Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/fW59GwI_KAwaVGhC5a0dW4NB2hI.roa
File: fW59GwI_KAwaVGhC5a0dW4NB2hI.roa (raw, json)
Hash identifier: LYrUl2+GkLWjJFUB21HGGxfQCjcqZ5WTWRPhnXvbNB8=
Subject key identifier: 7D:6E:7D:1B:02:3F:28:0C:1A:54:68:42:E5:AD:1D:5B:83:41:DA:12
Certificate issuer: /CN=9568c6005b2840ab7bf8a3ad72a1751d0db29b9c
Certificate serial: 01988E6CB0B438D75A9EF9A5ED40CE77AEB1
Authority key identifier: 95:68:C6:00:5B:28:40:AB:7B:F8:A3:AD:72:A1:75:1D:0D:B2:9B:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/fW59GwI_KAwaVGhC5a0dW4NB2hI.roa
Signing time: Sat 09 Aug 2025 10:42:24 +0000
ROA not before: Sat 09 Aug 2025 10:42:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210820
IP address blocks: 193.177.242.0/24 maxlen: 24
2a13:ef80::/48 maxlen: 48
2a13:ef80:2::/48 maxlen: 48
2a13:ef80:3::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.crl
rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.mft
rsync://rpki.ripe.net/repository/DEFAULT/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 11 Aug 2025 04:00:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:8e:6c:b0:b4:38:d7:5a:9e:f9:a5:ed:40:ce:77:ae:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9568c6005b2840ab7bf8a3ad72a1751d0db29b9c
Validity
Not Before: Aug 9 10:42:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7d6e7d1b023f280c1a546842e5ad1d5b8341da12
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:97:ee:43:2c:8d:cf:7c:dd:52:ac:b9:dc:b3:
c9:d4:d5:f2:76:b9:a7:b8:14:85:32:fc:dd:d3:4c:
24:bc:cf:6e:b5:4d:cb:b4:8f:d9:51:42:f8:83:e3:
76:1d:30:fa:79:e8:b0:1d:42:06:9a:d6:b0:c0:5e:
86:b5:53:d9:1f:59:3b:f9:c0:c4:77:0b:cf:12:ce:
b0:7c:a2:b7:57:d6:40:c8:c5:60:8f:a7:98:b8:54:
23:f8:9c:5b:0e:24:8f:99:a6:60:f9:d2:bf:b2:f1:
f2:24:6a:a2:d9:18:63:f4:26:fc:94:cf:64:80:41:
75:01:bd:75:c9:c1:d3:42:d3:78:8d:8b:50:fe:37:
28:d8:f5:51:f3:ec:1a:04:2d:a4:1d:89:67:23:87:
a6:a6:92:06:2c:35:6f:ea:bb:da:72:0e:64:2c:ff:
36:f8:cc:e1:4c:12:83:72:ed:74:8f:7d:6a:4c:cb:
40:32:fc:2c:fc:6c:2b:35:e1:4b:07:46:d5:d2:b6:
30:5a:f2:3c:c0:e2:3f:a0:35:3c:38:46:61:b2:00:
f6:67:d2:00:0b:3f:d5:eb:79:32:9a:1e:33:95:5a:
c8:53:82:21:62:b2:e3:04:46:0a:53:2c:30:2a:6a:
65:a4:06:0a:54:e5:ec:82:5d:61:77:dc:13:d2:e5:
c4:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:6E:7D:1B:02:3F:28:0C:1A:54:68:42:E5:AD:1D:5B:83:41:DA:12
X509v3 Authority Key Identifier:
keyid:95:68:C6:00:5B:28:40:AB:7B:F8:A3:AD:72:A1:75:1D:0D:B2:9B:9C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/fW59GwI_KAwaVGhC5a0dW4NB2hI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.177.242.0/24
IPv6:
2a13:ef80::/48
