Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/fed92a-2120-4326-a0c9-7168ae0b8278/1/I4AtuDZrbSqrgt1jAfNEMLFaaig.roa
File: I4AtuDZrbSqrgt1jAfNEMLFaaig.roa (raw, json)
Hash identifier: 7wTj3H6so/8/7mTO73IV6vt8mViKC1vPmg3wdN+1rZ0=
Subject key identifier: 23:80:2D:B8:36:6B:6D:2A:AB:82:DD:63:01:F3:44:30:B1:5A:6A:28
Certificate issuer: /CN=42f1a24c80fdca329644573ae6d61c9f2e374ed8
Certificate serial: 01983D49D386ED0960F85EC6EA41461EED5B
Authority key identifier: 42:F1:A2:4C:80:FD:CA:32:96:44:57:3A:E6:D6:1C:9F:2E:37:4E:D8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QvGiTID9yjKWRFc65tYcny43Ttg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f1/fed92a-2120-4326-a0c9-7168ae0b8278/1/I4AtuDZrbSqrgt1jAfNEMLFaaig.roa
Signing time: Thu 24 Jul 2025 16:35:05 +0000
ROA not before: Thu 24 Jul 2025 16:35:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5400
IP address blocks: 2a00:2000::/23 maxlen: 23
2a00:2080::/32 maxlen: 32
2a00:2081::/32 maxlen: 32
2a00:2082::/32 maxlen: 32
2a00:2083::/32 maxlen: 32
2a00:2084::/32 maxlen: 32
2a00:2085::/32 maxlen: 32
2a00:2086::/32 maxlen: 32
2a00:2087::/32 maxlen: 32
2a00:2088::/32 maxlen: 32
2a00:2089::/32 maxlen: 32
2a00:208a::/32 maxlen: 32
2a00:208b::/32 maxlen: 32
2a00:208c::/32 maxlen: 32
2a00:208d::/32 maxlen: 32
2a00:2090::/32 maxlen: 32
2a00:2091::/32 maxlen: 32
2a00:2092::/32 maxlen: 32
2a00:2093::/32 maxlen: 32
2a00:2094::/32 maxlen: 32
2a00:2095::/32 maxlen: 32
2a00:2096::/32 maxlen: 32
2a00:2097::/32 maxlen: 32
2a00:2200::/25 maxlen: 25
2a00:2200::/40 maxlen: 40
2a00:2200:200::/40 maxlen: 40
2a00:2200:300::/40 maxlen: 40
2a00:2200:900::/40 maxlen: 40
2a00:2200:b00::/40 maxlen: 40
2a00:2200:d00::/40 maxlen: 40
2a00:2200:5300::/40 maxlen: 40
2a00:2280::/25 maxlen: 25
2a00:2300::/25 maxlen: 25
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f1/fed92a-2120-4326-a0c9-7168ae0b8278/1/QvGiTID9yjKWRFc65tYcny43Ttg.crl
rsync://rpki.ripe.net/repository/DEFAULT/f1/fed92a-2120-4326-a0c9-7168ae0b8278/1/QvGiTID9yjKWRFc65tYcny43Ttg.mft
rsync://rpki.ripe.net/repository/DEFAULT/QvGiTID9yjKWRFc65tYcny43Ttg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Jul 2025 22:00:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:3d:49:d3:86:ed:09:60:f8:5e:c6:ea:41:46:1e:ed:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=42f1a24c80fdca329644573ae6d61c9f2e374ed8
Validity
Not Before: Jul 24 16:35:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=23802db8366b6d2aab82dd6301f34430b15a6a28
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:3b:94:43:ec:61:49:b6:51:8a:cc:fd:c1:d5:
13:79:f8:0b:1d:d3:e2:16:53:90:5c:03:5b:af:9f:
25:3c:73:0d:eb:6d:ce:b3:66:38:77:e9:02:c7:de:
6d:b5:f0:6f:dd:83:c9:3d:8f:39:fe:75:fe:23:87:
61:a6:20:2b:72:7b:38:b5:c7:d7:3f:dd:3b:3f:7c:
58:a5:54:d0:1c:7b:78:5e:01:d9:13:2b:9d:a7:5e:
00:90:0d:fc:1f:0e:73:f8:84:cb:c6:1b:49:26:54:
81:ba:bb:bb:b8:c4:5c:ed:18:eb:5d:28:27:4d:98:
78:cf:dc:35:2c:92:5f:98:7d:ea:14:a6:a7:f7:91:
b8:dc:49:4a:97:66:13:ac:2c:eb:cb:01:75:ad:f9:
c6:45:d1:a4:05:89:da:0e:29:d6:f8:04:18:59:c9:
24:db:e4:ce:a1:5c:f3:00:ab:cf:9c:7a:b8:fc:b6:
82:0e:6c:ae:2f:fc:5e:90:66:ba:3d:fc:cf:35:44:
ba:11:65:a5:e6:74:ec:48:8f:c3:33:b3:b3:aa:58:
a0:29:de:d3:9c:06:72:c0:70:f7:56:8b:16:7f:33:
5e:74:9e:dc:c7:95:8e:62:e4:7a:a6:05:85:af:25:
