Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/aH1H42A257VdqDiXrY0uTsLMEKg.roa
File: aH1H42A257VdqDiXrY0uTsLMEKg.roa (raw, json)
Hash identifier: emBzsI5CMTYNr5Wt+XXbq2GJ3fao6C8SKulHpZy66VA=
Subject key identifier: 68:7D:47:E3:60:36:E7:B5:5D:A8:38:97:AD:8D:2E:4E:C2:CC:10:A8
Certificate issuer: /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial: 0198F40D6958BC455BED1B060614C401692D
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/aH1H42A257VdqDiXrY0uTsLMEKg.roa
Signing time: Fri 29 Aug 2025 04:19:36 +0000
ROA not before: Fri 29 Aug 2025 04:19:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44812
IP address blocks: 2a10:4104::/32 maxlen: 32
2a12:a343::/32 maxlen: 32
2a12:a344::/32 maxlen: 32
2a13:93c3::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Sep 2025 11:14:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:f4:0d:69:58:bc:45:5b:ed:1b:06:06:14:c4:01:69:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Validity
Not Before: Aug 29 04:19:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=687d47e36036e7b55da83897ad8d2e4ec2cc10a8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:4a:c4:24:e0:0b:74:1b:8e:c1:6f:ac:84:4f:
00:79:fc:ff:7a:2d:d8:1d:df:0c:d6:55:1f:87:ae:
e0:fe:18:e1:82:27:7a:37:ca:40:28:1b:5f:2b:3f:
2e:b8:d6:c2:a2:4e:ce:21:70:01:9e:b0:24:d6:bc:
a2:0c:15:ea:bb:63:e1:08:e7:0d:64:ea:b0:99:7d:
cf:5b:ba:5b:32:23:f0:00:c2:c9:0c:15:b2:e6:a2:
2a:f4:18:89:67:8e:40:35:e0:59:8e:6f:84:a4:d9:
96:4d:65:8e:df:9f:29:f0:83:8c:74:37:89:52:6c:
fd:f2:19:7d:0d:f2:a0:17:a2:4e:07:67:7d:f6:59:
b6:d7:c9:3d:7e:aa:7e:cb:79:e3:4d:2f:a8:00:91:
be:75:62:1a:6f:37:4d:2c:4d:e1:63:0d:7f:14:af:
b3:46:fd:3f:c5:a4:ab:5c:5f:8f:5d:de:89:86:78:
5a:b4:36:a5:92:cd:2b:f0:8b:64:af:a9:84:43:28:
0a:50:99:6b:42:81:89:ee:84:ab:d6:7d:a5:5e:01:
2d:ef:00:53:7b:3a:e6:ce:66:86:b2:c9:73:05:45:
12:4e:4d:b2:f7:d0:9f:79:f6:cf:21:61:30:2b:e1:
65:49:25:2b:ce:89:81:7f:0e:42:d7:dd:a5:0d:75:
bf:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:7D:47:E3:60:36:E7:B5:5D:A8:38:97:AD:8D:2E:4E:C2:CC:10:A8
X509v3 Authority Key Identifier:
keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/aH1H42A257VdqDiXrY0uTsLMEKg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a10:4104::/32
2a12:a343::-2a12:a344:ffff:ffff:ffff:ffff:ffff:ffff
2a13:93c3::/32
Signature Algorithm: sha256WithRSAEncryption
10:b1:54:40:d7:2a:40:77:87:d3:4b:68:87:d2:70:63:a2:e6:
3a:e7:08:1d:70:e0:82:c1:2d:86:e4:5b:9e:39:46:9d:9b:3b:
73:46:57:88:0c:2f:24:e2:2d:49:1c:93:77:f1:14:b0:bb:2b:
1c:11:c0:92:5c:7a:3b:9e:21:1a:a0:94:77:59:c9:ce:da:8a:
91:02:0c:1f:3e:17:f3:45:d9:e9:3a:b3:19:58:38:5a:77:c1:
c1:3b:30:3f:62:62:5e:c5:44:4c:4e:26:86:71:fd:c0:ed:08:
e6:6f:be:b2:cc:3f:22:78:d5:92:ac:8e:03:58:28:b2:35:14:
97:4f:e3:49:39:88:aa:9e:bb:60:f3:80:83:8a:17:bc:90:cd:
17:45:a4:0d:a6:5b:36:cc:61:f2:74:cf:31:b1:4a:c7:ed:e9:
e9:c8:b9:70:01:f1:e9:b0:d8:12:4c:31:f8:d6:88:ae:5f:de:
68:fd:93:8e:03:90:42:73:ec:77:83:5f:91:97:cd:a6:de:f9:
26:6b:7b:76:86:64:91:e9:ee:00:30:f7:b4:27:a4:62:a6:95:
91:c9:d3:6c:f7:1f:06:c8:a3:9a:50:72:27:a1:e3:e3:05:ed:
15:04:98:b4:9e:db:b5:09:79:90:17:bc:40:9a:ef:13:3c:74:
1e:1f:30:df
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZj0DWlYvEVb7RsGBhTEAWktMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwODI5MDQxOTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODdkNDdlMzYwMzZlN2I1NWRhODM4OTdhZDhkMmU0ZWMyY2MxMGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UrEJOALdBuOwW+shE8Aefz/ei3Y
Hd8M1lUfh67g/hjhgid6N8pAKBtfKz8uuNbCok7OIXABnrAk1ryiDBXqu2PhCOcN
ZOqwmX3PW7pbMiPwAMLJDBWy5qIq9BiJZ45ANeBZjm+EpNmWTWWO358p8IOMdDeJ
Umz98hl9DfKgF6JOB2d99lm218k9fqp+y3njTS+oAJG+dWIabzdNLE3hYw1/FK+z
Rv0/xaSrXF+PXd6JhnhatDalks0r8Itkr6mEQygKUJlrQoGJ7oSr1n2lXgEt7wBT
ezrmzmaGsslzBUUSTk2y99CfefbPIWEwK+FlSSUrzomBfw5C192lDXW/OQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFGh9R+NgNue1Xag4l62NLk7CzBCoMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvYUgxSDQyQTI1N1ZkcURpWHJZMHVUc0xNRUtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAAjAeAwUAKhBBBDAO
AwUAKhKjQwMFACoSo0QDBQAqE5PDMA0GCSqGSIb3DQEBCwUAA4IBAQAQsVRA1ypA
d4fTS2iH0nBjouY65wgdcOCCwS2G5FueOUadmztzRleIDC8k4i1JHJN38RSwuysc
EcCSXHo7niEaoJR3WcnO2oqRAgwfPhfzRdnpOrMZWDhad8HBOzA/YmJexURMTiaG
cf3A7Qjmb76yzD8ieNWSrI4DWCiyNRSXT+NJOYiqnrtg84CDihe8kM0XRaQNpls2
zGHydM8xsUrH7enpyLlwAfHpsNgSTDH41oiuX95o/ZOOA5BCc+x3g1+Rl82m3vkm
a3t2hmSR6e4AMPe0J6RippWRydNs9x8GyKOaUHInoePjBe0VBJi0ntu1CXmQF7xA
mu8TPHQeHzDf
-----END CERTIFICATE-----
Generated at Sat Sep 6 21:13:20 2025 by rpki-client