2a13:ef80:2::/47
Signature Algorithm: sha256WithRSAEncryption
62:c8:65:93:1e:e3:22:20:2f:61:0c:8c:50:af:2c:19:5e:35:
25:54:c5:4b:ec:98:fe:51:17:e0:83:b9:94:3b:22:83:3f:0c:
74:1d:e5:57:e8:30:4a:64:bb:b9:fc:3c:74:62:4f:52:54:d4:
42:c5:78:7d:62:05:aa:96:1b:44:cc:8c:82:44:fb:f9:63:70:
c3:ed:1a:27:e1:ec:cf:c8:1a:d3:1e:ef:80:a4:81:d0:50:4e:
f7:17:18:94:1d:51:e7:9f:c2:e6:78:9e:1c:31:27:08:06:6b:
d6:78:80:70:15:4a:43:08:2f:ef:06:9c:ee:cb:0a:cc:87:e6:
29:ca:69:e3:66:78:98:7c:ba:bf:4e:34:cb:54:71:ee:0d:51:
af:8d:b6:4f:b9:cc:2f:9b:e1:5e:82:e8:19:89:0d:a7:20:6e:
79:92:71:ea:76:58:7d:32:ee:b2:b0:0f:8e:d7:34:87:c2:ff:
9e:50:d4:ea:5e:c7:3f:b6:a9:ad:94:dd:e8:a6:7c:36:33:11:
85:cf:d7:93:0b:cd:db:a3:fb:4b:fd:15:44:6e:74:f5:f6:38:
11:a9:e9:94:2b:39:0d:fe:39:9a:94:a4:06:19:b0:47:e5:bd:
53:3c:17:78:ad:86:14:ba:b8:67:ea:e5:e1:b1:b5:9a:b4:28:
0c:14:51:2b
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZiObLC0ONdanvml7UDOd66xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NjhjNjAwNWIyODQwYWI3YmY4YTNhZDcyYTE3NTFkMGRi
MjliOWMwHhcNMjUwODA5MTA0MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDZlN2QxYjAyM2YyODBjMWE1NDY4NDJlNWFkMWQ1YjgzNDFkYTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZfuQyyNz3zdUqy53LPJ1NXydrmn
uBSFMvzd00wkvM9utU3LtI/ZUUL4g+N2HTD6eeiwHUIGmtawwF6GtVPZH1k7+cDE
dwvPEs6wfKK3V9ZAyMVgj6eYuFQj+JxbDiSPmaZg+dK/svHyJGqi2Rhj9Cb8lM9k
gEF1Ab11ycHTQtN4jYtQ/jco2PVR8+waBC2kHYlnI4emppIGLDVv6rvacg5kLP82
+MzhTBKDcu10j31qTMtAMvws/GwrNeFLB0bV0rYwWvI8wOI/oDU8OEZhsgD2Z9IA
Cz/V63kymh4zlVrIU4IhYrLjBEYKUywwKmplpAYKVOXsgl1hd9wT0uXEnQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFH1ufRsCPygMGlRoQuWtHVuDQdoSMB8GA1UdIwQY
MBaAFJVoxgBbKECre/ijrXKhdR0NspucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFdqR0FGc29RS3Q3LUtPdGNxRjFIUTJ5bTV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yYjk4MGEtMWViNi00ODA4LThhZmEt
M2E1ZTE4ZDAwZGRjLzEvZlc1OUd3SV9LQXdhVkdoQzVhMGRXNE5CMmhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yYjk4MGEtMWViNi00ODA4LThhZmEtM2E1ZTE4ZDAwZGRj
LzEvbFdqR0FGc29RS3Q3LUtPdGNxRjFIUTJ5bTV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQAwbHyMBgE
AgACMBIDBwAqE++AAAADBwEqE++AAAIwDQYJKoZIhvcNAQELBQADggEBAGLIZZMe
4yIgL2EMjFCvLBleNSVUxUvsmP5RF+CDuZQ7IoM/DHQd5VfoMEpku7n8PHRiT1JU
1ELFeH1iBaqWG0TMjIJE+/ljcMPtGifh7M/IGtMe74CkgdBQTvcXGJQdUeefwuZ4
nhwxJwgGa9Z4gHAVSkMIL+8GnO7LCsyH5inKaeNmeJh8ur9ONMtUce4NUa+Ntk+5
zC+b4V6C6BmJDacgbnmScep2WH0y7rKwD47XNIfC/55Q1Opexz+2qa2U3eimfDYz
EYXP15MLzduj+0v9FURudPX2OBGp6ZQrOQ3+OZqUpAYZsEflvVM8F3ithhS6uGfq
5eGxtZq0KAwUUSs=
-----END CERTIFICATE-----
Generated at Sun Aug 10 13:45:19 2025 by rpki-client