Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/RttlY5HzQVXJ50UgCnxZ0BWy4Mo.roa
File: RttlY5HzQVXJ50UgCnxZ0BWy4Mo.roa (raw, json)
Hash identifier: jgIM9KKqZgI/Dr7RByRM8eyRlI8Lo/Fqjd4T1YCXpYc=
Subject key identifier: 46:DB:65:63:91:F3:41:55:C9:E7:45:20:0A:7C:59:D0:15:B2:E0:CA
Certificate issuer: /CN=4b98127943e7175734964010c89ef821416a31b3
Certificate serial: 01992E73C224D416DB54E7F5E4B182926DC9
Authority key identifier: 4B:98:12:79:43:E7:17:57:34:96:40:10:C8:9E:F8:21:41:6A:31:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S5gSeUPnF1c0lkAQyJ74IUFqMbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/RttlY5HzQVXJ50UgCnxZ0BWy4Mo.roa
Signing time: Tue 09 Sep 2025 12:29:22 +0000
ROA not before: Tue 09 Sep 2025 12:29:22 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2856
IP address blocks: 2.24.0.0/13 maxlen: 13
31.64.0.0/12 maxlen: 12
31.90.0.0/15 maxlen: 15
31.92.0.0/15 maxlen: 15
31.94.0.0/16 maxlen: 16
31.96.0.0/16 maxlen: 16
31.100.0.0/14 maxlen: 14
31.104.0.0/16 maxlen: 16
31.105.0.0/16 maxlen: 16
31.106.0.0/15 maxlen: 15
31.112.0.0/14 maxlen: 14
31.116.0.0/16 maxlen: 16
31.117.0.0/16 maxlen: 16
31.118.0.0/16 maxlen: 16
31.119.0.0/16 maxlen: 16
31.120.0.0/16 maxlen: 16
31.121.0.0/16 maxlen: 16
31.122.0.0/16 maxlen: 16
31.126.0.0/15 maxlen: 15
46.68.66.0/24 maxlen: 24
95.144.0.0/13 maxlen: 13
109.180.0.0/15 maxlen: 15
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/S5gSeUPnF1c0lkAQyJ74IUFqMbM.crl
rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/S5gSeUPnF1c0lkAQyJ74IUFqMbM.mft
rsync://rpki.ripe.net/repository/DEFAULT/S5gSeUPnF1c0lkAQyJ74IUFqMbM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Sep 2025 11:00:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:2e:73:c2:24:d4:16:db:54:e7:f5:e4:b1:82:92:6d:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b98127943e7175734964010c89ef821416a31b3
Validity
Not Before: Sep 9 12:29:22 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=46db656391f34155c9e745200a7c59d015b2e0ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:42:02:ef:5f:f2:5e:8c:c6:90:88:89:6e:50:
9b:90:e9:b9:28:1f:e1:6e:5a:f4:99:ae:e2:72:25:
f9:cd:ff:f4:e3:ea:f5:cd:ad:9c:1d:3d:36:18:e4:
89:8c:74:20:64:6b:59:e5:e2:1e:44:9b:6e:92:c3:
12:37:b5:e1:4f:94:d7:be:ce:ac:f0:ce:71:7c:87:
60:02:5f:35:f1:25:b2:d0:be:e9:ac:4a:28:75:eb:
a1:46:b2:1d:24:5e:bf:d1:b4:81:da:cc:5b:a0:10:
c7:cf:24:b3:29:79:e1:21:a0:f2:6a:87:bc:e3:54:
fb:0b:9f:44:d3:da:ce:1d:bd:2d:2f:e7:20:99:f8:
99:e2:f9:ba:92:0e:69:5c:9b:a9:5f:f1:5c:26:06:
9f:9d:44:3e:52:67:b0:27:58:96:c4:25:74:ad:e1:
04:e4:8e:66:6f:ab:96:ca:7c:a1:68:f6:96:cc:8b:
5c:1e:c3:39:c1:e3:6b:0e:cc:3a:8c:25:e8:a9:14:
f6:8d:e8:e3:6e:2b:8c:cf:ea:6a:21:0d:fd:96:73:
d7:0e:d2:6c:20:05:3e:0c:65:bd:97:2f:34:a0:cf:
f8:61:89:a9:d8:1a:23:35:7c:5c:63:04:54:57:a8:
07:4e:35:17:45:64:5f:5b:74:1c:5c:96:d5:65:4a:
f6:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:DB:65:63:91:F3:41:55:C9:E7:45:20:0A:7C:59:D0:15:B2:E0:CA
X509v3 Authority Key Identifier:
