Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/CtLpnb8O0zqwjiRsh2UDSYabrp8.roa
File: CtLpnb8O0zqwjiRsh2UDSYabrp8.roa (raw, json)
Hash identifier: 928xWDhDrm3wH3o5YDkEXCr6MBqgt08d7F3K+U/kKlw=
Subject key identifier: 0A:D2:E9:9D:BF:0E:D3:3A:B0:8E:24:6C:87:65:03:49:86:9B:AE:9F
Certificate issuer: /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial: 0198EC62089DF87C01104EF5A93A7C5F77C1
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/CtLpnb8O0zqwjiRsh2UDSYabrp8.roa
Signing time: Wed 27 Aug 2025 16:35:04 +0000
ROA not before: Wed 27 Aug 2025 16:35:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207957
IP address blocks: 2a01:ecc0:2c1::/48 maxlen: 48
2a01:ecc0:340::/42 maxlen: 42
2a01:ecc0:380::/42 maxlen: 42
2a01:ecc0:3c0::/42 maxlen: 42
2a01:ecc0:400::/42 maxlen: 42
2a01:ecc0:440::/42 maxlen: 42
2a01:ecc0:480::/42 maxlen: 42
2a01:ecc0:4c0::/42 maxlen: 42
2a01:ecc0:500::/42 maxlen: 42
2a01:ecc0:540::/42 maxlen: 42
2a01:ecc0:a00::/40 maxlen: 42
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Sep 2025 02:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:ec:62:08:9d:f8:7c:01:10:4e:f5:a9:3a:7c:5f:77:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Validity
Not Before: Aug 27 16:35:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0ad2e99dbf0ed33ab08e246c87650349869bae9f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:07:fc:44:4f:e2:83:c6:8b:40:85:5c:35:35:
80:ff:5c:d7:b5:21:83:65:94:54:ad:ea:0e:64:84:
7b:1a:e0:4e:a2:b4:9f:30:16:86:ae:bd:2b:77:06:
d2:63:e2:09:bb:d1:01:d6:6f:cb:fb:e3:eb:ab:e8:
be:9d:4f:0a:d6:34:0d:e2:c2:52:7b:bc:2f:1c:43:
07:90:ff:7f:38:51:59:91:c2:fa:f1:3f:52:eb:1c:
a1:97:1a:ac:8b:be:e4:b0:7c:b1:52:01:71:0d:9e:
63:f9:c2:af:68:c3:f3:0a:21:6f:49:d1:47:87:ee:
37:0b:7e:4d:e2:0f:5b:1f:3c:7c:d1:ad:86:be:df:
d7:59:5a:05:2c:77:99:67:6a:c7:cf:15:8d:fe:14:
f2:84:9d:5d:0e:fc:4f:68:d8:31:3b:84:61:91:e3:
ba:59:d6:97:31:b6:cb:91:29:7a:c1:a3:5b:d3:14:
10:ce:2d:a2:d9:4e:ab:63:0d:c2:b2:eb:f7:50:a1:
19:15:96:60:09:55:4d:b7:1f:a6:d6:c8:88:4c:d1:
8e:aa:e0:e8:2d:23:6e:d7:0c:bc:32:2b:0d:4d:83:
9c:06:1a:d5:51:8c:98:42:60:22:dc:25:d5:87:ed:
67:8f:53:a4:11:cb:5f:44:a8:f9:4a:24:31:85:16:
7b:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:D2:E9:9D:BF:0E:D3:3A:B0:8E:24:6C:87:65:03:49:86:9B:AE:9F
X509v3 Authority Key Identifier:
keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/CtLpnb8O0zqwjiRsh2UDSYabrp8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:ecc0:2c1::/48
2a01:ecc0:340::-2a01:ecc0:57f:ffff:ffff:ffff:ffff:ffff
2a01:ecc0:a00::/40
Signature Algorithm: sha256WithRSAEncryption
11:08:b0:3a:17:83:bd:77:1c:a7:43:74:03:c1:e7:37:3a:eb:
81:e3:6f:98:01:b5:70:bc:4e:67:12:6e:df:72:34:21:be:1a:
1a:90:e5:62:3d:04:d4:9e:fd:79:0a:63:c7:45:53:84:1f:65:
77:75:e4:8d:cc:69:b9:43:02:83:90:92:b8:b1:b7:ba:68:d3:
bb:11:70:19:af:03:0d:41:70:83:45:b4:9c:47:e8:28:df:f2:
fa:6b:3b:28:eb:45:ae:d1:eb:66:38:e4:fa:4c:f5:94:d6:8c:
92:05:86:56:ce:19:1b:f6:96:af:3a:27:d4:6a:81:12:47:de:
e3:04:59:a8:d5:e5:8c:18:32:c6:25:7e:07:c9:1a:e7:6c:4d:
30:ff:47:f2:5f:3a:4f:56:5d:42:0c:59:5b:b3:be:6a:59:17:
b9:01:c7:36:fa:ce:ce:0b:d7:c1:a3:f1:9f:e4:8a:60:4f:68:
6b:2f:09:7e:a6:05:52:99:5e:d8:25:fa:ca:08:20:02:66:19:
88:6d:3d:04:c3:9d:a5:05:18:b5:a0:54:68:6d:e4:25:13:f7:
2b:0c:b2:eb:f2:c8:fc:f4:cf:a2:d1:d0:24:4d:b6:61:d8:d0:
76:17:aa:6b:fa:f2:f6:33:44:18:9d:41:3c:84:4d:48:f5:bc:
eb:56:16:8b
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAZjsYgid+HwBEE71qTp8X3fBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjUwODI3MTYzNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWQyZTk5ZGJmMGVkMzNhYjA4ZTI0NmM4NzY1MDM0OTg2OWJhZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlAf8RE/ig8aLQIVcNTWA/1zXtSGD
ZZRUreoOZIR7GuBOorSfMBaGrr0rdwbSY+IJu9EB1m/L++Prq+i+nU8K1jQN4sJS
e7wvHEMHkP9/OFFZkcL68T9S6xyhlxqsi77ksHyxUgFxDZ5j+cKvaMPzCiFvSdFH
h+43C35N4g9bHzx80a2Gvt/XWVoFLHeZZ2rHzxWN/hTyhJ1dDvxPaNgxO4RhkeO6
WdaXMbbLkSl6waNb0xQQzi2i2U6rYw3Csuv3UKEZFZZgCVVNtx+m1siITNGOquDo
LSNu1wy8MisNTYOcBhrVUYyYQmAi3CXVh+1nj1OkEctfRKj5SiQxhRZ77QIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFArS6Z2/DtM6sI4kbIdlA0mGm66fMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvQ3RMcG5iOE8wenF3amlSc2gyVURTWWFicnA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTArBAIAAjAlAwcAKgHswALB
MBIDBwYqAezAA0ADBwcqAezABQADBgAqAezACjANBgkqhkiG9w0BAQsFAAOCAQEA
EQiwOheDvXccp0N0A8HnNzrrgeNvmAG1cLxOZxJu33I0Ib4aGpDlYj0E1J79eQpj
x0VThB9ld3XkjcxpuUMCg5CSuLG3umjTuxFwGa8DDUFwg0W0nEfoKN/y+ms7KOtF
rtHrZjjk+kz1lNaMkgWGVs4ZG/aWrzon1GqBEkfe4wRZqNXljBgyxiV+B8ka52xN
MP9H8l86T1ZdQgxZW7O+alkXuQHHNvrOzgvXwaPxn+SKYE9oay8JfqYFUple2CX6
ygggAmYZiG09BMOdpQUYtaBUaG3kJRP3Kwyy6/LI/PTPotHQJE22YdjQdheqa/ry
9jNEGJ1BPIRNSPW861YWiw==
-----END CERTIFICATE-----
Generated at Sat Sep 6 07:44:25 2025 by rpki-client