Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/XICObafI1aWt9Gx2SLVaja1cbNA.roa
File: XICObafI1aWt9Gx2SLVaja1cbNA.roa (raw, json)
Hash identifier: J1QMG5TNEJpgpHuljpCaPS8baWf4GZYS8vktPPu4m00=
Subject key identifier: 5C:80:8E:6D:A7:C8:D5:A5:AD:F4:6C:76:48:B5:5A:8D:AD:5C:6C:D0
Certificate issuer: /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial: 01987F66F3BD4BFD7EC18928064A45CD84E0
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/XICObafI1aWt9Gx2SLVaja1cbNA.roa
Signing time: Wed 06 Aug 2025 12:41:50 +0000
ROA not before: Wed 06 Aug 2025 12:41:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213861
IP address blocks: 2a0c:2844::/32 maxlen: 32
2a12:2cc6::/32 maxlen: 32
2a12:3bc0::/32 maxlen: 32
2a12:3bc1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 08 Aug 2025 02:01:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:7f:66:f3:bd:4b:fd:7e:c1:89:28:06:4a:45:cd:84:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Validity
Not Before: Aug 6 12:41:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5c808e6da7c8d5a5adf46c7648b55a8dad5c6cd0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:64:c4:79:73:bd:1e:ed:d0:ab:21:d1:4b:f9:
fd:4a:15:c8:33:2c:3b:b1:90:a5:fa:a7:0b:58:af:
25:6b:8d:94:ef:6f:f8:f9:49:21:f6:02:8b:74:b1:
66:de:99:92:c3:6d:88:15:3d:de:7a:1f:09:7b:32:
2b:95:31:d2:b3:b4:23:c1:6d:82:b9:67:0d:99:14:
3c:78:e4:90:eb:0f:83:49:be:a7:ca:ab:ce:92:e6:
c9:1a:c5:ca:a8:18:68:d8:22:c5:7b:a7:1b:96:7a:
a7:01:7d:44:5f:62:1b:cc:7e:c8:52:0a:da:22:06:
24:03:a2:3f:b2:76:7d:b3:a3:65:29:f1:a1:34:1b:
70:c8:28:a6:27:9f:7e:2f:76:45:11:c7:47:56:a5:
7d:56:ae:17:c1:b8:05:c5:16:4b:8d:b2:f7:ad:ec:
fd:fd:7c:10:d6:a3:75:3b:01:66:be:cc:0b:23:d0:
9f:9b:b0:85:3d:00:1e:40:43:58:1e:8e:9d:f1:9e:
51:ab:b4:87:a8:59:38:cc:e3:3e:57:56:bd:60:2d:
48:4d:5f:db:2c:b1:0a:66:f6:2b:65:f0:ab:4e:96:
31:fa:f4:89:2e:ae:25:cb:72:1e:54:a8:4b:fb:c1:
df:a8:a7:e2:01:eb:5b:e6:3d:b6:81:ed:78:47:3e:
28:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:80:8E:6D:A7:C8:D5:A5:AD:F4:6C:76:48:B5:5A:8D:AD:5C:6C:D0
X509v3 Authority Key Identifier:
keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/XICObafI1aWt9Gx2SLVaja1cbNA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0c:2844::/32
2a12:2cc6::/32
2a12:3bc0::/31
Signature Algorithm: sha256WithRSAEncryption
00:e2:d4:46:8b:ca:f0:aa:67:c6:d0:52:42:c3:dc:02:af:4b:
89:81:60:0b:31:51:63:d4:f1:c9:0f:7d:b3:c8:a9:9f:9c:fa:
b0:e3:80:19:10:b2:05:76:f6:fc:36:2f:1c:b9:3f:b7:d4:29:
0f:a7:d3:29:2d:3a:3c:ae:af:4d:48:ba:2e:a2:b2:be:47:d5:
04:e6:8d:b6:af:6b:3d:c1:d7:04:a3:42:e7:95:8c:d5:c4:24:
b8:19:00:6e:ef:bb:55:65:4d:7e:87:8c:76:68:09:9f:93:7d:
b7:fe:0f:16:4f:ba:12:5b:c7:26:ee:62:22:b8:b1:7f:b0:4c:
3a:d1:36:94:88:5e:5f:f6:10:32:c7:7d:90:39:76:91:5d:bd:
be:63:e6:89:74:62:95:0c:25:85:2b:87:6d:87:39:49:5f:f0:
01:73:06:da:e1:8f:3f:b7:0e:d0:e1:8d:6a:1f:f4:be:30:21:
67:2b:33:fb:47:f2:05:9f:c4:45:85:95:9d:91:df:3c:90:c7:
05:b2:38:08:7c:25:32:da:b6:1b:25:a4:5f:e5:df:12:64:be:
c0:5f:93:73:60:18:2e:3a:df:af:ef:9a:08:16:ea:39:6d:4e:
69:4e:30:b8:ee:c3:52:20:6d:de:d3:9c:9d:6b:4e:f8:05:2b:
e2:8f:68:50
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZh/ZvO9S/1+wYkoBkpFzYTgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwODA2MTI0MTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzgwOGU2ZGE3YzhkNWE1YWRmNDZjNzY0OGI1NWE4ZGFkNWM2Y2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGTEeXO9Hu3QqyHRS/n9ShXIMyw7
sZCl+qcLWK8la42U72/4+Ukh9gKLdLFm3pmSw22IFT3eeh8JezIrlTHSs7QjwW2C
uWcNmRQ8eOSQ6w+DSb6nyqvOkubJGsXKqBho2CLFe6cblnqnAX1EX2IbzH7IUgra
IgYkA6I/snZ9s6NlKfGhNBtwyCimJ59+L3ZFEcdHVqV9Vq4XwbgFxRZLjbL3rez9
/XwQ1qN1OwFmvswLI9Cfm7CFPQAeQENYHo6d8Z5Rq7SHqFk4zOM+V1a9YC1ITV/b
LLEKZvYrZfCrTpYx+vSJLq4ly3IeVKhL+8HfqKfiAetb5j22ge14Rz4o7wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFyAjm2nyNWlrfRsdki1Wo2tXGzQMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvWElDT2JhZkkxYVd0OUd4MlNMVmFqYTFjYk5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgwoRAMF
ACoSLMYDBQEqEjvAMA0GCSqGSIb3DQEBCwUAA4IBAQAA4tRGi8rwqmfG0FJCw9wC
r0uJgWALMVFj1PHJD32zyKmfnPqw44AZELIFdvb8Ni8cuT+31CkPp9MpLTo8rq9N
SLouorK+R9UE5o22r2s9wdcEo0LnlYzVxCS4GQBu77tVZU1+h4x2aAmfk323/g8W
T7oSW8cm7mIiuLF/sEw60TaUiF5f9hAyx32QOXaRXb2+Y+aJdGKVDCWFK4dthzlJ
X/ABcwba4Y8/tw7Q4Y1qH/S+MCFnKzP7R/IFn8RFhZWdkd88kMcFsjgIfCUy2rYb
JaRf5d8SZL7AX5NzYBguOt+v75oIFuo5bU5pTjC47sNSIG3e05yda074BSvij2hQ
-----END CERTIFICATE-----
Generated at Thu Aug 7 11:21:46 2025 by rpki-client