Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/ong9NZ-WHrRPEkmi8uz-bf6pmMM.roa
File: ong9NZ-WHrRPEkmi8uz-bf6pmMM.roa (raw, json)
Hash identifier: SFwmWBNIDt+14pWjGxuPtpStmkUDYqrGxrcBxnZWpsY=
Subject key identifier: A2:78:3D:35:9F:96:1E:B4:4F:12:49:A2:F2:EC:FE:6D:FE:A9:98:C3
Certificate issuer: /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial: 0197C268E1246B62782C8344BF3043CE9E06
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/ong9NZ-WHrRPEkmi8uz-bf6pmMM.roa
Signing time: Mon 30 Jun 2025 19:55:42 +0000
ROA not before: Mon 30 Jun 2025 19:55:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2a05:9a40::/29 maxlen: 29
2a06:5fc0::/29 maxlen: 29
2a0b:ac00::/29 maxlen: 29
2a10:3c80::/29 maxlen: 29
2a10:3f80::/29 maxlen: 29
2a10:77c0::/29 maxlen: 29
2a13:b4c1::/32 maxlen: 32
2a13:c240::/29 maxlen: 29
2a14:62c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 03 Jul 2025 11:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:c2:68:e1:24:6b:62:78:2c:83:44:bf:30:43:ce:9e:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Validity
Not Before: Jun 30 19:55:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a2783d359f961eb44f1249a2f2ecfe6dfea998c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:46:9f:4d:96:bb:9e:e8:ab:91:c7:94:f2:5a:
53:d8:56:5d:96:b5:8e:92:20:9c:8a:0f:84:fa:77:
cb:3a:7a:f5:0c:7d:4c:54:8f:64:6b:be:17:f6:66:
ed:0a:0c:f9:3c:f6:0e:3b:a0:e4:3f:4a:21:e7:01:
4c:70:8d:41:e4:43:6b:a3:39:8d:bd:28:f9:28:72:
a7:8e:7b:4d:74:eb:5e:33:68:5d:9f:7d:f4:38:57:
6e:a4:61:a9:cd:2c:bc:41:1b:e4:97:25:76:8d:50:
96:c9:89:60:55:47:a3:a1:44:5c:f4:1c:68:97:40:
be:af:57:b2:46:72:ba:36:99:ae:71:5b:8e:da:37:
8b:fc:9b:a5:ae:57:d0:67:66:6a:bc:35:86:ce:01:
24:5c:c2:e9:cc:f7:28:5e:ff:e9:f0:ee:fe:10:ab:
37:4c:1b:ea:ed:90:d0:df:ce:0c:10:6b:11:df:76:
28:11:b4:a1:36:ea:01:d6:9c:ab:03:c4:45:3a:ae:
54:d4:9f:da:5e:15:b2:d2:30:df:93:33:8b:34:46:
68:a2:5a:7c:c7:34:8e:67:61:ab:f8:90:e3:0e:8e:
69:c3:fc:d5:df:7f:dc:76:78:7d:4f:4f:61:81:a8:
cb:16:61:5d:ff:6c:b3:4e:c5:9f:67:5d:a5:2e:39:
48:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:78:3D:35:9F:96:1E:B4:4F:12:49:A2:F2:EC:FE:6D:FE:A9:98:C3
X509v3 Authority Key Identifier:
keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/ong9NZ-WHrRPEkmi8uz-bf6pmMM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:9a40::/29
2a06:5fc0::/29
2a0b:ac00::/29
