Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/_Up4fhroZtsg1OwjiYrmFdMRj6U.roa
File: _Up4fhroZtsg1OwjiYrmFdMRj6U.roa (raw, json)
Hash identifier: etl7dmO4m2JhF4wBa/nmGf1/UIX18YQL5hPl0SJ5uS8=
Subject key identifier: FD:4A:78:7E:1A:E8:66:DB:20:D4:EC:23:89:8A:E6:15:D3:11:8F:A5
Certificate issuer: /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial: 01991BA7C70040269B546CC81CC139E3DF7D
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/_Up4fhroZtsg1OwjiYrmFdMRj6U.roa
Signing time: Fri 05 Sep 2025 20:53:24 +0000
ROA not before: Fri 05 Sep 2025 20:53:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205866
IP address blocks: 2a11:4640::/29 maxlen: 29
2a11:c442::/32 maxlen: 32
2a11:c541::/32 maxlen: 32
2a11:c544::/32 maxlen: 32
2a11:e540::/29 maxlen: 29
2a11:e7c4::/32 maxlen: 32
2a11:e7c6::/32 maxlen: 32
2a12:8802::/32 maxlen: 32
2a12:8803::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Sep 2025 11:14:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:1b:a7:c7:00:40:26:9b:54:6c:c8:1c:c1:39:e3:df:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Validity
Not Before: Sep 5 20:53:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fd4a787e1ae866db20d4ec23898ae615d3118fa5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:03:b9:98:a2:04:16:b3:2b:da:8a:ac:40:e7:
de:e1:03:5e:75:9d:3c:e8:17:fa:a6:ef:cb:6f:f9:
c0:33:c2:89:89:c6:50:10:d5:df:7b:9f:24:09:1f:
27:e2:76:f3:38:ef:25:b9:ea:47:3e:b5:20:9a:26:
a3:02:14:d1:46:2f:15:cf:70:4f:d0:de:3a:a7:15:
9e:23:b7:73:a0:a3:27:da:0e:bd:23:46:f8:41:a7:
06:0b:fa:e6:d1:b5:36:14:18:3a:c7:a1:a6:86:a2:
03:f6:c9:32:f3:65:d6:b1:11:e7:24:4b:ba:70:74:
8d:79:b5:a9:3b:f8:29:7c:04:9d:a2:0b:f9:5a:84:
91:0f:48:50:b1:dc:6b:88:29:ec:1e:8e:74:7d:4c:
f9:0e:b8:c4:99:e9:66:2c:53:7a:99:2e:0b:57:4b:
76:67:dd:fa:61:08:ca:04:bf:21:d9:f4:05:ff:b8:
86:f4:fe:1e:8e:30:32:df:5d:94:9d:b3:d1:8f:9a:
24:b8:c2:ee:7a:2f:83:65:8d:96:13:a5:c9:f2:6a:
9d:1b:f4:03:61:09:28:22:eb:21:c1:ec:99:d5:05:
e2:83:26:e8:8e:05:b5:9f:e1:ce:cc:6d:b7:53:49:
e6:cc:94:28:ca:15:02:60:20:e8:6a:46:0f:aa:66:
ef:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:4A:78:7E:1A:E8:66:DB:20:D4:EC:23:89:8A:E6:15:D3:11:8F:A5
X509v3 Authority Key Identifier:
keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/_Up4fhroZtsg1OwjiYrmFdMRj6U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:4640::/29
2a11:c442::/32
2a11:c541::/32
2a11:c544::/32
2a11:e540::/29
2a11:e7c4::/32
2a11:e7c6::/32
2a12:8802::/31
Signature Algorithm: sha256WithRSAEncryption
97:da:ee:6e:b5:dd:20:34:d1:d3:68:2c:af:a1:15:31:3b:30:
d0:bc:5d:6e:cd:c3:d1:d7:6c:2e:f3:76:06:07:3a:b2:3d:ad:
1e:08:20:30:82:5e:2e:1d:e6:f8:f8:7e:cf:97:5a:24:1f:29:
97:fa:39:96:50:24:60:36:a3:97:1b:7e:9d:09:22:82:d5:17:
f3:dc:e7:8c:95:82:ff:99:59:70:39:ff:f2:d3:89:f5:95:e5:
0a:dd:83:75:34:b8:2f:21:0f:18:d9:87:b5:f8:ae:1d:63:9f:
41:87:48:2d:a8:07:b2:37:74:0b:ed:11:b5:d6:9e:f6:c4:f1:
90:2f:db:d0:9e:f8:6e:e9:2d:ce:5e:11:74:95:cb:93:56:b4:
65:3b:df:b7:df:23:1f:60:b8:c3:4c:b6:c4:9d:4b:79:b9:7c:
97:62:8c:ca:e8:8c:91:8c:97:bb:68:22:bb:63:1b:20:23:55:
ba:4a:d8:bb:2e:79:6b:56:a4:01:cb:af:39:d2:d8:54:f5:9f:
97:94:8b:7a:9a:5b:4d:96:f2:b3:3f:4f:86:74:c6:3e:bf:44:
ad:a0:e0:62:a0:21:84:e3:cf:68:91:c9:3f:6e:3c:41:56:a8:
75:a6:11:fb:ea:80:37:16:85:16:a0:77:06:0a:55:47:18:c8:
27:71:70:b5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZkbp8cAQCabVGzIHME54999MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwOTA1MjA1MzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDRhNzg3ZTFhZTg2NmRiMjBkNGVjMjM4OThhZTYxNWQzMTE4ZmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmgO5mKIEFrMr2oqsQOfe4QNedZ08
6Bf6pu/Lb/nAM8KJicZQENXfe58kCR8n4nbzOO8luepHPrUgmiajAhTRRi8Vz3BP
0N46pxWeI7dzoKMn2g69I0b4QacGC/rm0bU2FBg6x6GmhqID9sky82XWsRHnJEu6
cHSNebWpO/gpfASdogv5WoSRD0hQsdxriCnsHo50fUz5DrjEmelmLFN6mS4LV0t2
Z936YQjKBL8h2fQF/7iG9P4ejjAy312UnbPRj5okuMLuei+DZY2WE6XJ8mqdG/QD
YQkoIushweyZ1QXigybojgW1n+HOzG23U0nmzJQoyhUCYCDoakYPqmbvNQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFP1KeH4a6GbbINTsI4mK5hXTEY+lMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvX1VwNGZocm9adHNnMU93amlZcm1GZE1SajZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwUDKhFGQAMF
ACoRxEIDBQAqEcVBAwUAKhHFRAMFAyoR5UADBQAqEefEAwUAKhHnxgMFASoSiAIw
DQYJKoZIhvcNAQELBQADggEBAJfa7m613SA00dNoLK+hFTE7MNC8XW7Nw9HXbC7z
dgYHOrI9rR4IIDCCXi4d5vj4fs+XWiQfKZf6OZZQJGA2o5cbfp0JIoLVF/Pc54yV
gv+ZWXA5//LTifWV5Qrdg3U0uC8hDxjZh7X4rh1jn0GHSC2oB7I3dAvtEbXWnvbE
8ZAv29Ce+G7pLc5eEXSVy5NWtGU737ffIx9guMNMtsSdS3m5fJdijMrojJGMl7to
IrtjGyAjVbpK2LsueWtWpAHLrznS2FT1n5eUi3qaW02W8rM/T4Z0xj6/RK2g4GKg
IYTjz2iRyT9uPEFWqHWmEfvqgDcWhRagdwYKVUcYyCdxcLU=
-----END CERTIFICATE-----
Generated at Sat Sep 6 15:21:33 2025 by rpki-client