Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/O42IhVRYzRJUYlgjX8HIHW_KVnU.roa
File: O42IhVRYzRJUYlgjX8HIHW_KVnU.roa (raw, json)
Hash identifier: SZagXazHBTlLIxNcbYMSb4ckHjuLGZi27M1fUfK9rEk=
Subject key identifier: 3B:8D:88:85:54:58:CD:12:54:62:58:23:5F:C1:C8:1D:6F:CA:56:75
Certificate issuer: /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial: 01991B3729A73A1892CEE81CF414286A3294
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/O42IhVRYzRJUYlgjX8HIHW_KVnU.roa
Signing time: Fri 05 Sep 2025 18:50:23 +0000
ROA not before: Fri 05 Sep 2025 18:50:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2a07:f240::/29 maxlen: 29
2a0b:8440::/29 maxlen: 29
2a0b:b480::/29 maxlen: 29
2a0f:63c0::/29 maxlen: 29
2a10:a9c0::/29 maxlen: 29
2a13:5040::/29 maxlen: 29
2a13:be40::/29 maxlen: 29
2a13:bec0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Sep 2025 02:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:1b:37:29:a7:3a:18:92:ce:e8:1c:f4:14:28:6a:32:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
Validity
Not Before: Sep 5 18:50:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3b8d88855458cd12546258235fc1c81d6fca5675
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:26:a4:14:d3:bf:8c:62:bb:fa:3b:74:0a:95:
d3:eb:d4:93:17:06:10:ae:8c:9d:8f:a5:21:f1:d8:
f1:75:c2:0b:37:1d:6d:f4:eb:55:d6:ff:b6:16:71:
18:35:9b:87:b9:c8:c0:c4:2f:7a:17:ae:ec:da:78:
97:52:ac:6b:fd:9f:24:c5:8e:e6:60:00:b4:df:d9:
9d:02:d9:92:e7:11:9f:5b:61:22:2e:52:8a:76:fa:
57:b7:51:9f:2b:50:5a:fe:b5:13:b3:53:33:86:30:
41:ed:d3:7e:ae:20:14:3e:dd:63:e7:00:c6:eb:76:
e4:09:01:e7:bd:f8:f2:5e:f9:6c:4d:e3:c2:2d:76:
b6:f7:37:13:ba:0d:15:40:2e:6a:1a:b2:8e:eb:c6:
a0:57:a0:d5:a6:05:9e:1f:36:ad:aa:59:b2:be:b5:
42:b3:5f:20:87:b9:c7:3d:0d:d1:c5:d3:de:46:21:
72:cd:b1:86:0b:2d:b4:81:50:c0:f8:99:2c:ad:42:
ea:b5:67:50:b4:fa:40:00:00:a3:ee:a8:b2:35:b5:
b2:0f:e2:50:24:68:04:12:45:97:62:f9:66:5e:c0:
af:f5:92:f8:75:bc:ce:7c:de:be:7e:06:71:bd:62:
3b:c6:d2:d6:83:cc:a2:f3:66:5b:44:fd:38:6e:8a:
0b:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:8D:88:85:54:58:CD:12:54:62:58:23:5F:C1:C8:1D:6F:CA:56:75
X509v3 Authority Key Identifier:
keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/O42IhVRYzRJUYlgjX8HIHW_KVnU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a07:f240::/29
2a0b:8440::/29
2a0b:b480::/29
2a0f:63c0::/29
2a10:a9c0::/29
2a13:5040::/29
2a13:be40::/29
2a13:bec0::/29
Signature Algorithm: sha256WithRSAEncryption
2c:4a:fc:f2:23:56:78:fa:ee:9c:83:98:4f:73:4c:aa:be:ec:
9d:1d:a9:0f:d0:c6:02:1a:ff:c4:66:a9:02:e9:9a:c3:2c:78:
72:96:2e:e4:02:7b:ea:e3:b6:f1:a9:dc:bd:97:39:3a:02:1f:
f6:ff:50:e1:f1:4e:6b:24:47:95:0c:70:c6:9a:ab:c8:9f:d2:
20:53:f6:d2:ae:04:7a:df:06:f0:00:8c:30:67:97:52:fe:30:
ed:bf:84:48:3b:b4:e2:31:44:b4:49:ab:25:b1:03:7b:6a:6e:
c2:c7:2c:77:7c:4b:c9:ca:5c:de:e2:f5:6d:d7:38:06:0e:29:
ee:33:cf:6b:b1:49:be:ea:3e:5b:89:f5:40:ec:09:69:f1:20:
48:69:79:af:0a:87:7e:4b:2b:bf:8b:b5:f9:40:40:fe:b5:a1:
7a:1a:cc:f6:b4:78:2a:9c:00:14:ab:66:b3:fb:7b:d4:16:34:
a3:41:49:c9:98:a5:74:86:a8:c1:d8:84:b9:50:4a:cb:68:88:
15:06:21:bc:32:b2:e7:17:cc:b0:a4:88:d5:8d:fb:e3:ac:e8:
1e:b5:e9:06:0a:68:1c:6e:a7:53:90:8c:1f:05:45:c1:d6:02:
c4:d7:74:65:5a:c9:1d:cf:32:b1:dc:ec:df:fd:a9:71:2e:be:
49:01:c3:23
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZkbNymnOhiSzugc9BQoajKUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwOTA1MTg1MDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjhkODg4NTU0NThjZDEyNTQ2MjU4MjM1ZmMxYzgxZDZmY2E1Njc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriakFNO/jGK7+jt0CpXT69STFwYQ
roydj6Uh8djxdcILNx1t9OtV1v+2FnEYNZuHucjAxC96F67s2niXUqxr/Z8kxY7m
YAC039mdAtmS5xGfW2EiLlKKdvpXt1GfK1Ba/rUTs1MzhjBB7dN+riAUPt1j5wDG
63bkCQHnvfjyXvlsTePCLXa29zcTug0VQC5qGrKO68agV6DVpgWeHzatqlmyvrVC
s18gh7nHPQ3RxdPeRiFyzbGGCy20gVDA+JksrULqtWdQtPpAAACj7qiyNbWyD+JQ
JGgEEkWXYvlmXsCv9ZL4dbzOfN6+fgZxvWI7xtLWg8yi82ZbRP04booLkQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFDuNiIVUWM0SVGJYI1/ByB1vylZ1MB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvTzQySWhWUll6UkpVWWxnalg4SElIV19LVm5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwUDKgfyQAMF
AyoLhEADBQMqC7SAAwUDKg9jwAMFAyoQqcADBQMqE1BAAwUDKhO+QAMFAyoTvsAw
DQYJKoZIhvcNAQELBQADggEBACxK/PIjVnj67pyDmE9zTKq+7J0dqQ/QxgIa/8Rm
qQLpmsMseHKWLuQCe+rjtvGp3L2XOToCH/b/UOHxTmskR5UMcMaaq8if0iBT9tKu
BHrfBvAAjDBnl1L+MO2/hEg7tOIxRLRJqyWxA3tqbsLHLHd8S8nKXN7i9W3XOAYO
Ke4zz2uxSb7qPluJ9UDsCWnxIEhpea8Kh35LK7+LtflAQP61oXoazPa0eCqcABSr
ZrP7e9QWNKNBScmYpXSGqMHYhLlQSstoiBUGIbwysucXzLCkiNWN++Os6B616QYK
aBxup1OQjB8FRcHWAsTXdGVayR3PMrHc7N/9qXEuvkkBwyM=
-----END CERTIFICATE-----
Generated at Sat Sep 6 07:44:24 2025 by rpki-client