Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/0aEMFgQ5ipdWyksY133mv5CQ57A.roa
File: 0aEMFgQ5ipdWyksY133mv5CQ57A.roa (raw, json)
Hash identifier: kSfygI9zdJdz/9UOATJlk3dHumB7OaoXI+kg920I5CY=
Subject key identifier: D1:A1:0C:16:04:39:8A:97:56:CA:4B:18:D7:7D:E6:BF:90:90:E7:B0
Certificate issuer: /CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
Certificate serial: 019A4EDB6EA53C2354557B975760F83B8637
Authority key identifier: BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/0aEMFgQ5ipdWyksY133mv5CQ57A.roa
Signing time: Tue 04 Nov 2025 12:33:14 +0000
ROA not before: Tue 04 Nov 2025 12:33:14 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215330
IP address blocks: 2a11:4040::/32 maxlen: 32
2a11:84c1::/32 maxlen: 32
2a11:84c2::/32 maxlen: 32
2a11:a182::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl
rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.mft
rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4e:db:6e:a5:3c:23:54:55:7b:97:57:60:f8:3b:86:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
Validity
Not Before: Nov 4 12:33:14 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d1a10c1604398a9756ca4b18d77de6bf9090e7b0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:2e:f0:d6:90:40:12:2d:31:4c:e0:6e:6b:40:
39:f1:08:ae:c3:02:9b:69:96:ca:a8:d7:58:84:89:
1d:c1:1c:0c:0b:32:68:bf:36:4d:3b:35:3c:3f:95:
ff:11:d2:2a:52:e5:e4:5d:58:79:79:c1:3c:55:dd:
a9:ab:5f:47:00:61:1e:96:f7:cb:e4:b7:f0:98:97:
04:8f:f5:50:67:45:ff:87:72:b8:e7:36:43:86:c4:
6e:c8:5d:10:54:cf:95:f9:ea:79:b7:c2:ee:73:53:
be:1a:41:bf:91:32:cc:0a:10:76:29:c8:93:a5:98:
f7:78:76:93:c9:7d:57:74:1f:a5:49:a0:f3:eb:f1:
b6:9b:0a:76:f1:b4:fb:44:5d:11:de:45:74:f4:8a:
7b:d2:8e:c5:51:a6:8b:b7:8c:d7:23:3e:b5:74:7c:
74:b2:24:2a:37:52:25:77:16:c4:2d:ef:b4:cb:fa:
57:a3:34:62:f3:83:5a:97:24:0c:cc:f5:8d:ef:bf:
50:96:ee:ee:55:ff:32:ec:4e:4e:02:26:d8:e7:39:
83:3a:da:65:76:1d:74:49:6a:5b:0a:04:b7:7d:20:
af:f7:9d:21:79:e1:b5:1f:00:42:1b:de:33:2d:dd:
90:f8:37:d3:95:3d:98:e3:fc:cc:85:eb:6d:81:8d:
b8:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:A1:0C:16:04:39:8A:97:56:CA:4B:18:D7:7D:E6:BF:90:90:E7:B0
X509v3 Authority Key Identifier:
keyid:BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/0aEMFgQ5ipdWyksY133mv5CQ57A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:4040::/32
2a11:84c1::-2a11:84c2:ffff:ffff:ffff:ffff:ffff:ffff
2a11:a182::/32
Signature Algorithm: sha256WithRSAEncryption
52:bd:fb:21:98:39:f2:06:80:6f:61:97:75:09:9e:ba:a9:95:
c2:06:5d:58:cf:80:81:e4:f4:be:b3:54:65:39:20:ee:3d:57:
75:58:d6:90:32:de:74:0c:eb:9a:e5:08:79:6b:ed:ce:6d:61:
93:88:ad:fe:70:fa:43:2c:49:41:d0:fc:60:ca:ce:da:ca:b1:
c4:b5:76:6a:a0:96:7c:77:eb:65:7f:ee:a9:b8:16:a5:93:df:
f4:31:ff:a0:aa:29:30:32:e7:93:c8:26:22:b8:06:40:bc:fa:
66:3a:11:46:bb:12:af:ac:6f:74:09:9c:d3:5f:e9:82:e9:fd:
3c:2b:3d:54:ee:bd:58:a6:d0:22:59:08:cf:ac:a0:8e:8e:b2:
ca:4f:9f:18:12:7e:47:08:04:6d:5e:31:e3:72:c6:0b:49:a9:
69:de:0c:f0:0f:52:90:43:13:fd:e1:e9:7c:9d:f5:7a:e2:78:
e8:ed:9d:34:8f:2a:a6:75:c8:6b:7a:68:0e:31:0a:35:23:61:
ad:26:53:4e:37:fd:af:c6:d1:00:22:02:c1:5f:87:2b:80:9b:
38:d4:bb:ce:47:08:b1:c4:39:4f:23:aa:60:da:20:3c:47:c9:
3c:f7:94:a4:19:a0:7e:cf:87:e4:ea:12:9c:e3:98:c5:9f:99:
05:8e:59:0b
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZpO226lPCNUVXuXV2D4O4Y3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYTBmMjU4ZWVmNGIyYmY0YmJhYTg0MzBjMWU1OGNhOGMx
ODhlYTcwHhcNMjUxMTA0MTIzMzE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWExMGMxNjA0Mzk4YTk3NTZjYTRiMThkNzdkZTZiZjkwOTBlN2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmC7w1pBAEi0xTOBua0A58QiuwwKb
aZbKqNdYhIkdwRwMCzJovzZNOzU8P5X/EdIqUuXkXVh5ecE8Vd2pq19HAGEelvfL
5LfwmJcEj/VQZ0X/h3K45zZDhsRuyF0QVM+V+ep5t8Luc1O+GkG/kTLMChB2KciT
pZj3eHaTyX1XdB+lSaDz6/G2mwp28bT7RF0R3kV09Ip70o7FUaaLt4zXIz61dHx0
siQqN1IldxbELe+0y/pXozRi84NalyQMzPWN779Qlu7uVf8y7E5OAibY5zmDOtpl
dh10SWpbCgS3fSCv950heeG1HwBCG94zLd2Q+DfTlT2Y4/zMhettgY24kwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNGhDBYEOYqXVspLGNd95r+QkOewMB8GA1UdIwQY
MBaAFLqg8lju9LK/S7qoQwweWMqMGI6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEt
ZTU3NjhkNmIxODJjLzEvMGFFTUZnUTVpcGRXeWtzWTEzM212NUNRNTdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEtZTU3NjhkNmIxODJj
LzEvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAAjAeAwUAKhFAQDAO
AwUAKhGEwQMFACoRhMIDBQAqEaGCMA0GCSqGSIb3DQEBCwUAA4IBAQBSvfshmDny
BoBvYZd1CZ66qZXCBl1Yz4CB5PS+s1RlOSDuPVd1WNaQMt50DOua5Qh5a+3ObWGT
iK3+cPpDLElB0Pxgys7ayrHEtXZqoJZ8d+tlf+6puBalk9/0Mf+gqikwMueTyCYi
uAZAvPpmOhFGuxKvrG90CZzTX+mC6f08Kz1U7r1YptAiWQjPrKCOjrLKT58YEn5H
CARtXjHjcsYLSalp3gzwD1KQQxP94el8nfV64njo7Z00jyqmdchremgOMQo1I2Gt
JlNON/2vxtEAIgLBX4crgJs41LvORwixxDlPI6pg2iA8R8k895SkGaB+z4fk6hKc
45jFn5kFjlkL
-----END CERTIFICATE-----
Generated at Wed Nov 5 21:05:02 2025 by rpki-client