Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/t3925RybJKpzuyJQzvXokPYENvE.roa
File: t3925RybJKpzuyJQzvXokPYENvE.roa (raw, json)
Hash identifier: p5hTmlnfy9kgRKECZU/KUoIzwRM+yqBSMG9cz48tDC0=
Subject key identifier: B7:7F:76:E5:1C:9B:24:AA:73:BB:22:50:CE:F5:E8:90:F6:04:36:F1
Certificate issuer: /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial: 0197F56249332A70F8801AF05221B10B8BE4
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/t3925RybJKpzuyJQzvXokPYENvE.roa
Signing time: Thu 10 Jul 2025 17:29:08 +0000
ROA not before: Thu 10 Jul 2025 17:29:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42375
IP address blocks: 2a09:3700::/32 maxlen: 32
2a09:da41::/32 maxlen: 32
2a09:da42::/32 maxlen: 32
2a09:da43::/32 maxlen: 32
2a0c:ac0::/32 maxlen: 32
2a0c:ac1::/32 maxlen: 32
2a0c:ac2::/32 maxlen: 32
2a0d:adc0::/32 maxlen: 32
2a0d:adc1::/32 maxlen: 32
2a0d:adc2::/32 maxlen: 32
2a0d:adc3::/32 maxlen: 32
2a0e:dfc0::/32 maxlen: 32
2a0e:dfc1::/32 maxlen: 32
2a0e:dfc3::/32 maxlen: 32
2a11:21c0::/32 maxlen: 32
2a11:21c2::/32 maxlen: 32
2a11:21c5::/32 maxlen: 32
2a11:3084::/32 maxlen: 32
2a11:3087::/32 maxlen: 32
2a11:35c0::/32 maxlen: 32
2a11:35c1::/32 maxlen: 32
2a11:35c7::/32 maxlen: 32
2a11:3d00::/32 maxlen: 32
2a11:3d03::/32 maxlen: 32
2a11:3d05::/32 maxlen: 32
2a11:5a41::/32 maxlen: 32
2a11:5a42::/32 maxlen: 32
2a11:5a43::/32 maxlen: 32
2a11:7085::/32 maxlen: 32
2a11:7087::/32 maxlen: 32
2a11:d380::/32 maxlen: 32
2a11:d382::/32 maxlen: 32
2a11:d384::/32 maxlen: 32
2a11:d386::/32 maxlen: 32
2a11:d700::/32 maxlen: 32
2a11:d701::/32 maxlen: 32
2a11:d704::/32 maxlen: 32
2a12:1540::/32 maxlen: 32
2a12:1541::/32 maxlen: 32
2a12:24c0::/32 maxlen: 32
2a12:24c1::/32 maxlen: 32
2a12:24c2::/32 maxlen: 32
2a12:24c4::/32 maxlen: 32
2a12:35c0::/32 maxlen: 32
2a12:35c2::/32 maxlen: 32
2a12:35c5::/32 maxlen: 32
2a12:41c0::/32 maxlen: 32
2a12:41c1::/32 maxlen: 32
2a12:41c6::/32 maxlen: 32
2a12:7300::/32 maxlen: 32
2a12:7302::/32 maxlen: 32
2a14:9700::/32 maxlen: 32
2a14:9701::/32 maxlen: 32
2a14:9702::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 04:00:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:f5:62:49:33:2a:70:f8:80:1a:f0:52:21:b1:0b:8b:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Validity
