Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/2Kix2E_9kSD10mNWAOolIV36-W8.roa
File: 2Kix2E_9kSD10mNWAOolIV36-W8.roa (raw, json)
Hash identifier: Qa+Xwbp8GjhKX04UhvlZofH4aML1vYgwf1qwn8HsNb4=
Subject key identifier: D8:A8:B1:D8:4F:FD:91:20:F5:D2:63:56:00:EA:25:21:5D:FA:F9:6F
Certificate issuer: /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial: 0197D4C8DC31658FC550FDF67A3CBD20EB26
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/2Kix2E_9kSD10mNWAOolIV36-W8.roa
Signing time: Fri 04 Jul 2025 09:33:42 +0000
ROA not before: Fri 04 Jul 2025 09:33:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29226
IP address blocks: 2a09:6286::/32 maxlen: 32
2a10:4100::/32 maxlen: 32
2a10:4103::/32 maxlen: 32
2a10:4105::/32 maxlen: 32
2a11:4b44::/32 maxlen: 32
2a11:4b46::/32 maxlen: 32
2a12:a341::/32 maxlen: 32
2a12:a347::/32 maxlen: 32
2a13:3c80::/30 maxlen: 30
2a13:3c84::/30 maxlen: 30
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 16:21:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:d4:c8:dc:31:65:8f:c5:50:fd:f6:7a:3c:bd:20:eb:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Validity
Not Before: Jul 4 09:33:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d8a8b1d84ffd9120f5d2635600ea25215dfaf96f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:82:92:b8:67:39:e1:a1:76:fb:00:2d:b4:75:
18:50:a5:0d:40:cf:d1:5a:8f:1b:f8:ed:9c:5f:4c:
53:d7:57:45:3b:b2:66:11:02:a5:af:07:95:71:32:
f7:d2:c7:23:da:fb:eb:a5:8a:2e:38:5e:d8:86:12:
49:9f:be:f1:4f:8e:aa:bf:6a:3c:02:4d:5f:41:d1:
88:60:f7:86:fb:1a:43:6c:1c:6c:5c:78:bd:09:e3:
ce:bc:d5:af:00:29:cb:31:ba:09:6d:ef:d2:4e:08:
f9:80:63:18:fb:1a:4f:7e:e9:ed:a1:cb:92:2b:d2:
0c:e4:15:28:cc:34:b5:c7:70:d1:2e:a2:ca:c5:10:
e0:38:7b:58:f0:35:d0:7d:1d:3f:49:f4:42:e3:3b:
70:4c:88:bd:ff:b7:1d:b2:a7:49:18:17:7e:77:4e:
74:b2:30:27:8f:d0:a6:d9:e7:c0:ec:73:59:cd:ba:
83:3f:82:fc:06:4e:12:09:5c:da:d0:98:2b:b7:62:
89:9b:47:40:40:3d:d1:31:35:3c:43:12:7a:c0:b8:
ce:22:61:8f:bf:f8:21:e4:40:cb:bd:21:ce:fd:ea:
53:9d:aa:6e:dd:8c:d5:2e:e4:11:c0:7e:16:80:68:
ea:61:0b:bd:3a:29:c0:f3:7b:2e:b5:40:9a:0c:20:
5e:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:A8:B1:D8:4F:FD:91:20:F5:D2:63:56:00:EA:25:21:5D:FA:F9:6F
X509v3 Authority Key Identifier:
keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/2Kix2E_9kSD10mNWAOolIV36-W8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:6286::/32
