Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/VEIOP5CvViNk7vFxFnYuZv7tB1E.roa
File: VEIOP5CvViNk7vFxFnYuZv7tB1E.roa (raw, json)
Hash identifier: VpQJLJpNz6bqxTmb3xeuudtD/HduXOUl+jk53g4K7m8=
Subject key identifier: 54:42:0E:3F:90:AF:56:23:64:EE:F1:71:16:76:2E:66:FE:ED:07:51
Certificate issuer: /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial: 0196ED5C977376FCFF6AA67013D9EE0D4B6C
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/VEIOP5CvViNk7vFxFnYuZv7tB1E.roa
Signing time: Tue 20 May 2025 11:03:10 +0000
ROA not before: Tue 20 May 2025 11:03:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206938
IP address blocks: 2a07:4a00::/32 maxlen: 32
2a07:4a01::/32 maxlen: 32
2a14:4b80::/32 maxlen: 32
2a14:4b81::/32 maxlen: 32
2a14:4b82::/32 maxlen: 32
2a14:4b83::/32 maxlen: 32
2a14:4b84::/32 maxlen: 32
2a14:4b85::/32 maxlen: 32
2a14:4b86::/32 maxlen: 32
2a14:4b87::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 09 Jun 2025 22:00:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:ed:5c:97:73:76:fc:ff:6a:a6:70:13:d9:ee:0d:4b:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Validity
Not Before: May 20 11:03:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=54420e3f90af562364eef17116762e66feed0751
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:09:7e:6e:cc:c2:ab:06:12:ff:38:12:e6:55:
47:5a:38:4a:36:e6:f8:db:ef:32:7e:27:b4:4e:5b:
79:62:b4:21:55:44:d7:c5:99:b6:1c:5a:bf:b2:be:
d7:18:14:3e:fd:47:7f:27:39:d2:ff:63:aa:bb:88:
77:04:d9:de:f4:3f:51:35:6b:6c:2e:b0:4d:fc:3d:
08:f1:e1:fc:b2:27:e6:a3:36:3c:91:46:d0:30:b0:
c8:c4:10:de:af:fe:ba:d8:5c:a2:c0:b8:75:97:da:
02:e4:e6:fa:c1:43:29:35:99:b4:92:e1:9b:4b:7a:
bb:a3:fa:14:47:e5:87:67:c2:bf:2c:02:4c:1c:e9:
90:fa:71:e1:3d:8e:dd:c3:7d:f3:b4:4b:1b:b1:c3:
30:42:e1:ae:86:85:2c:81:bb:49:13:2e:c8:98:7f:
0d:95:0f:38:91:03:71:6c:8c:79:88:ad:93:e1:c9:
6b:59:79:4d:fe:6a:08:ea:9f:2a:69:98:80:6f:8d:
90:7b:7f:18:43:06:06:39:9e:77:29:27:ee:f7:2c:
7a:42:22:0d:89:ee:39:54:46:a0:74:0e:07:97:ae:
d1:d1:e0:e8:42:44:a6:6a:4d:85:60:48:07:4e:79:
0d:19:41:c5:e0:c7:ca:39:4c:a9:8f:20:f3:18:8b:
82:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:42:0E:3F:90:AF:56:23:64:EE:F1:71:16:76:2E:66:FE:ED:07:51
X509v3 Authority Key Identifier:
keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/VEIOP5CvViNk7vFxFnYuZv7tB1E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a07:4a00::/31
2a14:4b80::/29
Signature Algorithm: sha256WithRSAEncryption
30:8a:74:ef:95:1f:c9:16:9c:18:69:31:7a:f6:e6:07:8c:d7:
a4:f3:f6:86:53:0a:2d:bd:ea:18:4c:e9:1f:e5:e8:23:af:57:
05:f5:8b:65:9d:4c:05:f8:be:b5:7b:f9:ad:23:a2:d5:2f:69:
8e:6f:81:bd:dc:e2:40:5b:03:6b:1c:78:b2:5d:d8:5e:90:a5:
59:e2:e2:a0:ab:e8:63:8b:21:54:d0:09:8a:cd:e2:5c:f8:af:
db:fa:ea:2c:fc:b5:2b:40:47:06:93:68:e7:1d:d6:cb:d8:81:
8e:06:c5:cd:1f:dc:0a:10:ae:1f:66:c5:cb:e3:e7:3d:31:4b:
6c:00:05:f8:ae:03:53:d1:d8:94:19:15:07:ad:de:a7:ca:fd:
7f:a1:16:79:7f:72:d6:4d:b0:d8:7f:c0:08:49:41:fd:b2:1a:
71:75:18:3a:51:f2:4d:f1:58:89:ac:5d:00:5e:61:4e:57:9d:
ba:b0:83:e5:2e:ea:88:36:f9:6b:29:0a:65:23:2d:fd:dc:96:
b2:20:a6:c5:32:95:eb:ce:39:46:61:c9:0b:00:6c:33:80:35:
bd:b5:17:07:1b:ad:5d:4b:d8:a3:45:7b:e2:f8:65:ef:09:fd:
5e:e1:13:58:c5:36:0f:a9:b6:59:a2:c2:28:e6:a5:54:19:54:
b7:fb:d3:5a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZbtXJdzdvz/aqZwE9nuDUtsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjUwNTIwMTEwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDQyMGUzZjkwYWY1NjIzNjRlZWYxNzExNjc2MmU2NmZlZWQwNzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Al+bszCqwYS/zgS5lVHWjhKNub4
2+8yfie0Tlt5YrQhVUTXxZm2HFq/sr7XGBQ+/Ud/JznS/2Oqu4h3BNne9D9RNWts
LrBN/D0I8eH8sifmozY8kUbQMLDIxBDer/662FyiwLh1l9oC5Ob6wUMpNZm0kuGb
S3q7o/oUR+WHZ8K/LAJMHOmQ+nHhPY7dw33ztEsbscMwQuGuhoUsgbtJEy7ImH8N
lQ84kQNxbIx5iK2T4clrWXlN/moI6p8qaZiAb42Qe38YQwYGOZ53KSfu9yx6QiIN
ie45VEagdA4Hl67R0eDoQkSmak2FYEgHTnkNGUHF4MfKOUypjyDzGIuCswIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFRCDj+Qr1YjZO7xcRZ2Lmb+7QdRMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvVkVJT1A1Q3ZWaU5rN3ZGeEZuWXVadjd0QjFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUBKgdKAAMF
AyoUS4AwDQYJKoZIhvcNAQELBQADggEBADCKdO+VH8kWnBhpMXr25geM16Tz9oZT
Ci296hhM6R/l6COvVwX1i2WdTAX4vrV7+a0jotUvaY5vgb3c4kBbA2sceLJd2F6Q
pVni4qCr6GOLIVTQCYrN4lz4r9v66iz8tStARwaTaOcd1svYgY4Gxc0f3AoQrh9m
xcvj5z0xS2wABfiuA1PR2JQZFQet3qfK/X+hFnl/ctZNsNh/wAhJQf2yGnF1GDpR
8k3xWImsXQBeYU5Xnbqwg+Uu6og2+WspCmUjLf3clrIgpsUylevOOUZhyQsAbDOA
Nb21FwcbrV1L2KNFe+L4Ze8J/V7hE1jFNg+ptlmiwijmpVQZVLf701o=
-----END CERTIFICATE-----
Generated at Mon Jun 9 08:33:11 2025 by rpki-client