Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/hLWpkiZ_lfEuL_k3rh0ZEWcuSJg.roa
File: hLWpkiZ_lfEuL_k3rh0ZEWcuSJg.roa (raw, json)
Hash identifier: OqFVvrsXpRimlKbVYstU0htGroX59uf6tkVTasOWkpI=
Subject key identifier: 84:B5:A9:92:26:7F:95:F1:2E:2F:F9:37:AE:1D:19:11:67:2E:48:98
Certificate issuer: /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial: 0198EF08705033D6A9FA0FE2BE88656AE431
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/hLWpkiZ_lfEuL_k3rh0ZEWcuSJg.roa
Signing time: Thu 28 Aug 2025 04:56:04 +0000
ROA not before: Thu 28 Aug 2025 04:56:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215304
IP address blocks: 2a0f:7802:e000::/40 maxlen: 48
2a0f:7802:e100::/40 maxlen: 48
2a0f:7802:e200::/40 maxlen: 48
2a0f:7803:fac0::/44 maxlen: 48
2a0f:7803:fb40::/44 maxlen: 48
2a0f:7803:ff90::/44 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 05:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:ef:08:70:50:33:d6:a9:fa:0f:e2:be:88:65:6a:e4:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
Validity
Not Before: Aug 28 04:56:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=84b5a992267f95f12e2ff937ae1d1911672e4898
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:df:22:b6:86:dd:73:84:1c:98:4d:28:24:a0:
a1:12:21:50:fd:13:d2:b8:ce:07:35:c5:50:cf:26:
63:83:71:4c:4a:2d:e3:88:3c:41:81:c0:2a:ca:f7:
aa:88:6f:fc:f7:32:8b:b4:7d:0a:aa:d5:75:4b:3c:
46:11:de:41:ca:24:fa:9f:ca:a4:b5:1a:93:7e:11:
0e:b1:0d:67:3f:53:9a:ad:cd:0e:c9:ec:83:d7:66:
59:4a:21:91:70:f8:ff:af:36:39:85:0f:de:ee:c6:
42:27:78:cb:92:74:67:a6:6f:3d:b2:93:7c:77:cc:
9e:59:8a:1e:fe:1e:d1:83:0b:36:39:00:aa:ea:b7:
33:47:89:a3:75:d8:4b:49:93:b8:f2:2e:68:d3:dc:
5f:b1:63:57:f1:6d:82:a9:81:a2:46:d8:bd:75:e6:
7d:2e:d3:54:5f:58:f2:e5:dd:dc:7d:ac:b0:32:f9:
99:4f:dd:5d:d2:78:cc:95:db:65:ee:e5:80:cb:4f:
00:e9:6a:ef:c2:41:c9:d8:9a:df:b1:88:a0:60:25:
70:57:d3:22:ee:7f:87:a2:c4:e5:86:ec:68:94:03:
2e:1e:50:eb:9a:de:3c:41:da:91:b5:d1:31:2d:6a:
3d:53:f5:d3:bb:f6:99:dd:36:27:de:88:d9:6e:c1:
f5:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:B5:A9:92:26:7F:95:F1:2E:2F:F9:37:AE:1D:19:11:67:2E:48:98
X509v3 Authority Key Identifier:
keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/hLWpkiZ_lfEuL_k3rh0ZEWcuSJg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:7802:e000::-2a0f:7802:e2ff:ffff:ffff:ffff:ffff:ffff
2a0f:7803:fac0::/44
2a0f:7803:fb40::/44
2a0f:7803:ff90::/44
Signature Algorithm: sha256WithRSAEncryption
26:85:84:2b:b4:83:28:0f:a9:3f:b7:a8:33:a6:ca:a7:ab:04:
2b:e3:de:35:99:44:51:17:de:42:88:3e:4d:22:80:f1:bf:a1:
c8:65:87:93:ff:00:92:a3:bb:05:c9:d4:f5:f7:b8:5f:6f:f5:
01:9f:c2:66:ec:7a:0e:6b:06:f2:d6:aa:71:13:19:47:1c:9e:
07:42:a5:33:4f:7b:35:d1:bb:bb:b5:24:12:e8:4d:26:64:3f:
a4:ed:c2:e2:b1:ac:a4:86:f2:bc:17:e7:e0:86:6b:a3:90:04:
8d:08:0f:1d:60:d9:ad:6d:68:64:d9:65:a1:97:38:79:66:a7:
01:f2:b7:c2:05:28:b7:1f:26:45:b1:6b:48:2b:7b:ea:13:bf:
82:0c:b4:c0:83:d5:f3:ef:8c:33:90:76:32:07:ac:c9:37:08:
81:20:d7:8f:c5:17:b6:1d:d5:a1:1f:79:19:fe:df:d7:0b:2b:
c3:8a:eb:e7:b6:fb:db:8e:3f:b2:f0:ab:c9:a8:45:83:74:23:
be:55:1a:b5:4a:a0:7f:d9:dc:5d:74:8e:c7:18:93:a0:50:e3:
98:d7:5d:58:5f:11:ae:58:55:90:8c:88:8a:3a:76:39:8e:2a:
bf:71:51:75:87:a1:07:0a:20:94:54:9f:09:92:25:77:f4:f4:
b5:6a:8c:1e
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZjvCHBQM9ap+g/ivohlauQxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwODI4MDQ1NjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGI1YTk5MjI2N2Y5NWYxMmUyZmY5MzdhZTFkMTkxMTY3MmU0ODk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArt8itobdc4QcmE0oJKChEiFQ/RPS
uM4HNcVQzyZjg3FMSi3jiDxBgcAqyveqiG/89zKLtH0KqtV1SzxGEd5ByiT6n8qk
tRqTfhEOsQ1nP1Oarc0OyeyD12ZZSiGRcPj/rzY5hQ/e7sZCJ3jLknRnpm89spN8
d8yeWYoe/h7Rgws2OQCq6rczR4mjddhLSZO48i5o09xfsWNX8W2CqYGiRti9deZ9
LtNUX1jy5d3cfaywMvmZT91d0njMldtl7uWAy08A6WrvwkHJ2JrfsYigYCVwV9Mi
7n+HosTlhuxolAMuHlDrmt48QdqRtdExLWo9U/XTu/aZ3TYn3ojZbsH1GQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFIS1qZImf5XxLi/5N64dGRFnLkiYMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvaExXcGtpWl9sZkV1TF9rM3JoMFpFV2N1U0pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAzBAIAAjAtMBADBgUqD3gC
4AMGACoPeALiAwcEKg94A/rAAwcEKg94A/tAAwcEKg94A/+QMA0GCSqGSIb3DQEB
CwUAA4IBAQAmhYQrtIMoD6k/t6gzpsqnqwQr4941mURRF95CiD5NIoDxv6HIZYeT
/wCSo7sFydT197hfb/UBn8Jm7HoOawby1qpxExlHHJ4HQqUzT3s10bu7tSQS6E0m
ZD+k7cLisaykhvK8F+fghmujkASNCA8dYNmtbWhk2WWhlzh5ZqcB8rfCBSi3HyZF
sWtIK3vqE7+CDLTAg9Xz74wzkHYyB6zJNwiBINePxRe2HdWhH3kZ/t/XCyvDiuvn
tvvbjj+y8KvJqEWDdCO+VRq1SqB/2dxddI7HGJOgUOOY111YXxGuWFWQjIiKOnY5
jiq/cVF1h6EHCiCUVJ8JkiV39PS1aowe
-----END CERTIFICATE-----
Generated at Sun Sep 7 12:34:25 2025 by rpki-client