Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/Rv6zGXBjkznli3ZKfxFt4ipmauE.roa
File: Rv6zGXBjkznli3ZKfxFt4ipmauE.roa (raw, json)
Hash identifier: dXObCu4OgPipE+rLGUHr9IMJPVaiHyCmmOUAIbCECQQ=
Subject key identifier: 46:FE:B3:19:70:63:93:39:E5:8B:76:4A:7F:11:6D:E2:2A:66:6A:E1
Certificate issuer: /CN=c24d5bd3ceeaab0786ce151a3178dadc107bf280
Certificate serial: 0197F975FE06DA12B76686A257674CDA3625
Authority key identifier: C2:4D:5B:D3:CE:EA:AB:07:86:CE:15:1A:31:78:DA:DC:10:7B:F2:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wk1b087qqweGzhUaMXja3BB78oA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/Rv6zGXBjkznli3ZKfxFt4ipmauE.roa
Signing time: Fri 11 Jul 2025 12:29:08 +0000
ROA not before: Fri 11 Jul 2025 12:29:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205714
IP address blocks: 86.32.0.0/15 maxlen: 15
86.32.80.0/21 maxlen: 21
86.32.88.0/21 maxlen: 21
86.32.96.0/21 maxlen: 21
86.32.104.0/21 maxlen: 21
86.32.112.0/21 maxlen: 21
86.33.0.0/21 maxlen: 21
86.33.8.0/21 maxlen: 21
86.33.16.0/21 maxlen: 21
86.33.24.0/21 maxlen: 21
86.33.32.0/21 maxlen: 21
86.33.40.0/21 maxlen: 21
2a10:5700::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/wk1b087qqweGzhUaMXja3BB78oA.crl
rsync://rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/wk1b087qqweGzhUaMXja3BB78oA.mft
rsync://rpki.ripe.net/repository/DEFAULT/wk1b087qqweGzhUaMXja3BB78oA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 05:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:f9:75:fe:06:da:12:b7:66:86:a2:57:67:4c:da:36:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c24d5bd3ceeaab0786ce151a3178dadc107bf280
Validity
Not Before: Jul 11 12:29:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=46feb31970639339e58b764a7f116de22a666ae1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:4b:c3:ba:93:d7:e7:67:32:e1:ab:06:51:5d:
0d:69:5c:b2:84:9a:fe:c3:54:0b:f5:80:5d:5b:88:
d9:c4:b4:b7:eb:b0:12:fd:e8:db:c5:9f:65:ad:38:
c9:71:38:71:48:58:7d:6c:98:0a:12:8a:b6:58:00:
95:07:d4:b9:57:e8:34:06:8f:17:77:d9:55:73:be:
bd:92:96:fb:69:ed:ed:61:16:61:25:df:48:44:0f:
5c:52:74:b4:8c:44:9d:70:8a:bb:69:f8:50:90:86:
d1:c4:b4:65:3d:6e:23:c3:58:1b:cf:f0:16:0b:f5:
47:a0:35:d7:eb:0d:cd:f1:02:13:93:8a:f1:48:04:
19:2b:59:46:91:99:e4:75:ba:7e:a2:1f:05:13:4a:
76:51:2d:02:1c:8d:43:c7:b2:c3:27:91:1c:14:71:
aa:70:92:ac:91:47:ac:c2:93:ac:21:b8:75:66:08:
ba:d0:8a:e7:92:78:c2:c2:2b:b6:6e:64:16:2f:7c:
8b:da:f3:16:0c:86:ef:34:1a:6f:d3:8c:79:0e:0e:
ab:23:bc:20:d3:28:9f:a1:a6:a0:60:fb:14:d1:e2:
61:fe:b8:71:1c:00:16:06:3d:95:3c:4c:5b:25:5e:
27:6e:6c:fa:bd:94:40:27:8d:63:90:bb:67:41:07:
28:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:FE:B3:19:70:63:93:39:E5:8B:76:4A:7F:11:6D:E2:2A:66:6A:E1
X509v3 Authority Key Identifier:
