Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/A9DsFGO2ojSTU3t3H_591t6w8WI.roa
File: A9DsFGO2ojSTU3t3H_591t6w8WI.roa (raw, json)
Hash identifier: gC24AHMgjd4fXEF4FVeYBDZGQOBnnQ+nj7K20zYP6Oc=
Subject key identifier: 03:D0:EC:14:63:B6:A2:34:93:53:7B:77:1F:FE:7D:D6:DE:B0:F1:62
Certificate issuer: /CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
Certificate serial: 0199857EA3BD4994CE75F6F5A2338B9D94DF
Authority key identifier: FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/A9DsFGO2ojSTU3t3H_591t6w8WI.roa
Signing time: Fri 26 Sep 2025 10:08:13 +0000
ROA not before: Fri 26 Sep 2025 10:08:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 2a02:e9c1::/32 maxlen: 32
2a02:e9c2::/32 maxlen: 32
2a02:e9c4::/32 maxlen: 32
2a02:e9c7::/32 maxlen: 32
2a13:6cc0::/32 maxlen: 32
2a13:6cc4::/32 maxlen: 32
2a13:6cc7::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl
rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.mft
rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 19 Oct 2025 22:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:85:7e:a3:bd:49:94:ce:75:f6:f5:a2:33:8b:9d:94:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
Validity
Not Before: Sep 26 10:08:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=03d0ec1463b6a23493537b771ffe7dd6deb0f162
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:5b:08:bc:a0:49:d5:53:5d:f7:a1:16:3f:de:
6f:f8:ce:7a:e6:83:05:bd:4f:d9:fb:95:4e:db:71:
ad:cd:54:7e:b7:8c:56:15:9b:3b:5e:79:3e:92:a7:
f4:e5:b1:3f:8f:53:a3:a4:f3:fe:30:fa:6a:2a:ff:
ea:49:d9:69:4d:c6:fb:aa:2c:77:7f:64:b7:99:5b:
5f:a0:71:2e:54:80:eb:48:2f:70:17:77:9f:f2:b5:
ea:75:66:69:15:70:1c:ef:ff:51:87:44:66:a8:ed:
52:26:95:e5:db:f2:1d:de:17:95:82:ee:05:cc:56:
b0:56:e2:4b:3f:1e:83:40:73:1f:39:23:84:74:0a:
5f:31:38:c9:6a:a4:0b:b2:08:fd:df:fa:bd:30:b0:
97:0c:e5:2e:fa:87:67:86:53:ae:ce:3b:76:44:8b:
77:d1:57:f1:7d:fd:19:ff:9c:23:b8:30:75:21:3e:
8c:d9:ee:c8:71:c5:3e:8f:94:45:56:1d:f4:32:90:
bd:8e:4c:99:92:86:f8:98:12:b2:86:1a:9c:28:c2:
2e:61:78:2b:59:26:61:d9:ee:d8:2d:98:c2:47:52:
ca:88:69:14:32:92:84:4d:22:f7:41:f2:f4:8a:2c:
25:c0:e2:2d:c5:0a:4a:8f:29:83:b1:50:4f:61:80:
34:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:D0:EC:14:63:B6:A2:34:93:53:7B:77:1F:FE:7D:D6:DE:B0:F1:62
X509v3 Authority Key Identifier:
keyid:FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/A9DsFGO2ojSTU3t3H_591t6w8WI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a02:e9c1::-2a02:e9c2:ffff:ffff:ffff:ffff:ffff:ffff
2a02:e9c4::/32
