Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/vwAzJW5P8gnjQ1mhjLkXSaFNoNY.roa
File: vwAzJW5P8gnjQ1mhjLkXSaFNoNY.roa (raw, json)
Hash identifier: kTqsuVIg3xHbDl8trPSqW8Tb6XazhJcMwvLpDP3N9FY=
Subject key identifier: BF:00:33:25:6E:4F:F2:09:E3:43:59:A1:8C:B9:17:49:A1:4D:A0:D6
Certificate issuer: /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial: 019A3133B40D15DD3671039D31E88DDBFFB0
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/vwAzJW5P8gnjQ1mhjLkXSaFNoNY.roa
Signing time: Wed 29 Oct 2025 18:21:03 +0000
ROA not before: Wed 29 Oct 2025 18:21:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204909
IP address blocks: 2a0e:19c0::/32 maxlen: 32
2a11:a2c0::/29 maxlen: 29
2a12:d380::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 16:49:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:31:33:b4:0d:15:dd:36:71:03:9d:31:e8:8d:db:ff:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Validity
Not Before: Oct 29 18:21:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bf0033256e4ff209e34359a18cb91749a14da0d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:08:14:96:84:4e:76:e8:b6:4b:fe:8a:be:d3:
16:5c:05:f4:5b:68:13:66:a6:d5:1a:50:21:92:ac:
27:dd:58:bd:88:d9:05:9f:2f:99:a9:47:12:8b:b1:
3c:a8:3e:0d:0d:8a:b1:79:f9:79:48:cf:33:75:4d:
45:25:96:31:2f:99:6c:d2:8d:5a:62:e2:4b:90:f9:
a0:94:7d:ce:ef:37:fe:fd:53:df:78:10:24:76:4a:
5a:4f:69:f8:1f:67:0f:41:4c:95:85:d3:6c:fa:e2:
94:4b:3d:9c:4e:4b:8e:18:28:57:1e:1f:29:9a:cc:
d1:89:12:ec:8f:0d:6c:ee:38:c0:ff:57:1a:c7:74:
35:e7:c2:32:d8:be:2f:07:29:11:f4:9f:9e:fb:57:
dd:dd:16:c8:e6:91:5b:cb:62:6d:e1:25:ec:0f:1f:
38:d7:08:cb:90:4b:4b:12:18:34:b2:fb:de:4f:d6:
eb:e5:87:42:ca:51:9a:37:43:8e:c0:3b:a7:9f:df:
70:19:fb:af:de:e8:00:ee:70:67:20:5a:e5:ba:a3:
57:7a:67:c3:9b:3a:22:0c:6f:02:9c:1d:ab:01:bb:
d4:32:30:d7:7e:ce:dc:21:26:95:4c:84:29:10:7e:
2a:59:28:71:f3:fa:63:8e:a9:f7:78:f5:ec:e7:98:
be:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:00:33:25:6E:4F:F2:09:E3:43:59:A1:8C:B9:17:49:A1:4D:A0:D6
X509v3 Authority Key Identifier:
keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/vwAzJW5P8gnjQ1mhjLkXSaFNoNY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:19c0::/32
2a11:a2c0::/29
2a12:d380::/29
Signature Algorithm: sha256WithRSAEncryption
9a:05:46:c2:7f:2f:36:20:bb:2d:d6:fc:60:0e:1c:1c:c9:35:
ae:36:6d:e6:65:e3:7a:4a:13:a6:a4:b6:3f:87:a3:69:96:2d:
4a:99:97:1b:86:16:88:67:44:83:44:e2:ca:2e:83:d9:37:66:
0f:ee:05:a8:e6:0e:06:bb:60:e5:d9:3d:9f:02:43:d6:67:87:
2e:82:20:45:3c:14:bf:71:8d:78:b9:fa:67:fe:af:db:20:b1:
c0:6e:55:df:e6:ac:55:3b:ce:6a:84:2a:6b:e9:99:3c:eb:f1:
d1:96:60:36:2e:7f:3c:be:92:1f:16:59:59:76:ba:70:be:db:
10:fb:a5:29:c0:98:90:91:6a:18:01:48:80:b6:18:b9:09:a5:
d9:0c:74:bb:ac:eb:b9:9c:43:45:4f:c3:ea:93:33:13:4f:07:
ea:c8:72:7a:3e:05:12:b8:66:46:c4:6f:c2:54:60:03:fa:be:
7c:3b:a7:82:f9:d1:57:b4:d0:e5:66:39:8c:85:69:8e:dc:ca:
d9:c6:f8:69:a1:93:e2:26:0f:7e:8b:9e:15:28:27:7b:79:79:
34:50:27:00:90:74:01:88:36:5d:9b:3d:c3:ba:77:e5:f5:62:
48:a0:02:f3:6c:ec:f0:c7:05:09:d0:23:fb:6e:56:a9:59:74:
cc:72:be:68
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZoxM7QNFd02cQOdMeiN2/+wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUxMDI5MTgyMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjAwMzMyNTZlNGZmMjA5ZTM0MzU5YTE4Y2I5MTc0OWExNGRhMGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAgUloROdui2S/6KvtMWXAX0W2gT
ZqbVGlAhkqwn3Vi9iNkFny+ZqUcSi7E8qD4NDYqxefl5SM8zdU1FJZYxL5ls0o1a
YuJLkPmglH3O7zf+/VPfeBAkdkpaT2n4H2cPQUyVhdNs+uKUSz2cTkuOGChXHh8p
mszRiRLsjw1s7jjA/1cax3Q158Iy2L4vBykR9J+e+1fd3RbI5pFby2Jt4SXsDx84
1wjLkEtLEhg0svveT9br5YdCylGaN0OOwDunn99wGfuv3ugA7nBnIFrluqNXemfD
mzoiDG8CnB2rAbvUMjDXfs7cISaVTIQpEH4qWShx8/pjjqn3ePXs55i+eQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL8AMyVuT/IJ40NZoYy5F0mhTaDWMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvdndBekpXNVA4Z25qUTFtaGpMa1hTYUZOb05ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKg4ZwAMF
AyoRosADBQMqEtOAMA0GCSqGSIb3DQEBCwUAA4IBAQCaBUbCfy82ILst1vxgDhwc
yTWuNm3mZeN6ShOmpLY/h6Npli1KmZcbhhaIZ0SDROLKLoPZN2YP7gWo5g4Gu2Dl
2T2fAkPWZ4cugiBFPBS/cY14ufpn/q/bILHAblXf5qxVO85qhCpr6Zk86/HRlmA2
Ln88vpIfFllZdrpwvtsQ+6UpwJiQkWoYAUiAthi5CaXZDHS7rOu5nENFT8PqkzMT
TwfqyHJ6PgUSuGZGxG/CVGAD+r58O6eC+dFXtNDlZjmMhWmO3MrZxvhpoZPiJg9+
i54VKCd7eXk0UCcAkHQBiDZdmz3Dunfl9WJIoALzbOzwxwUJ0CP7blapWXTMcr5o
-----END CERTIFICATE-----
Generated at Tue Nov 4 20:36:15 2025 by rpki-client