Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/4uRgRpGbLoXPg7toWaPiH-1C8Hg.roa
File: 4uRgRpGbLoXPg7toWaPiH-1C8Hg.roa (raw, json)
Hash identifier: RWW+PTSZT30qqVVeyDtR8WjZoVYE1N5EjQjj6pbH+Iw=
Subject key identifier: E2:E4:60:46:91:9B:2E:85:CF:83:BB:68:59:A3:E2:1F:ED:42:F0:78
Certificate issuer: /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial: 019809E4D6F57E94AFB858CF2646E7ED3AB3
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/4uRgRpGbLoXPg7toWaPiH-1C8Hg.roa
Signing time: Mon 14 Jul 2025 17:04:08 +0000
ROA not before: Mon 14 Jul 2025 17:04:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211009
IP address blocks: 2a0a:c380::/32 maxlen: 32
2a11:be83::/32 maxlen: 32
2a12:10c0::/29 maxlen: 29
2a12:15c0::/29 maxlen: 29
2a12:1947::/32 maxlen: 32
2a12:25c0::/29 maxlen: 29
2a12:34c0::/29 maxlen: 29
2a12:4240::/29 maxlen: 29
2a12:7980::/29 maxlen: 29
2a12:c180::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 25 Jul 2025 16:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:09:e4:d6:f5:7e:94:af:b8:58:cf:26:46:e7:ed:3a:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Validity
Not Before: Jul 14 17:04:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e2e46046919b2e85cf83bb6859a3e21fed42f078
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:c1:ca:4b:cd:bf:72:7f:8d:4e:04:0a:d0:6d:
80:de:8c:e9:b0:96:2c:7f:f5:87:c6:08:09:86:d8:
96:49:53:f4:a6:ad:a6:9e:c0:a6:0c:9b:c7:41:0e:
bc:22:97:60:da:97:f2:4c:81:29:30:80:09:96:0b:
cb:66:b2:2c:55:2e:fb:5c:9c:5a:48:85:15:7c:9f:
fb:b4:22:cc:e5:36:84:f9:11:83:e2:31:c2:f9:80:
a8:b4:c5:fe:87:43:9c:9e:1b:1e:ba:51:9e:98:13:
2f:64:f4:de:e3:3a:8c:4d:c2:30:a5:2c:36:de:38:
04:64:33:b2:85:3c:9b:c0:3d:a6:d6:5e:16:88:8e:
2d:e9:d9:85:11:5f:56:11:f0:7e:06:d2:8c:f4:2b:
48:7e:7c:de:80:62:6b:ed:79:bf:ff:9a:88:d0:61:
c4:04:15:a0:6e:ca:58:e2:c4:6e:a0:14:04:34:51:
e2:fd:17:1c:b8:1c:66:24:e4:9d:b8:f6:99:6d:44:
16:88:bd:f8:47:bd:16:39:4d:d1:2f:d8:0c:ee:48:
9c:51:2e:1b:24:39:59:a8:2e:41:64:1b:6b:28:b5:
ba:21:20:e6:74:d9:ae:8b:ca:cd:2d:8b:ef:95:59:
2d:b9:9c:01:00:b6:49:32:f2:7a:62:f5:f1:58:23:
82:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:E4:60:46:91:9B:2E:85:CF:83:BB:68:59:A3:E2:1F:ED:42:F0:78
X509v3 Authority Key Identifier:
keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/4uRgRpGbLoXPg7toWaPiH-1C8Hg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0a:c380::/32
2a11:be83::/32
