Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/Pno1SFxbk0xVeOW-JPd8JX-O0mk.roa
File: Pno1SFxbk0xVeOW-JPd8JX-O0mk.roa (raw, json)
Hash identifier: fmuEF5lkwyellcCtxWvoihI9gke5w70i2mKnnNxM4gQ=
Subject key identifier: 3E:7A:35:48:5C:5B:93:4C:55:78:E5:BE:24:F7:7C:25:7F:8E:D2:69
Certificate issuer: /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial: 0197D1B11D757CA9C54C4D9F4DB360C91F6A
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/Pno1SFxbk0xVeOW-JPd8JX-O0mk.roa
Signing time: Thu 03 Jul 2025 19:08:54 +0000
ROA not before: Thu 03 Jul 2025 19:08:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205220
IP address blocks: 5.10.219.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 19:00:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:d1:b1:1d:75:7c:a9:c5:4c:4d:9f:4d:b3:60:c9:1f:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Validity
Not Before: Jul 3 19:08:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3e7a35485c5b934c5578e5be24f77c257f8ed269
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:ad:cb:f5:a1:c1:d3:e4:d7:03:fa:dc:98:bd:
23:9e:da:f8:f7:eb:a3:4d:66:54:b2:97:e1:5c:32:
f4:13:31:ac:c3:26:fd:1c:8c:ae:f4:88:bc:18:9a:
53:a0:25:65:f7:02:db:67:84:80:39:df:1e:40:87:
12:0e:c4:e7:95:ec:71:3d:77:17:c0:df:35:0b:38:
0d:00:85:3c:62:96:6f:41:69:64:dc:ad:39:ea:80:
99:72:9d:6b:da:1f:5c:73:91:be:e8:67:82:3e:c5:
62:4b:e1:06:5d:54:80:ca:1a:99:bb:8c:5f:cc:b0:
e4:d5:dc:1d:79:94:0e:7d:7e:42:46:f3:ea:fe:ae:
58:b9:06:02:e4:9f:0d:22:98:80:fa:72:0a:19:3e:
bc:fe:ee:0c:fd:4d:88:51:f4:ca:b5:c0:5f:1c:2d:
1f:06:0d:83:4f:a5:a2:9a:c5:83:d2:47:70:6a:95:
f0:e3:52:3e:06:2b:2c:cb:05:23:85:a8:c2:a3:fa:
b2:6e:cc:73:aa:7f:ad:51:20:4f:28:58:7c:07:eb:
59:ba:4e:5b:1d:7b:8a:ee:dd:5d:08:d2:88:30:72:
58:98:8c:fb:94:4a:dd:5e:35:ec:2e:5e:cd:0e:5c:
6f:4b:52:d8:e9:33:4f:dc:df:7f:fe:6c:46:4e:87:
f5:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:7A:35:48:5C:5B:93:4C:55:78:E5:BE:24:F7:7C:25:7F:8E:D2:69
X509v3 Authority Key Identifier:
keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/Pno1SFxbk0xVeOW-JPd8JX-O0mk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.10.219.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:85:f2:df:73:f1:63:88:e1:05:ba:8f:f7:50:76:a9:44:0b:
80:f0:04:6d:9e:e1:f6:30:f7:29:11:dc:92:e1:ab:1a:4f:28:
bd:b7:9a:94:98:f3:ad:16:2e:28:50:97:4a:5a:dd:74:47:4b:
22:33:f1:22:dc:96:ee:eb:44:9a:7d:3a:ec:5a:41:4d:dc:6f:
22:43:b2:c8:ec:76:f4:22:d9:6a:94:53:b9:35:37:12:b1:a8:
67:04:6f:db:b8:35:0e:78:b8:83:ac:85:d5:c7:80:3c:40:0f:
ce:f0:81:4c:0d:c1:38:e9:62:fd:2d:69:67:d4:92:0a:60:77:
80:c1:54:13:3b:52:07:a1:69:8f:ef:18:2c:87:9d:cf:52:c4:
36:27:7b:e2:40:6e:4d:4c:c4:cd:30:83:74:06:98:3f:8e:0b:
4c:df:51:53:d4:16:c0:ca:c1:34:a8:a3:88:ed:9b:85:32:5b:
f8:a0:1e:bd:97:4a:fc:72:6d:61:a7:58:d0:12:75:b9:9b:a6:
3a:47:32:87:41:b9:c4:55:30:29:3d:9b:b1:94:4f:11:78:5d:
d7:fd:38:b6:00:d8:4e:b5:73:23:a8:a1:b7:1c:85:34:8d:b9:
f3:60:5c:e1:46:07:c7:52:da:a2:c7:45:a7:22:47:da:4f:8c:
9d:bf:a3:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfRsR11fKnFTE2fTbNgyR9qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjUwNzAzMTkwODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTdhMzU0ODVjNWI5MzRjNTU3OGU1YmUyNGY3N2MyNTdmOGVkMjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2K3L9aHB0+TXA/rcmL0jntr49+uj
TWZUspfhXDL0EzGswyb9HIyu9Ii8GJpToCVl9wLbZ4SAOd8eQIcSDsTnlexxPXcX
wN81CzgNAIU8YpZvQWlk3K056oCZcp1r2h9cc5G+6GeCPsViS+EGXVSAyhqZu4xf
zLDk1dwdeZQOfX5CRvPq/q5YuQYC5J8NIpiA+nIKGT68/u4M/U2IUfTKtcBfHC0f
Bg2DT6WimsWD0kdwapXw41I+BissywUjhajCo/qybsxzqn+tUSBPKFh8B+tZuk5b
HXuK7t1dCNKIMHJYmIz7lErdXjXsLl7NDlxvS1LY6TNP3N9//mxGTof17QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD56NUhcW5NMVXjlviT3fCV/jtJpMB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvUG5vMVNGeGJrMHhWZU9XLUpQZDhKWC1PMG1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQrbMA0G
CSqGSIb3DQEBCwUAA4IBAQBrhfLfc/FjiOEFuo/3UHapRAuA8ARtnuH2MPcpEdyS
4asaTyi9t5qUmPOtFi4oUJdKWt10R0siM/Ei3Jbu60SafTrsWkFN3G8iQ7LI7Hb0
ItlqlFO5NTcSsahnBG/buDUOeLiDrIXVx4A8QA/O8IFMDcE46WL9LWln1JIKYHeA
wVQTO1IHoWmP7xgsh53PUsQ2J3viQG5NTMTNMIN0Bpg/jgtM31FT1BbAysE0qKOI
7ZuFMlv4oB69l0r8cm1hp1jQEnW5m6Y6RzKHQbnEVTApPZuxlE8ReF3X/Ti2ANhO
tXMjqKG3HIU0jbnzYFzhRgfHUtqix0WnIkfaT4ydv6NP
-----END CERTIFICATE-----
Generated at Mon Jul 21 02:05:50 2025 by rpki-client