Not Before: Jul 10 17:29:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b77f76e51c9b24aa73bb2250cef5e890f60436f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:21:96:02:90:88:e0:a3:31:cf:34:17:5b:a5:
1b:a5:00:19:0f:87:5e:60:89:71:b8:ef:a8:eb:91:
22:cc:c6:5d:84:7a:76:95:3e:d2:59:0b:4f:d0:7f:
51:39:ff:e5:f3:74:69:9f:f3:4c:49:1b:04:80:2f:
05:5c:07:9a:dc:27:72:b8:07:56:b9:0b:af:6d:5e:
3a:57:9b:06:eb:05:5f:33:98:c5:48:6b:e8:7e:ae:
f6:46:ab:b0:05:76:a2:13:05:85:dd:88:f3:bd:27:
18:36:9e:db:e7:fe:57:93:9c:f5:63:53:9d:93:c0:
b0:1a:1c:db:f2:41:61:fd:a9:65:19:97:69:83:e1:
5c:b9:a6:25:01:a1:93:f8:6a:6d:15:d8:66:1c:a6:
61:c3:56:c8:33:dc:33:fa:4f:48:81:ce:7b:42:45:
c1:2a:03:fa:94:15:8a:cf:26:f1:f2:18:5f:4b:09:
3d:00:fa:e6:7b:e1:ae:84:c2:b6:78:89:1d:f8:5a:
1c:51:94:94:29:03:7c:0f:de:61:11:01:72:40:63:
50:cd:03:5d:59:0c:1a:8e:d4:72:03:8e:74:a9:5d:
2d:96:8d:26:37:cb:44:58:55:95:30:ab:6e:d3:6f:
9b:86:3b:69:53:b9:8e:69:dd:1b:5c:cb:0b:06:ed:
28:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:7F:76:E5:1C:9B:24:AA:73:BB:22:50:CE:F5:E8:90:F6:04:36:F1
X509v3 Authority Key Identifier:
keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/t3925RybJKpzuyJQzvXokPYENvE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:3700::/32
2a09:da41::-2a09:da43:ffff:ffff:ffff:ffff:ffff:ffff
2a0c:ac0::-2a0c:ac2:ffff:ffff:ffff:ffff:ffff:ffff
2a0d:adc0::/30
2a0e:dfc0::/31
2a0e:dfc3::/32
2a11:21c0::/32
2a11:21c2::/32
2a11:21c5::/32
2a11:3084::/32
2a11:3087::/32
2a11:35c0::/31
2a11:35c7::/32
2a11:3d00::/32
2a11:3d03::/32
2a11:3d05::/32
2a11:5a41::-2a11:5a43:ffff:ffff:ffff:ffff:ffff:ffff
2a11:7085::/32
2a11:7087::/32
2a11:d380::/32
2a11:d382::/32
2a11:d384::/32
2a11:d386::/32
2a11:d700::/31
2a11:d704::/32
2a12:1540::/31
2a12:24c0::-2a12:24c2:ffff:ffff:ffff:ffff:ffff:ffff
2a12:24c4::/32
2a12:35c0::/32
2a12:35c2::/32
2a12:35c5::/32
2a12:41c0::/31
2a12:41c6::/32
2a12:7300::/32
2a12:7302::/32
2a14:9700::-2a14:9702:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
3e:45:9b:c2:90:4a:7b:7c:1d:1d:9a:96:f9:45:a3:b0:45:0b:
2b:32:01:a8:a1:ff:d8:23:76:5e:db:bb:f1:07:4f:6f:48:27:
83:48:02:26:63:fd:af:74:0d:48:d9:21:88:c0:f0:39:4d:66:
10:24:22:d2:45:39:da:7c:20:6e:66:35:2d:c5:38:4b:ba:4a:
81:34:2e:ea:e1:bb:ca:83:79:c8:b4:ac:16:07:4d:6c:07:9b:
