Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/v7E-tTxflPnqxg3MpmR53F2Z6QU.roa
File: v7E-tTxflPnqxg3MpmR53F2Z6QU.roa (raw, json)
Hash identifier: Ghunk7sqbhHZuCust1Ewo+nGVQQe1Aek1JX2tRRm0JA=
Subject key identifier: BF:B1:3E:B5:3C:5F:94:F9:EA:C6:0D:CC:A6:64:79:DC:5D:99:E9:05
Certificate issuer: /CN=3a3ea33aea8b38427f2bcef5ed4c21423a2a9d64
Certificate serial: 01990EBE1EDF4D0FA4E7667A0B2FC670E564
Authority key identifier: 3A:3E:A3:3A:EA:8B:38:42:7F:2B:CE:F5:ED:4C:21:42:3A:2A:9D:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/v7E-tTxflPnqxg3MpmR53F2Z6QU.roa
Signing time: Wed 03 Sep 2025 08:42:44 +0000
ROA not before: Wed 03 Sep 2025 08:42:44 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214178
IP address blocks: 2a14:4b41:1000::/44 maxlen: 48
2a14:4b41:1010::/44 maxlen: 48
2a14:4b41:1201::/48 maxlen: 48
2a14:4b41:1203::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 07:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:0e:be:1e:df:4d:0f:a4:e7:66:7a:0b:2f:c6:70:e5:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3a3ea33aea8b38427f2bcef5ed4c21423a2a9d64
Validity
Not Before: Sep 3 08:42:44 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bfb13eb53c5f94f9eac60dcca66479dc5d99e905
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:31:90:1d:c0:52:4e:c1:48:25:19:06:d8:7f:
9c:14:56:8c:6e:46:59:4e:b2:e0:c7:74:39:4a:2d:
cb:b8:54:22:ec:7e:e1:53:5b:44:e0:24:29:dd:66:
bd:fe:d5:c0:7d:e8:6d:25:cb:eb:e2:e6:4b:c7:ca:
c0:74:d5:5c:4d:8e:90:32:c3:c5:e3:44:78:eb:cf:
79:41:59:20:f1:85:e2:10:de:57:0d:04:5a:3a:e9:
a2:ea:38:42:1e:d5:fd:9d:52:f8:34:40:6a:f2:00:
84:ae:3f:79:7c:84:df:74:d0:b8:7c:b9:28:b0:40:
36:b1:5c:76:9e:5b:6d:04:9e:47:ac:1b:cd:5e:41:
fb:ee:b9:31:f5:3f:d7:0f:a3:c6:ab:e1:f3:8d:ec:
1e:4b:fd:c0:df:a3:f6:38:2c:32:a0:1b:b2:2e:c4:
45:ea:15:15:ca:ea:56:5e:d3:e2:79:c6:7f:f2:a3:
90:39:7c:3c:3c:ba:f5:0b:ea:e4:58:1c:a1:b5:59:
f5:bf:91:d3:29:95:7e:26:ba:9d:62:cd:9a:0e:f5:
1e:8a:cc:6c:c3:9a:25:c7:58:d9:d5:d1:be:af:fa:
bf:0e:d7:91:6f:e3:6d:cb:37:be:9c:7c:99:c4:15:
e7:8c:bf:62:e6:2b:e9:3d:b1:c9:9b:5b:57:83:40:
a4:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:B1:3E:B5:3C:5F:94:F9:EA:C6:0D:CC:A6:64:79:DC:5D:99:E9:05
X509v3 Authority Key Identifier:
keyid:3A:3E:A3:3A:EA:8B:38:42:7F:2B:CE:F5:ED:4C:21:42:3A:2A:9D:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/v7E-tTxflPnqxg3MpmR53F2Z6QU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:4b41:1000::/43
2a14:4b41:1201::/48
2a14:4b41:1203::/48
Signature Algorithm: sha256WithRSAEncryption
