Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/ecc6eb-e8a1-4418-9e86-12bf90e3de47/1/akY5-4-g2obAzmTP9gII_aizPf4.roa
File: akY5-4-g2obAzmTP9gII_aizPf4.roa (raw, json)
Hash identifier: KzVeM7VQFmS8KaLIcAh5ltjwswioSvZ+o5zTBX1hlx0=
Subject key identifier: 6A:46:39:FB:8F:A0:DA:86:C0:CE:64:CF:F6:02:08:FD:A8:B3:3D:FE
Certificate issuer: /CN=be54a8eae25ae0f68b3452c4685d9439e7d1c5fd
Certificate serial: 019A6DC2D9CA05DE4EE07D8173A85A956B69
Authority key identifier: BE:54:A8:EA:E2:5A:E0:F6:8B:34:52:C4:68:5D:94:39:E7:D1:C5:FD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vlSo6uJa4PaLNFLEaF2UOefRxf0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d5/ecc6eb-e8a1-4418-9e86-12bf90e3de47/1/akY5-4-g2obAzmTP9gII_aizPf4.roa
Signing time: Mon 10 Nov 2025 12:34:37 +0000
ROA not before: Mon 10 Nov 2025 12:34:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48285
IP address blocks: 46.255.120.0/23 maxlen: 23
46.255.123.0/24 maxlen: 24
46.255.124.0/24 maxlen: 24
46.255.125.0/24 maxlen: 24
46.255.127.0/24 maxlen: 24
2a00:9c00:101::/48 maxlen: 48
2a00:9c00:120::/48 maxlen: 48
2a00:9c00:123::/48 maxlen: 48
2a00:9c00:124::/48 maxlen: 48
2a00:9c00:125::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d5/ecc6eb-e8a1-4418-9e86-12bf90e3de47/1/vlSo6uJa4PaLNFLEaF2UOefRxf0.crl
rsync://rpki.ripe.net/repository/DEFAULT/d5/ecc6eb-e8a1-4418-9e86-12bf90e3de47/1/vlSo6uJa4PaLNFLEaF2UOefRxf0.mft
rsync://rpki.ripe.net/repository/DEFAULT/vlSo6uJa4PaLNFLEaF2UOefRxf0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 06:00:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:6d:c2:d9:ca:05:de:4e:e0:7d:81:73:a8:5a:95:6b:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=be54a8eae25ae0f68b3452c4685d9439e7d1c5fd
Validity
Not Before: Nov 10 12:34:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6a4639fb8fa0da86c0ce64cff60208fda8b33dfe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:a2:5d:d1:00:32:08:34:26:27:08:ee:31:e8:
98:fd:ad:27:db:60:d3:d8:b0:51:ea:f5:c8:90:0b:
9b:1f:f8:9b:c2:23:04:81:e7:34:0a:33:35:db:03:
9e:74:a5:5d:d8:fc:a1:1e:58:ea:a5:8e:71:86:91:
da:d7:a4:6e:70:5c:54:3f:d7:b4:c2:c9:0c:7d:5f:
95:5b:35:8b:32:22:01:8f:20:78:b2:8e:f0:a9:4c:
a1:72:b1:89:e0:67:fd:a6:bd:d4:1e:cd:cb:40:a7:
a9:a3:42:e6:b2:77:c2:c9:02:3f:11:5f:38:70:15:
81:48:15:9e:b5:0c:46:57:c6:39:1c:7b:a3:b1:a4:
f2:e5:4e:76:b3:3e:36:31:fd:1e:c2:14:df:ad:9e:
e8:90:97:7d:8a:64:57:bd:68:4d:f4:46:84:8a:09:
4c:31:3a:00:dc:ed:cb:a8:38:5c:db:c4:8d:3b:dd:
d2:be:82:1e:29:46:b0:2b:62:25:c6:b7:cc:1d:64:
96:62:e9:17:61:97:58:6c:4f:a7:7e:4d:25:54:78:
e9:5d:40:cd:b3:27:d0:6d:16:c7:14:20:63:d3:47:
53:cf:1d:10:3d:2b:fd:bc:ec:c8:23:17:6d:cb:83:
55:96:17:7f:53:3f:38:b5:25:b5:66:43:0b:1f:49:
55:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:46:39:FB:8F:A0:DA:86:C0:CE:64:CF:F6:02:08:FD:A8:B3:3D:FE
X509v3 Authority Key Identifier:
