Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/2d26a3-346e-4d0d-ac1e-1d020ece07ea/1/KnbUd5nAcObJx-mFANUZ-3dv9ZE.roa
File: KnbUd5nAcObJx-mFANUZ-3dv9ZE.roa (raw, json)
Hash identifier: J1B+8yhPspHeU/Bm8kDFuArgnyqhlnkM76APcA7nLcw=
Subject key identifier: 2A:76:D4:77:99:C0:70:E6:C9:C7:E9:85:00:D5:19:FB:77:6F:F5:91
Certificate issuer: /CN=66501165645aa80dcba315885cf374acb6d21305
Certificate serial: 01972FEFCFE85205A9B955F84597C9CF34FE
Authority key identifier: 66:50:11:65:64:5A:A8:0D:CB:A3:15:88:5C:F3:74:AC:B6:D2:13:05
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZlARZWRaqA3LoxWIXPN0rLbSEwU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0d/2d26a3-346e-4d0d-ac1e-1d020ece07ea/1/KnbUd5nAcObJx-mFANUZ-3dv9ZE.roa
Signing time: Mon 02 Jun 2025 09:18:54 +0000
ROA not before: Mon 02 Jun 2025 09:18:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6205
IP address blocks: 2001:67c:ac8::/48 maxlen: 48
2001:67c:acc::/48 maxlen: 48
2001:67c:ad0::/48 maxlen: 48
2001:67c:2788::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0d/2d26a3-346e-4d0d-ac1e-1d020ece07ea/1/ZlARZWRaqA3LoxWIXPN0rLbSEwU.crl
rsync://rpki.ripe.net/repository/DEFAULT/0d/2d26a3-346e-4d0d-ac1e-1d020ece07ea/1/ZlARZWRaqA3LoxWIXPN0rLbSEwU.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZlARZWRaqA3LoxWIXPN0rLbSEwU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 15:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:2f:ef:cf:e8:52:05:a9:b9:55:f8:45:97:c9:cf:34:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66501165645aa80dcba315885cf374acb6d21305
Validity
Not Before: Jun 2 09:18:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2a76d47799c070e6c9c7e98500d519fb776ff591
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:77:50:23:80:0a:7a:1e:76:8d:29:25:b9:b7:
fd:2c:c3:be:0f:66:11:4e:56:60:9c:a9:0b:9e:d9:
8c:5d:6c:d5:dc:68:a2:f2:90:5c:f4:8f:9a:30:8b:
1c:a7:93:73:6b:37:78:c4:71:d4:b4:8f:95:44:23:
15:69:c4:1a:b5:4b:ce:68:8c:38:c0:cd:b1:cd:78:
ab:6e:5d:8c:62:68:60:6c:18:12:05:8e:64:5e:fe:
a6:0d:3a:da:3e:72:cc:ff:a9:ad:8f:50:c2:7b:9a:
29:70:78:0d:c9:88:46:6f:7a:90:c1:ec:43:13:bb:
64:52:ab:92:ca:5b:ef:74:51:75:d3:fe:dc:09:24:
13:37:9e:4b:5d:b5:5a:3a:d3:6f:3e:24:ff:59:f9:
2f:a8:31:d2:72:9c:78:4b:2f:6e:73:37:64:46:78:
10:4b:13:1e:1d:e0:5a:71:86:19:52:5f:41:10:9e:
a3:47:48:8d:e7:ce:3f:37:4f:83:35:f1:48:b9:09:
28:ee:0e:c3:de:74:8c:8e:9c:86:4c:a3:ee:e2:5a:
c3:92:5f:ea:d4:df:ce:8e:43:6b:01:40:81:78:2d:
ae:22:af:16:f1:1a:53:ec:eb:b7:e1:6d:35:aa:a1:
82:44:ac:0f:f3:63:ba:0e:94:5e:31:67:12:63:4d:
63:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:76:D4:77:99:C0:70:E6:C9:C7:E9:85:00:D5:19:FB:77:6F:F5:91
X509v3 Authority Key Identifier:
keyid:66:50:11:65:64:5A:A8:0D:CB:A3:15:88:5C:F3:74:AC:B6:D2:13:05
