Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/fxPkbMDQAlwTOANdrsOBKwqH0Hg.roa
File: fxPkbMDQAlwTOANdrsOBKwqH0Hg.roa (raw, json)
Hash identifier: jg44nRMLxL6vNgHn4ziGrHXEv3/VAveDEViOrJqfyPc=
Subject key identifier: 7F:13:E4:6C:C0:D0:02:5C:13:38:03:5D:AE:C3:81:2B:0A:87:D0:78
Certificate issuer: /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial: 01983D55BA55BE5B86670BA2A08AE37B6BCD
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/fxPkbMDQAlwTOANdrsOBKwqH0Hg.roa
Signing time: Thu 24 Jul 2025 16:48:05 +0000
ROA not before: Thu 24 Jul 2025 16:48:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199152
IP address blocks: 2a09:da40::/32 maxlen: 32
2a0d:adc4::/32 maxlen: 32
2a11:3d01::/32 maxlen: 32
2a14:9705::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Jul 2025 02:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:3d:55:ba:55:be:5b:86:67:0b:a2:a0:8a:e3:7b:6b:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Validity
Not Before: Jul 24 16:48:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7f13e46cc0d0025c1338035daec3812b0a87d078
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:25:57:91:01:ab:62:8d:28:25:96:d5:e3:ad:
15:2f:c1:11:8c:a8:a6:7e:08:f4:0a:e4:f2:8c:fa:
c9:05:ac:02:5f:24:b3:6c:26:f9:1a:88:8c:cd:22:
4b:60:6e:c7:49:20:ea:5e:53:7e:f3:96:1a:27:bf:
38:28:cd:c7:3b:a3:40:a1:bb:07:8a:c9:a4:c0:92:
cd:95:bb:65:0a:95:39:17:ac:90:c6:b7:cd:19:e6:
13:cd:a6:11:15:36:9b:c6:1f:5d:ca:57:b2:fe:08:
3c:4b:70:0f:ef:74:bb:a6:18:94:b0:6d:fd:4e:a6:
d7:5e:f1:72:94:b0:06:00:60:e8:20:c0:62:d7:42:
ed:e6:45:ad:65:2e:d7:33:83:9b:88:40:0a:e1:8d:
77:40:52:ab:55:f2:c2:02:c5:0f:2d:20:60:cf:3f:
66:39:d9:09:d8:c9:98:a4:4f:41:f1:74:6a:59:ae:
5f:66:d0:5f:1c:0f:6b:a1:66:d6:60:95:10:0d:24:
72:97:d9:8e:f4:2c:62:b7:a7:a4:ac:c5:0c:5a:b6:
cf:b5:80:89:96:fb:77:0c:e5:64:fb:65:be:42:5d:
db:3a:2a:35:08:81:35:c4:12:d5:72:36:e3:7e:5a:
f5:49:68:35:51:71:0a:8c:b1:49:bc:ef:c1:4f:ef:
2f:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:13:E4:6C:C0:D0:02:5C:13:38:03:5D:AE:C3:81:2B:0A:87:D0:78
X509v3 Authority Key Identifier:
keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/fxPkbMDQAlwTOANdrsOBKwqH0Hg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:da40::/32
2a0d:adc4::/32
2a11:3d01::/32
2a14:9705::/32
Signature Algorithm: sha256WithRSAEncryption
4c:d3:e1:00:d7:27:df:65:b2:ad:1f:1f:ef:ff:9e:93:75:b0:
f1:a3:43:4e:a5:62:ef:c5:52:26:c0:e7:44:f2:a3:09:7e:1a:
ad:66:dd:72:0a:e6:0d:3c:ca:b2:ea:7d:0f:f8:5b:21:f5:a0:
9f:c4:85:f7:2e:f2:26:86:31:fc:42:fa:42:24:57:bd:85:fd:
ff:cb:66:3c:08:0c:1b:11:bf:bb:57:7f:9b:61:05:97:3c:3e:
44:54:09:65:53:7b:98:62:48:d4:3b:2b:5b:c1:14:1c:fd:8d:
2b:ca:8e:c2:79:47:d7:c6:73:5d:cc:a4:7e:68:8b:43:c9:9c:
a1:3e:fd:fc:ce:a7:50:00:3b:ce:34:bc:21:f6:70:a0:76:2f:
88:4b:da:48:58:f1:12:c3:e2:8f:77:00:d7:34:6a:39:d7:db:
be:85:5f:bf:9a:27:c3:1f:69:ba:f2:b6:f4:6c:a7:5a:7a:8f:
bd:bb:f3:4f:fd:51:91:9f:8c:3d:2a:c0:fc:a6:5e:67:86:ca:
d4:25:52:98:dc:d3:81:12:62:35:e1:9c:58:31:64:6a:df:b7:
35:fe:48:4a:cd:99:1c:65:1b:56:a1:26:ac:4c:a4:27:d0:0c:
c0:29:34:c0:5d:7a:8d:bc:04:07:e1:c6:da:4c:4b:76:41:94:
a5:bb:07:30
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZg9VbpVvluGZwuioIrje2vNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjUwNzI0MTY0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjEzZTQ2Y2MwZDAwMjVjMTMzODAzNWRhZWMzODEyYjBhODdkMDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyVXkQGrYo0oJZbV460VL8ERjKim
fgj0CuTyjPrJBawCXySzbCb5GoiMzSJLYG7HSSDqXlN+85YaJ784KM3HO6NAobsH
ismkwJLNlbtlCpU5F6yQxrfNGeYTzaYRFTabxh9dyley/gg8S3AP73S7phiUsG39
TqbXXvFylLAGAGDoIMBi10Lt5kWtZS7XM4ObiEAK4Y13QFKrVfLCAsUPLSBgzz9m
OdkJ2MmYpE9B8XRqWa5fZtBfHA9roWbWYJUQDSRyl9mO9Cxit6ekrMUMWrbPtYCJ
lvt3DOVk+2W+Ql3bOio1CIE1xBLVcjbjflr1SWg1UXEKjLFJvO/BT+8vkwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFH8T5GzA0AJcEzgDXa7DgSsKh9B4MB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvZnhQa2JNRFFBbHdUT0FOZHJzT0JLd3FIMEhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUAKgnaQAMF
ACoNrcQDBQAqET0BAwUAKhSXBTANBgkqhkiG9w0BAQsFAAOCAQEATNPhANcn32Wy
rR8f7/+ek3Ww8aNDTqVi78VSJsDnRPKjCX4arWbdcgrmDTzKsup9D/hbIfWgn8SF
9y7yJoYx/EL6QiRXvYX9/8tmPAgMGxG/u1d/m2EFlzw+RFQJZVN7mGJI1DsrW8EU
HP2NK8qOwnlH18ZzXcykfmiLQ8mcoT79/M6nUAA7zjS8IfZwoHYviEvaSFjxEsPi
j3cA1zRqOdfbvoVfv5onwx9puvK29GynWnqPvbvzT/1RkZ+MPSrA/KZeZ4bK1CVS
mNzTgRJiNeGcWDFkat+3Nf5ISs2ZHGUbVqEmrEykJ9AMwCk0wF16jbwEB+HG2kxL
dkGUpbsHMA==
-----END CERTIFICATE-----
Generated at Sat Jul 26 11:02:36 2025 by rpki-client