keyid:4B:98:12:79:43:E7:17:57:34:96:40:10:C8:9E:F8:21:41:6A:31:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5gSeUPnF1c0lkAQyJ74IUFqMbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/RttlY5HzQVXJ50UgCnxZ0BWy4Mo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/S5gSeUPnF1c0lkAQyJ74IUFqMbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.24.0.0/13
31.64.0.0/12
31.90.0.0-31.94.255.255
31.96.0.0/16
31.100.0.0-31.107.255.255
31.112.0.0-31.122.255.255
31.126.0.0/15
46.68.66.0/24
95.144.0.0/13
109.180.0.0/15
Signature Algorithm: sha256WithRSAEncryption
60:3a:8f:39:46:4d:b8:eb:f7:bf:7a:a4:83:7e:cf:ab:23:d4:
73:9d:23:57:a1:62:78:af:66:59:10:f6:6b:da:76:a2:aa:83:
d0:d6:4e:fb:af:72:06:73:b1:ba:34:93:3e:ba:17:88:e8:7c:
28:fd:6c:f4:28:a6:af:2f:cf:36:39:cc:5b:fe:9d:1b:5e:b6:
28:ed:af:6c:33:20:8d:9c:95:e8:44:fb:eb:3d:d9:41:05:fb:
6c:dd:d9:bf:b6:b1:2c:03:1a:38:4b:f4:92:90:07:f0:53:f5:
99:e5:41:00:86:ff:81:cd:9b:b3:87:19:46:b9:14:3e:1e:36:
a4:2b:83:b0:b3:3d:30:1c:a4:dd:78:9f:7f:f4:65:50:e0:ff:
1b:35:cd:c6:e7:ac:66:5b:5a:f5:02:c5:54:97:0c:82:ff:2b:
66:52:b6:7a:80:58:67:0a:92:65:b4:17:4b:c5:c7:79:20:15:
1b:7d:16:d0:e4:f9:03:ca:03:b5:95:32:6f:15:1e:42:3a:db:
8a:68:9d:11:2f:2f:16:7d:ab:51:f5:51:4e:9a:b8:c0:d2:9d:
57:05:a8:f9:9a:5a:c9:a5:cb:aa:31:38:d5:3f:b1:00:ea:93:
46:6f:3c:37:44:4c:d4:21:6c:8d:c3:53:48:39:f2:3b:11:d9:
14:c5:22:00
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZkuc8Ik1BbbVOf15LGCkm3JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTgxMjc5NDNlNzE3NTczNDk2NDAxMGM4OWVmODIxNDE2
YTMxYjMwHhcNMjUwOTA5MTIyOTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmRiNjU2MzkxZjM0MTU1YzllNzQ1MjAwYTdjNTlkMDE1YjJlMGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0IC71/yXozGkIiJblCbkOm5KB/h
blr0ma7iciX5zf/04+r1za2cHT02GOSJjHQgZGtZ5eIeRJtuksMSN7XhT5TXvs6s
8M5xfIdgAl818SWy0L7prEoodeuhRrIdJF6/0bSB2sxboBDHzySzKXnhIaDyaoe8
41T7C59E09rOHb0tL+cgmfiZ4vm6kg5pXJupX/FcJgafnUQ+UmewJ1iWxCV0reEE
5I5mb6uWynyhaPaWzItcHsM5weNrDsw6jCXoqRT2jejjbiuMz+pqIQ39lnPXDtJs
IAU+DGW9ly80oM/4YYmp2BojNXxcYwRUV6gHTjUXRWRfW3QcXJbVZUr2nQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFEbbZWOR80FVyedFIAp8WdAVsuDKMB8GA1UdIwQY
MBaAFEuYEnlD5xdXNJZAEMie+CFBajGzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVnU2VVUG5GMWMwbGtBUXlKNzRJVUZxTWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9mMjBkZjMtMjc1My00MzUzLWE2Njgt
NjIxNzkyZjdlNTZhLzEvUnR0bFk1SHpRVlhKNTBVZ0NueFowQld5NE1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9mMjBkZjMtMjc1My00MzUzLWE2NjgtNjIxNzkyZjdlNTZh
LzEvUzVnU2VVUG5GMWMwbGtBUXlKNzRJVUZxTWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwMDAhgDAwQf
QDAKAwMBH1oDAwAfXgMDAB9gMAoDAwIfZAMDAh9oMAoDAwQfcAMDAB96AwMBH34D
BAAuREIDAwNfkAMDAW20MA0GCSqGSIb3DQEBCwUAA4IBAQBgOo85Rk246/e/eqSD
fs+rI9RznSNXoWJ4r2ZZEPZr2naiqoPQ1k77r3IGc7G6NJM+uheI6Hwo/Wz0KKav
L882Ocxb/p0bXrYo7a9sMyCNnJXoRPvrPdlBBfts3dm/trEsAxo4S/SSkAfwU/WZ
5UEAhv+BzZuzhxlGuRQ+HjakK4Owsz0wHKTdeJ9/9GVQ4P8bNc3G56xmW1r1AsVU
lwyC/ytmUrZ6gFhnCpJltBdLxcd5IBUbfRbQ5PkDygO1lTJvFR5COtuKaJ0RLy8W
fatR9VFOmrjA0p1XBaj5mlrJpcuqMTjVP7EA6pNGbzw3REzUIWyNw1NIOfI7EdkU
xSIA
-----END CERTIFICATE-----
Generated at Wed Sep 10 17:34:31 2025 by rpki-client