keyid:BE:54:A8:EA:E2:5A:E0:F6:8B:34:52:C4:68:5D:94:39:E7:D1:C5:FD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vlSo6uJa4PaLNFLEaF2UOefRxf0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/ecc6eb-e8a1-4418-9e86-12bf90e3de47/1/akY5-4-g2obAzmTP9gII_aizPf4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/ecc6eb-e8a1-4418-9e86-12bf90e3de47/1/vlSo6uJa4PaLNFLEaF2UOefRxf0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.255.120.0/23
46.255.123.0-46.255.125.255
46.255.127.0/24
IPv6:
2a00:9c00:101::/48
2a00:9c00:120::/48
2a00:9c00:123::-2a00:9c00:125:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
4c:d9:8d:53:de:76:43:4f:f5:29:9c:60:a4:67:22:e4:70:a2:
3a:ed:89:9c:38:21:e4:9e:e2:3d:3a:c6:3f:b3:b9:7a:e6:db:
60:6b:77:a3:21:00:71:2e:f8:3c:31:e6:8d:95:f3:c5:bc:a6:
cd:90:71:ab:6d:79:1b:da:c1:c9:ad:8d:0e:9f:28:56:2c:b9:
e7:5e:38:b1:a8:50:9f:c2:34:92:ad:57:c0:f1:22:bb:73:95:
9f:5e:8b:0f:47:24:1e:b9:80:c6:b7:f6:ed:c9:3a:5a:69:ca:
92:ca:ec:9b:b0:74:9b:8b:33:e8:e0:6d:e1:70:48:93:f0:06:
b8:0a:b2:04:f0:f4:a2:d8:0a:ff:0a:4b:c4:fc:ea:62:4a:4e:
e1:c5:9c:c5:03:98:b4:33:9c:f7:0a:62:65:f4:d4:6c:0b:33:
80:29:a6:c4:7e:f6:1d:32:8b:fc:45:72:cd:7a:87:66:d8:37:
c2:6d:13:88:ab:19:59:d4:cb:3e:03:f6:8f:05:87:03:fa:df:
c3:4f:7d:97:9a:55:24:87:b9:52:ae:69:4a:02:ad:94:bb:ae:
a2:dd:d0:90:92:cd:d1:5b:b7:04:a9:bb:d1:73:b2:43:16:43:
1e:9d:9d:a1:fa:00:f1:48:c4:1e:c1:21:6f:28:0e:65:d7:55:
79:46:95:f3
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZptwtnKBd5O4H2Bc6halWtpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNTRhOGVhZTI1YWUwZjY4YjM0NTJjNDY4NWQ5NDM5ZTdk
MWM1ZmQwHhcNMjUxMTEwMTIzNDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTQ2MzlmYjhmYTBkYTg2YzBjZTY0Y2ZmNjAyMDhmZGE4YjMzZGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6Jd0QAyCDQmJwjuMeiY/a0n22DT
2LBR6vXIkAubH/ibwiMEgec0CjM12wOedKVd2PyhHljqpY5xhpHa16RucFxUP9e0
wskMfV+VWzWLMiIBjyB4so7wqUyhcrGJ4Gf9pr3UHs3LQKepo0LmsnfCyQI/EV84
cBWBSBWetQxGV8Y5HHujsaTy5U52sz42Mf0ewhTfrZ7okJd9imRXvWhN9EaEiglM
MToA3O3LqDhc28SNO93SvoIeKUawK2IlxrfMHWSWYukXYZdYbE+nfk0lVHjpXUDN
syfQbRbHFCBj00dTzx0QPSv9vOzIIxdty4NVlhd/Uz84tSW1ZkMLH0lVwwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFGpGOfuPoNqGwM5kz/YCCP2osz3+MB8GA1UdIwQY
MBaAFL5UqOriWuD2izRSxGhdlDnn0cX9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmxTbzZ1SmE0UGFMTkZMRWFGMlVPZWZSeGYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9lY2M2ZWItZThhMS00NDE4LTllODYt
MTJiZjkwZTNkZTQ3LzEvYWtZNS00LWcyb2JBem1UUDlnSUlfYWl6UGY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9lY2M2ZWItZThhMS00NDE4LTllODYtMTJiZjkwZTNkZTQ3
LzEvdmxTbzZ1SmE0UGFMTkZMRWFGMlVPZWZSeGYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDAgBAIAATAaAwQBLv94MAwD
BAAu/3sDBAEu/3wDBAAu/38wLAQCAAIwJgMHACoAnAABAQMHACoAnAABIDASAwcA
KgCcAAEjAwcBKgCcAAEkMA0GCSqGSIb3DQEBCwUAA4IBAQBM2Y1T3nZDT/UpnGCk
ZyLkcKI67YmcOCHknuI9OsY/s7l65ttga3ejIQBxLvg8MeaNlfPFvKbNkHGrbXkb
2sHJrY0OnyhWLLnnXjixqFCfwjSSrVfA8SK7c5WfXosPRyQeuYDGt/btyTpaacqS
yuybsHSbizPo4G3hcEiT8Aa4CrIE8PSi2Ar/CkvE/OpiSk7hxZzFA5i0M5z3CmJl
9NRsCzOAKabEfvYdMov8RXLNeodm2DfCbROIqxlZ1Ms+A/aPBYcD+t/DT32XmlUk
h7lSrmlKAq2Uu66i3dCQks3RW7cEqbvRc7JDFkMenZ2h+gDxSMQewSFvKA5l11V5
RpXz
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:05 2025 by rpki-client