Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/zAqetMH2tftydpQevflrlIJyZhk.roa
File: zAqetMH2tftydpQevflrlIJyZhk.roa (raw, json)
Hash identifier: 262NhKLvScq4EmvL1G7k6G1QzUjr39ovqKFbKX6X0sU=
Subject key identifier: CC:0A:9E:B4:C1:F6:B5:FB:72:76:94:1E:BD:F9:6B:94:82:72:66:19
Certificate issuer: /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial: 019907DD6FBE0F14B5C4AADF8BB3298FB685
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/zAqetMH2tftydpQevflrlIJyZhk.roa
Signing time: Tue 02 Sep 2025 00:39:36 +0000
ROA not before: Tue 02 Sep 2025 00:39:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206300
IP address blocks: 2a12:bec4:1bd0::/44 maxlen: 44
2a12:bec4:1bd0::/48 maxlen: 48
2a12:bec4:1bd1::/48 maxlen: 48
2a12:bec4:1bd2::/48 maxlen: 48
2a12:bec4:1bd3::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 06 Sep 2025 22:01:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:07:dd:6f:be:0f:14:b5:c4:aa:df:8b:b3:29:8f:b6:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Validity
Not Before: Sep 2 00:39:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cc0a9eb4c1f6b5fb7276941ebdf96b9482726619
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:82:f4:4e:b6:ce:2f:40:38:dd:91:8c:f3:60:
b5:bb:e2:9d:83:a9:cf:b9:1c:ad:96:cb:5e:e9:21:
a0:ea:a1:14:a3:c0:01:97:63:e8:36:d3:1a:c5:40:
84:ed:11:48:03:b2:70:02:a0:7f:59:c5:84:21:e5:
e4:80:bb:b4:c2:60:83:c1:36:21:97:91:1d:d9:af:
46:64:b9:28:1f:9c:d3:a6:f8:da:16:7a:93:76:62:
26:05:6d:09:ff:12:56:dd:7b:45:bf:4e:c9:6b:e0:
36:32:ad:61:b1:78:de:6d:e2:a7:4a:ad:be:2b:7b:
f8:53:26:7a:5e:74:f3:10:08:ac:c9:5c:d3:aa:47:
2d:3f:a5:18:4f:df:2e:1b:3e:18:db:a7:85:16:42:
60:7b:f5:0e:62:c8:d5:82:fa:bc:41:78:4c:e4:d6:
87:53:bf:e2:46:c9:5f:71:72:ad:42:13:aa:5d:60:
d5:84:45:0d:70:8b:5f:7d:30:da:c7:b3:22:37:ff:
be:f7:75:c8:84:a5:6b:24:09:a7:f3:47:6f:23:3c:
76:70:d1:e9:c6:db:71:05:8b:7e:5a:78:4f:61:09:
96:dd:4f:67:a7:96:39:52:f9:64:dc:31:fa:c7:2e:
22:cb:ae:08:e5:b7:70:f4:7b:43:f3:c1:50:db:f9:
85:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:0A:9E:B4:C1:F6:B5:FB:72:76:94:1E:BD:F9:6B:94:82:72:66:19
X509v3 Authority Key Identifier:
keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/zAqetMH2tftydpQevflrlIJyZhk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:bec4:1bd0::/44
Signature Algorithm: sha256WithRSAEncryption
67:f4:db:8d:c6:ca:a0:4e:d8:c2:96:da:f5:29:74:c3:4f:a5:
67:d5:f2:55:84:91:03:16:f6:95:f8:88:c9:38:d2:dc:22:01:
af:1b:b2:28:e8:8a:d1:08:49:6f:a3:4b:37:3f:7a:a5:d4:8f:
cc:aa:16:5b:0c:34:a2:b0:9a:42:fb:cc:9c:8b:17:ad:87:27:
b0:3f:43:66:2c:05:8b:db:a6:c4:40:c8:20:6b:85:13:66:7f:
de:43:7b:2e:46:81:01:99:78:a8:ec:fc:c6:3c:50:7d:09:30:
a8:e1:b9:bd:4f:a8:46:86:5c:09:2b:6f:e0:83:02:7c:4a:e8:
9c:b3:f0:05:cd:19:98:d8:24:67:9f:aa:e2:63:f1:b1:f6:b9:
44:62:a0:e7:61:29:77:80:85:83:40:ea:cd:e4:6a:a5:70:b4:
14:c1:b8:17:93:9f:77:44:70:20:bc:db:21:94:90:ef:7f:e9:
6a:ea:e3:2d:4c:34:f0:3f:dd:a7:6e:11:58:51:f5:0b:92:53:
fb:75:53:b5:3e:0c:b6:ca:27:a4:cf:e1:3d:af:bc:e0:4d:58:
d5:05:6a:0d:30:7c:ed:72:02:ac:5b:03:e1:8e:85:90:df:ae:
f1:4c:e7:9b:60:0b:d9:09:56:33:75:4c:a7:e5:30:df:8e:ea:
ee:ab:96:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZkH3W++DxS1xKrfi7Mpj7aFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwOTAyMDAzOTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzBhOWViNGMxZjZiNWZiNzI3Njk0MWViZGY5NmI5NDgyNzI2NjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYL0TrbOL0A43ZGM82C1u+Kdg6nP
uRytlste6SGg6qEUo8ABl2PoNtMaxUCE7RFIA7JwAqB/WcWEIeXkgLu0wmCDwTYh
l5Ed2a9GZLkoH5zTpvjaFnqTdmImBW0J/xJW3XtFv07Ja+A2Mq1hsXjebeKnSq2+
K3v4UyZ6XnTzEAisyVzTqkctP6UYT98uGz4Y26eFFkJge/UOYsjVgvq8QXhM5NaH
U7/iRslfcXKtQhOqXWDVhEUNcItffTDax7MiN/++93XIhKVrJAmn80dvIzx2cNHp
xttxBYt+WnhPYQmW3U9np5Y5Uvlk3DH6xy4iy64I5bdw9HtD88FQ2/mFuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMwKnrTB9rX7cnaUHr35a5SCcmYZMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvekFxZXRNSDJ0ZnR5ZHBRZXZmbHJsSUp5WmhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBvQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBn9NuNxsqgTtjCltr1KXTDT6Vn1fJVhJEDFvaV
+IjJONLcIgGvG7Io6IrRCElvo0s3P3ql1I/MqhZbDDSisJpC+8ycixethyewP0Nm
LAWL26bEQMgga4UTZn/eQ3suRoEBmXio7PzGPFB9CTCo4bm9T6hGhlwJK2/ggwJ8
Suics/AFzRmY2CRnn6riY/Gx9rlEYqDnYSl3gIWDQOrN5GqlcLQUwbgXk593RHAg
vNshlJDvf+lq6uMtTDTwP92nbhFYUfULklP7dVO1Pgy2yiekz+E9r7zgTVjVBWoN
MHztcgKsWwPhjoWQ367xTOebYAvZCVYzdUyn5TDfjuruq5YO
-----END CERTIFICATE-----
Generated at Sat Sep 6 06:06:11 2025 by rpki-client