Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/Rv56JbM9B0QRW871yiTV-6FdpRA.roa
File: Rv56JbM9B0QRW871yiTV-6FdpRA.roa (raw, json)
Hash identifier: WXhKSn8R39elIT0wpsiUNOwPTK9oHy/wkiqB/Sxv7nI=
Subject key identifier: 46:FE:7A:25:B3:3D:07:44:11:5B:CE:F5:CA:24:D5:FB:A1:5D:A5:10
Certificate issuer: /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial: 0198806D8D77A0C6363868705900A6BA9117
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/Rv56JbM9B0QRW871yiTV-6FdpRA.roa
Signing time: Wed 06 Aug 2025 17:28:39 +0000
ROA not before: Wed 06 Aug 2025 17:28:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211009
IP address blocks: 2a12:10c0::/29 maxlen: 29
2a12:15c0::/29 maxlen: 29
2a12:25c0::/29 maxlen: 29
2a12:34c0::/29 maxlen: 29
2a12:4240::/29 maxlen: 29
2a12:7980::/29 maxlen: 29
2a12:c180::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 11 Aug 2025 17:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:80:6d:8d:77:a0:c6:36:38:68:70:59:00:a6:ba:91:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Validity
Not Before: Aug 6 17:28:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=46fe7a25b33d0744115bcef5ca24d5fba15da510
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:e4:72:49:3c:7a:97:61:aa:f5:17:0b:56:a0:
50:9b:46:75:fb:de:bf:d2:10:cb:eb:35:e1:bc:36:
b8:07:8a:ec:e1:76:d6:f7:50:bb:04:25:2c:ff:09:
8e:5c:a3:72:98:96:8f:74:47:3e:46:13:ab:7b:38:
d7:8e:b2:f4:b7:29:db:9a:3f:1e:54:c0:b0:e0:24:
0a:72:ca:66:5e:90:fe:a3:bd:fa:75:e1:75:75:7a:
4b:06:d0:1a:ca:a4:8a:c6:9d:20:39:ed:bc:06:3f:
1c:4b:97:d4:e9:2f:4c:8b:b4:51:89:8c:9a:d1:30:
78:4e:18:3a:12:77:4e:3d:ca:f7:f5:f5:59:21:d0:
29:13:cb:47:a5:2a:16:77:a2:85:3a:81:90:a7:46:
3e:6a:33:ca:ba:6b:04:76:0d:72:d3:02:96:72:4b:
fd:6d:bb:71:33:0f:4d:29:2e:a6:7f:56:7a:74:12:
39:5b:9e:f5:af:a6:8f:74:a9:89:a9:21:4d:d3:2a:
b8:01:6a:7b:d6:e0:b0:30:d1:c1:d1:8b:ca:f2:b2:
72:36:f7:dc:5d:c5:5c:e2:03:98:1a:9e:b3:6a:85:
87:12:05:56:d7:25:82:26:72:b4:8b:83:54:a9:d8:
54:6a:36:20:cd:36:df:e7:e9:0b:6a:1c:e4:5f:25:
a7:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:FE:7A:25:B3:3D:07:44:11:5B:CE:F5:CA:24:D5:FB:A1:5D:A5:10
X509v3 Authority Key Identifier:
keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/Rv56JbM9B0QRW871yiTV-6FdpRA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:10c0::/29
2a12:15c0::/29
2a12:25c0::/29
2a12:34c0::/29
2a12:4240::/29
2a12:7980::/29
2a12:c180::/29
Signature Algorithm: sha256WithRSAEncryption
60:8e:4b:8b:74:1c:9c:e3:b2:a3:6f:c1:cf:2e:31:9b:31:8e:
18:b6:c7:63:bc:40:f8:8b:b7:f7:2b:4f:57:35:ee:53:43:af:
50:f3:f4:cf:e7:7b:ef:57:6c:f6:75:46:51:a8:c9:18:c9:a5:
91:76:d7:14:98:56:04:d2:1a:1c:7b:87:65:84:82:00:d1:b1:
f5:26:7c:30:4b:ae:49:ee:89:6c:99:62:64:97:d2:a6:b3:e6:
46:ca:2c:1f:5c:98:c1:64:ce:dc:41:91:36:36:b1:60:77:0b:
5c:3b:9f:e8:25:75:69:69:2d:73:91:0c:31:f8:f7:59:ff:d7:
b0:03:94:e9:e1:11:0a:56:9f:71:ef:b2:a1:44:89:48:68:57:
39:1d:22:d0:8f:7a:5f:d5:b7:f7:13:f8:da:25:a2:17:f8:78:
14:66:0e:17:40:3d:43:3f:57:da:c8:9d:3e:12:13:a8:d0:d1:
56:13:65:76:03:c4:4a:55:7c:4c:fd:b0:cf:25:d3:eb:d3:ac:
20:6e:6a:17:32:0b:0c:e7:35:71:76:c9:53:0e:33:4d:ee:3c:
d5:df:df:d8:cb:5a:57:9b:6c:37:60:11:b2:15:35:9d:48:3a:
58:99:3e:73:b8:4c:d9:73:9a:06:b6:34:fe:79:28:08:16:f9:
06:d6:bd:dc
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZiAbY13oMY2OGhwWQCmupEXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwODA2MTcyODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmZlN2EyNWIzM2QwNzQ0MTE1YmNlZjVjYTI0ZDVmYmExNWRhNTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+RySTx6l2Gq9RcLVqBQm0Z1+96/
0hDL6zXhvDa4B4rs4XbW91C7BCUs/wmOXKNymJaPdEc+RhOrezjXjrL0tynbmj8e
VMCw4CQKcspmXpD+o736deF1dXpLBtAayqSKxp0gOe28Bj8cS5fU6S9Mi7RRiYya
0TB4Thg6EndOPcr39fVZIdApE8tHpSoWd6KFOoGQp0Y+ajPKumsEdg1y0wKWckv9
bbtxMw9NKS6mf1Z6dBI5W571r6aPdKmJqSFN0yq4AWp71uCwMNHB0YvK8rJyNvfc
XcVc4gOYGp6zaoWHEgVW1yWCJnK0i4NUqdhUajYgzTbf5+kLahzkXyWnnwIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFEb+eiWzPQdEEVvO9cok1fuhXaUQMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvUnY1NkpiTTlCMFFSVzg3MXlpVFYtNkZkcFJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAAjAxAwUDKhIQwAMF
AyoSFcADBQMqEiXAAwUDKhI0wAMFAyoSQkADBQMqEnmAAwUDKhLBgDANBgkqhkiG
9w0BAQsFAAOCAQEAYI5Li3QcnOOyo2/Bzy4xmzGOGLbHY7xA+Iu39ytPVzXuU0Ov
UPP0z+d771ds9nVGUajJGMmlkXbXFJhWBNIaHHuHZYSCANGx9SZ8MEuuSe6JbJli
ZJfSprPmRsosH1yYwWTO3EGRNjaxYHcLXDuf6CV1aWktc5EMMfj3Wf/XsAOU6eER
Clafce+yoUSJSGhXOR0i0I96X9W39xP42iWiF/h4FGYOF0A9Qz9X2sidPhITqNDR
VhNldgPESlV8TP2wzyXT69OsIG5qFzILDOc1cXbJUw4zTe481d/f2MtaV5tsN2AR
shU1nUg6WJk+c7hM2XOaBrY0/nkoCBb5Bta93A==
-----END CERTIFICATE-----
Generated at Mon Aug 11 01:48:03 2025 by rpki-client