Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/5DTk5YcbG8f4BhqMET7C12dWXXQ.roa
File: 5DTk5YcbG8f4BhqMET7C12dWXXQ.roa (raw, json)
Hash identifier: +X3oK0rqGYFpmBKMPbPFTQS49FyEXQRL5LJ/fKyeD74=
Subject key identifier: E4:34:E4:E5:87:1B:1B:C7:F8:06:1A:8C:11:3E:C2:D7:67:56:5D:74
Certificate issuer: /CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
Certificate serial: 0198124AE5F042678D65AE3CE83841296A50
Authority key identifier: 79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/5DTk5YcbG8f4BhqMET7C12dWXXQ.roa
Signing time: Wed 16 Jul 2025 08:12:35 +0000
ROA not before: Wed 16 Jul 2025 08:12:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 2a0b:bc40::/29 maxlen: 29
2a10:8840::/29 maxlen: 29
2a10:bdc0::/29 maxlen: 29
2a12:6a40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl
rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.mft
rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 04:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:12:4a:e5:f0:42:67:8d:65:ae:3c:e8:38:41:29:6a:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
Validity
Not Before: Jul 16 08:12:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e434e4e5871b1bc7f8061a8c113ec2d767565d74
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:e3:f6:9a:85:e8:56:d2:7a:58:53:7c:97:5d:
05:94:a6:f8:b6:ec:d0:99:03:e6:dd:e0:04:58:2d:
0e:f0:18:f3:28:25:e4:dc:ee:79:a3:a7:2c:81:3d:
6f:38:ba:7e:69:f5:26:cd:7f:7f:81:c8:22:9a:e1:
5c:a2:63:3e:35:66:96:ad:cb:76:44:82:3d:c0:5d:
06:91:ec:39:d7:db:5c:3c:85:8f:5d:1e:a7:5d:ff:
57:16:dc:00:60:95:14:ff:11:72:0f:0b:2d:66:dc:
1e:2e:a3:b1:3d:64:13:78:e3:84:1f:61:a7:e1:f3:
22:1d:a8:00:25:f4:08:aa:24:53:48:c8:01:e6:81:
b1:06:b0:fa:30:0e:a5:8a:11:13:9a:51:67:e8:45:
61:6e:de:45:8a:36:f0:7d:37:95:b3:62:9d:08:16:
0e:a0:56:f2:49:26:c5:ea:51:2a:ae:e3:86:cc:a4:
9c:bb:71:95:b2:03:84:3b:e0:d4:9a:b7:78:3c:66:
87:dc:f8:a1:34:59:ef:b4:26:cc:1c:6b:04:a9:6b:
75:87:0b:3c:b0:23:9d:4a:d3:85:01:87:b2:80:01:
80:fb:26:bb:ee:7c:a3:1f:e9:eb:3a:b2:43:f2:3c:
ea:23:fc:3c:ea:d9:4c:8d:0c:9d:59:2f:72:a5:05:
e0:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:34:E4:E5:87:1B:1B:C7:F8:06:1A:8C:11:3E:C2:D7:67:56:5D:74
X509v3 Authority Key Identifier:
keyid:79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/5DTk5YcbG8f4BhqMET7C12dWXXQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0b:bc40::/29
2a10:8840::/29
2a10:bdc0::/29
2a12:6a40::/29
Signature Algorithm: sha256WithRSAEncryption
57:e5:12:50:dd:57:7b:76:4b:b5:11:3b:92:fe:84:a7:22:94:
d4:dd:6d:30:01:57:ba:f5:e7:f5:b3:09:f7:c1:25:bc:87:f2:
62:4c:cf:88:ec:c8:65:38:b7:81:4a:b4:72:93:db:e0:2d:3c:
07:4b:31:6f:ee:e0:87:2b:18:e7:8a:96:96:fb:27:92:2f:65:
dc:39:71:09:ae:1f:a4:cd:2b:13:5b:27:bf:8d:3a:d9:9f:02:
1f:e5:f0:88:56:78:00:b7:e4:73:6b:76:e3:ed:f7:9c:ee:1f:
ae:59:ea:79:07:92:36:64:1f:b5:12:a1:ea:64:c7:68:5d:e2:
3b:d4:d4:4a:ae:14:3f:0c:91:49:f6:2e:d8:7f:c6:5b:9d:a0:
98:f7:c4:fa:43:81:00:6e:08:7f:f7:15:7e:da:3e:3c:fd:89:
2f:21:c2:c6:78:6e:56:39:3f:e4:5d:91:8d:0d:4f:8b:72:74:
c2:00:f2:4a:37:ed:c3:0b:7e:33:c0:bb:de:39:cc:f2:04:61:
cd:ef:4d:62:d0:d8:d2:fb:c2:0c:58:2f:d3:a2:30:03:ee:b1:
9f:05:90:21:c2:d2:a2:ec:24:69:8e:23:30:37:fd:55:87:93:
a7:c2:c8:30:12:4b:7b:7e:81:5a:2a:c3:51:b4:0d:31:61:be:
a5:e6:79:7c
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZgSSuXwQmeNZa486DhBKWpQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTg0M2QzYTY3YmYyMDJkMGFlMjNkZjk1ZTE0ZWE4NzFk
OGYxNWQwHhcNMjUwNzE2MDgxMjM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDM0ZTRlNTg3MWIxYmM3ZjgwNjFhOGMxMTNlYzJkNzY3NTY1ZDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOP2moXoVtJ6WFN8l10FlKb4tuzQ
mQPm3eAEWC0O8BjzKCXk3O55o6csgT1vOLp+afUmzX9/gcgimuFcomM+NWaWrct2
RII9wF0Gkew519tcPIWPXR6nXf9XFtwAYJUU/xFyDwstZtweLqOxPWQTeOOEH2Gn
4fMiHagAJfQIqiRTSMgB5oGxBrD6MA6lihETmlFn6EVhbt5FijbwfTeVs2KdCBYO
oFbySSbF6lEqruOGzKScu3GVsgOEO+DUmrd4PGaH3PihNFnvtCbMHGsEqWt1hws8
sCOdStOFAYeygAGA+ya77nyjH+nrOrJD8jzqI/w86tlMjQydWS9ypQXg3wIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFOQ05OWHGxvH+AYajBE+wtdnVl10MB8GA1UdIwQY
MBaAFHmoQ9Ome/IC0K4j35XhTqhx2PFdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEt
YjRkZDIyNzU4OTUxLzEvNURUazVZY2JHOGY0QmhxTUVUN0MxMmRXWFhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEtYjRkZDIyNzU4OTUx
LzEvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUDKgu8QAMF
AyoQiEADBQMqEL3AAwUDKhJqQDANBgkqhkiG9w0BAQsFAAOCAQEAV+USUN1Xe3ZL
tRE7kv6EpyKU1N1tMAFXuvXn9bMJ98ElvIfyYkzPiOzIZTi3gUq0cpPb4C08B0sx
b+7ghysY54qWlvsnki9l3DlxCa4fpM0rE1snv4062Z8CH+XwiFZ4ALfkc2t24+33
nO4frlnqeQeSNmQftRKh6mTHaF3iO9TUSq4UPwyRSfYu2H/GW52gmPfE+kOBAG4I
f/cVfto+PP2JLyHCxnhuVjk/5F2RjQ1Pi3J0wgDySjftwwt+M8C73jnM8gRhze9N
YtDY0vvCDFgv06IwA+6xnwWQIcLSouwkaY4jMDf9VYeTp8LIMBJLe36BWirDUbQN
MWG+peZ5fA==
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:30:11 2025 by rpki-client