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZlARZWRaqA3LoxWIXPN0rLbSEwU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/2d26a3-346e-4d0d-ac1e-1d020ece07ea/1/KnbUd5nAcObJx-mFANUZ-3dv9ZE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/2d26a3-346e-4d0d-ac1e-1d020ece07ea/1/ZlARZWRaqA3LoxWIXPN0rLbSEwU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:ac8::/48
2001:67c:acc::/48
2001:67c:ad0::/48
2001:67c:2788::/48
Signature Algorithm: sha256WithRSAEncryption
93:2b:aa:bd:fa:b5:09:ff:ec:40:ce:00:e6:49:30:2d:3d:72:
8f:74:e1:51:b9:f8:1b:0a:7d:db:55:ab:39:93:f3:1a:d9:81:
f6:62:fc:a8:42:7a:ed:bb:24:f0:09:96:de:9d:16:51:dd:6d:
a1:62:35:e5:fd:ec:4b:0a:ba:99:73:85:07:ae:27:d0:e0:ff:
cb:ad:a0:63:bd:35:e5:c4:17:5a:61:ed:39:f8:b0:59:c9:fa:
05:6b:60:cb:d0:36:4a:30:3c:eb:0a:01:70:70:11:6b:89:f9:
9d:f1:a2:1b:81:dd:4c:30:31:76:e8:37:35:7f:81:d4:7a:7a:
23:cb:6f:39:75:0c:19:5b:2a:44:d2:cf:bc:ec:a4:7c:ea:82:
b1:11:f9:89:8d:08:3b:e6:38:82:10:09:90:b0:bb:63:6d:db:
7d:d2:1f:0b:d5:e7:f8:5d:48:a0:08:b0:90:ae:bd:46:24:de:
c5:a5:a7:ec:db:b0:0e:04:f4:91:5b:89:3b:2b:6f:cf:29:d0:
df:97:19:9a:c9:92:7a:b3:d4:73:2e:07:d9:5e:33:b2:d8:ae:
8b:18:5b:bf:dd:b0:5b:45:cd:75:78:c0:1e:0a:90:cc:f8:b9:
07:b2:31:70:c9:24:a6:13:a9:60:d9:5c:72:79:07:ae:ab:38:
27:2a:37:54
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZcv78/oUgWpuVX4RZfJzzT+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NTAxMTY1NjQ1YWE4MGRjYmEzMTU4ODVjZjM3NGFjYjZk
MjEzMDUwHhcNMjUwNjAyMDkxODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTc2ZDQ3Nzk5YzA3MGU2YzljN2U5ODUwMGQ1MTlmYjc3NmZmNTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzndQI4AKeh52jSklubf9LMO+D2YR
TlZgnKkLntmMXWzV3Gii8pBc9I+aMIscp5Nzazd4xHHUtI+VRCMVacQatUvOaIw4
wM2xzXirbl2MYmhgbBgSBY5kXv6mDTraPnLM/6mtj1DCe5opcHgNyYhGb3qQwexD
E7tkUquSylvvdFF10/7cCSQTN55LXbVaOtNvPiT/WfkvqDHScpx4Sy9uczdkRngQ
SxMeHeBacYYZUl9BEJ6jR0iN584/N0+DNfFIuQko7g7D3nSMjpyGTKPu4lrDkl/q
1N/OjkNrAUCBeC2uIq8W8RpT7Ou34W01qqGCRKwP82O6DpReMWcSY01j0wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFCp21HeZwHDmycfphQDVGft3b/WRMB8GA1UdIwQY
MBaAFGZQEWVkWqgNy6MViFzzdKy20hMFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmxBUlpXUmFxQTNMb3hXSVhQTjByTGJTRXdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8yZDI2YTMtMzQ2ZS00ZDBkLWFjMWUt
MWQwMjBlY2UwN2VhLzEvS25iVWQ1bkFjT2JKeC1tRkFOVVotM2R2OVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8yZDI2YTMtMzQ2ZS00ZDBkLWFjMWUtMWQwMjBlY2UwN2Vh
LzEvWmxBUlpXUmFxQTNMb3hXSVhQTjByTGJTRXdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAAjAkAwcAIAEGfArI
AwcAIAEGfArMAwcAIAEGfArQAwcAIAEGfCeIMA0GCSqGSIb3DQEBCwUAA4IBAQCT
K6q9+rUJ/+xAzgDmSTAtPXKPdOFRufgbCn3bVas5k/Ma2YH2YvyoQnrtuyTwCZbe
nRZR3W2hYjXl/exLCrqZc4UHrifQ4P/LraBjvTXlxBdaYe05+LBZyfoFa2DL0DZK
MDzrCgFwcBFrifmd8aIbgd1MMDF26Dc1f4HUenojy285dQwZWypE0s+87KR86oKx
EfmJjQg75jiCEAmQsLtjbdt90h8L1ef4XUigCLCQrr1GJN7Fpafs27AOBPSRW4k7
K2/PKdDflxmayZJ6s9RzLgfZXjOy2K6LGFu/3bBbRc11eMAeCpDM+LkHsjFwySSm
E6lg2VxyeQeuqzgnKjdU
-----END CERTIFICATE-----
Generated at Sat Jun 7 22:43:00 2025 by rpki-client