2a10:3c80::/29
2a10:3f80::/29
2a10:77c0::/29
2a13:b4c1::/32
2a13:c240::/29
2a14:62c0::/29
Signature Algorithm: sha256WithRSAEncryption
d4:c2:65:e1:dd:82:a9:0a:96:af:f8:9a:24:93:f6:f7:8c:1b:
6a:ac:de:b0:83:be:24:0d:60:81:c1:2f:99:30:85:fb:e9:ca:
83:f4:12:86:44:d7:26:d8:51:68:29:05:36:bd:4f:9c:79:67:
50:a0:45:f8:d8:b0:c9:4c:af:d0:0a:27:3a:54:e8:86:49:d0:
46:42:d4:5a:e7:2c:0f:08:3c:b1:6d:b2:c6:97:ce:2b:ae:33:
90:4d:f8:21:cc:88:4d:b8:7e:70:9c:9e:02:bb:99:57:17:0b:
fb:33:ab:cc:7b:10:ff:3b:c7:95:34:1f:89:07:c4:c9:9c:a7:
1c:45:6d:3f:e1:44:b0:e3:bb:26:a2:40:e6:b7:7c:f1:c2:d1:
dc:11:f9:06:d6:d5:fe:01:55:11:a8:45:e7:ee:21:24:3f:23:
15:af:cb:e2:8b:0b:b1:10:cd:3d:eb:b8:69:b9:cb:a4:96:f9:
e8:3f:85:a7:e5:b2:1d:26:f5:f3:59:9b:d6:c0:5b:2d:a1:d2:
35:e4:93:a2:0c:be:34:8c:67:8d:44:7f:c9:08:46:c8:b3:c9:
3b:57:97:a5:ca:4f:db:50:42:c9:b6:73:41:5e:52:2d:0a:07:
72:9f:b1:da:91:e2:4d:dd:40:f5:d4:6f:6f:b7:57:33:c8:be:
3a:b6:43:67
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZfCaOEka2J4LINEvzBDzp4GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNjMwMTk1NTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjc4M2QzNTlmOTYxZWI0NGYxMjQ5YTJmMmVjZmU2ZGZlYTk5OGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkafTZa7nuirkceU8lpT2FZdlrWO
kiCcig+E+nfLOnr1DH1MVI9ka74X9mbtCgz5PPYOO6DkP0oh5wFMcI1B5ENrozmN
vSj5KHKnjntNdOteM2hdn330OFdupGGpzSy8QRvklyV2jVCWyYlgVUejoURc9Bxo
l0C+r1eyRnK6NpmucVuO2jeL/JulrlfQZ2ZqvDWGzgEkXMLpzPcoXv/p8O7+EKs3
TBvq7ZDQ384MEGsR33YoEbShNuoB1pyrA8RFOq5U1J/aXhWy0jDfkzOLNEZoolp8
xzSOZ2Gr+JDjDo5pw/zV33/cdnh9T09hgajLFmFd/2yzTsWfZ12lLjlIsQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFKJ4PTWflh60TxJJovLs/m3+qZjDMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvb25nOU5aLVdIclJQRWttaTh1ei1iZjZwbU1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAAjA/AwUDKgWaQAMF
AyoGX8ADBQMqC6wAAwUDKhA8gAMFAyoQP4ADBQMqEHfAAwUAKhO0wQMFAyoTwkAD
BQMqFGLAMA0GCSqGSIb3DQEBCwUAA4IBAQDUwmXh3YKpCpav+Jokk/b3jBtqrN6w
g74kDWCBwS+ZMIX76cqD9BKGRNcm2FFoKQU2vU+ceWdQoEX42LDJTK/QCic6VOiG
SdBGQtRa5ywPCDyxbbLGl84rrjOQTfghzIhNuH5wnJ4Cu5lXFwv7M6vMexD/O8eV
NB+JB8TJnKccRW0/4USw47smokDmt3zxwtHcEfkG1tX+AVURqEXn7iEkPyMVr8vi
iwuxEM0967hpucuklvnoP4Wn5bIdJvXzWZvWwFstodI15JOiDL40jGeNRH/JCEbI
s8k7V5elyk/bUELJtnNBXlItCgdyn7HakeJN3UD11G9vt1czyL46tkNn
-----END CERTIFICATE-----
Generated at Wed Jul 2 19:17:24 2025 by rpki-client