Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/qE8D3nsEUOLG1NuGsSRIci9iQRY.roa
File: qE8D3nsEUOLG1NuGsSRIci9iQRY.roa (raw, json)
Hash identifier: vOpcrcbGrhK1e/m6LFFrSilITZsrUmccTwgae/Ijt/E=
Subject key identifier: A8:4F:03:DE:7B:04:50:E2:C6:D4:DB:86:B1:24:48:72:2F:62:41:16
Certificate issuer: /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial: 01981ECA85E64A005145038825CFF57D3589
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/qE8D3nsEUOLG1NuGsSRIci9iQRY.roa
Signing time: Fri 18 Jul 2025 18:27:25 +0000
ROA not before: Fri 18 Jul 2025 18:27:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42375
IP address blocks: 2a04:fa00::/29 maxlen: 29
2a11:1540::/29 maxlen: 29
2a11:3440::/29 maxlen: 29
2a11:45c0::/29 maxlen: 29
2a11:4a80::/29 maxlen: 29
2a12:1c40::/29 maxlen: 29
2a12:2ec0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 14:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:1e:ca:85:e6:4a:00:51:45:03:88:25:cf:f5:7d:35:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Validity
Not Before: Jul 18 18:27:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a84f03de7b0450e2c6d4db86b12448722f624116
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:c8:8e:fa:6f:b2:41:ec:a3:3e:bc:e0:af:f1:
b8:d9:5d:c7:d2:e2:44:79:0a:8a:e2:18:6d:3a:3d:
74:81:17:79:f0:40:f1:b5:aa:47:f9:8f:9a:8a:bd:
42:e2:64:f6:94:65:a8:1d:f6:99:c1:ad:16:e2:63:
54:c8:c5:69:a3:34:62:d0:40:c4:91:ec:f0:9c:f1:
83:a2:1a:99:7b:4e:67:70:1c:f2:23:cc:f0:ea:9f:
c1:b8:dd:69:b9:2d:a6:e3:23:59:85:dc:b5:36:44:
3d:f9:93:e7:9d:5a:7e:7a:ba:d8:0d:ad:57:8a:2b:
f0:f9:d3:cb:10:1f:98:98:30:ae:37:c0:c3:87:02:
5a:80:c1:c5:d7:46:f4:73:86:83:96:51:49:a9:53:
1f:a8:2a:43:0f:95:e5:ac:e7:13:f0:d5:0a:98:be:
7e:57:0b:3a:cd:eb:a4:b1:51:20:e5:bd:2e:63:65:
50:df:b9:45:0f:f6:5e:81:29:61:21:66:12:62:c4:
eb:be:d2:ac:86:fd:a8:af:85:45:84:8b:73:ae:45:
08:3c:d4:ec:45:67:fe:08:5e:1f:4b:d4:1c:86:1f:
a4:51:da:b7:a6:14:c0:41:ba:d5:25:30:2a:93:20:
d5:f4:41:ad:d2:77:a6:b9:75:c5:36:ac:dd:6f:34:
4f:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:4F:03:DE:7B:04:50:E2:C6:D4:DB:86:B1:24:48:72:2F:62:41:16
X509v3 Authority Key Identifier:
keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/qE8D3nsEUOLG1NuGsSRIci9iQRY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a04:fa00::/29
2a11:1540::/29
2a11:3440::/29
2a11:45c0::/29
2a11:4a80::/29
2a12:1c40::/29
2a12:2ec0::/29
Signature Algorithm: sha256WithRSAEncryption
70:2e:3a:d0:79:35:a0:fb:4c:c6:1d:f8:be:98:d4:b8:c1:a7:
91:96:2a:c9:ac:b4:23:86:31:32:bb:67:9f:8b:a3:06:69:07:
b3:26:ab:7d:da:b7:66:f8:cd:dc:08:3a:99:d2:5f:8f:9a:c6:
e1:e6:36:b4:a7:e5:39:4e:fe:ba:f3:8a:f6:9f:3a:9c:35:36:
7f:26:90:3c:82:8e:cc:28:d6:82:89:c6:1d:c8:b1:b0:38:b6:
39:40:3b:21:7a:cd:42:13:a6:b6:ff:ef:da:a7:bb:33:1b:ed:
07:87:fd:13:2b:37:08:b1:4f:5d:ba:3b:36:fc:84:8e:3a:c6:
b2:2d:5f:85:d9:b2:81:bb:ea:dc:19:4a:bb:43:69:fa:ee:b6:
24:59:c0:6f:2e:68:41:39:82:59:29:d3:b3:d1:d2:1b:45:79:
4f:11:96:b4:95:b2:97:a9:cf:4b:25:31:02:ba:28:54:d2:24:
76:86:65:b6:35:f5:12:ca:a4:73:11:38:1b:ba:44:68:68:b7:
ab:37:94:a7:d5:32:56:5f:33:b3:f6:2d:6b:12:c7:72:24:c1:
79:d6:13:34:bf:5d:40:b3:d4:31:cf:20:54:8c:1c:37:5d:5e:
45:e4:04:94:21:be:ec:3e:07:30:40:b2:1d:8b:32:0f:0f:88:
5f:ff:bc:48
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZgeyoXmSgBRRQOIJc/1fTWJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUwNzE4MTgyNzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODRmMDNkZTdiMDQ1MGUyYzZkNGRiODZiMTI0NDg3MjJmNjI0MTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8iO+m+yQeyjPrzgr/G42V3H0uJE
eQqK4hhtOj10gRd58EDxtapH+Y+air1C4mT2lGWoHfaZwa0W4mNUyMVpozRi0EDE
kezwnPGDohqZe05ncBzyI8zw6p/BuN1puS2m4yNZhdy1NkQ9+ZPnnVp+errYDa1X
iivw+dPLEB+YmDCuN8DDhwJagMHF10b0c4aDllFJqVMfqCpDD5XlrOcT8NUKmL5+
Vws6zeuksVEg5b0uY2VQ37lFD/ZegSlhIWYSYsTrvtKshv2or4VFhItzrkUIPNTs
RWf+CF4fS9Qchh+kUdq3phTAQbrVJTAqkyDV9EGt0nemuXXFNqzdbzRPfQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFKhPA957BFDixtTbhrEkSHIvYkEWMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvcUU4RDNuc0VVT0xHMU51R3NTUkljaTlpUVJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAAjAxAwUDKgT6AAMF
AyoRFUADBQMqETRAAwUDKhFFwAMFAyoRSoADBQMqEhxAAwUDKhIuwDANBgkqhkiG
9w0BAQsFAAOCAQEAcC460Hk1oPtMxh34vpjUuMGnkZYqyay0I4YxMrtnn4ujBmkH
syarfdq3ZvjN3Ag6mdJfj5rG4eY2tKflOU7+uvOK9p86nDU2fyaQPIKOzCjWgonG
HcixsDi2OUA7IXrNQhOmtv/v2qe7MxvtB4f9Eys3CLFPXbo7NvyEjjrGsi1fhdmy
gbvq3BlKu0Np+u62JFnAby5oQTmCWSnTs9HSG0V5TxGWtJWyl6nPSyUxArooVNIk
doZltjX1EsqkcxE4G7pEaGi3qzeUp9UyVl8zs/YtaxLHciTBedYTNL9dQLPUMc8g
VIwcN11eReQElCG+7D4HMECyHYsyDw+IX/+8SA==
-----END CERTIFICATE-----
Generated at Wed Jul 23 17:16:31 2025 by rpki-client