79:f4:7f:64:17:ca:4a:37:c6:06:4c:48:35:09:f4:
85:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:80:2D:B8:36:6B:6D:2A:AB:82:DD:63:01:F3:44:30:B1:5A:6A:28
X509v3 Authority Key Identifier:
keyid:42:F1:A2:4C:80:FD:CA:32:96:44:57:3A:E6:D6:1C:9F:2E:37:4E:D8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvGiTID9yjKWRFc65tYcny43Ttg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/fed92a-2120-4326-a0c9-7168ae0b8278/1/I4AtuDZrbSqrgt1jAfNEMLFaaig.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/fed92a-2120-4326-a0c9-7168ae0b8278/1/QvGiTID9yjKWRFc65tYcny43Ttg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a00:2000::-2a00:237f:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
5c:ef:50:f9:e9:c1:3b:3d:12:9d:dd:3f:70:4d:99:b4:24:cf:
b2:ed:05:53:61:fd:a2:2f:92:2d:29:33:61:44:5b:01:c8:a2:
ab:b4:33:8f:b6:d8:e6:1c:de:11:14:b8:c2:b7:4e:c6:c5:ff:
ab:e0:bc:bd:42:5e:42:59:16:03:02:42:f6:0f:54:54:96:9e:
8c:9d:da:99:94:9e:16:62:01:26:e0:6d:69:22:e9:9e:fa:04:
28:ed:86:1e:69:9a:0b:48:2b:69:58:c1:0d:37:63:01:a9:05:
a0:f5:09:20:e4:3a:94:d3:37:1c:d0:39:8b:45:5f:c7:16:1e:
a2:5b:4c:a3:d3:53:80:fe:28:6e:22:2a:69:07:1a:18:4b:77:
59:d8:e6:53:2b:50:45:85:7c:00:66:ad:14:4a:ae:d7:a0:cf:
79:9f:57:fa:33:64:dc:f2:23:31:1a:61:00:9e:c7:9f:0e:eb:
2a:c7:cc:60:46:c2:d8:ad:76:49:c2:c6:b1:72:8f:8f:d6:47:
97:0e:c2:4e:b7:53:06:8c:f3:cc:e7:a8:f8:fd:da:8e:24:4e:
92:cf:31:25:3e:d2:b6:e6:ad:5f:35:7c:56:ed:ef:a2:8a:02:
95:06:9b:ff:66:f5:09:63:bb:ec:03:5c:68:be:9e:b3:73:c9:
9b:d9:95:05
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZg9SdOG7Qlg+F7G6kFGHu1bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjFhMjRjODBmZGNhMzI5NjQ0NTczYWU2ZDYxYzlmMmUz
NzRlZDgwHhcNMjUwNzI0MTYzNTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzgwMmRiODM2NmI2ZDJhYWI4MmRkNjMwMWYzNDQzMGIxNWE2YTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjuUQ+xhSbZRisz9wdUTefgLHdPi
FlOQXANbr58lPHMN623Os2Y4d+kCx95ttfBv3YPJPY85/nX+I4dhpiArcns4tcfX
P907P3xYpVTQHHt4XgHZEyudp14AkA38Hw5z+ITLxhtJJlSBuru7uMRc7RjrXSgn
TZh4z9w1LJJfmH3qFKan95G43ElKl2YTrCzrywF1rfnGRdGkBYnaDinW+AQYWckk
2+TOoVzzAKvPnHq4/LaCDmyuL/xekGa6PfzPNUS6EWWl5nTsSI/DM7OzqligKd7T
nAZywHD3VosWfzNedJ7cx5WOYuR6pgWFryV59H9kF8pKN8YGTEg1CfSFlQIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFCOALbg2a20qq4LdYwHzRDCxWmooMB8GA1UdIwQY
MBaAFELxokyA/coylkRXOubWHJ8uN07YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZHaVRJRDl5aktXUkZjNjV0WWNueTQzVHRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9mZWQ5MmEtMjEyMC00MzI2LWEwYzkt
NzE2OGFlMGI4Mjc4LzEvSTRBdHVEWnJiU3FyZ3QxakFmTkVNTEZhYWlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9mZWQ5MmEtMjEyMC00MzI2LWEwYzktNzE2OGFlMGI4Mjc4
LzEvUXZHaVRJRDl5aktXUkZjNjV0WWNueTQzVHRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCgGCCsGAQUFBwEHAQH/BBkwFzAVBAIAAjAPMA0DBAUqACAD
BQcqACMAMA0GCSqGSIb3DQEBCwUAA4IBAQBc71D56cE7PRKd3T9wTZm0JM+y7QVT
Yf2iL5ItKTNhRFsByKKrtDOPttjmHN4RFLjCt07Gxf+r4Ly9Ql5CWRYDAkL2D1RU
lp6MndqZlJ4WYgEm4G1pIume+gQo7YYeaZoLSCtpWMENN2MBqQWg9Qkg5DqU0zcc
0DmLRV/HFh6iW0yj01OA/ihuIippBxoYS3dZ2OZTK1BFhXwAZq0USq7XoM95n1f6
M2Tc8iMxGmEAnsefDusqx8xgRsLYrXZJwsaxco+P1keXDsJOt1MGjPPM56j4/dqO
JE6SzzElPtK25q1fNXxW7e+iigKVBpv/ZvUJY7vsA1xovp6zc8mb2ZUF
-----END CERTIFICATE-----
Generated at Sun Jul 27 07:25:08 2025 by rpki-client