2a12:10c0::/29
2a12:15c0::/29
2a12:1947::/32
2a12:25c0::/29
2a12:34c0::/29
2a12:4240::/29
2a12:7980::/29
2a12:c180::/29
Signature Algorithm: sha256WithRSAEncryption
8f:58:c7:1b:35:d3:6a:a0:93:04:0e:7b:39:e4:2d:41:6e:d7:
73:b9:19:00:7c:0c:3c:3a:f5:86:98:61:b9:78:c8:23:24:ae:
6f:ca:ca:f6:77:76:cd:f6:a0:83:76:93:df:be:1d:4e:f2:8f:
ad:67:d9:59:9d:67:94:93:92:67:60:aa:80:0a:6f:e7:b2:10:
7b:e0:16:a9:0e:74:13:89:a0:66:6d:40:fa:49:7d:9d:36:c4:
6a:ab:c4:47:1c:44:13:7c:ff:f4:01:94:23:99:2b:2d:64:aa:
03:73:64:15:a8:dd:44:7a:42:9e:e5:93:7b:1a:ce:38:ea:64:
8f:b1:0b:b4:bb:3b:e3:0c:3b:93:1b:cc:73:0f:0f:25:fc:5b:
7e:cb:99:f9:c4:3f:91:36:95:fd:de:ca:25:18:dc:b1:a6:b8:
d2:7e:05:11:d5:db:a1:f7:2a:81:bf:57:1b:3b:14:f1:10:b5:
69:70:a8:61:12:8b:c6:75:92:a4:6d:a3:c7:73:38:b0:c5:27:
3d:b4:98:35:5c:5d:30:e8:da:59:8c:ca:a8:3b:97:cb:10:28:
f2:68:3e:fb:89:69:e9:74:24:48:4f:57:6c:b7:c9:fb:08:84:
59:70:30:7c:f8:d8:46:5c:e7:d4:7e:54:51:db:42:41:9d:5a:
25:d0:05:e4
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZgJ5Nb1fpSvuFjPJkbn7TqzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwNzE0MTcwNDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmU0NjA0NjkxOWIyZTg1Y2Y4M2JiNjg1OWEzZTIxZmVkNDJmMDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsHKS82/cn+NTgQK0G2A3ozpsJYs
f/WHxggJhtiWSVP0pq2mnsCmDJvHQQ68Ipdg2pfyTIEpMIAJlgvLZrIsVS77XJxa
SIUVfJ/7tCLM5TaE+RGD4jHC+YCotMX+h0OcnhseulGemBMvZPTe4zqMTcIwpSw2
3jgEZDOyhTybwD2m1l4WiI4t6dmFEV9WEfB+BtKM9CtIfnzegGJr7Xm//5qI0GHE
BBWgbspY4sRuoBQENFHi/RccuBxmJOSduPaZbUQWiL34R70WOU3RL9gM7kicUS4b
JDlZqC5BZBtrKLW6ISDmdNmui8rNLYvvlVktuZwBALZJMvJ6YvXxWCOCjwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFOLkYEaRmy6Fz4O7aFmj4h/tQvB4MB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvNHVSZ1JwR2JMb1hQZzd0b1dhUGlILTFDOEhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAAjBGAwUAKgrDgAMF
ACoRvoMDBQMqEhDAAwUDKhIVwAMFACoSGUcDBQMqEiXAAwUDKhI0wAMFAyoSQkAD
BQMqEnmAAwUDKhLBgDANBgkqhkiG9w0BAQsFAAOCAQEAj1jHGzXTaqCTBA57OeQt
QW7Xc7kZAHwMPDr1hphhuXjIIySub8rK9nd2zfagg3aT374dTvKPrWfZWZ1nlJOS
Z2CqgApv57IQe+AWqQ50E4mgZm1A+kl9nTbEaqvERxxEE3z/9AGUI5krLWSqA3Nk
FajdRHpCnuWTexrOOOpkj7ELtLs74ww7kxvMcw8PJfxbfsuZ+cQ/kTaV/d7KJRjc
saa40n4FEdXbofcqgb9XGzsU8RC1aXCoYRKLxnWSpG2jx3M4sMUnPbSYNVxdMOja
WYzKqDuXyxAo8mg++4lp6XQkSE9XbLfJ+wiEWXAwfPjYRlzn1H5UUdtCQZ1aJdAF
5A==
-----END CERTIFICATE-----
Generated at Fri Jul 25 01:04:44 2025 by rpki-client