Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/b88a60-aaf4-491a-ab82-c59294991b25/1/I1OEJUjpsj-SiuX_wnPiipgdS6M.roa
File: I1OEJUjpsj-SiuX_wnPiipgdS6M.roa (raw, json)
Hash identifier: dtbp2jtgsiSENLkAM8QnYEyE94lEGjUIdXIwmAKpZLY=
Subject key identifier: 23:53:84:25:48:E9:B2:3F:92:8A:E5:FF:C2:73:E2:8A:98:1D:4B:A3
Certificate issuer: /CN=f898d89f925299b51f3bc82accd8c6b962dcc2e2
Certificate serial: 019A33BA0FAC4FB677D85D26D6A70AF0F1C2
Authority key identifier: F8:98:D8:9F:92:52:99:B5:1F:3B:C8:2A:CC:D8:C6:B9:62:DC:C2:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-JjYn5JSmbUfO8gqzNjGuWLcwuI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ec/b88a60-aaf4-491a-ab82-c59294991b25/1/I1OEJUjpsj-SiuX_wnPiipgdS6M.roa
Signing time: Thu 30 Oct 2025 06:07:03 +0000
ROA not before: Thu 30 Oct 2025 06:07:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197204
IP address blocks: 2a01:4360::/32 maxlen: 48
2a03:5c80::/32 maxlen: 48
2a05:6980::/29 maxlen: 48
2a0c:1ac0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ec/b88a60-aaf4-491a-ab82-c59294991b25/1/1-JjYn5JSmbUfO8gqzNjGuWLcwuI.crl
rsync://rpki.ripe.net/repository/DEFAULT/ec/b88a60-aaf4-491a-ab82-c59294991b25/1/1-JjYn5JSmbUfO8gqzNjGuWLcwuI.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-JjYn5JSmbUfO8gqzNjGuWLcwuI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 06:00:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:33:ba:0f:ac:4f:b6:77:d8:5d:26:d6:a7:0a:f0:f1:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f898d89f925299b51f3bc82accd8c6b962dcc2e2
Validity
Not Before: Oct 30 06:07:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2353842548e9b23f928ae5ffc273e28a981d4ba3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:65:b9:a1:a4:29:84:9a:1c:f9:82:4c:71:35:
09:2a:2b:7f:12:bf:e9:53:a2:3b:5a:26:7f:2f:e4:
3b:f7:51:2b:c0:77:d1:74:86:8c:79:01:7f:ff:78:
d6:48:25:50:65:74:35:97:a6:28:ef:69:80:f6:96:
36:cb:76:1d:0c:74:8b:db:74:ab:dd:47:27:56:e3:
f1:97:71:d0:f2:b8:73:6e:f7:f6:9a:5b:0b:67:a5:
ce:b9:92:0a:62:11:e5:e4:4a:6b:76:60:17:1a:9d:
25:57:bc:48:1d:3e:2c:ac:22:dd:0a:6c:36:32:6d:
50:45:db:4b:f1:5b:fb:c8:8d:28:7c:a2:cd:0c:95:
d8:81:9f:fc:ab:52:98:ff:05:13:6e:81:28:56:db:
20:dc:4d:5e:38:5e:d3:7c:b9:03:27:04:8f:dd:ff:
d7:35:aa:f8:09:ac:0c:12:a7:af:4b:96:d7:7c:bb:
7e:b9:70:5b:ed:50:cd:37:f6:b0:3f:33:19:4c:9f:
1f:fb:76:8d:ce:6f:10:3a:5d:a9:03:1d:25:a9:06:
99:cc:41:ae:4e:26:b8:d8:0b:80:d2:d5:1c:19:0f:
35:4e:b2:54:3c:a3:f5:a6:f2:40:5d:06:30:e1:6d:
6f:9b:f2:68:9c:40:46:82:fc:72:94:dc:7b:7a:eb:
79:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:53:84:25:48:E9:B2:3F:92:8A:E5:FF:C2:73:E2:8A:98:1D:4B:A3
X509v3 Authority Key Identifier:
keyid:F8:98:D8:9F:92:52:99:B5:1F:3B:C8:2A:CC:D8:C6:B9:62:DC:C2:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-JjYn5JSmbUfO8gqzNjGuWLcwuI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/b88a60-aaf4-491a-ab82-c59294991b25/1/I1OEJUjpsj-SiuX_wnPiipgdS6M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/b88a60-aaf4-491a-ab82-c59294991b25/1/1-JjYn5JSmbUfO8gqzNjGuWLcwuI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:4360::/32
