Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3kL9RAbN7ZrPH-_R4BAbn7WtF-I.roa
File: 3kL9RAbN7ZrPH-_R4BAbn7WtF-I.roa (raw, json)
Hash identifier: jhtJfHzisuhmwpw98URICjdfeMCGiBidCuGl42sjPkE=
Subject key identifier: DE:42:FD:44:06:CD:ED:9A:CF:1F:EF:D1:E0:10:1B:9F:B5:AD:17:E2
Certificate issuer: /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial: 0197731275454194D668F37546622B07C6ED
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3kL9RAbN7ZrPH-_R4BAbn7WtF-I.roa
Signing time: Sun 15 Jun 2025 10:11:18 +0000
ROA not before: Sun 15 Jun 2025 10:11:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214537
IP address blocks: 2a0e:b107:2798::/46 maxlen: 48
2a0e:b107:279c::/46 maxlen: 48
2a10:ccc1:1332::/48 maxlen: 48
2a10:ccc1:1339::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 17 Jun 2025 07:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:73:12:75:45:41:94:d6:68:f3:75:46:62:2b:07:c6:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Validity
Not Before: Jun 15 10:11:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=de42fd4406cded9acf1fefd1e0101b9fb5ad17e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:26:37:a5:0a:2e:b9:ee:ab:d3:03:70:41:eb:
8f:c9:61:45:0c:0f:df:eb:aa:8c:7e:77:40:fe:e8:
a3:07:14:28:5f:da:8c:b1:bb:a1:ca:00:78:a9:98:
0c:f2:23:c6:ea:43:08:cf:04:5e:4a:d9:ad:e0:80:
c4:fb:f0:9f:6f:9e:cb:fa:0c:25:34:e2:63:bf:8c:
3e:ce:19:3e:2c:3b:97:5d:3d:8c:b1:07:df:cb:ec:
23:8b:bb:be:cf:46:83:b0:ac:1e:da:2e:2a:ae:f1:
49:43:e7:78:85:bc:d3:10:a5:6e:a2:4b:e1:b4:b9:
4f:4a:a6:61:db:50:03:13:08:72:36:8f:7e:fa:bd:
03:b4:d1:bb:bb:2f:77:54:16:b1:e5:af:c2:08:29:
0f:9e:9e:5b:72:3f:c9:ca:6c:54:e6:50:2c:4e:f5:
ed:e2:61:4a:cb:e4:f4:e1:12:e2:45:93:fc:c7:f3:
73:7c:f7:94:7b:8a:87:e7:d8:f3:93:fb:74:f3:a4:
89:58:c6:d0:30:d0:ba:6d:6b:ba:90:59:9d:ab:d2:
e6:f8:80:44:a5:b9:cc:8d:9b:76:6d:9f:c2:7b:b6:
b3:45:0c:f7:6d:e2:9f:cc:42:4d:ee:7c:57:c9:72:
0f:20:97:ed:3a:10:15:56:b6:4d:2e:fb:40:07:03:
fd:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:42:FD:44:06:CD:ED:9A:CF:1F:EF:D1:E0:10:1B:9F:B5:AD:17:E2
X509v3 Authority Key Identifier:
keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3kL9RAbN7ZrPH-_R4BAbn7WtF-I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:b107:2798::/45
2a10:ccc1:1332::/48
2a10:ccc1:1339::/48
Signature Algorithm: sha256WithRSAEncryption
80:71:aa:66:3a:0c:2e:8a:64:ab:d9:5c:66:2c:db:6f:73:46:
1e:ca:39:72:7c:d9:d1:b8:ae:3e:de:68:de:4f:c6:12:cc:0e:
d8:1d:80:1d:ba:50:41:aa:4a:75:8a:7c:a2:f1:5f:84:61:d4:
67:1e:ae:6d:5c:2b:8c:93:de:99:6a:b5:6d:4a:8a:44:da:92:
74:cd:52:bf:a6:36:5d:98:00:09:02:03:54:b9:c3:07:58:2a:
80:60:79:c6:2e:75:29:13:1a:ac:19:89:b7:d0:de:51:dd:60:
00:2a:43:31:54:90:94:13:5e:f3:fe:ba:79:bd:07:5b:58:04:
72:fc:51:d3:7d:2b:ab:2e:eb:67:b4:01:d6:57:58:55:91:9b:
7c:20:35:64:fc:00:ac:bb:7d:45:c0:9b:0c:e1:1b:38:d2:fb:
89:83:f5:ed:df:89:20:b1:5d:5d:f5:b1:92:79:eb:f2:0f:fc:
4d:a6:6a:3b:e3:b1:a7:57:26:1f:57:90:39:f1:44:5a:40:62:
7d:87:50:10:a4:e7:5a:42:17:11:b9:58:12:83:53:84:7a:3d:
ee:7c:88:0d:49:71:83:fc:a7:f3:eb:15:2e:8e:68:2c:eb:f7:
4f:c2:d8:2e:09:48:3c:ba:fe:a9:58:01:ba:f4:0e:1f:98:70:
d1:d0:31:34
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZdzEnVFQZTWaPN1RmIrB8btMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNjE1MTAxMTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTQyZmQ0NDA2Y2RlZDlhY2YxZmVmZDFlMDEwMWI5ZmI1YWQxN2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiY3pQouue6r0wNwQeuPyWFFDA/f
66qMfndA/uijBxQoX9qMsbuhygB4qZgM8iPG6kMIzwReStmt4IDE+/Cfb57L+gwl
NOJjv4w+zhk+LDuXXT2MsQffy+wji7u+z0aDsKwe2i4qrvFJQ+d4hbzTEKVuokvh
tLlPSqZh21ADEwhyNo9++r0DtNG7uy93VBax5a/CCCkPnp5bcj/JymxU5lAsTvXt
4mFKy+T04RLiRZP8x/NzfPeUe4qH59jzk/t086SJWMbQMNC6bWu6kFmdq9Lm+IBE
pbnMjZt2bZ/Ce7azRQz3beKfzEJN7nxXyXIPIJftOhAVVrZNLvtABwP9qQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFN5C/UQGze2azx/v0eAQG5+1rRfiMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvM2tMOVJBYk43WnJQSC1fUjRCQWJuN1d0Ri1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcDKg6xByeY
AwcAKhDMwRMyAwcAKhDMwRM5MA0GCSqGSIb3DQEBCwUAA4IBAQCAcapmOgwuimSr
2VxmLNtvc0YeyjlyfNnRuK4+3mjeT8YSzA7YHYAdulBBqkp1inyi8V+EYdRnHq5t
XCuMk96ZarVtSopE2pJ0zVK/pjZdmAAJAgNUucMHWCqAYHnGLnUpExqsGYm30N5R
3WAAKkMxVJCUE17z/rp5vQdbWARy/FHTfSurLutntAHWV1hVkZt8IDVk/ACsu31F
wJsM4Rs40vuJg/Xt34kgsV1d9bGSeevyD/xNpmo747GnVyYfV5A58URaQGJ9h1AQ
pOdaQhcRuVgSg1OEej3ufIgNSXGD/Kfz6xUujmgs6/dPwtguCUg8uv6pWAG69A4f
mHDR0DE0
-----END CERTIFICATE-----
Generated at Mon Jun 16 14:10:31 2025 by rpki-client