keyid:C2:4D:5B:D3:CE:EA:AB:07:86:CE:15:1A:31:78:DA:DC:10:7B:F2:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wk1b087qqweGzhUaMXja3BB78oA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/Rv6zGXBjkznli3ZKfxFt4ipmauE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/wk1b087qqweGzhUaMXja3BB78oA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.32.0.0/15
IPv6:
2a10:5700::/29
Signature Algorithm: sha256WithRSAEncryption
aa:0f:b3:4a:10:2f:3b:6e:54:b5:51:25:dd:01:79:b1:d6:09:
7b:ea:ac:f6:ac:21:e9:bf:6e:e0:9f:f9:f2:da:2d:4d:b0:83:
6b:7a:78:74:8e:56:0d:a5:f8:79:ef:db:a4:c0:78:9b:6b:21:
75:21:64:01:e3:00:d5:ed:27:e2:04:6c:3c:83:a0:a4:40:63:
1c:5f:ce:3e:ea:61:46:6e:87:a4:b8:4f:e4:ce:4b:e4:04:44:
19:64:30:f6:c7:78:ad:ce:69:bf:bc:e6:68:af:16:ef:30:e4:
24:a5:ff:1b:d1:a9:7c:d2:f8:a8:8b:52:c4:6d:75:d8:53:4e:
b8:c5:f3:37:c2:95:8e:cc:67:da:82:62:51:2b:83:3f:03:b4:
41:bd:bb:ca:03:b1:a7:3b:12:c3:7e:bd:fd:ce:58:37:b5:cb:
d2:3a:f9:99:71:d8:6e:fc:77:55:cc:44:c4:74:67:14:1c:4a:
6e:d7:bc:f3:3b:f4:17:9e:64:96:7c:46:4e:75:b4:bd:d8:78:
0e:ed:74:d7:ce:d9:42:04:98:41:bb:a8:a4:8f:91:e8:e0:e7:
dc:4e:86:41:52:7c:86:45:55:4e:b8:ef:22:04:f5:da:38:f3:
91:31:6e:2f:5d:d8:7f:21:18:a1:60:e6:56:4a:02:d4:d3:a8:
99:3b:4f:96
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZf5df4G2hK3ZoaiV2dM2jYlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNGQ1YmQzY2VlYWFiMDc4NmNlMTUxYTMxNzhkYWRjMTA3
YmYyODAwHhcNMjUwNzExMTIyOTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmZlYjMxOTcwNjM5MzM5ZTU4Yjc2NGE3ZjExNmRlMjJhNjY2YWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0vDupPX52cy4asGUV0NaVyyhJr+
w1QL9YBdW4jZxLS367AS/ejbxZ9lrTjJcThxSFh9bJgKEoq2WACVB9S5V+g0Bo8X
d9lVc769kpb7ae3tYRZhJd9IRA9cUnS0jESdcIq7afhQkIbRxLRlPW4jw1gbz/AW
C/VHoDXX6w3N8QITk4rxSAQZK1lGkZnkdbp+oh8FE0p2US0CHI1Dx7LDJ5EcFHGq
cJKskUeswpOsIbh1Zgi60IrnknjCwiu2bmQWL3yL2vMWDIbvNBpv04x5Dg6rI7wg
0yifoaagYPsU0eJh/rhxHAAWBj2VPExbJV4nbmz6vZRAJ41jkLtnQQcoUQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFEb+sxlwY5M55Yt2Sn8RbeIqZmrhMB8GA1UdIwQY
MBaAFMJNW9PO6qsHhs4VGjF42twQe/KAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2sxYjA4N3Fxd2VHemhVYU1YamEzQkI3OG9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS85ZTE2YzEtMzEwZi00MTBjLWIzNDEt
NDFkODIzMjlmMjZkLzEvUnY2ekdYQmprem5saTNaS2Z4RnQ0aXBtYXVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS85ZTE2YzEtMzEwZi00MTBjLWIzNDEtNDFkODIzMjlmMjZk
LzEvd2sxYjA4N3Fxd2VHemhVYU1YamEzQkI3OG9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDALBAIAATAFAwMBViAwDQQC
AAIwBwMFAyoQVwAwDQYJKoZIhvcNAQELBQADggEBAKoPs0oQLztuVLVRJd0BebHW
CXvqrPasIem/buCf+fLaLU2wg2t6eHSOVg2l+Hnv26TAeJtrIXUhZAHjANXtJ+IE
bDyDoKRAYxxfzj7qYUZuh6S4T+TOS+QERBlkMPbHeK3Oab+85mivFu8w5CSl/xvR
qXzS+KiLUsRtddhTTrjF8zfClY7MZ9qCYlErgz8DtEG9u8oDsac7EsN+vf3OWDe1
y9I6+Zlx2G78d1XMRMR0ZxQcSm7XvPM79BeeZJZ8Rk51tL3YeA7tdNfO2UIEmEG7
qKSPkejg59xOhkFSfIZFVU647yIE9do485Exbi9d2H8hGKFg5lZKAtTTqJk7T5Y=
-----END CERTIFICATE-----
Generated at Sat Aug 9 10:31:34 2025 by rpki-client