Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/pw-WaAa8sr7eAG_QiQzP8CPPD1k.roa
File: pw-WaAa8sr7eAG_QiQzP8CPPD1k.roa (raw, json)
Hash identifier: a/qQAhWgB+KEspK5d/EepUAgZlOajCFKwxo1Ej4BUys=
Subject key identifier: A7:0F:96:68:06:BC:B2:BE:DE:00:6F:D0:89:0C:CF:F0:23:CF:0F:59
Certificate issuer: /CN=afdb5c03998fc66b8f1827299403f1e5e8d999d7
Certificate serial: 0198816029196B337DB325F6C5E491691F27
Authority key identifier: AF:DB:5C:03:99:8F:C6:6B:8F:18:27:29:94:03:F1:E5:E8:D9:99:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r9tcA5mPxmuPGCcplAPx5ejZmdc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/pw-WaAa8sr7eAG_QiQzP8CPPD1k.roa
Signing time: Wed 06 Aug 2025 21:53:39 +0000
ROA not before: Wed 06 Aug 2025 21:53:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213605
IP address blocks: 2001:678:120::/48 maxlen: 48
2001:678:10d0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/r9tcA5mPxmuPGCcplAPx5ejZmdc.crl
rsync://rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/r9tcA5mPxmuPGCcplAPx5ejZmdc.mft
rsync://rpki.ripe.net/repository/DEFAULT/r9tcA5mPxmuPGCcplAPx5ejZmdc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 12:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:81:60:29:19:6b:33:7d:b3:25:f6:c5:e4:91:69:1f:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=afdb5c03998fc66b8f1827299403f1e5e8d999d7
Validity
Not Before: Aug 6 21:53:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a70f966806bcb2bede006fd0890ccff023cf0f59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:69:f1:f4:0a:24:fd:45:fd:5c:65:b8:4b:87:
eb:7a:9e:4f:26:e8:3c:c8:f8:f7:18:38:6b:d1:64:
bc:23:e1:df:08:ba:76:8a:ce:b2:20:e1:7d:6a:db:
26:9e:a8:c8:b6:f3:a4:9d:70:41:be:e6:a4:b9:51:
34:e1:05:58:2b:54:d0:17:80:d0:4a:bd:d2:1d:52:
22:f3:58:aa:10:19:31:5f:31:3d:e6:db:47:0d:14:
de:ea:c4:ca:79:15:fd:fb:2b:57:48:a1:3a:31:6a:
7a:8a:92:b1:14:f6:a1:a3:9f:83:73:91:bc:b2:f5:
60:1d:3b:d2:16:9e:8c:14:b2:1f:79:18:be:fb:c1:
df:82:ca:92:b0:b2:5a:1c:6c:75:57:49:f3:e8:e5:
a5:81:4d:41:52:48:82:00:cf:59:27:92:54:bd:67:
d6:41:23:30:3f:55:3b:a9:9f:42:ed:4a:b6:0e:6c:
9b:30:17:76:d3:c5:5d:e0:bc:b1:bc:17:72:ea:43:
03:6c:86:d7:2d:5b:34:a1:67:d1:24:25:55:46:9c:
10:9b:09:00:97:a7:7a:cc:6c:65:c7:30:bf:25:be:
66:29:7d:82:41:be:d0:56:80:0f:e9:29:cb:25:d7:
90:af:ff:00:7b:d6:86:89:4b:7d:b6:4d:f2:51:0f:
a7:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:0F:96:68:06:BC:B2:BE:DE:00:6F:D0:89:0C:CF:F0:23:CF:0F:59
X509v3 Authority Key Identifier:
keyid:AF:DB:5C:03:99:8F:C6:6B:8F:18:27:29:94:03:F1:E5:E8:D9:99:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r9tcA5mPxmuPGCcplAPx5ejZmdc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/pw-WaAa8sr7eAG_QiQzP8CPPD1k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/9f560b-06cf-46eb-963c-67ad3ac7f83f/1/r9tcA5mPxmuPGCcplAPx5ejZmdc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:678:120::/48
