Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ZTzpOYg7IE8l3NJDYDCnAEnmfrA.roa
File: ZTzpOYg7IE8l3NJDYDCnAEnmfrA.roa (raw, json)
Hash identifier: TCpspCulSQT0/r/KiMBfAyRo7OQXTkmeGewTCpUyBks=
Subject key identifier: 65:3C:E9:39:88:3B:20:4F:25:DC:D2:43:60:30:A7:00:49:E6:7E:B0
Certificate issuer: /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial: 019A4FC4B75B13C5FD00F52064F0B3762047
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ZTzpOYg7IE8l3NJDYDCnAEnmfrA.roa
Signing time: Tue 04 Nov 2025 16:48:03 +0000
ROA not before: Tue 04 Nov 2025 16:48:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199925
IP address blocks: 2a0d:b740::/29 maxlen: 29
2a12:d5c0::/29 maxlen: 29
2a13:2b40::/29 maxlen: 32
2a13:9b00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4f:c4:b7:5b:13:c5:fd:00:f5:20:64:f0:b3:76:20:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Validity
Not Before: Nov 4 16:48:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=653ce939883b204f25dcd2436030a70049e67eb0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:83:34:da:32:64:b1:b3:1c:07:c3:c0:93:81:
eb:52:7e:0e:04:60:9b:4d:fd:9c:2c:3c:8d:33:8d:
fb:89:93:b4:c5:2b:f8:55:07:01:6c:25:62:fc:13:
78:33:d6:47:43:7d:d2:f3:73:70:f1:2e:48:e1:2f:
ee:67:81:d4:dd:da:03:ac:2f:1c:3a:31:42:0d:fa:
92:3d:51:1d:80:83:5a:14:b7:4f:f0:7c:1e:6e:d5:
06:3e:a6:d4:5e:ea:42:4f:b3:cc:45:e7:58:a1:47:
ab:91:71:10:88:f1:da:cb:0f:53:1c:b4:f4:4c:44:
2c:4f:81:4f:7f:3d:6d:13:a2:55:b3:b0:44:7b:e0:
bc:01:3c:a2:98:c0:91:1e:e3:e3:91:0f:1a:ea:65:
44:3e:eb:22:4b:74:9e:5f:f0:87:e9:f6:d6:86:c1:
ec:1b:cb:15:a7:d8:68:74:0c:36:7e:23:c3:eb:1e:
d2:3b:d3:44:44:03:2f:44:f0:9a:11:87:4c:c5:d7:
6a:e6:9f:20:00:d8:ce:0a:f1:cb:f3:f0:ea:ab:03:
0a:4b:fa:e0:6b:7e:a7:69:db:b1:79:56:b5:8c:84:
ed:a7:6f:90:4b:fa:cb:18:67:a9:85:6c:a5:31:ce:
e7:ef:6c:c0:57:a8:4a:57:e5:76:5f:07:4c:72:55:
ac:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:3C:E9:39:88:3B:20:4F:25:DC:D2:43:60:30:A7:00:49:E6:7E:B0
X509v3 Authority Key Identifier:
keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ZTzpOYg7IE8l3NJDYDCnAEnmfrA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0d:b740::/29
2a12:d5c0::/29
2a13:2b40::/29
2a13:9b00::/29
Signature Algorithm: sha256WithRSAEncryption
a9:44:4c:96:45:7f:3e:33:a0:29:4c:b9:5d:ad:44:b7:db:52:
57:42:8f:d9:95:7b:d4:29:f9:25:3e:04:d1:87:29:69:66:17:
d5:a9:a9:79:11:43:da:61:28:37:25:75:fa:cb:f0:16:ee:ee:
d2:be:7f:0c:88:86:1c:51:e1:63:b5:12:31:69:b5:c0:54:ea:
3f:d5:2f:ad:ba:27:3a:f8:d0:7d:b6:c7:35:94:d3:13:81:f5:
cd:24:78:a8:59:6d:40:d9:82:7f:70:ac:76:2a:14:6d:8e:9f:
15:fe:f3:40:6c:10:ca:d4:72:ae:d5:73:a4:25:3e:48:f8:9b:
78:6b:0a:87:89:b8:78:3b:21:4a:fd:3a:8b:89:c0:68:8e:01:
ad:1c:31:54:4b:4a:5e:11:28:8b:79:ca:e4:7b:ea:ec:03:57:
fc:16:32:fb:49:d9:86:b9:bd:fc:6f:96:70:4a:b1:46:04:d2:
37:18:21:3f:40:b8:ac:7c:54:81:44:63:6e:46:28:33:e1:9a:
7c:f9:4c:fb:98:ba:51:dc:47:ab:f2:6f:6a:cd:79:15:04:52:
6f:f8:15:27:80:af:8d:09:4a:f1:e3:8c:91:7d:12:7f:c5:16:
1b:55:36:1f:f1:f5:9e:0b:8d:0c:a0:cc:72:35:c1:56:0d:1a:
20:22:ba:4a
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZpPxLdbE8X9APUgZPCzdiBHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUxMTA0MTY0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTNjZTkzOTg4M2IyMDRmMjVkY2QyNDM2MDMwYTcwMDQ5ZTY3ZWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4M02jJksbMcB8PAk4HrUn4OBGCb
Tf2cLDyNM437iZO0xSv4VQcBbCVi/BN4M9ZHQ33S83Nw8S5I4S/uZ4HU3doDrC8c
OjFCDfqSPVEdgINaFLdP8HwebtUGPqbUXupCT7PMRedYoUerkXEQiPHayw9THLT0
TEQsT4FPfz1tE6JVs7BEe+C8ATyimMCRHuPjkQ8a6mVEPusiS3SeX/CH6fbWhsHs
G8sVp9hodAw2fiPD6x7SO9NERAMvRPCaEYdMxddq5p8gANjOCvHL8/DqqwMKS/rg
a36naduxeVa1jITtp2+QS/rLGGephWylMc7n72zAV6hKV+V2XwdMclWsTQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFGU86TmIOyBPJdzSQ2AwpwBJ5n6wMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvWlR6cE9ZZzdJRThsM05KRFlEQ25BRW5tZnJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUDKg23QAMF
AyoS1cADBQMqEytAAwUDKhObADANBgkqhkiG9w0BAQsFAAOCAQEAqURMlkV/PjOg
KUy5Xa1Et9tSV0KP2ZV71Cn5JT4E0YcpaWYX1ampeRFD2mEoNyV1+svwFu7u0r5/
DIiGHFHhY7USMWm1wFTqP9UvrbonOvjQfbbHNZTTE4H1zSR4qFltQNmCf3CsdioU
bY6fFf7zQGwQytRyrtVzpCU+SPibeGsKh4m4eDshSv06i4nAaI4BrRwxVEtKXhEo
i3nK5Hvq7ANX/BYy+0nZhrm9/G+WcEqxRgTSNxghP0C4rHxUgURjbkYoM+GafPlM
+5i6UdxHq/Jvas15FQRSb/gVJ4CvjQlK8eOMkX0Sf8UWG1U2H/H1nguNDKDMcjXB
Vg0aICK6Sg==
-----END CERTIFICATE-----
Generated at Wed Nov 5 13:40:59 2025 by rpki-client