Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/3dM0ZcAH-KJOwdvPR36FZQlfJU8.roa
File: 3dM0ZcAH-KJOwdvPR36FZQlfJU8.roa (raw, json)
Hash identifier: piPrSYTM+yRddEHf9pkGaBjvnG9GYn7E7AQM35yJXkM=
Subject key identifier: DD:D3:34:65:C0:07:F8:A2:4E:C1:DB:CF:47:7E:85:65:09:5F:25:4F
Certificate issuer: /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial: 01987B35A2AD6DFAFBDDA5C4D576052E5C8B
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/3dM0ZcAH-KJOwdvPR36FZQlfJU8.roa
Signing time: Tue 05 Aug 2025 17:09:29 +0000
ROA not before: Tue 05 Aug 2025 17:09:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 5.1.40.0/24 maxlen: 24
2a06:fe40::/32 maxlen: 32
2a0e:2c00::/29 maxlen: 29
2a12:3a80::/32 maxlen: 32
2a12:3a81::/32 maxlen: 32
2a12:3a82::/32 maxlen: 32
2a12:3a83::/32 maxlen: 32
2a12:3a84::/32 maxlen: 32
2a12:3a85::/32 maxlen: 32
2a12:3a86::/32 maxlen: 32
2a12:3a87::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 11:00:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:7b:35:a2:ad:6d:fa:fb:dd:a5:c4:d5:76:05:2e:5c:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Validity
Not Before: Aug 5 17:09:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ddd33465c007f8a24ec1dbcf477e8565095f254f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:b5:96:ab:ca:21:69:91:ec:d2:7b:7b:fe:ef:
87:0d:3e:11:7a:4a:12:02:f2:cc:32:fd:02:25:98:
a7:7e:4e:ff:d7:fb:77:2a:c0:7c:57:81:2a:65:49:
c1:41:df:68:91:15:25:86:c9:05:71:23:e0:c3:52:
b7:3c:15:52:77:4b:51:fd:2f:04:c4:ec:6d:23:43:
e0:a2:cf:b9:41:77:af:ad:16:3a:ba:af:b2:3d:3e:
1c:dd:53:12:8d:1d:6c:0c:13:ac:34:05:49:37:a0:
84:0d:b2:da:f9:06:c6:7c:0a:2a:ee:47:3e:3e:f2:
6e:25:62:f8:96:c1:fd:04:b8:1a:60:c3:0a:a9:f9:
64:ee:ad:e2:1f:11:c7:ef:4e:65:40:e7:8f:9b:b4:
2d:c9:55:c1:f4:d0:0f:8d:d2:49:73:9d:c8:ea:a2:
a3:2c:69:ab:f6:79:c1:ff:e0:cd:03:fd:ef:54:ac:
e3:10:f6:43:5d:5a:65:76:df:e5:a2:3b:49:75:1e:
0e:f0:40:e0:18:60:6d:82:aa:4e:59:9e:36:59:06:
5e:43:33:cd:ce:04:b8:35:87:2e:ab:99:f8:a9:3e:
5f:46:ad:17:0d:47:90:4e:d5:8f:19:c9:23:51:5f:
87:ea:ca:df:74:d0:ad:9b:19:ea:71:e2:47:41:6b:
ef:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:D3:34:65:C0:07:F8:A2:4E:C1:DB:CF:47:7E:85:65:09:5F:25:4F
X509v3 Authority Key Identifier:
keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/3dM0ZcAH-KJOwdvPR36FZQlfJU8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.1.40.0/24
IPv6:
2a06:fe40::/32
2a0e:2c00::/29
2a12:3a80::/29
Signature Algorithm: sha256WithRSAEncryption
7e:e7:48:fb:b0:67:dc:46:2a:d8:d7:4d:02:06:12:30:98:c0:
83:86:8a:95:02:60:8f:e2:ca:fe:97:b9:92:32:59:4d:63:07:
f0:8e:74:21:31:4b:32:3c:ae:97:ce:40:53:50:2a:55:9c:b7:
21:99:bd:fe:8d:33:b7:7f:67:4b:d5:cc:e1:9d:d1:85:64:62:
b6:4b:4c:33:3d:b3:64:99:95:3b:32:59:b3:23:e5:ef:b4:64:
ae:b6:ed:3a:2c:19:80:13:a0:76:fd:e7:f9:7d:76:b7:3f:9d:
eb:e0:49:24:9d:80:e4:45:45:76:3d:73:6d:8c:0a:9e:bd:d8:
d5:5a:30:8a:6a:74:c2:1c:fb:e1:cf:61:30:17:c8:30:af:b7:
cf:45:c4:8d:79:2a:b5:4c:45:3e:be:7b:47:93:ea:e4:50:eb:
9d:be:1c:f6:76:ac:81:62:40:8d:43:1d:af:92:4f:bc:15:72:
cb:3c:c9:0b:44:26:7b:5a:4f:a1:8a:76:e5:00:04:ec:cb:9f:
1c:20:82:3a:8b:a2:bf:1f:04:e7:95:70:12:de:79:05:77:d7:
3d:41:05:83:fe:5b:10:97:95:c0:09:93:3d:c6:bf:1d:80:09:
0c:86:a4:7b:96:bf:f4:8f:ef:aa:0b:3e:3d:f8:60:df:ae:84:
33:21:0b:82
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZh7NaKtbfr73aXE1XYFLlyLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwODA1MTcwOTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGQzMzQ2NWMwMDdmOGEyNGVjMWRiY2Y0NzdlODU2NTA5NWYyNTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17WWq8ohaZHs0nt7/u+HDT4RekoS
AvLMMv0CJZinfk7/1/t3KsB8V4EqZUnBQd9okRUlhskFcSPgw1K3PBVSd0tR/S8E
xOxtI0Pgos+5QXevrRY6uq+yPT4c3VMSjR1sDBOsNAVJN6CEDbLa+QbGfAoq7kc+
PvJuJWL4lsH9BLgaYMMKqflk7q3iHxHH705lQOePm7QtyVXB9NAPjdJJc53I6qKj
LGmr9nnB/+DNA/3vVKzjEPZDXVpldt/lojtJdR4O8EDgGGBtgqpOWZ42WQZeQzPN
zgS4NYcuq5n4qT5fRq0XDUeQTtWPGckjUV+H6srfdNCtmxnqceJHQWvvEwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFN3TNGXAB/iiTsHbz0d+hWUJXyVPMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvM2RNMFpjQUgtS0pPd2R2UFIzNkZaUWxmSlU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAMBAIAATAGAwQABQEoMBsE
AgACMBUDBQAqBv5AAwUDKg4sAAMFAyoSOoAwDQYJKoZIhvcNAQELBQADggEBAH7n
SPuwZ9xGKtjXTQIGEjCYwIOGipUCYI/iyv6XuZIyWU1jB/COdCExSzI8rpfOQFNQ
KlWctyGZvf6NM7d/Z0vVzOGd0YVkYrZLTDM9s2SZlTsyWbMj5e+0ZK627TosGYAT
oHb95/l9drc/nevgSSSdgORFRXY9c22MCp692NVaMIpqdMIc++HPYTAXyDCvt89F
xI15KrVMRT6+e0eT6uRQ652+HPZ2rIFiQI1DHa+ST7wVcss8yQtEJntaT6GKduUA
BOzLnxwggjqLor8fBOeVcBLeeQV31z1BBYP+WxCXlcAJkz3Gvx2ACQyGpHuWv/SP
76oLPj34YN+uhDMhC4I=
-----END CERTIFICATE-----
Generated at Sat Aug 9 20:45:08 2025 by rpki-client