2a03:5c80::/32
2a05:6980::/29
2a0c:1ac0::/29
Signature Algorithm: sha256WithRSAEncryption
29:0e:98:8d:76:c7:04:e0:d3:4c:e1:73:14:94:70:6d:44:4e:
a0:8f:ee:e6:0f:45:ac:8b:af:c8:84:5c:83:dd:22:f0:9f:9e:
20:4c:a6:db:fc:3b:9b:d3:c2:f8:76:77:7c:a6:76:d8:0a:b0:
97:d2:b5:ba:48:0c:98:e0:e1:15:3b:a8:6e:4e:bc:f2:17:00:
30:fd:87:10:15:1a:7b:69:54:f7:55:79:87:21:98:8e:16:8a:
c4:ac:f6:f3:51:40:0d:c0:51:78:c9:51:28:93:06:e1:e0:e9:
6d:d3:c9:5c:02:ba:e6:45:84:6d:fe:43:ec:8b:12:7e:eb:34:
60:d4:89:e3:22:13:c0:d5:db:5e:a6:b6:55:15:f5:ac:66:04:
5d:2c:4c:c7:7e:cf:98:ef:97:b9:38:ec:02:e4:53:03:7f:9a:
ff:7d:57:2b:29:b6:16:23:51:a7:10:32:71:02:69:cb:59:5a:
bf:e5:91:a0:51:6e:39:b7:c0:17:78:7a:e6:0e:ca:2f:98:dc:
8c:14:bf:95:d5:02:96:91:61:b3:21:68:2d:1a:b8:f2:14:c7:
63:8f:94:db:ed:69:51:be:e6:3e:7a:cd:30:e9:52:a2:e2:5d:
9f:e3:62:48:0f:c8:ca:44:cd:d9:07:91:1a:0d:0e:b5:6e:ea:
fd:ec:49:15
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZozug+sT7Z32F0m1qcK8PHCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4OThkODlmOTI1Mjk5YjUxZjNiYzgyYWNjZDhjNmI5NjJk
Y2MyZTIwHhcNMjUxMDMwMDYwNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzUzODQyNTQ4ZTliMjNmOTI4YWU1ZmZjMjczZTI4YTk4MWQ0YmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGW5oaQphJoc+YJMcTUJKit/Er/p
U6I7WiZ/L+Q791ErwHfRdIaMeQF//3jWSCVQZXQ1l6Yo72mA9pY2y3YdDHSL23Sr
3UcnVuPxl3HQ8rhzbvf2mlsLZ6XOuZIKYhHl5EprdmAXGp0lV7xIHT4srCLdCmw2
Mm1QRdtL8Vv7yI0ofKLNDJXYgZ/8q1KY/wUTboEoVtsg3E1eOF7TfLkDJwSP3f/X
Nar4CawMEqevS5bXfLt+uXBb7VDNN/awPzMZTJ8f+3aNzm8QOl2pAx0lqQaZzEGu
Tia42AuA0tUcGQ81TrJUPKP1pvJAXQYw4W1vm/JonEBGgvxylNx7eut5aQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCNThCVI6bI/korl/8Jz4oqYHUujMB8GA1UdIwQY
MBaAFPiY2J+SUpm1HzvIKszYxrli3MLiMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1KalluNUpTbWJVZk84Z3F6TmpHdVdMY3d1SS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWMvYjg4YTYwLWFhZjQtNDkxYS1hYjgy
LWM1OTI5NDk5MWIyNS8xL0kxT0VKVWpwc2otU2l1WF93blBpaXBnZFM2TS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWMvYjg4YTYwLWFhZjQtNDkxYS1hYjgyLWM1OTI5NDk5MWIy
NS8xLzEtSmpZbjVKU21iVWZPOGdxek5qR3VXTGN3dUkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNQYIKwYBBQUHAQcBAf8EJjAkMCIEAgACMBwDBQAqAUNg
AwUAKgNcgAMFAyoFaYADBQMqDBrAMA0GCSqGSIb3DQEBCwUAA4IBAQApDpiNdscE
4NNM4XMUlHBtRE6gj+7mD0Wsi6/IhFyD3SLwn54gTKbb/Dub08L4dnd8pnbYCrCX
0rW6SAyY4OEVO6huTrzyFwAw/YcQFRp7aVT3VXmHIZiOForErPbzUUANwFF4yVEo
kwbh4Olt08lcArrmRYRt/kPsixJ+6zRg1InjIhPA1dteprZVFfWsZgRdLEzHfs+Y
75e5OOwC5FMDf5r/fVcrKbYWI1GnEDJxAmnLWVq/5ZGgUW45t8AXeHrmDsovmNyM
FL+V1QKWkWGzIWgtGrjyFMdjj5Tb7WlRvuY+es0w6VKi4l2f42JID8jKRM3ZB5Ea
DQ61bur97EkV
-----END CERTIFICATE-----
Generated at Tue Nov 11 15:23:36 2025 by rpki-client