Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/lhIVXKyvHvL1M1KrWSOUSp4Xfy0.roa
File: lhIVXKyvHvL1M1KrWSOUSp4Xfy0.roa (raw, json)
Hash identifier: 1wnwX4Q7QX+gVuRNkxMS+avsozb32JFwrZsJyBwtFIM=
Subject key identifier: 96:12:15:5C:AC:AF:1E:F2:F5:33:52:AB:59:23:94:4A:9E:17:7F:2D
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 0199167B00EDF3C1982B9899FBEBA191B5C4
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/lhIVXKyvHvL1M1KrWSOUSp4Xfy0.roa
Signing time: Thu 04 Sep 2025 20:46:23 +0000
ROA not before: Thu 04 Sep 2025 20:46:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 396982
IP address blocks: 159.254.52.0/24 maxlen: 24
159.254.53.0/24 maxlen: 24
2a03:eec0:3701::/48 maxlen: 48
2a03:eec0:3702::/48 maxlen: 48
2a03:eec0:3703::/48 maxlen: 48
2a03:eec0:3704::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 17 Sep 2025 01:00:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:16:7b:00:ed:f3:c1:98:2b:98:99:fb:eb:a1:91:b5:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Sep 4 20:46:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9612155cacaf1ef2f53352ab5923944a9e177f2d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:f2:d1:4b:a2:5a:be:45:d2:c0:85:f5:93:2b:
bf:c6:05:09:5e:2b:3e:82:f8:ce:38:7d:05:80:b0:
be:95:b1:1a:5f:fc:ba:ff:c6:bf:bd:12:94:79:01:
f6:a6:87:a7:20:3b:29:17:d4:21:8f:7a:7b:91:68:
56:4d:f3:20:ae:3a:69:42:58:5e:5f:27:c8:79:9d:
3d:78:61:f6:da:4f:9d:b9:98:06:cf:51:ed:f9:21:
92:7d:c1:81:9d:fc:6c:01:8f:92:d7:09:b4:73:02:
56:6c:a4:2b:bb:bc:c3:99:a7:c7:dc:22:d4:5f:5c:
a1:39:1e:6e:14:66:25:8f:be:00:0b:ab:40:a6:d5:
00:50:3e:a6:76:b4:11:71:35:cd:df:22:1d:4b:99:
f1:3f:15:37:27:29:1e:60:87:2a:17:98:cb:13:08:
ac:69:47:ff:bb:1a:aa:e5:fb:6e:ad:86:71:3d:f6:
7f:75:02:b6:2d:3e:ea:24:ae:04:2b:41:c7:6f:e9:
5e:b9:40:9d:75:cb:06:ed:3c:e7:84:c7:4c:67:6a:
9b:b9:08:d4:b3:1f:44:33:78:57:98:d0:7f:72:bb:
42:cf:51:19:0a:8f:6f:65:f8:d9:f9:1a:eb:5b:7d:
88:0c:34:1c:23:b3:a6:02:95:4d:9a:06:73:51:80:
85:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:12:15:5C:AC:AF:1E:F2:F5:33:52:AB:59:23:94:4A:9E:17:7F:2D
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/lhIVXKyvHvL1M1KrWSOUSp4Xfy0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.254.52.0/23
IPv6:
2a03:eec0:3701::-2a03:eec0:3704:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
69:06:17:59:ef:03:96:1a:f8:30:07:f1:0b:36:5f:29:a2:d4:
a0:eb:3e:e6:50:40:c1:00:08:b8:93:9f:e0:a2:37:ff:25:79:
fc:51:2e:37:1b:dd:be:69:e3:73:e6:04:7b:91:4d:d2:27:68:
9c:7d:7a:d3:c2:35:52:6e:2e:01:21:69:6a:d5:70:6b:c3:d7:
7f:85:19:91:37:b5:f1:9a:98:f0:92:3c:27:9d:d4:a2:91:f6:
d4:21:b8:48:f9:a3:29:f8:23:dc:67:1c:7e:87:5e:22:ed:2a:
1d:0a:21:a9:60:f8:23:59:6f:02:1a:21:55:0b:68:b2:ad:4f:
b7:a9:8e:cb:86:83:21:aa:20:c9:20:83:70:e5:34:7e:96:69:
57:13:cf:77:fb:8d:2c:08:9c:98:e2:ac:9b:b2:c8:35:74:d0:
24:4d:cf:d6:8a:73:05:96:d2:b6:a5:03:a8:cd:32:d5:f6:4c:
62:6e:5c:c3:e0:ae:26:12:96:7a:b3:12:3b:13:58:94:b1:f7:
a8:22:d9:4a:88:e3:13:09:aa:72:d1:10:07:77:d4:8a:f7:0d:
24:60:b0:ad:4f:ed:ae:33:6b:50:9a:cf:9c:bd:c2:8d:8c:68:
e7:a2:f6:20:7b:f1:43:fd:61:8c:c3:f6:8b:e9:09:2f:9b:ca:
91:63:10:ae
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZkWewDt88GYK5iZ++uhkbXEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjUwOTA0MjA0NjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjEyMTU1Y2FjYWYxZWYyZjUzMzUyYWI1OTIzOTQ0YTllMTc3ZjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvLRS6JavkXSwIX1kyu/xgUJXis+
gvjOOH0FgLC+lbEaX/y6/8a/vRKUeQH2poenIDspF9Qhj3p7kWhWTfMgrjppQlhe
XyfIeZ09eGH22k+duZgGz1Ht+SGSfcGBnfxsAY+S1wm0cwJWbKQru7zDmafH3CLU
X1yhOR5uFGYlj74AC6tAptUAUD6mdrQRcTXN3yIdS5nxPxU3JykeYIcqF5jLEwis
aUf/uxqq5fturYZxPfZ/dQK2LT7qJK4EK0HHb+leuUCddcsG7TznhMdMZ2qbuQjU
sx9EM3hXmNB/crtCz1EZCo9vZfjZ+RrrW32IDDQcI7OmApVNmgZzUYCFZQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFJYSFVysrx7y9TNSq1kjlEqeF38tMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvbGhJVlhLeXZIdkwxTTFLcldTT1VTcDRYZnkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAMBAIAATAGAwQBn/40MBoE
AgACMBQwEgMHACoD7sA3AQMHACoD7sA3BDANBgkqhkiG9w0BAQsFAAOCAQEAaQYX
We8Dlhr4MAfxCzZfKaLUoOs+5lBAwQAIuJOf4KI3/yV5/FEuNxvdvmnjc+YEe5FN
0idonH1608I1Um4uASFpatVwa8PXf4UZkTe18ZqY8JI8J53UopH21CG4SPmjKfgj
3GccfodeIu0qHQohqWD4I1lvAhohVQtosq1Pt6mOy4aDIaogySCDcOU0fpZpVxPP
d/uNLAicmOKsm7LINXTQJE3P1opzBZbStqUDqM0y1fZMYm5cw+CuJhKWerMSOxNY
lLH3qCLZSojjEwmqctEQB3fUivcNJGCwrU/trjNrUJrPnL3CjYxo56L2IHvxQ/1h
jMP2i+kJL5vKkWMQrg==
-----END CERTIFICATE-----
Generated at Tue Sep 16 10:00:26 2025 by rpki-client