2001:678:10d0::/48
Signature Algorithm: sha256WithRSAEncryption
4d:8f:12:16:e5:84:aa:b2:63:be:84:54:43:cb:e0:9f:b1:51:
b4:1e:43:6a:69:29:18:36:07:a5:9a:37:a2:12:7f:38:1f:4d:
18:1c:2b:ee:da:f6:11:63:a3:8d:dd:00:15:dd:2a:f1:41:4a:
c5:e8:ac:05:86:2b:6d:18:a2:48:e7:75:e9:f5:ca:c8:02:2b:
c1:30:5f:c1:3a:98:de:19:70:66:7a:a6:74:04:da:d2:17:09:
80:25:3f:21:cc:ae:c1:63:0b:56:df:a8:23:92:09:c0:8b:f6:
e0:60:6b:73:17:3e:ff:03:5c:3e:a4:2c:a3:c4:ad:33:8a:4a:
b8:e5:a3:c8:e3:ce:cb:d3:90:43:61:1e:93:41:f3:cf:ec:04:
2a:a9:3c:49:5e:c9:1f:38:22:49:3f:6a:cc:66:ad:f0:89:d5:
77:37:91:0a:49:b8:b5:bc:c8:50:17:75:6a:20:8f:d0:88:a9:
1f:f1:84:f4:07:8d:3d:99:ba:8e:d6:5e:dd:cd:95:c8:45:8f:
ab:aa:5f:28:32:19:16:bb:dc:9b:04:9d:08:f2:fd:3a:db:9c:
a7:5b:ca:2d:6b:2d:15:74:e9:8c:76:6b:de:98:cd:ce:8d:d0:
b1:ed:f0:bc:a1:45:9b:d1:3e:76:3e:55:db:85:ff:5b:0a:69:
ff:47:b1:2d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZiBYCkZazN9syX2xeSRaR8nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZGI1YzAzOTk4ZmM2NmI4ZjE4MjcyOTk0MDNmMWU1ZThk
OTk5ZDcwHhcNMjUwODA2MjE1MzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzBmOTY2ODA2YmNiMmJlZGUwMDZmZDA4OTBjY2ZmMDIzY2YwZjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Gnx9Aok/UX9XGW4S4frep5PJug8
yPj3GDhr0WS8I+HfCLp2is6yIOF9atsmnqjItvOknXBBvuakuVE04QVYK1TQF4DQ
Sr3SHVIi81iqEBkxXzE95ttHDRTe6sTKeRX9+ytXSKE6MWp6ipKxFPaho5+Dc5G8
svVgHTvSFp6MFLIfeRi++8HfgsqSsLJaHGx1V0nz6OWlgU1BUkiCAM9ZJ5JUvWfW
QSMwP1U7qZ9C7Uq2DmybMBd208Vd4LyxvBdy6kMDbIbXLVs0oWfRJCVVRpwQmwkA
l6d6zGxlxzC/Jb5mKX2CQb7QVoAP6SnLJdeQr/8Ae9aGiUt9tk3yUQ+nwQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKcPlmgGvLK+3gBv0IkMz/Ajzw9ZMB8GA1UdIwQY
MBaAFK/bXAOZj8ZrjxgnKZQD8eXo2ZnXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjl0Y0E1bVB4bXVQR0NjcGxBUHg1ZWpabWRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC85ZjU2MGItMDZjZi00NmViLTk2M2Mt
NjdhZDNhYzdmODNmLzEvcHctV2FBYThzcjdlQUdfUWlRelA4Q1BQRDFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC85ZjU2MGItMDZjZi00NmViLTk2M2MtNjdhZDNhYzdmODNm
LzEvcjl0Y0E1bVB4bXVQR0NjcGxBUHg1ZWpabWRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGeAEg
AwcAIAEGeBDQMA0GCSqGSIb3DQEBCwUAA4IBAQBNjxIW5YSqsmO+hFRDy+CfsVG0
HkNqaSkYNgelmjeiEn84H00YHCvu2vYRY6ON3QAV3SrxQUrF6KwFhittGKJI53Xp
9crIAivBMF/BOpjeGXBmeqZ0BNrSFwmAJT8hzK7BYwtW36gjkgnAi/bgYGtzFz7/
A1w+pCyjxK0zikq45aPI487L05BDYR6TQfPP7AQqqTxJXskfOCJJP2rMZq3widV3
N5EKSbi1vMhQF3VqII/QiKkf8YT0B409mbqO1l7dzZXIRY+rql8oMhkWu9ybBJ0I
8v0625ynW8otay0VdOmMdmvemM3OjdCx7fC8oUWb0T52PlXbhf9bCmn/R7Et
-----END CERTIFICATE-----
Generated at Sat Aug 9 20:32:48 2025 by rpki-client