2a02:e9c7::/32
2a13:6cc0::/32
2a13:6cc4::/32
2a13:6cc7::/32
Signature Algorithm: sha256WithRSAEncryption
70:1f:6a:ea:d8:96:73:ea:17:e9:2b:86:ca:8f:f7:d8:e5:b7:
04:8e:e8:23:ad:6c:fc:2c:56:26:6e:fa:68:11:93:cd:bf:af:
1e:0a:05:fd:52:00:65:fc:37:ee:61:00:fa:7f:a9:f1:6d:5b:
d1:c8:1d:a1:6d:18:61:93:f6:34:ae:56:a4:83:2a:db:4e:3a:
69:63:be:46:46:de:31:ad:69:b4:f5:18:ad:6d:7a:1e:e4:ff:
f2:5f:16:aa:92:63:ff:e0:ff:a0:45:d8:f1:a9:d4:d8:4b:8e:
a8:59:7f:c3:57:2b:fd:f7:93:a3:03:4b:d0:77:f9:98:9b:d5:
0a:8e:1b:20:41:eb:e3:85:e9:62:99:c7:dc:26:af:84:b1:02:
5c:2f:2a:05:ce:7b:90:4f:a7:18:33:93:06:34:25:8b:1b:dc:
fb:7a:89:fc:97:a0:ea:0d:37:02:60:b7:12:b5:10:41:4f:ee:
90:01:73:7c:67:96:1d:47:d2:83:8d:f7:d6:70:10:94:57:bc:
0e:5e:b6:f8:70:b2:6f:46:58:44:ba:82:6d:ad:7c:0c:02:ee:
ae:b7:46:67:70:96:9a:82:eb:b5:a6:39:cf:fb:08:4c:66:16:
c9:48:e8:bf:6d:98:b8:01:40:91:8a:61:0b:bb:8d:69:f9:cd:
26:1f:d5:21
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZmFfqO9SZTOdfb1ojOLnZTfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGJmYmRiNmU5NzVkZGNhOGY2ZGQ5NjhjMzdhN2Q1NTYw
ZTY5MWQwHhcNMjUwOTI2MTAwODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2QwZWMxNDYzYjZhMjM0OTM1MzdiNzcxZmZlN2RkNmRlYjBmMTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1sIvKBJ1VNd96EWP95v+M565oMF
vU/Z+5VO23GtzVR+t4xWFZs7Xnk+kqf05bE/j1OjpPP+MPpqKv/qSdlpTcb7qix3
f2S3mVtfoHEuVIDrSC9wF3ef8rXqdWZpFXAc7/9Rh0RmqO1SJpXl2/Id3heVgu4F
zFawVuJLPx6DQHMfOSOEdApfMTjJaqQLsgj93/q9MLCXDOUu+odnhlOuzjt2RIt3
0Vfxff0Z/5wjuDB1IT6M2e7IccU+j5RFVh30MpC9jkyZkob4mBKyhhqcKMIuYXgr
WSZh2e7YLZjCR1LKiGkUMpKETSL3QfL0iiwlwOItxQpKjymDsVBPYYA0VQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFAPQ7BRjtqI0k1N7dx/+fdbesPFiMB8GA1UdIwQY
MBaAFP/b+9tul13cqPbdlow3p9VWDmkdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUt
MTk3NjlmNTc4ZWZkLzEvQTlEc0ZHTzJvalNUVTN0M0hfNTkxdDZ3OFdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUtMTk3NjlmNTc4ZWZk
LzEvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzA5BAIAAjAzMA4DBQAqAunB
AwUAKgLpwgMFACoC6cQDBQAqAunHAwUAKhNswAMFACoTbMQDBQAqE2zHMA0GCSqG
SIb3DQEBCwUAA4IBAQBwH2rq2JZz6hfpK4bKj/fY5bcEjugjrWz8LFYmbvpoEZPN
v68eCgX9UgBl/DfuYQD6f6nxbVvRyB2hbRhhk/Y0rlakgyrbTjppY75GRt4xrWm0
9RitbXoe5P/yXxaqkmP/4P+gRdjxqdTYS46oWX/DVyv995OjA0vQd/mYm9UKjhsg
QevjhelimcfcJq+EsQJcLyoFznuQT6cYM5MGNCWLG9z7eon8l6DqDTcCYLcStRBB
T+6QAXN8Z5YdR9KDjffWcBCUV7wOXrb4cLJvRlhEuoJtrXwMAu6ut0ZncJaaguu1
pjnP+whMZhbJSOi/bZi4AUCRimELu41p+c0mH9Uh
-----END CERTIFICATE-----
Generated at Sun Oct 19 08:29:08 2025 by rpki-client