2a10:4100::/32
2a10:4103::/32
2a10:4105::/32
2a11:4b44::/32
2a11:4b46::/32
2a12:a341::/32
2a12:a347::/32
2a13:3c80::/29
Signature Algorithm: sha256WithRSAEncryption
73:f3:76:ba:df:39:26:ae:6d:17:6b:74:6c:6b:41:cb:ec:68:
c4:93:00:ed:2b:3b:be:59:83:37:02:90:eb:af:0e:c8:77:ff:
30:56:f0:d1:04:36:fb:db:ba:c7:9c:34:38:3c:25:13:0c:1d:
33:a9:78:17:ab:a8:e7:c1:29:13:8a:12:c4:54:de:f0:6e:4f:
c7:6f:1e:36:60:9b:f6:e6:f0:3e:10:8f:10:dd:30:1a:64:15:
54:6c:d9:64:71:57:d0:af:f2:3e:b8:05:a8:34:60:0b:c7:98:
a5:e4:f4:d1:df:0b:83:26:55:c0:75:61:c9:53:f0:c0:4d:6f:
95:29:0b:ac:4e:ed:9c:b5:dd:45:8e:8f:a6:b7:5d:04:15:b6:
a7:78:a6:3a:e3:df:6a:99:8f:2d:6e:98:15:82:d6:38:96:96:
9c:47:61:1a:1f:27:f1:30:62:3c:ec:04:25:5f:3e:47:94:99:
f0:3d:c2:9a:09:cf:9c:5f:f3:16:a1:e9:90:c2:31:61:9b:e2:
88:9f:8b:bc:ee:f1:a8:4f:f6:89:8d:4e:5c:11:d0:0f:03:4b:
25:2d:a7:72:1a:66:5c:a2:be:36:fd:92:54:39:f7:1b:14:e9:
eb:58:e8:18:e9:e0:6b:f0:ee:85:f6:b1:5a:c6:e4:1c:21:fc:
21:76:e7:7d
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZfUyNwxZY/FUP32ejy9IOsmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwNzA0MDkzMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGE4YjFkODRmZmQ5MTIwZjVkMjYzNTYwMGVhMjUyMTVkZmFmOTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYKSuGc54aF2+wAttHUYUKUNQM/R
Wo8b+O2cX0xT11dFO7JmEQKlrweVcTL30scj2vvrpYouOF7YhhJJn77xT46qv2o8
Ak1fQdGIYPeG+xpDbBxsXHi9CePOvNWvACnLMboJbe/STgj5gGMY+xpPfuntocuS
K9IM5BUozDS1x3DRLqLKxRDgOHtY8DXQfR0/SfRC4ztwTIi9/7cdsqdJGBd+d050
sjAnj9Cm2efA7HNZzbqDP4L8Bk4SCVza0Jgrt2KJm0dAQD3RMTU8QxJ6wLjOImGP
v/gh5EDLvSHO/epTnapu3YzVLuQRwH4WgGjqYQu9OinA83sutUCaDCBe9QIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFNiosdhP/ZEg9dJjVgDqJSFd+vlvMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvMktpeDJFXzlrU0QxMG1OV0FPb2xJVjM2LVc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAAjA/AwUAKglihgMF
ACoQQQADBQAqEEEDAwUAKhBBBQMFACoRS0QDBQAqEUtGAwUAKhKjQQMFACoSo0cD
BQMqEzyAMA0GCSqGSIb3DQEBCwUAA4IBAQBz83a63zkmrm0Xa3Rsa0HL7GjEkwDt
Kzu+WYM3ApDrrw7Id/8wVvDRBDb727rHnDQ4PCUTDB0zqXgXq6jnwSkTihLEVN7w
bk/Hbx42YJv25vA+EI8Q3TAaZBVUbNlkcVfQr/I+uAWoNGALx5il5PTR3wuDJlXA
dWHJU/DATW+VKQusTu2ctd1Fjo+mt10EFbaneKY6499qmY8tbpgVgtY4lpacR2Ea
HyfxMGI87AQlXz5HlJnwPcKaCc+cX/MWoemQwjFhm+KIn4u87vGoT/aJjU5cEdAP
A0slLadyGmZcor42/ZJUOfcbFOnrWOgY6eBr8O6F9rFaxuQcIfwhdud9
-----END CERTIFICATE-----
Generated at Mon Jul 21 01:54:22 2025 by rpki-client