Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/TwQmklQtkOvv5HVKzgG2vaqd3Y0.roa
File: TwQmklQtkOvv5HVKzgG2vaqd3Y0.roa (raw, json)
Hash identifier: aQYB06dGK4lyR9LV+cVqA5QcpDtnm6YcgrzQTDVZc+k=
Subject key identifier: 4F:04:26:92:54:2D:90:EB:EF:E4:75:4A:CE:01:B6:BD:AA:9D:DD:8D
Certificate issuer: /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial: 019A210146F981F93FFD9A94F55B04440BDF
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/TwQmklQtkOvv5HVKzgG2vaqd3Y0.roa
Signing time: Sun 26 Oct 2025 14:52:03 +0000
ROA not before: Sun 26 Oct 2025 14:52:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215590
IP address blocks: 2a01:ecc0:1::/48 maxlen: 48
2a01:ecc0:8c0::/42 maxlen: 42
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 14:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:21:01:46:f9:81:f9:3f:fd:9a:94:f5:5b:04:44:0b:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Validity
Not Before: Oct 26 14:52:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4f042692542d90ebefe4754ace01b6bdaa9ddd8d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:ef:9b:d4:ff:14:f7:22:93:9a:9a:34:fd:3c:
87:fd:d5:47:d9:48:50:7e:80:81:7b:18:d9:38:66:
55:44:bd:73:bf:06:99:30:db:e3:ab:07:01:67:fe:
d5:35:cf:85:96:f3:8a:d8:2b:fc:d1:e9:e2:c7:21:
d7:1b:1a:9e:8c:6c:d9:14:91:37:15:33:3d:33:90:
c1:fa:81:1e:20:22:1e:03:6e:96:91:60:d4:7c:60:
ec:5a:b3:4f:7b:f3:79:e3:32:bb:e6:f0:4b:11:7d:
df:f1:4c:8d:64:77:f1:08:c7:0c:9f:03:da:d7:16:
c2:82:09:92:f9:c4:2e:16:84:78:e5:1b:ce:3e:2f:
29:03:ee:a7:a2:0f:c7:e0:7d:6c:56:cd:ae:be:35:
2c:62:c0:1b:1c:04:3b:dc:09:b8:f4:1d:7d:54:f6:
76:1b:68:c7:d8:ae:72:c7:c9:92:f3:a8:c9:1a:5b:
c0:fa:70:b4:06:7e:38:eb:0c:3b:b0:a9:85:11:50:
72:04:59:d7:d9:5f:72:c4:e8:a6:1a:24:2f:6c:7c:
34:f3:4e:5b:5b:62:87:0b:66:eb:d4:4c:ca:9c:03:
73:18:5f:8d:00:93:bf:78:16:af:ba:cb:d1:c8:62:
82:e8:70:1a:4b:39:63:d7:67:b0:e3:3a:ff:3d:1f:
64:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:04:26:92:54:2D:90:EB:EF:E4:75:4A:CE:01:B6:BD:AA:9D:DD:8D
X509v3 Authority Key Identifier:
keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/TwQmklQtkOvv5HVKzgG2vaqd3Y0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:ecc0:1::/48
2a01:ecc0:8c0::/42
Signature Algorithm: sha256WithRSAEncryption
34:e4:42:2c:1b:27:1e:4b:bc:e8:07:cb:85:4b:be:b4:4d:25:
a8:5d:50:a7:05:de:c9:34:91:01:bf:1d:56:5d:bf:70:a6:16:
e9:d3:50:ae:78:5b:0d:cf:ee:f4:cc:cf:56:2b:9e:7f:8f:7f:
bd:ed:55:2d:ce:5d:b3:20:64:a9:1a:96:65:25:ba:58:ac:32:
d8:fd:ea:19:72:8b:9b:70:d3:4d:44:f6:74:6b:5e:b7:ef:85:
b3:b6:3c:95:34:96:93:d8:51:70:c1:72:e1:cf:65:4a:ac:72:
55:09:c4:28:b0:a2:38:ed:7f:29:b1:72:19:ae:3b:eb:65:91:
bb:0d:95:66:56:fc:3b:96:b3:ee:fa:59:e2:37:f3:91:79:16:
a5:84:77:6e:28:65:90:c5:b4:eb:4c:a2:8a:a8:49:71:4f:05:
89:ba:d4:be:fa:29:a1:35:2a:0d:76:3a:35:3c:49:82:75:28:
53:96:0e:ed:8f:a5:02:d7:f1:44:c3:d4:e9:cb:67:f5:eb:a0:
0c:97:08:71:84:54:4c:86:5d:27:0b:b3:ba:d2:00:4e:a5:a0:
04:9f:4d:ba:d8:a5:61:b4:d8:98:fc:c3:65:79:d6:9c:03:21:
85:f6:02:b3:de:77:7b:28:85:e6:93:21:f5:aa:d7:d1:d0:cf:
df:44:0e:43
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZohAUb5gfk//ZqU9VsERAvfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjUxMDI2MTQ1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjA0MjY5MjU0MmQ5MGViZWZlNDc1NGFjZTAxYjZiZGFhOWRkZDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAru+b1P8U9yKTmpo0/TyH/dVH2UhQ
foCBexjZOGZVRL1zvwaZMNvjqwcBZ/7VNc+FlvOK2Cv80enixyHXGxqejGzZFJE3
FTM9M5DB+oEeICIeA26WkWDUfGDsWrNPe/N54zK75vBLEX3f8UyNZHfxCMcMnwPa
1xbCggmS+cQuFoR45RvOPi8pA+6nog/H4H1sVs2uvjUsYsAbHAQ73Am49B19VPZ2
G2jH2K5yx8mS86jJGlvA+nC0Bn446ww7sKmFEVByBFnX2V9yxOimGiQvbHw0805b
W2KHC2br1EzKnANzGF+NAJO/eBavusvRyGKC6HAaSzlj12ew4zr/PR9kAwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE8EJpJULZDr7+R1Ss4Btr2qnd2NMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvVHdRbWtsUXRrT3Z2NUhWS3pnRzJ2YXFkM1kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgHswAAB
AwcGKgHswAjAMA0GCSqGSIb3DQEBCwUAA4IBAQA05EIsGyceS7zoB8uFS760TSWo
XVCnBd7JNJEBvx1WXb9wphbp01CueFsNz+70zM9WK55/j3+97VUtzl2zIGSpGpZl
JbpYrDLY/eoZcoubcNNNRPZ0a16374WztjyVNJaT2FFwwXLhz2VKrHJVCcQosKI4
7X8psXIZrjvrZZG7DZVmVvw7lrPu+lniN/OReRalhHduKGWQxbTrTKKKqElxTwWJ
utS++imhNSoNdjo1PEmCdShTlg7tj6UC1/FEw9Tpy2f166AMlwhxhFRMhl0nC7O6
0gBOpaAEn0262KVhtNiY/MNledacAyGF9gKz3nd7KIXmkyH1qtfR0M/fRA5D
-----END CERTIFICATE-----
Generated at Wed Nov 5 00:09:34 2025 by rpki-client