07:81:6b:13:4c:a3:04:b4:7a:b4:ed:1b:fb:fb:66:78:7c:5b:
9d:06:5f:cf:ce:08:3c:13:53:4b:9c:d1:26:d3:92:c8:77:81:
5b:e9:39:eb:b7:d4:27:e7:ee:4c:66:c5:64:64:c8:12:f4:c6:
2b:ae:f0:dc:03:b0:41:f1:24:9b:ba:c8:3a:77:27:95:0d:c3:
45:8d:18:7c:bf:a1:a8:db:9e:36:90:84:38:0a:e0:b3:99:bf:
b0:80:ae:ff:87:8b:20:40:bd:11:94:0f:47:33:d7:65:a1:04:
21:57:5e:f8:83:7d:9c:44:71:17:5f:7d:0b:bb:3c:fa:93:ec:
90:07:c8:75:e2:a8:27:a3:72:71:84:28:e6:96:ed:b5:57:30:
b9:dc:1c:67:5d:f8:f1:75:88:89:15:b9:b2:32:4f:4f:a7:35:
26:dc:2f:59:e5:13:6e:fa:e5:ea:53:c3:ca:24:da:7a:2f:34:
17:27:af:04:47:d7:a1:f4:b6:c4:b6:0f:78:39:6f:82:0f:d0:
1c:e6:1e:99:1e:cf:13:56:89:a0:92:aa:65:5a:61:4b:bb:52:
7d:41:26:cb:9c:97:12:a3:58:7e:e5:9c:8c:d1:4e:76:60:3d:
8a:74:15:20:91:25:ca:28:24:9d:94:24:d0:1d:1f:2f:9b:fd:
e2:dd:9f:3d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZkOvh7fTQ+k52Z6Cy/GcOVkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhM2VhMzNhZWE4YjM4NDI3ZjJiY2VmNWVkNGMyMTQyM2Ey
YTlkNjQwHhcNMjUwOTAzMDg0MjQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmIxM2ViNTNjNWY5NGY5ZWFjNjBkY2NhNjY0NzlkYzVkOTllOTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjGQHcBSTsFIJRkG2H+cFFaMbkZZ
TrLgx3Q5Si3LuFQi7H7hU1tE4CQp3Wa9/tXAfehtJcvr4uZLx8rAdNVcTY6QMsPF
40R46895QVkg8YXiEN5XDQRaOumi6jhCHtX9nVL4NEBq8gCErj95fITfdNC4fLko
sEA2sVx2nlttBJ5HrBvNXkH77rkx9T/XD6PGq+HzjeweS/3A36P2OCwyoBuyLsRF
6hUVyupWXtPiecZ/8qOQOXw8PLr1C+rkWByhtVn1v5HTKZV+JrqdYs2aDvUeisxs
w5olx1jZ1dG+r/q/DteRb+Ntyze+nHyZxBXnjL9i5ivpPbHJm1tXg0CkLwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFL+xPrU8X5T56sYNzKZkedxdmekFMB8GA1UdIwQY
MBaAFDo+ozrqizhCfyvO9e1MIUI6Kp1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2o2ak91cUxPRUpfSzg3MTdVd2hRam9xbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wNjdiMDctNWViNi00M2YxLTg2ZmYt
MWQ2N2MzMjQ1MDFmLzEvdjdFLXRUeGZsUG5xeGczTXBtUjUzRjJaNlFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wNjdiMDctNWViNi00M2YxLTg2ZmYtMWQ2N2MzMjQ1MDFm
LzEvT2o2ak91cUxPRUpfSzg3MTdVd2hRam9xbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcFKhRLQRAA
AwcAKhRLQRIBAwcAKhRLQRIDMA0GCSqGSIb3DQEBCwUAA4IBAQAHgWsTTKMEtHq0
7Rv7+2Z4fFudBl/Pzgg8E1NLnNEm05LId4Fb6Tnrt9Qn5+5MZsVkZMgS9MYrrvDc
A7BB8SSbusg6dyeVDcNFjRh8v6Go2542kIQ4CuCzmb+wgK7/h4sgQL0RlA9HM9dl
oQQhV174g32cRHEXX30Luzz6k+yQB8h14qgno3JxhCjmlu21VzC53BxnXfjxdYiJ
FbmyMk9PpzUm3C9Z5RNu+uXqU8PKJNp6LzQXJ68ER9eh9LbEtg94OW+CD9Ac5h6Z
Hs8TVomgkqplWmFLu1J9QSbLnJcSo1h+5ZyM0U52YD2KdBUgkSXKKCSdlCTQHR8v
m/3i3Z89
-----END CERTIFICATE-----
Generated at Sun Sep 7 16:14:11 2025 by rpki-client