Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/BA5KV0qch7eRwK8iNS7Ginv7mPo.roa
File: BA5KV0qch7eRwK8iNS7Ginv7mPo.roa (raw, json)
Hash identifier: g51hA9Af6Sjh5mXBBikwTAuq5cVrwKqU5G3PZcvqOEg=
Subject key identifier: 04:0E:4A:57:4A:9C:87:B7:91:C0:AF:22:35:2E:C6:8A:7B:FB:98:FA
Certificate issuer: /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial: 019833AF0899824BF76E96872BCAAED5034C
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/BA5KV0qch7eRwK8iNS7Ginv7mPo.roa
Signing time: Tue 22 Jul 2025 19:49:25 +0000
ROA not before: Tue 22 Jul 2025 19:49:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204490
IP address blocks: 2a11:6506::/32 maxlen: 32
2a11:7685::/32 maxlen: 32
2a11:8300::/32 maxlen: 32
2a11:b783::/32 maxlen: 32
2a11:c106::/32 maxlen: 32
2a11:cd00::/32 maxlen: 32
2a11:d084::/32 maxlen: 32
2a12:3b40::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 26 Jul 2025 01:00:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:33:af:08:99:82:4b:f7:6e:96:87:2b:ca:ae:d5:03:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Validity
Not Before: Jul 22 19:49:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=040e4a574a9c87b791c0af22352ec68a7bfb98fa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:41:d9:78:bb:6e:08:3e:ea:7e:41:58:db:d6:
7c:53:64:46:dd:da:ed:3b:2b:55:48:c7:c7:64:dc:
0e:0d:5c:24:d9:68:ec:f0:ae:49:db:11:7b:19:d3:
86:c4:2f:ca:46:41:17:e0:b0:4e:a6:27:82:1f:95:
2f:f1:61:03:18:89:eb:22:9b:97:ab:56:0d:4b:72:
00:1b:4b:31:f0:c4:dd:6e:64:90:9c:27:ea:45:68:
c9:6c:03:f8:c6:0f:3f:e3:9f:c9:f1:50:91:9e:41:
86:a0:8d:85:e2:1e:e6:0b:3e:e9:66:c2:fd:19:36:
cf:7c:d8:eb:dd:ed:37:99:f0:65:e2:51:c2:d6:bc:
d7:4a:7f:23:d9:56:f3:12:1d:5e:df:76:7d:28:19:
b6:67:c0:06:f7:b1:91:ad:aa:e5:da:e4:94:42:6d:
ab:bb:bb:51:fd:0b:33:36:1a:1a:ff:23:8b:30:75:
82:9f:36:66:e6:ae:41:06:06:a1:34:ee:ed:b9:88:
e4:14:55:f7:e1:aa:a9:fc:c3:51:9f:79:dd:d0:0f:
db:dc:34:08:b8:0b:b6:a9:8f:7f:5b:e5:b1:4d:92:
36:67:bc:32:7e:ee:49:58:ea:3e:de:a1:18:c2:16:
0c:8e:c5:3d:8f:76:6a:2d:e2:8b:2a:a7:74:4b:1d:
2a:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:0E:4A:57:4A:9C:87:B7:91:C0:AF:22:35:2E:C6:8A:7B:FB:98:FA
X509v3 Authority Key Identifier:
keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/BA5KV0qch7eRwK8iNS7Ginv7mPo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:6506::/32
2a11:7685::/32
2a11:8300::/32
2a11:b783::/32
2a11:c106::/32
2a11:cd00::/32
2a11:d084::/32
2a12:3b40::/32
Signature Algorithm: sha256WithRSAEncryption
95:81:96:fc:ef:90:49:74:12:d9:57:bc:fb:64:d8:c7:87:be:
8e:f9:e1:b3:e0:06:13:59:4b:c1:ba:28:aa:91:52:d2:16:9e:
01:25:cd:9b:aa:b2:65:51:bd:3e:8d:b2:bb:92:1a:40:29:0c:
07:06:cb:dc:c3:37:40:72:e6:4c:3d:4a:aa:17:f9:ed:96:65:
e8:5b:d9:3b:d9:e1:87:fc:34:b7:1e:06:2b:5c:93:37:5b:a9:
5f:56:eb:ad:5e:c4:ca:0c:1a:53:9a:81:b8:05:22:cb:7c:ba:
fe:e9:2e:76:d2:ca:f7:21:88:2b:b3:36:33:f3:7e:2a:ec:e3:
43:86:39:67:b3:af:d7:c3:43:6a:59:29:4d:25:a5:d2:ea:bc:
6c:55:af:d8:cc:2a:2b:94:73:25:99:9d:e3:58:2f:81:85:95:
fc:d8:d4:7a:64:84:9f:2b:ad:5d:02:bb:41:48:48:e5:03:56:
63:fd:70:7c:46:03:e7:cf:e8:3d:8d:20:60:07:db:ba:ea:15:
ae:67:63:a5:cc:97:c3:d5:ec:80:25:24:06:12:84:85:34:75:
07:56:60:f9:bf:3f:27:0f:48:ab:6d:52:57:b3:e1:d0:53:7c:
19:6c:9a:60:a9:dd:13:2f:53:e6:a2:d1:ca:cf:99:38:17:09:
63:24:76:ea
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZgzrwiZgkv3bpaHK8qu1QNMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwNzIyMTk0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDBlNGE1NzRhOWM4N2I3OTFjMGFmMjIzNTJlYzY4YTdiZmI5OGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkHZeLtuCD7qfkFY29Z8U2RG3drt
OytVSMfHZNwODVwk2Wjs8K5J2xF7GdOGxC/KRkEX4LBOpieCH5Uv8WEDGInrIpuX
q1YNS3IAG0sx8MTdbmSQnCfqRWjJbAP4xg8/45/J8VCRnkGGoI2F4h7mCz7pZsL9
GTbPfNjr3e03mfBl4lHC1rzXSn8j2VbzEh1e33Z9KBm2Z8AG97GRrarl2uSUQm2r
u7tR/QszNhoa/yOLMHWCnzZm5q5BBgahNO7tuYjkFFX34aqp/MNRn3nd0A/b3DQI
uAu2qY9/W+WxTZI2Z7wyfu5JWOo+3qEYwhYMjsU9j3ZqLeKLKqd0Sx0quQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFAQOSldKnIe3kcCvIjUuxop7+5j6MB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvQkE1S1YwcWNoN2VSd0s4aU5TN0dpbnY3bVBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwUAKhFlBgMF
ACoRdoUDBQAqEYMAAwUAKhG3gwMFACoRwQYDBQAqEc0AAwUAKhHQhAMFACoSO0Aw
DQYJKoZIhvcNAQELBQADggEBAJWBlvzvkEl0EtlXvPtk2MeHvo754bPgBhNZS8G6
KKqRUtIWngElzZuqsmVRvT6NsruSGkApDAcGy9zDN0By5kw9SqoX+e2WZehb2TvZ
4Yf8NLceBitckzdbqV9W661exMoMGlOagbgFIst8uv7pLnbSyvchiCuzNjPzfirs
40OGOWezr9fDQ2pZKU0lpdLqvGxVr9jMKiuUcyWZneNYL4GFlfzY1HpkhJ8rrV0C
u0FISOUDVmP9cHxGA+fP6D2NIGAH27rqFa5nY6XMl8PV7IAlJAYShIU0dQdWYPm/
PycPSKttUlez4dBTfBlsmmCp3RMvU+ai0crPmTgXCWMkduo=
-----END CERTIFICATE-----
Generated at Fri Jul 25 11:14:01 2025 by rpki-client