a1:8a:d2:35:db:93:03:31:45:03:44:11:36:b5:35:63:ae:17:
b7:91:85:00:e2:aa:01:13:ea:f7:6c:e8:89:a8:77:d0:d7:16:
fd:c8:98:0d:5d:d4:7c:47:c1:92:88:4b:b2:64:33:93:c0:fc:
50:2e:89:51:80:a1:29:07:73:8f:a6:9d:2a:3d:a9:93:67:0a:
27:18:18:09:60:b6:dc:89:60:41:df:d8:fe:c9:6f:c8:c0:62:
b4:c0:2b:ff:3b:97:ad:e8:3e:fe:a4:89:ad:64:e5:ca:bc:73:
90:23:7b:79:7e:c4:04:b1:6c:10:a4:d6:07:a0:b9:c3:87:ca:
d6:65:8a:94:22:ca:88:2b:b9:3a:5b:d2:73:3f:af:74:74:6f:
ac:04:89:1d:1a:f4:5d:eb:e1:ab:61:1f:b0:62:05:76:c5:79:
f4:99:41:2e
-----BEGIN CERTIFICATE-----
MIIGKTCCBRGgAwIBAgISAZf1YkkzKnD4gBrwUiGxC4vkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjUwNzEwMTcyOTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzdmNzZlNTFjOWIyNGFhNzNiYjIyNTBjZWY1ZTg5MGY2MDQzNmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSGWApCI4KMxzzQXW6UbpQAZD4de
YIlxuO+o65EizMZdhHp2lT7SWQtP0H9ROf/l83Rpn/NMSRsEgC8FXAea3CdyuAdW
uQuvbV46V5sG6wVfM5jFSGvofq72RquwBXaiEwWF3YjzvScYNp7b5/5Xk5z1Y1Od
k8CwGhzb8kFh/allGZdpg+FcuaYlAaGT+GptFdhmHKZhw1bIM9wz+k9Igc57QkXB
KgP6lBWKzybx8hhfSwk9APrme+GuhMK2eIkd+FocUZSUKQN8D95hEQFyQGNQzQNd
WQwajtRyA450qV0tlo0mN8tEWFWVMKtu02+bhjtpU7mOad0bXMsLBu0oFQIDAQAB
o4IDNTCCAzEwHQYDVR0OBBYEFLd/duUcmySqc7siUM716JD2BDbxMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvdDM5MjVSeWJKS3B6dXlKUXp2WG9rUFlFTnZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBSQYIKwYBBQUHAQcBAf8EggE4MIIBNDCCATAEAgACMIIB
KAMFACoJNwAwDgMFACoJ2kEDBQIqCdpAMA4DBQYqDArAAwUAKgwKwgMFAioNrcAD
BQEqDt/AAwUAKg7fwwMFACoRIcADBQAqESHCAwUAKhEhxQMFACoRMIQDBQAqETCH
AwUBKhE1wAMFACoRNccDBQAqET0AAwUAKhE9AwMFACoRPQUwDgMFACoRWkEDBQIq
EVpAAwUAKhFwhQMFACoRcIcDBQAqEdOAAwUAKhHTggMFACoR04QDBQAqEdOGAwUB
KhHXAAMFACoR1wQDBQEqEhVAMA4DBQYqEiTAAwUAKhIkwgMFACoSJMQDBQAqEjXA
AwUAKhI1wgMFACoSNcUDBQEqEkHAAwUAKhJBxgMFACoScwADBQAqEnMCMA0DBAAq
FJcDBQAqFJcCMA0GCSqGSIb3DQEBCwUAA4IBAQA+RZvCkEp7fB0dmpb5RaOwRQsr
MgGoof/YI3Ze27vxB09vSCeDSAImY/2vdA1I2SGIwPA5TWYQJCLSRTnafCBuZjUt
xThLukqBNC7q4bvKg3nItKwWB01sB5uhitI125MDMUUDRBE2tTVjrhe3kYUA4qoB
E+r3bOiJqHfQ1xb9yJgNXdR8R8GSiEuyZDOTwPxQLolRgKEpB3OPpp0qPamTZwon
GBgJYLbciWBB39j+yW/IwGK0wCv/O5et6D7+pImtZOXKvHOQI3t5fsQEsWwQpNYH
oLnDh8rWZYqUIsqIK7k6W9JzP690dG+sBIkdGvRd6+GrYR+wYgV2xXn0mUEu
-----END CERTIFICATE-----
Generated at Wed Jul 23 12:27:32 2025 by rpki-client