiZN
Ipi9SuYuUO7ex3aB7W7o3iTMouja4yQZRytTaCp+NbS3xL+gvNbEH50m5HhoRTcz
CSqqR/DIXiV8o0S29EPRenyI5AemW6CaR/hfTyU37w2nUNZBLRs1PtTbzNkQLZ2/
mzR8eQ8TfHgIy7sDIp5T2ZdJDRCaIS0+uIi6f/ukILHKVQUzqRNskkQHawIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLv5G7uLZCGIooUuPvjV4sk6MTYbMB8GA1UdIwQY
MBaAFJefXKjDPxNMPBV9SLnCrk6RtjC/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDU5Y3FNTV9FMHc4RlgxSXVjS3VUcEcyTUw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9mNjU2MTAtNTlmNi00YWQ2LWE5ZDgt
MTQ3MGFjMzY0ZGQyLzEvdV9rYnU0dGtJWWlpaFM0LS1OWGl5VG94TmhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9mNjU2MTAtNTlmNi00YWQ2LWE5ZDgtMTQ3MGFjMzY0ZGQy
LzEvbDU5Y3FNTV9FMHc4RlgxSXVjS3VUcEcyTUw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKg/TAAAA
AwcAKg/TAQAAAwcAKg/TAgAAMA0GCSqGSIb3DQEBCwUAA4IBAQCOKNKtjCX7K1Jl
Xu+66JKh5hVYdzIafGHN9Zl0hcrFqQ0jCv+kPGmPsn0FAUelHousCPg9oa11+ZIP
nb8ZShn5gOUou8Xx38fHCVCcutt1be7RxAkVm3ExhU2ahJZ53L1fD2V/Mi9LBNZ9
wxwLtk0zFZoxVitPVh6twqRBSQgTdJ0w89M8fxAT58QVQbY6n33guTrDumJnvRnB
8t52rvEKvFUxkcWVEczE4KYQYZBgASTIgYyYeZVQ87QoybxbGqIl3Sb07LqLn2lP
i5AygX7uxovmthMQ8qBKZc2i9Wi4FJxghA1RyOBWWQfZnEvdeXQkBgCzAYfC29Wl
8h9msLTR
-----END CERTIFICATE-----
Generated at Mon Jul 21 12:27:18 2025 by rpki-client