Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/UU4Nn9U7-uXNqfOf9SK3ddWiZds.roa
File: UU4Nn9U7-uXNqfOf9SK3ddWiZds.roa (raw, json)
Hash identifier: s3K71ckn1TIBiq0B/YlfctKb0kcxSUboKcTu8T0r3JY=
Subject key identifier: 51:4E:0D:9F:D5:3B:FA:E5:CD:A9:F3:9F:F5:22:B7:75:D5:A2:65:DB
Certificate issuer: /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial: 019A163ACAFFD312CFB691527012AA034E69
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/UU4Nn9U7-uXNqfOf9SK3ddWiZds.roa
Signing time: Fri 24 Oct 2025 12:39:03 +0000
ROA not before: Fri 24 Oct 2025 12:39:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42881
IP address blocks: 2a09:6282::/32 maxlen: 32
2a09:e2c0::/32 maxlen: 32
2a09:e2c1::/32 maxlen: 32
2a09:e2c2::/32 maxlen: 32
2a09:e2c3::/32 maxlen: 32
2a09:e2c4::/32 maxlen: 32
2a09:e2c5::/32 maxlen: 32
2a09:e2c6::/32 maxlen: 32
2a09:e2c7::/32 maxlen: 32
2a10:4107::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 09:00:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:16:3a:ca:ff:d3:12:cf:b6:91:52:70:12:aa:03:4e:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Validity
Not Before: Oct 24 12:39:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=514e0d9fd53bfae5cda9f39ff522b775d5a265db
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:ce:b2:55:fd:bb:ac:1b:67:1d:d0:e3:02:47:
12:d0:0a:23:49:f8:2a:67:78:2b:b8:47:98:0b:52:
65:11:7c:d3:f4:bc:1d:ab:b9:c3:93:0c:ec:0b:be:
99:2e:55:33:7d:b5:b3:e2:ac:e4:ee:ba:25:a0:d5:
17:9b:00:e0:07:3e:2b:d7:62:fc:eb:6f:e5:1b:69:
29:dd:20:5c:a7:f2:8a:91:16:87:20:74:72:6a:d2:
e1:fe:aa:49:ee:65:fc:ba:cc:e6:5e:21:fd:13:7c:
77:23:9d:f7:bb:8f:01:1c:bc:20:9a:17:14:8d:6c:
40:4c:63:ca:5b:f7:7d:79:d0:4b:2c:44:f1:33:11:
52:d6:b4:45:1d:68:16:bd:bb:16:bf:ad:93:cb:ae:
90:ea:0c:22:78:6e:63:a9:42:1e:b2:30:d9:7a:52:
0b:1b:2a:91:5c:72:38:f5:c0:37:d0:7b:05:dc:6a:
1f:59:03:f7:c1:26:ea:4c:91:49:0c:a9:95:b0:b2:
3e:1c:2e:b6:d1:74:c0:c6:8c:80:b6:8f:c3:5c:a1:
bf:39:87:9e:2b:1f:66:0d:2c:4e:5a:bf:c1:7b:2a:
b0:5f:8f:ae:0c:42:7d:d8:c7:03:d4:a1:35:eb:82:
e3:70:32:56:bf:45:ae:6e:66:3e:21:3c:61:26:8b:
db:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:4E:0D:9F:D5:3B:FA:E5:CD:A9:F3:9F:F5:22:B7:75:D5:A2:65:DB
X509v3 Authority Key Identifier:
keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/UU4Nn9U7-uXNqfOf9SK3ddWiZds.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:6282::/32
2a09:e2c0::/29
2a10:4107::/32
Signature Algorithm: sha256WithRSAEncryption
cc:80:b3:a7:8e:df:7d:d2:c4:7d:df:dc:24:fd:d1:5d:d2:40:
17:24:b3:30:ef:85:ce:41:2b:99:f3:4a:cb:f8:61:6a:52:0e:
52:35:59:61:77:99:64:cf:a5:de:2d:d2:5d:db:ad:ac:ce:0d:
0f:87:da:92:d3:a4:39:8b:6d:40:c2:9e:85:92:93:d4:07:a0:
7a:e1:92:e8:11:ad:a6:4a:c0:0a:09:66:7e:ad:9c:9e:74:26:
56:5b:20:d9:ee:75:9b:f7:41:61:de:58:7d:8e:98:06:e5:99:
4f:7a:e3:41:67:98:35:e5:ba:e7:92:a1:89:ff:4d:ad:8b:06:
09:61:68:6c:3b:ee:e8:ab:89:ba:98:d4:f5:fa:e7:97:4b:ac:
30:29:50:56:0b:d9:2b:32:00:fc:1c:e7:ca:f6:b2:67:8a:5a:
64:5f:32:8e:20:b5:e6:8b:39:e2:a3:ed:8c:96:71:1b:1e:71:
36:8e:3e:98:d2:b2:e2:10:49:c6:7d:cb:13:93:70:65:60:2f:
48:30:4e:9e:a1:b7:9e:ef:5c:f1:6a:28:0b:1b:10:94:18:71:
20:01:a6:49:c7:73:bc:af:3f:ef:23:f0:7a:b4:c0:ef:71:f9:
38:43:95:30:62:be:75:36:b3:54:f1:80:d3:9d:7e:f6:74:98:
03:fb:2d:9b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZoWOsr/0xLPtpFScBKqA05pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUxMDI0MTIzOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTRlMGQ5ZmQ1M2JmYWU1Y2RhOWYzOWZmNTIyYjc3NWQ1YTI2NWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqM6yVf27rBtnHdDjAkcS0AojSfgq
Z3gruEeYC1JlEXzT9Lwdq7nDkwzsC76ZLlUzfbWz4qzk7roloNUXmwDgBz4r12L8
62/lG2kp3SBcp/KKkRaHIHRyatLh/qpJ7mX8uszmXiH9E3x3I533u48BHLwgmhcU
jWxATGPKW/d9edBLLETxMxFS1rRFHWgWvbsWv62Ty66Q6gwieG5jqUIesjDZelIL
GyqRXHI49cA30HsF3GofWQP3wSbqTJFJDKmVsLI+HC620XTAxoyAto/DXKG/OYee
Kx9mDSxOWr/BeyqwX4+uDEJ92McD1KE164LjcDJWv0WubmY+ITxhJovb7wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFFODZ/VO/rlzanzn/Uit3XVomXbMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvVVU0Tm45VTctdVhOcWZPZjlTSzNkZFdpWmRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgliggMF
AyoJ4sADBQAqEEEHMA0GCSqGSIb3DQEBCwUAA4IBAQDMgLOnjt990sR939wk/dFd
0kAXJLMw74XOQSuZ80rL+GFqUg5SNVlhd5lkz6XeLdJd262szg0Ph9qS06Q5i21A
wp6FkpPUB6B64ZLoEa2mSsAKCWZ+rZyedCZWWyDZ7nWb90Fh3lh9jpgG5ZlPeuNB
Z5g15brnkqGJ/02tiwYJYWhsO+7oq4m6mNT1+ueXS6wwKVBWC9krMgD8HOfK9rJn
ilpkXzKOILXmiznio+2MlnEbHnE2jj6Y0rLiEEnGfcsTk3BlYC9IME6eobee71zx
aigLGxCUGHEgAaZJx3O8rz/vI/B6tMDvcfk4Q5UwYr51NrNU8YDTnX72dJgD+y2b
-----END CERTIFICATE-----
Generated at Wed Nov 5 19:05:41 2025 by rpki-client