Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/pJ41Ot1o_TJe-Ld5lhAGMTRexpU.roa
File: pJ41Ot1o_TJe-Ld5lhAGMTRexpU.roa (raw, json)
Hash identifier: QdVrmEsEXTUslsRRUHKRoORcqw7vIHESdNEilK3tJaU=
Subject key identifier: A4:9E:35:3A:DD:68:FD:32:5E:F8:B7:79:96:10:06:31:34:5E:C6:95
Certificate issuer: /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial: 01991BA7C65E5A863D777230AA3D5C247432
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/pJ41Ot1o_TJe-Ld5lhAGMTRexpU.roa
Signing time: Fri 05 Sep 2025 20:53:24 +0000
ROA not before: Fri 05 Sep 2025 20:53:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205828
IP address blocks: 2a11:85c0::/29 maxlen: 29
2a11:9fc0::/29 maxlen: 29
2a11:acc0::/29 maxlen: 29
2a11:c444::/32 maxlen: 32
2a11:c543::/32 maxlen: 32
2a11:e7c2::/32 maxlen: 32
2a12:8805::/32 maxlen: 32
2a12:8806::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Sep 2025 05:01:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:1b:a7:c6:5e:5a:86:3d:77:72:30:aa:3d:5c:24:74:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Validity
Not Before: Sep 5 20:53:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a49e353add68fd325ef8b77996100631345ec695
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:60:94:cb:72:ac:d4:ba:8a:5f:9f:13:32:1d:
9f:f2:15:86:da:59:35:7a:3f:5e:f6:1f:14:0b:d0:
f3:bd:fa:b2:63:5c:4c:19:dd:54:0a:94:d9:a9:ba:
97:f9:d4:a3:31:07:dd:44:2a:cb:40:91:10:da:8f:
97:c3:d2:da:85:53:85:5b:f8:fb:fe:e0:f2:e2:52:
c8:ff:99:b7:a7:ce:33:ce:13:1c:05:7b:05:e3:07:
c0:3c:9c:02:45:e7:90:46:ce:1d:78:ab:fd:a5:c4:
79:7f:63:d8:b2:97:90:a6:0b:21:5f:e1:fd:b4:aa:
d3:71:94:cf:89:6d:95:a8:92:eb:1b:a6:5a:51:97:
e0:0a:e6:8c:ee:d4:ea:45:ff:f3:42:7f:17:05:23:
e8:36:e1:a5:0e:7c:d7:10:67:50:5a:ee:f1:b1:87:
48:a9:2a:15:47:61:c6:bc:4b:69:94:2a:ef:b1:65:
38:32:5e:7e:30:52:88:bc:47:66:85:86:bb:4e:5a:
b8:03:74:89:78:d8:77:ed:f2:d2:d3:52:2d:1e:cb:
95:b2:f3:ec:c4:0d:1e:37:e7:8f:d5:83:11:1d:54:
17:37:41:26:f9:3d:85:bf:6e:13:ff:57:ee:2f:91:
71:24:ea:c2:6d:2a:f7:a2:33:ea:88:40:c1:61:a5:
16:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:9E:35:3A:DD:68:FD:32:5E:F8:B7:79:96:10:06:31:34:5E:C6:95
X509v3 Authority Key Identifier:
keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/pJ41Ot1o_TJe-Ld5lhAGMTRexpU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:85c0::/29
2a11:9fc0::/29
2a11:acc0::/29
2a11:c444::/32
2a11:c543::/32
2a11:e7c2::/32
2a12:8805::-2a12:8806:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
bf:1c:4c:fe:88:e9:87:9a:a7:31:62:af:33:69:25:fe:29:43:
2b:a0:fb:56:0c:a9:cc:5d:a7:f9:4c:cb:9f:2d:17:3a:9e:cf:
39:c1:30:5f:d7:02:33:e1:f2:8f:ca:0e:52:0e:1e:87:45:95:
a5:dc:cf:50:b0:5a:f6:52:6c:73:12:94:b6:79:3e:ae:3d:39:
f2:1d:36:24:73:b2:23:14:6c:3e:cb:03:ce:a4:c5:a5:f8:a7:
83:f0:72:db:94:41:96:49:1f:c0:1e:31:04:0b:19:1d:42:20:
d1:fa:05:22:b7:ac:b0:4e:5b:4a:2a:70:89:03:8d:c4:67:66:
7d:67:55:29:18:e6:b0:06:4e:2d:2c:d2:0c:e0:e4:a3:87:b1:
8b:db:85:ad:ba:82:f9:19:4b:14:6d:49:d7:2c:3d:68:5f:e0:
26:10:61:91:28:9c:13:e5:68:37:81:b4:ed:c5:e7:93:f7:bd:
b9:5b:64:a8:02:24:29:f0:84:e7:0c:48:91:25:e2:ed:13:f3:
42:2b:b0:76:48:e3:80:ce:d1:02:4f:f5:aa:8a:bf:3d:a8:50:
91:e6:65:e8:a7:11:39:55:f4:05:fe:6b:ae:a3:34:05:db:15:
fc:89:cb:b1:12:c2:6a:6e:91:6a:99:81:ab:5f:14:4d:2e:55:
4a:91:a0:04
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZkbp8ZeWoY9d3Iwqj1cJHQyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwOTA1MjA1MzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDllMzUzYWRkNjhmZDMyNWVmOGI3Nzk5NjEwMDYzMTM0NWVjNjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWCUy3Ks1LqKX58TMh2f8hWG2lk1
ej9e9h8UC9DzvfqyY1xMGd1UCpTZqbqX+dSjMQfdRCrLQJEQ2o+Xw9LahVOFW/j7
/uDy4lLI/5m3p84zzhMcBXsF4wfAPJwCReeQRs4deKv9pcR5f2PYspeQpgshX+H9
tKrTcZTPiW2VqJLrG6ZaUZfgCuaM7tTqRf/zQn8XBSPoNuGlDnzXEGdQWu7xsYdI
qSoVR2HGvEtplCrvsWU4Ml5+MFKIvEdmhYa7Tlq4A3SJeNh37fLS01ItHsuVsvPs
xA0eN+eP1YMRHVQXN0Em+T2Fv24T/1fuL5FxJOrCbSr3ojPqiEDBYaUWMQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFKSeNTrdaP0yXvi3eZYQBjE0XsaVMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvcEo0MU90MW9fVEplLUxkNWxoQUdNVFJleHBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAAjA6AwUDKhGFwAMF
AyoRn8ADBQMqEazAAwUAKhHERAMFACoRxUMDBQAqEefCMA4DBQAqEogFAwUAKhKI
BjANBgkqhkiG9w0BAQsFAAOCAQEAvxxM/ojph5qnMWKvM2kl/ilDK6D7VgypzF2n
+UzLny0XOp7POcEwX9cCM+Hyj8oOUg4eh0WVpdzPULBa9lJscxKUtnk+rj058h02
JHOyIxRsPssDzqTFpfing/By25RBlkkfwB4xBAsZHUIg0foFIressE5bSipwiQON
xGdmfWdVKRjmsAZOLSzSDODko4exi9uFrbqC+RlLFG1J1yw9aF/gJhBhkSicE+Vo
N4G07cXnk/e9uVtkqAIkKfCE5wxIkSXi7RPzQiuwdkjjgM7RAk/1qoq/PahQkeZl
6KcROVX0Bf5rrqM0BdsV/InLsRLCam6RapmBq18UTS5VSpGgBA==
-----END CERTIFICATE-----
Generated at Sat Sep 6 15:15:13 2025 by rpki-client