Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/ZCzToqN5LSoa9lMQ6mpHrEm40BM.roa
File: ZCzToqN5LSoa9lMQ6mpHrEm40BM.roa (raw, json)
Hash identifier: Rh6BonZceuNXGzBpjVKKzU+muKuiK5QB8HWu0wfEOUg=
Subject key identifier: 64:2C:D3:A2:A3:79:2D:2A:1A:F6:53:10:EA:6A:47:AC:49:B8:D0:13
Certificate issuer: /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial: 01999A8971AE610A3B7F4E32C6FCBDCA3C2C
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/ZCzToqN5LSoa9lMQ6mpHrEm40BM.roa
Signing time: Tue 30 Sep 2025 12:12:02 +0000
ROA not before: Tue 30 Sep 2025 12:12:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2a07:f240::/29 maxlen: 29
2a0b:8440::/29 maxlen: 29
2a0f:63c0::/29 maxlen: 29
2a10:a9c0::/29 maxlen: 29
2a13:5040::/29 maxlen: 29
2a13:be40::/29 maxlen: 29
2a13:bec0::/29 maxlen: 29
2a13:cdc0::/29 maxlen: 29
2a13:d140::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Oct 2025 07:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:9a:89:71:ae:61:0a:3b:7f:4e:32:c6:fc:bd:ca:3c:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
Validity
Not Before: Sep 30 12:12:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=642cd3a2a3792d2a1af65310ea6a47ac49b8d013
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:8c:4e:9c:55:cf:3d:76:79:2b:a5:9b:15:d8:
44:d9:ea:6f:97:be:75:68:c0:92:73:15:97:73:0a:
c7:3b:ac:2d:b3:b9:ff:e7:29:d7:87:90:84:5c:de:
e8:c7:0b:20:8d:1d:51:ef:07:3f:7a:4b:4f:c9:db:
76:45:5d:63:4c:b4:8e:98:0b:04:31:98:b9:58:f6:
74:98:70:dc:08:e3:4b:ea:95:a9:87:ac:e5:29:86:
d1:3c:ee:ef:46:0b:fc:77:61:94:47:33:f0:7f:c5:
19:5a:d7:ab:f0:cd:c9:9a:39:a1:bb:ce:a5:79:a9:
f3:e9:1d:87:8d:e5:1c:cd:a6:e8:aa:64:b8:f1:4b:
b6:f9:21:62:91:cb:b3:a8:83:63:fc:49:9e:95:89:
96:ae:13:06:07:68:41:43:76:f2:d4:37:5e:0c:d8:
54:3c:e8:76:1b:8d:f2:f5:a7:da:c2:f5:62:83:f4:
d7:a1:4c:23:16:92:6a:1a:57:ac:a5:eb:3e:8d:1c:
48:af:07:a4:24:4a:6f:17:e4:96:d5:0d:8e:25:0d:
22:e4:70:a9:06:da:3c:3e:8b:2f:03:f2:d2:61:58:
9b:fe:88:a3:e4:5e:2c:f4:38:66:46:2e:c1:34:48:
b3:d1:6e:fa:57:e1:d3:6e:67:65:28:cd:21:b5:a9:
9d:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:2C:D3:A2:A3:79:2D:2A:1A:F6:53:10:EA:6A:47:AC:49:B8:D0:13
X509v3 Authority Key Identifier:
keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/ZCzToqN5LSoa9lMQ6mpHrEm40BM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a07:f240::/29
2a0b:8440::/29
