Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/53ff62-c1ad-4244-b91a-f8affef112d8/1/2t1QB_vb8iTv17VErrCxw6C1o8k.roa
File: 2t1QB_vb8iTv17VErrCxw6C1o8k.roa (raw, json)
Hash identifier: ZBpS24h+n4sQjrXRkfrIpSKRIlzfeiKcuPsPEBKbOKY=
Subject key identifier: DA:DD:50:07:FB:DB:F2:24:EF:D7:B5:44:AE:B0:B1:C3:A0:B5:A3:C9
Certificate issuer: /CN=a9f2fdea263b79fce11389052b0cd940995c6dfe
Certificate serial: 019A4E6C7950D70E812318A8E2094ACBBC15
Authority key identifier: A9:F2:FD:EA:26:3B:79:FC:E1:13:89:05:2B:0C:D9:40:99:5C:6D:FE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qfL96iY7efzhE4kFKwzZQJlcbf4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/53ff62-c1ad-4244-b91a-f8affef112d8/1/2t1QB_vb8iTv17VErrCxw6C1o8k.roa
Signing time: Tue 04 Nov 2025 10:32:03 +0000
ROA not before: Tue 04 Nov 2025 10:32:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2a12:d8c2::/32 maxlen: 48
2a12:d8c3::/32 maxlen: 48
2a12:d8c4::/32 maxlen: 48
2a12:d8c5::/32 maxlen: 48
2a12:d8c7::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/83/53ff62-c1ad-4244-b91a-f8affef112d8/1/qfL96iY7efzhE4kFKwzZQJlcbf4.crl
rsync://rpki.ripe.net/repository/DEFAULT/83/53ff62-c1ad-4244-b91a-f8affef112d8/1/qfL96iY7efzhE4kFKwzZQJlcbf4.mft
rsync://rpki.ripe.net/repository/DEFAULT/qfL96iY7efzhE4kFKwzZQJlcbf4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4e:6c:79:50:d7:0e:81:23:18:a8:e2:09:4a:cb:bc:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9f2fdea263b79fce11389052b0cd940995c6dfe
Validity
Not Before: Nov 4 10:32:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dadd5007fbdbf224efd7b544aeb0b1c3a0b5a3c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:e2:d2:e8:46:17:22:25:53:92:15:6d:6b:61:
dd:6d:f2:32:0b:85:e1:00:ce:7e:39:0e:c5:58:b6:
72:91:16:ec:42:d2:3c:47:e6:40:ae:1a:71:5e:c4:
e7:3e:1a:4f:e9:01:c0:5b:80:f1:a8:95:5e:6a:a0:
71:c1:09:d6:60:86:b4:51:f6:ae:ad:f4:e8:bb:4d:
93:f4:18:eb:e2:32:18:10:a0:05:e9:d7:e1:62:68:
14:76:d7:51:ab:c6:46:c1:d7:f7:9f:be:f6:b3:0a:
03:5e:f1:17:b7:31:0f:6d:a9:bd:f7:a3:8a:6b:c2:
15:d5:07:a7:d1:23:51:12:b3:3a:8a:85:15:0c:e5:
09:c7:43:9c:38:d4:e3:f8:0e:23:13:e7:f7:ed:aa:
16:69:03:66:db:1d:b4:e8:a6:c7:78:29:6c:29:a0:
95:ec:f0:68:2a:b8:c5:61:52:92:c0:2e:41:52:a7:
c2:e0:25:69:5a:79:50:e2:99:27:50:0a:33:9e:b2:
bc:ed:31:32:c2:e7:38:9a:ad:9d:95:34:a3:e7:7f:
00:05:da:e1:ee:c1:90:97:99:cb:00:41:ec:29:12:
29:3d:01:cf:ad:c7:06:59:ae:88:f4:a4:7b:a7:f5:
97:95:b4:9a:da:42:8d:12:e3:9a:2b:77:d8:e7:38:
85:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:DD:50:07:FB:DB:F2:24:EF:D7:B5:44:AE:B0:B1:C3:A0:B5:A3:C9
X509v3 Authority Key Identifier:
keyid:A9:F2:FD:EA:26:3B:79:FC:E1:13:89:05:2B:0C:D9:40:99:5C:6D:FE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qfL96iY7efzhE4kFKwzZQJlcbf4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/53ff62-c1ad-4244-b91a-f8affef112d8/1/2t1QB_vb8iTv17VErrCxw6C1o8k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/53ff62-c1ad-4244-b91a-f8affef112d8/1/qfL96iY7efzhE4kFKwzZQJlcbf4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:d8c2::-2a12:d8c5:ffff:ffff:ffff:ffff:ffff:ffff
2a12:d8c7::/32
Signature Algorithm: sha256WithRSAEncryption
94:b9:24:cd:9b:d3:6c:c2:d9:08:55:9a:83:3c:c5:6c:64:ea:
49:5c:42:a7:90:0b:ee:2f:dc:69:e4:41:93:4a:74:bf:92:62:
1f:aa:1d:e8:f2:4d:9e:09:36:ce:22:e7:cf:4f:2b:e7:32:cc:
df:d9:1f:3b:32:8f:21:8c:02:bf:0e:5c:3b:ed:ce:6e:b5:10:
4e:11:a0:7a:2a:24:97:9d:97:81:5c:51:65:6c:6d:7f:22:d6:
82:56:d9:8a:00:15:5c:68:ef:a7:8f:c9:4c:54:52:e7:6c:b5:
93:fb:09:b2:04:f9:88:8b:03:e8:61:9e:d1:66:cb:69:4d:1f:
df:7f:18:9f:0e:af:3a:36:5b:0a:30:0d:21:05:84:51:fc:61:
97:f6:6f:f6:22:7a:ee:af:c5:bc:a2:1a:60:57:e5:be:57:be:
ce:4c:33:41:86:40:61:c7:68:ab:54:89:e2:a8:5e:e8:8f:4c:
a8:59:cd:01:ed:5c:a1:fc:fb:0d:d2:7f:a6:a0:39:13:44:b8:
f7:88:17:b2:e6:8c:42:d5:20:8b:66:46:cf:a8:7e:79:2c:f1:
9c:07:7a:63:7c:a9:47:27:da:1b:9d:b8:56:bf:40:a5:a1:6b:
e8:df:f3:11:63:23:f2:6c:b2:ae:9a:b9:b3:a6:82:db:67:b9:
49:b0:05:22
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZpObHlQ1w6BIxio4glKy7wVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ZjJmZGVhMjYzYjc5ZmNlMTEzODkwNTJiMGNkOTQwOTk1
YzZkZmUwHhcNMjUxMTA0MTAzMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWRkNTAwN2ZiZGJmMjI0ZWZkN2I1NDRhZWIwYjFjM2EwYjVhM2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+LS6EYXIiVTkhVta2HdbfIyC4Xh
AM5+OQ7FWLZykRbsQtI8R+ZArhpxXsTnPhpP6QHAW4DxqJVeaqBxwQnWYIa0Ufau
rfTou02T9Bjr4jIYEKAF6dfhYmgUdtdRq8ZGwdf3n772swoDXvEXtzEPbam996OK
a8IV1Qen0SNRErM6ioUVDOUJx0OcONTj+A4jE+f37aoWaQNm2x206KbHeClsKaCV
7PBoKrjFYVKSwC5BUqfC4CVpWnlQ4pknUAoznrK87TEywuc4mq2dlTSj538ABdrh
7sGQl5nLAEHsKRIpPQHPrccGWa6I9KR7p/WXlbSa2kKNEuOaK3fY5ziFOQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNrdUAf72/Ik79e1RK6wscOgtaPJMB8GA1UdIwQY
MBaAFKny/eomO3n84ROJBSsM2UCZXG3+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWZMOTZpWTdlZnpoRTRrRkt3elpRSmxjYmY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My81M2ZmNjItYzFhZC00MjQ0LWI5MWEt
ZjhhZmZlZjExMmQ4LzEvMnQxUUJfdmI4aVR2MTdWRXJyQ3h3NkMxbzhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My81M2ZmNjItYzFhZC00MjQ0LWI5MWEtZjhhZmZlZjExMmQ4
LzEvcWZMOTZpWTdlZnpoRTRrRkt3elpRSmxjYmY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAAjAXMA4DBQEqEtjC
AwUBKhLYxAMFACoS2McwDQYJKoZIhvcNAQELBQADggEBAJS5JM2b02zC2QhVmoM8
xWxk6klcQqeQC+4v3GnkQZNKdL+SYh+qHejyTZ4JNs4i589PK+cyzN/ZHzsyjyGM
Ar8OXDvtzm61EE4RoHoqJJedl4FcUWVsbX8i1oJW2YoAFVxo76ePyUxUUudstZP7
CbIE+YiLA+hhntFmy2lNH99/GJ8Orzo2WwowDSEFhFH8YZf2b/Yieu6vxbyiGmBX
5b5Xvs5MM0GGQGHHaKtUieKoXuiPTKhZzQHtXKH8+w3Sf6agORNEuPeIF7LmjELV
IItmRs+ofnks8ZwHemN8qUcn2huduFa/QKWha+jf8xFjI/Jssq6aubOmgttnuUmw
BSI=
-----END CERTIFICATE-----
Generated at Wed Nov 5 00:09:34 2025 by rpki-client