Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/hT7unl9ZuxZPAjHhi1yxgaF0b84.roa
File: hT7unl9ZuxZPAjHhi1yxgaF0b84.roa (raw, json)
Hash identifier: v8cgVoUrK7g8xYPzYyvvJU+HdpGiFjC2QbRLHwLNvNg=
Subject key identifier: 85:3E:EE:9E:5F:59:BB:16:4F:02:31:E1:8B:5C:B1:81:A1:74:6F:CE
Certificate issuer: /CN=ef55459645979c413d0bc6f7454f0d36e40e99f9
Certificate serial: 019A3A3C171FD9E305D2D1C0CD3F5475AFF1
Authority key identifier: EF:55:45:96:45:97:9C:41:3D:0B:C6:F7:45:4F:0D:36:E4:0E:99:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/71VFlkWXnEE9C8b3RU8NNuQOmfk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/hT7unl9ZuxZPAjHhi1yxgaF0b84.roa
Signing time: Fri 31 Oct 2025 12:26:47 +0000
ROA not before: Fri 31 Oct 2025 12:26:47 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213579
IP address blocks: 2a14:47c0:e000::/40 maxlen: 48
2a14:47c0:e000::/48 maxlen: 48
2a14:47c0:e001::/48 maxlen: 48
2a14:47c0:e002::/48 maxlen: 48
2a14:47c0:e003::/48 maxlen: 48
2a14:47c0:e004::/48 maxlen: 48
2a14:47c0:e005::/48 maxlen: 48
2a14:47c0:e0ff::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/71VFlkWXnEE9C8b3RU8NNuQOmfk.crl
rsync://rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/71VFlkWXnEE9C8b3RU8NNuQOmfk.mft
rsync://rpki.ripe.net/repository/DEFAULT/71VFlkWXnEE9C8b3RU8NNuQOmfk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:3a:3c:17:1f:d9:e3:05:d2:d1:c0:cd:3f:54:75:af:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef55459645979c413d0bc6f7454f0d36e40e99f9
Validity
Not Before: Oct 31 12:26:47 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=853eee9e5f59bb164f0231e18b5cb181a1746fce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:79:e2:7a:aa:e6:47:b1:73:64:5e:18:7a:55:
d1:25:32:24:06:0a:99:d8:18:16:a4:8a:fc:7d:b6:
8a:32:81:3c:c4:a8:42:8e:1c:e7:ce:18:39:67:22:
62:a2:43:e6:3f:8b:d9:27:05:bd:68:c4:2e:dd:4c:
87:8f:ed:86:b5:a3:11:ba:e2:20:89:97:29:41:7d:
38:b0:f2:6b:30:1a:5b:f0:e6:0d:c0:f8:ae:d6:5e:
dc:7e:ab:9b:96:98:c9:1f:d3:b5:7f:1c:39:2e:85:
19:f2:a8:f6:fb:be:82:3a:17:69:50:e3:9c:8e:47:
5c:89:ed:7f:5f:35:d7:a0:33:d6:c9:f3:fe:d1:5b:
26:ff:d8:71:e6:35:27:52:29:99:36:06:b4:3b:67:
1d:dc:ea:33:33:64:2a:c5:66:fc:07:03:cf:70:df:
e1:d3:b7:9b:e8:97:b7:80:ba:07:50:c5:42:6a:29:
b7:d4:5e:0e:2c:e0:d9:ac:bd:d8:e5:e3:99:3f:58:
17:e4:c6:22:ec:4d:82:d5:d0:bd:1e:0b:f6:a8:a0:
72:75:ca:9c:35:a2:61:f5:90:83:3e:76:b6:4f:43:
8b:78:e9:f2:8c:8e:08:79:9c:cc:f2:4e:2b:5a:ca:
44:e2:ff:01:3d:7f:28:8c:af:6f:3e:5c:22:3b:3e:
19:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:3E:EE:9E:5F:59:BB:16:4F:02:31:E1:8B:5C:B1:81:A1:74:6F:CE
X509v3 Authority Key Identifier:
keyid:EF:55:45:96:45:97:9C:41:3D:0B:C6:F7:45:4F:0D:36:E4:0E:99:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71VFlkWXnEE9C8b3RU8NNuQOmfk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/hT7unl9ZuxZPAjHhi1yxgaF0b84.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/71VFlkWXnEE9C8b3RU8NNuQOmfk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:47c0:e000::/40
Signature Algorithm: sha256WithRSAEncryption
20:41:e7:31:e9:22:b0:ea:67:2d:e3:60:03:29:3b:23:c1:7d:
6b:f3:41:a4:10:95:be:7f:b6:7e:7a:92:9e:0b:b8:03:7c:28:
c4:76:4d:60:09:94:d5:5f:3c:5c:7d:27:2c:15:8f:51:05:d1:
5a:d8:f7:78:d6:fe:cc:cd:b1:fb:dd:f4:c8:4d:ad:d1:fa:4d:
c6:26:7e:0a:ae:23:37:b5:6e:8a:8c:18:68:04:ce:c3:2e:0f:
ca:54:df:ee:0b:f1:fd:5d:01:73:37:a7:1f:7e:a9:11:3c:a1:
f0:b9:3b:e3:e6:bb:f1:24:c6:63:17:ae:95:bf:cd:03:81:f2:
30:f0:ce:71:70:3b:86:6d:6c:b2:b3:05:2b:a6:67:a7:07:1c:
2a:67:1e:cd:d0:da:dc:a0:1d:ea:8c:e4:43:14:06:5d:6d:0f:
70:08:f7:45:60:f7:2c:e6:f5:8e:45:6a:4d:f6:d0:fa:19:aa:
d7:5b:ec:2d:e1:b1:fd:f8:3d:97:6f:41:02:b0:72:b7:48:09:
2e:b5:19:89:0f:0d:e1:97:34:8b:fa:5b:de:99:6b:3d:74:4a:
85:83:2b:be:30:0a:7f:94:73:47:e8:25:fa:e1:97:94:e8:5c:
a5:56:db:20:5d:29:75:e4:68:ed:0d:42:1d:85:ad:6c:7b:7c:
6d:16:23:55
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZo6PBcf2eMF0tHAzT9Uda/xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTU0NTk2NDU5NzljNDEzZDBiYzZmNzQ1NGYwZDM2ZTQw
ZTk5ZjkwHhcNMjUxMDMxMTIyNjQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTNlZWU5ZTVmNTliYjE2NGYwMjMxZTE4YjVjYjE4MWExNzQ2ZmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHnieqrmR7FzZF4YelXRJTIkBgqZ
2BgWpIr8fbaKMoE8xKhCjhznzhg5ZyJiokPmP4vZJwW9aMQu3UyHj+2GtaMRuuIg
iZcpQX04sPJrMBpb8OYNwPiu1l7cfqublpjJH9O1fxw5LoUZ8qj2+76COhdpUOOc
jkdcie1/XzXXoDPWyfP+0Vsm/9hx5jUnUimZNga0O2cd3OozM2QqxWb8BwPPcN/h
07eb6Je3gLoHUMVCaim31F4OLODZrL3Y5eOZP1gX5MYi7E2C1dC9Hgv2qKBydcqc
NaJh9ZCDPna2T0OLeOnyjI4IeZzM8k4rWspE4v8BPX8ojK9vPlwiOz4ZbQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIU+7p5fWbsWTwIx4YtcsYGhdG/OMB8GA1UdIwQY
MBaAFO9VRZZFl5xBPQvG90VPDTbkDpn5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFWRmxrV1huRUU5QzhiM1JVOE5OdVFPbWZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8wNTEyZGYtN2QwYy00NjNiLTg3MjQt
ODI1MzFlOWM3ODA0LzEvaFQ3dW5sOVp1eFpQQWpIaGkxeXhnYUYwYjg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8wNTEyZGYtN2QwYy00NjNiLTg3MjQtODI1MzFlOWM3ODA0
LzEvNzFWRmxrV1huRUU5QzhiM1JVOE5OdVFPbWZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRHwOAw
DQYJKoZIhvcNAQELBQADggEBACBB5zHpIrDqZy3jYAMpOyPBfWvzQaQQlb5/tn56
kp4LuAN8KMR2TWAJlNVfPFx9JywVj1EF0VrY93jW/szNsfvd9MhNrdH6TcYmfgqu
Ize1boqMGGgEzsMuD8pU3+4L8f1dAXM3px9+qRE8ofC5O+Pmu/EkxmMXrpW/zQOB
8jDwznFwO4ZtbLKzBSumZ6cHHCpnHs3Q2tygHeqM5EMUBl1tD3AI90Vg9yzm9Y5F
ak320PoZqtdb7C3hsf34PZdvQQKwcrdICS61GYkPDeGXNIv6W96Zaz10SoWDK74w
Cn+Uc0foJfrhl5ToXKVW2yBdKXXkaO0NQh2FrWx7fG0WI1U=
-----END CERTIFICATE-----
Generated at Wed Nov 5 03:21:54 2025 by rpki-client