2a0f:63c0::/29
2a10:a9c0::/29
2a13:5040::/29
2a13:be40::/29
2a13:bec0::/29
2a13:cdc0::/29
2a13:d140::/29
Signature Algorithm: sha256WithRSAEncryption
ce:ff:cc:4a:fc:8e:47:51:b8:51:5f:03:70:3f:ae:af:bc:de:
f6:0b:72:54:37:c0:3e:da:2d:65:3f:19:cd:72:29:eb:1c:29:
71:c7:83:09:6a:be:fd:a7:7f:79:f1:3c:de:4d:1e:4d:41:05:
7a:4c:f1:be:75:ba:fd:27:cb:be:3e:56:29:88:ac:4d:a5:63:
31:8f:ac:a6:16:56:47:c1:55:b4:f0:81:c2:56:d6:de:d0:18:
1b:d5:ab:59:5b:a4:69:de:d1:a2:45:15:59:9b:58:68:f6:3d:
70:8e:d0:50:e1:cb:4c:a2:a1:8e:1d:d4:17:cd:ca:86:22:9b:
bb:ab:73:40:3a:bf:9d:b9:40:01:0b:96:e8:5d:e3:59:15:8a:
83:c3:6e:41:52:09:fd:4d:2e:09:98:83:bf:e6:f5:27:72:a5:
cf:c8:0b:6e:fa:a2:78:11:bc:39:a8:4c:59:35:c4:19:84:34:
9c:61:1e:e1:ea:90:56:42:2d:c6:53:57:ea:4b:e6:b9:85:62:
af:b5:85:0c:94:df:cd:bb:18:80:1e:c6:02:29:96:96:e9:76:
77:c5:53:ed:ea:1e:b2:eb:36:50:ef:9b:c3:e6:e5:49:fb:e5:
6d:48:0e:f4:3f:4b:f2:12:1a:57:67:41:07:c3:15:a8:4d:17:
91:09:e4:2f
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZmaiXGuYQo7f04yxvy9yjwsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwOTMwMTIxMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDJjZDNhMmEzNzkyZDJhMWFmNjUzMTBlYTZhNDdhYzQ5YjhkMDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4xOnFXPPXZ5K6WbFdhE2epvl751
aMCScxWXcwrHO6wts7n/5ynXh5CEXN7oxwsgjR1R7wc/ektPydt2RV1jTLSOmAsE
MZi5WPZ0mHDcCONL6pWph6zlKYbRPO7vRgv8d2GURzPwf8UZWter8M3Jmjmhu86l
eanz6R2HjeUczaboqmS48Uu2+SFikcuzqINj/EmelYmWrhMGB2hBQ3by1DdeDNhU
POh2G43y9afawvVig/TXoUwjFpJqGlespes+jRxIrwekJEpvF+SW1Q2OJQ0i5HCp
Bto8PosvA/LSYVib/oij5F4s9DhmRi7BNEiz0W76V+HTbmdlKM0htamdAwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFGQs06KjeS0qGvZTEOpqR6xJuNATMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvWkN6VG9xTjVMU29hOWxNUTZtcEhyRW00MEJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAAjA/AwUDKgfyQAMF
AyoLhEADBQMqD2PAAwUDKhCpwAMFAyoTUEADBQMqE75AAwUDKhO+wAMFAyoTzcAD
BQMqE9FAMA0GCSqGSIb3DQEBCwUAA4IBAQDO/8xK/I5HUbhRXwNwP66vvN72C3JU
N8A+2i1lPxnNcinrHClxx4MJar79p3958TzeTR5NQQV6TPG+dbr9J8u+PlYpiKxN
pWMxj6ymFlZHwVW08IHCVtbe0Bgb1atZW6Rp3tGiRRVZm1ho9j1wjtBQ4ctMoqGO
HdQXzcqGIpu7q3NAOr+duUABC5boXeNZFYqDw25BUgn9TS4JmIO/5vUncqXPyAtu
+qJ4Ebw5qExZNcQZhDScYR7h6pBWQi3GU1fqS+a5hWKvtYUMlN/NuxiAHsYCKZaW
6XZ3xVPt6h6y6zZQ75vD5uVJ++VtSA70P0vyEhpXZ0EHwxWoTReRCeQv
-----END CERTIFICATE-----
Generated at Wed Oct 8 13:59:43 2025 by rpki-client