Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/LfLe7YKoxpINUdoXGyuAfXYrniQ.roa
File: LfLe7YKoxpINUdoXGyuAfXYrniQ.roa (raw, json)
Hash identifier: Dgetk7NQsymcClj7R3CjDeNB27bpcwbabN1XuUrEiuk=
Subject key identifier: 2D:F2:DE:ED:82:A8:C6:92:0D:51:DA:17:1B:2B:80:7D:76:2B:9E:24
Certificate issuer: /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial: 019881459D465FD0BB329921AEB614419C20
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/LfLe7YKoxpINUdoXGyuAfXYrniQ.roa
Signing time: Wed 06 Aug 2025 21:24:39 +0000
ROA not before: Wed 06 Aug 2025 21:24:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203729
IP address blocks: 2a0b:6b81:1::/48 maxlen: 48
2a0b:6b81:205::/48 maxlen: 48
2a0b:6b81:208::/48 maxlen: 48
2a0b:6b81:210::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:81:45:9d:46:5f:d0:bb:32:99:21:ae:b6:14:41:9c:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Validity
Not Before: Aug 6 21:24:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2df2deed82a8c6920d51da171b2b807d762b9e24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:04:b9:3a:d6:ce:2d:c8:5a:67:a2:92:43:a4:
92:bb:3f:aa:2f:1f:95:4a:50:79:96:f1:ad:62:ce:
c9:2c:ae:1d:dd:64:3c:4c:bf:7a:3e:f6:6d:c9:d9:
6b:a1:42:9b:a3:e7:a8:02:1f:1a:8a:a8:b2:05:3e:
7a:33:6e:95:b5:cb:33:a7:99:82:2d:32:ec:f0:1b:
26:48:0d:8f:ae:8d:2f:71:59:cc:46:fc:61:2e:35:
74:2a:15:c2:d9:b5:96:4b:c6:99:08:a2:49:23:d6:
1e:f6:b9:ba:5f:83:55:f9:00:f6:a8:6c:96:5d:14:
66:38:20:f8:b7:cf:00:b6:56:7d:1b:25:3b:18:66:
1d:df:34:83:e2:33:dc:b1:57:8e:52:a1:70:e4:45:
92:3b:98:e2:0d:22:86:9a:54:58:0e:78:d4:cd:1d:
8d:79:5b:70:47:e7:9f:68:1b:5c:74:2c:bf:be:74:
f5:ee:05:b2:7a:4b:e0:b1:86:96:98:15:7e:70:9a:
6d:7d:8b:34:d0:b0:79:3a:9c:bf:58:85:07:aa:e7:
0e:45:8b:bb:24:54:d3:15:60:da:49:9f:4d:1f:21:
91:e2:19:13:53:ee:19:37:72:17:24:5f:68:52:51:
0d:b9:c7:66:4e:c5:dd:1b:d8:27:07:56:af:76:20:
07:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:F2:DE:ED:82:A8:C6:92:0D:51:DA:17:1B:2B:80:7D:76:2B:9E:24
X509v3 Authority Key Identifier:
keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/LfLe7YKoxpINUdoXGyuAfXYrniQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0b:6b81:1::/48
2a0b:6b81:205::/48
2a0b:6b81:208::/48
2a0b:6b81:210::/48
Signature Algorithm: sha256WithRSAEncryption
6a:5d:87:8a:db:cb:0f:33:06:c3:7c:5b:64:32:68:8b:81:ee:
8b:cd:a6:d5:6a:b0:7e:f4:2b:35:fb:c1:ac:7a:6d:80:f0:2f:
b1:3d:61:5d:e4:ec:36:b7:70:07:4b:e0:e7:0e:9f:40:53:f8:
7f:54:8a:d1:d7:3a:1f:49:ec:5b:69:96:e1:b0:2a:c9:c7:6e:
d0:79:2b:75:b0:05:10:4a:09:b9:01:bf:48:04:26:f7:23:76:
a6:14:e2:02:cc:47:a9:55:7c:f6:30:ae:2d:3d:cf:48:ec:00:
16:62:77:05:bc:0b:82:d5:1a:8b:99:e5:b0:bf:35:1f:3b:a3:
9e:19:09:65:bd:ac:3a:a3:82:81:58:90:4a:25:47:4c:e4:5e:
2e:98:75:1b:95:b8:17:32:71:e6:63:18:94:02:ce:89:f6:23:
92:e7:0a:02:42:31:4a:07:4d:46:c8:13:4f:0e:11:f5:e3:cd:
e3:55:47:20:6b:d8:31:b2:96:73:30:4f:93:e9:89:c5:b0:1a:
a0:65:76:4d:50:db:b6:a5:ba:4a:d2:8d:23:a9:db:9f:72:7f:
db:22:32:7c:3d:a9:aa:9c:06:53:1a:ad:e8:6f:bb:22:48:7b:
d7:0a:53:bb:5b:26:ea:ea:59:b5:79:82:e8:77:21:5d:d4:13:
b4:7d:b4:96
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZiBRZ1GX9C7MpkhrrYUQZwgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjUwODA2MjEyNDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGYyZGVlZDgyYThjNjkyMGQ1MWRhMTcxYjJiODA3ZDc2MmI5ZTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAygS5OtbOLchaZ6KSQ6SSuz+qLx+V
SlB5lvGtYs7JLK4d3WQ8TL96PvZtydlroUKbo+eoAh8aiqiyBT56M26Vtcszp5mC
LTLs8BsmSA2Pro0vcVnMRvxhLjV0KhXC2bWWS8aZCKJJI9Ye9rm6X4NV+QD2qGyW
XRRmOCD4t88AtlZ9GyU7GGYd3zSD4jPcsVeOUqFw5EWSO5jiDSKGmlRYDnjUzR2N
eVtwR+efaBtcdCy/vnT17gWyekvgsYaWmBV+cJptfYs00LB5Opy/WIUHqucORYu7
JFTTFWDaSZ9NHyGR4hkTU+4ZN3IXJF9oUlENucdmTsXdG9gnB1avdiAHJwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFC3y3u2CqMaSDVHaFxsrgH12K54kMB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvTGZMZTdZS294cElOVWRvWEd5dUFmWFlybmlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAAjAkAwcAKgtrgQAB
AwcAKgtrgQIFAwcAKgtrgQIIAwcAKgtrgQIQMA0GCSqGSIb3DQEBCwUAA4IBAQBq
XYeK28sPMwbDfFtkMmiLge6LzabVarB+9Cs1+8Gsem2A8C+xPWFd5Ow2t3AHS+Dn
Dp9AU/h/VIrR1zofSexbaZbhsCrJx27QeSt1sAUQSgm5Ab9IBCb3I3amFOICzEep
VXz2MK4tPc9I7AAWYncFvAuC1RqLmeWwvzUfO6OeGQllvaw6o4KBWJBKJUdM5F4u
mHUblbgXMnHmYxiUAs6J9iOS5woCQjFKB01GyBNPDhH1483jVUcga9gxspZzME+T
6YnFsBqgZXZNUNu2pbpK0o0jqdufcn/bIjJ8PamqnAZTGq3ob7siSHvXClO7Wybq
6lm1eYLodyFd1BO0fbSW
-----END CERTIFICATE-----
Generated at Thu Aug 21 15:59:37 2025 by rpki-client