Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/1ktZ__QBZQJhr6td-j2y1lPsH0Y.roa
File: 1ktZ__QBZQJhr6td-j2y1lPsH0Y.roa (raw, json)
Hash identifier: ZeBdAex32fIBibWxzRAB32+Xc+t5aMNsAPI15028GD0=
Subject key identifier: D6:4B:59:FF:F4:01:65:02:61:AF:AB:5D:FA:3D:B2:D6:53:EC:1F:46
Certificate issuer: /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial: 019865889E8807373F451D80DC405B43428F
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/1ktZ__QBZQJhr6td-j2y1lPsH0Y.roa
Signing time: Fri 01 Aug 2025 12:08:29 +0000
ROA not before: Fri 01 Aug 2025 12:08:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31715
IP address blocks: 109.122.0.0/24 maxlen: 24
109.122.9.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 11:52:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:65:88:9e:88:07:37:3f:45:1d:80:dc:40:5b:43:42:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Validity
Not Before: Aug 1 12:08:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d64b59fff401650261afab5dfa3db2d653ec1f46
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:24:cb:49:7b:40:05:a3:d1:7b:0e:69:90:91:
9f:fa:ba:4b:8a:91:b1:10:6e:c3:d3:e5:92:0f:5e:
bf:1f:81:16:4e:bf:5c:f3:33:be:c3:de:44:b8:e4:
62:49:1e:85:8c:83:a5:46:75:8d:28:c0:5f:db:d5:
65:cb:5e:87:ac:3c:7e:0d:d7:bc:a8:86:e0:1d:14:
6a:b9:3a:c6:47:72:9a:9f:c6:c7:2c:a3:f2:c4:a8:
b6:ed:81:9f:51:55:c1:b0:60:4c:dd:b0:71:a1:de:
ac:31:37:33:7b:c2:f4:e4:36:4a:f4:d2:89:2b:3d:
78:7b:5b:53:67:39:5b:49:e7:df:e8:1e:20:f9:bd:
54:6d:3e:54:b6:95:87:0c:1e:c4:e2:4b:ae:f7:97:
8c:f2:f6:91:0b:e4:d3:23:c5:9b:d7:5f:8f:49:34:
8e:33:77:ff:ac:39:ee:a6:29:32:e9:f4:c4:53:55:
de:0f:db:16:6a:c2:1a:d5:6a:5c:63:ff:fc:ee:b9:
f3:6f:98:5a:08:48:ca:8f:66:d4:67:88:36:e5:f8:
40:75:cc:47:46:e3:96:aa:63:6a:74:a6:07:d5:3e:
31:e0:d4:82:74:c1:10:3a:d5:ab:83:de:7a:c5:2d:
0c:6f:ff:98:ad:96:96:a1:a0:51:9f:1f:41:5d:00:
24:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:4B:59:FF:F4:01:65:02:61:AF:AB:5D:FA:3D:B2:D6:53:EC:1F:46
X509v3 Authority Key Identifier:
keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/1ktZ__QBZQJhr6td-j2y1lPsH0Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.0.0/24
109.122.9.0/24
Signature Algorithm: sha256WithRSAEncryption
b9:3a:9b:6b:bd:3b:32:38:88:9a:bf:a0:83:46:0c:71:7c:ff:
bb:29:ea:ee:ae:6b:e9:d0:20:32:4d:f1:7f:ee:35:09:f6:9d:
97:4b:7f:6c:81:ff:e7:57:65:11:09:f9:a4:32:07:f1:66:f5:
77:e0:ef:14:2c:81:13:8e:f7:ef:dd:9e:71:41:72:61:99:b5:
e6:55:a5:5d:a6:b4:85:17:74:64:f6:3b:2d:5c:e4:7c:ed:5a:
87:cf:ac:54:9f:9c:e9:9e:1e:03:86:61:a7:c2:24:c8:e1:6f:
0c:ce:df:da:fe:f3:fa:71:73:bc:d9:58:ad:bd:df:30:fd:84:
02:61:78:4c:e2:c3:9f:3f:ed:f2:36:89:24:e4:59:00:86:ac:
a3:c6:21:71:f2:81:4b:c5:e3:04:c1:64:5a:d6:23:36:78:8c:
83:2f:52:33:87:67:ae:e5:f0:8d:bc:a8:b9:89:7a:66:e5:52:
53:56:b1:2f:8c:1e:7a:f1:df:ed:7f:ae:2a:2f:13:12:f3:ea:
2d:37:7e:01:3e:4e:fd:19:b0:a9:0a:4d:0d:fe:fd:88:02:b9:
bb:b3:ce:41:c1:90:f0:78:72:04:71:ed:bf:06:d4:54:b9:e6:
99:80:d0:b4:33:72:f8:df:fe:e2:ac:18:72:61:90:f8:3b:c2:
5c:6a:09:2a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhliJ6IBzc/RR2A3EBbQ0KPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwODAxMTIwODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjRiNTlmZmY0MDE2NTAyNjFhZmFiNWRmYTNkYjJkNjUzZWMxZjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyTLSXtABaPRew5pkJGf+rpLipGx
EG7D0+WSD16/H4EWTr9c8zO+w95EuORiSR6FjIOlRnWNKMBf29Vly16HrDx+Dde8
qIbgHRRquTrGR3Kan8bHLKPyxKi27YGfUVXBsGBM3bBxod6sMTcze8L05DZK9NKJ
Kz14e1tTZzlbSeff6B4g+b1UbT5UtpWHDB7E4kuu95eM8vaRC+TTI8Wb11+PSTSO
M3f/rDnupiky6fTEU1XeD9sWasIa1WpcY//87rnzb5haCEjKj2bUZ4g25fhAdcxH
RuOWqmNqdKYH1T4x4NSCdMEQOtWrg956xS0Mb/+YrZaWoaBRnx9BXQAkTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNZLWf/0AWUCYa+rXfo9stZT7B9GMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvMWt0Wl9fUUJaUUpocjZ0ZC1qMnkxbFBzSDBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXoAAwQA
bXoJMA0GCSqGSIb3DQEBCwUAA4IBAQC5OptrvTsyOIiav6CDRgxxfP+7Kerurmvp
0CAyTfF/7jUJ9p2XS39sgf/nV2URCfmkMgfxZvV34O8ULIETjvfv3Z5xQXJhmbXm
VaVdprSFF3Rk9jstXOR87VqHz6xUn5zpnh4DhmGnwiTI4W8Mzt/a/vP6cXO82Vit
vd8w/YQCYXhM4sOfP+3yNokk5FkAhqyjxiFx8oFLxeMEwWRa1iM2eIyDL1Izh2eu
5fCNvKi5iXpm5VJTVrEvjB568d/tf64qLxMS8+otN34BPk79GbCpCk0N/v2IArm7
s85BwZDweHIEce2/BtRUueaZgNC0M3L43/7irBhyYZD4O8Jcagkq
-----END CERTIFICATE-----
Generated at Mon Aug 4 14:20:21 2025 by rpki-client