Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/5sqIPbq2icH3J5dS4SsYhrRMS5M.roa
File: 5sqIPbq2icH3J5dS4SsYhrRMS5M.roa (raw, json)
Hash identifier: 6433L/NDQ/6zqT8+fEH2pOUOhoJZ1IVBcgsM+y7ZHO8=
Subject key identifier: E6:CA:88:3D:BA:B6:89:C1:F7:27:97:52:E1:2B:18:86:B4:4C:4B:93
Certificate issuer: /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial: 01993329AD7CE6C0DC15CB1F84F347A126A4
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/5sqIPbq2icH3J5dS4SsYhrRMS5M.roa
Signing time: Wed 10 Sep 2025 10:26:33 +0000
ROA not before: Wed 10 Sep 2025 10:26:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25159
IP address blocks: 2a09:6286::/32 maxlen: 32
2a10:4100::/32 maxlen: 32
2a10:4103::/32 maxlen: 32
2a10:4105::/32 maxlen: 32
2a11:4b47::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Sep 2025 11:00:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:33:29:ad:7c:e6:c0:dc:15:cb:1f:84:f3:47:a1:26:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Validity
Not Before: Sep 10 10:26:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e6ca883dbab689c1f7279752e12b1886b44c4b93
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:a3:4c:c0:c2:4a:ed:1f:cc:7d:9d:e4:f8:58:
d4:1f:77:05:0d:ac:2f:0f:48:44:a5:58:f5:77:f3:
6d:e0:27:cd:c7:30:35:b6:f4:b5:9b:a7:d6:d6:a6:
31:b1:d9:30:93:10:6c:ae:38:1a:6d:5b:93:7b:c9:
99:84:6e:bb:6d:d6:bc:43:53:b9:c3:bd:8d:59:08:
72:33:22:1f:b4:d8:11:25:19:9c:56:c6:81:3f:07:
d6:9b:c0:d1:0a:a1:69:00:9d:88:b5:c4:a0:03:d9:
19:c9:a0:26:bf:16:fe:36:32:8e:03:80:10:37:69:
eb:83:f7:2f:b2:c1:2e:a9:b6:39:53:06:c3:1a:c2:
d5:1b:ac:99:81:f2:e6:59:1b:b1:7d:43:aa:10:0a:
b0:01:e0:c1:57:8c:b1:4a:2d:d3:17:4c:f6:5a:29:
6e:e6:04:08:5c:8c:bd:9c:1a:71:b2:89:db:61:c2:
d2:71:f0:b0:39:54:ba:66:93:00:cf:57:4b:fd:b1:
01:9b:8e:a8:93:1d:5d:3d:37:16:10:b6:51:d3:15:
6a:98:5d:bc:d8:71:e3:d8:97:43:2c:05:0e:35:df:
3b:26:0f:4c:46:fa:f1:41:71:40:a1:21:d2:a3:ed:
26:18:cb:d5:8e:68:54:ae:2e:f2:de:6e:8b:91:84:
61:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:CA:88:3D:BA:B6:89:C1:F7:27:97:52:E1:2B:18:86:B4:4C:4B:93
X509v3 Authority Key Identifier:
keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/5sqIPbq2icH3J5dS4SsYhrRMS5M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:6286::/32
2a10:4100::/32
2a10:4103::/32
2a10:4105::/32
2a11:4b47::/32
Signature Algorithm: sha256WithRSAEncryption
7b:4e:f7:60:2b:df:47:14:37:e2:f8:0f:2b:c3:6a:d7:b7:72:
87:ba:af:e9:f3:09:a4:3b:a7:2a:c1:82:55:50:fa:60:1b:8c:
75:d5:40:da:62:bd:a8:ea:70:52:24:aa:03:1d:85:f2:d7:a6:
8c:91:59:f3:cf:58:ed:dd:12:b8:29:7b:81:fd:af:bb:6e:6f:
ff:dc:b6:66:4d:40:d4:db:e0:c7:3f:b8:b3:fa:f4:37:64:08:
a5:15:e1:cf:6c:69:0d:52:10:05:66:f6:1d:10:7f:e9:6e:63:
99:f0:68:a1:c8:6f:62:12:56:5f:7a:ee:48:db:60:81:d3:66:
21:3c:fd:24:1f:8d:3d:42:88:ae:90:dc:a7:97:1d:33:fa:a3:
a0:1a:66:40:7c:49:c0:db:43:3a:d9:d1:fa:8a:94:17:4c:2c:
19:17:6d:02:92:e3:cd:fd:bf:e7:39:f5:80:98:51:1a:16:5d:
ab:28:20:d0:eb:53:fd:9a:f0:e0:b6:e2:ec:60:89:44:d3:9b:
1d:bb:13:52:2f:67:19:5d:89:fd:a8:e1:e2:e0:da:22:a4:44:
c1:f1:a8:46:dc:f0:f0:65:d2:91:f0:76:ed:6f:7c:45:0a:e8:
19:7a:a6:68:57:0f:fd:f5:98:b4:3f:10:5c:42:23:05:53:62:
54:e7:64:fb
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZkzKa185sDcFcsfhPNHoSakMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwOTEwMTAyNjMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmNhODgzZGJhYjY4OWMxZjcyNzk3NTJlMTJiMTg4NmI0NGM0YjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKNMwMJK7R/MfZ3k+FjUH3cFDawv
D0hEpVj1d/Nt4CfNxzA1tvS1m6fW1qYxsdkwkxBsrjgabVuTe8mZhG67bda8Q1O5
w72NWQhyMyIftNgRJRmcVsaBPwfWm8DRCqFpAJ2ItcSgA9kZyaAmvxb+NjKOA4AQ
N2nrg/cvssEuqbY5UwbDGsLVG6yZgfLmWRuxfUOqEAqwAeDBV4yxSi3TF0z2Wilu
5gQIXIy9nBpxsonbYcLScfCwOVS6ZpMAz1dL/bEBm46okx1dPTcWELZR0xVqmF28
2HHj2JdDLAUONd87Jg9MRvrxQXFAoSHSo+0mGMvVjmhUri7y3m6LkYRhowIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFObKiD26tonB9yeXUuErGIa0TEuTMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvNXNxSVBicTJpY0gzSjVkUzRTc1loclJNUzVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzApBAIAAjAjAwUAKglihgMF
ACoQQQADBQAqEEEDAwUAKhBBBQMFACoRS0cwDQYJKoZIhvcNAQELBQADggEBAHtO
92Ar30cUN+L4DyvDate3coe6r+nzCaQ7pyrBglVQ+mAbjHXVQNpivajqcFIkqgMd
hfLXpoyRWfPPWO3dErgpe4H9r7tub//ctmZNQNTb4Mc/uLP69DdkCKUV4c9saQ1S
EAVm9h0Qf+luY5nwaKHIb2ISVl967kjbYIHTZiE8/SQfjT1CiK6Q3KeXHTP6o6Aa
ZkB8ScDbQzrZ0fqKlBdMLBkXbQKS4839v+c59YCYURoWXasoINDrU/2a8OC24uxg
iUTTmx27E1IvZxldif2o4eLg2iKkRMHxqEbc8PBl0pHwdu1vfEUK6Bl6pmhXD/31
mLQ/EFxCIwVTYlTnZPs=
-----END CERTIFICATE-----
Generated at Wed Sep 10 20:32:53 2025 by rpki-client