Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/DQY7j2-OG0lDZD2MiFnnmzmwH-M.roa
File: DQY7j2-OG0lDZD2MiFnnmzmwH-M.roa (raw, json)
Hash identifier: ooLcw4JLzuab34Xk7bf69oDyAoGcdWX6AC4IG54q+fY=
Subject key identifier: 0D:06:3B:8F:6F:8E:1B:49:43:64:3D:8C:88:59:E7:9B:39:B0:1F:E3
Certificate issuer: /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial: 019E0683C7C0864B74907B9B40C16A88B7CC
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/DQY7j2-OG0lDZD2MiFnnmzmwH-M.roa
Signing time: Fri 08 May 2026 07:36:00 +0000
ROA not before: Fri 08 May 2026 07:36:00 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 31898
IP address blocks: 2a14:67c1:a123::/48 maxlen: 48
2a14:67c1:a129::/48 maxlen: 48
2a14:67c1:b147::/48 maxlen: 48
2a14:67c1:c300::/40 maxlen: 48
2a14:67c1:c700::/48 maxlen: 48
2a14:67c2:3f0::/48 maxlen: 48
2a14:67c2:3f1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:06:83:c7:c0:86:4b:74:90:7b:9b:40:c1:6a:88:b7:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Validity
Not Before: May 8 07:36:00 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0d063b8f6f8e1b4943643d8c8859e79b39b01fe3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:b7:4f:67:56:40:bc:b8:9c:83:c7:17:00:5e:
92:19:58:2a:91:26:b1:f4:5b:92:26:c3:74:4a:db:
a9:95:45:3b:f9:ae:ba:ba:d9:1c:31:d1:62:c2:d6:
44:d6:f8:14:71:15:54:c8:36:3d:91:9d:db:76:d9:
26:57:50:d8:55:b2:22:9e:a0:52:47:98:fc:e8:e0:
5f:70:6b:2e:01:fd:1f:5c:b6:e7:e1:dd:b2:ff:f3:
b6:97:97:e3:81:b2:9c:12:39:ca:2e:f7:40:75:ba:
dd:33:3c:54:a8:e3:f7:b5:5b:b9:c9:43:a1:7d:d7:
0b:4f:c1:ec:7e:43:c7:8f:f4:a8:15:d7:7d:fc:5e:
84:48:8a:54:d4:10:af:d6:c5:28:24:26:8f:69:1a:
77:c1:98:78:88:98:07:f1:e9:9e:3b:17:5f:72:94:
94:64:c2:73:30:c0:a8:ba:5b:1a:61:ab:7b:a2:0b:
28:17:67:95:9f:da:9b:9e:da:5d:84:f1:7b:7b:11:
ce:0a:3a:ab:85:31:ed:d8:e3:a5:2b:2d:26:fc:21:
ed:dd:77:fa:58:25:2e:af:20:f5:66:6b:3c:19:82:
f8:96:80:e0:ef:bc:39:7b:af:86:6c:5b:8a:8c:f6:
ae:d8:46:7b:b0:5d:9f:bb:b8:da:56:cb:d8:bf:88:
fe:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:06:3B:8F:6F:8E:1B:49:43:64:3D:8C:88:59:E7:9B:39:B0:1F:E3
X509v3 Authority Key Identifier:
keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/DQY7j2-OG0lDZD2MiFnnmzmwH-M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:67c1:a123::/48
2a14:67c1:a129::/48
2a14:67c1:b147::/48
2a14:67c1:c300::/40
2a14:67c1:c700::/48
2a14:67c2:3f0::/47
Signature Algorithm: sha256WithRSAEncryption
97:d1:ae:36:07:e4:59:11:02:2f:1f:07:fc:9e:df:36:3a:27:
f2:2b:8c:63:3f:3f:71:22:0e:2d:47:0b:34:5b:86:d9:49:58:
e1:83:2f:a6:04:f0:41:07:11:6c:9b:cf:94:50:37:8e:81:14:
d2:b3:ab:bb:d5:7a:de:1e:65:e6:89:e8:67:0a:fb:50:39:4d:
77:45:9b:d1:3f:a2:64:ee:a8:fa:6c:3c:6e:ad:d8:84:6d:19:
db:b9:57:a0:7c:f4:b4:e0:b4:d9:28:75:7b:06:91:27:b6:15:
c6:ec:2c:c8:de:64:df:50:33:19:cf:d6:53:78:ed:5e:a0:47:
fc:65:de:24:b8:ad:79:77:04:f5:e9:0a:59:c4:b4:3c:58:82:
72:ea:7a:76:81:a8:e7:d6:71:bf:e9:8b:0b:c8:a7:de:b1:27:
09:4f:8e:d9:01:77:53:23:ff:70:30:81:47:c1:66:8d:c7:12:
df:da:73:c2:30:a2:bf:dc:17:90:a9:ab:f6:16:8a:55:24:71:
3c:2b:8c:76:d3:44:ce:2c:9d:91:44:6a:27:01:1d:a3:99:0f:
e4:a9:97:e2:2e:6a:4c:1e:97:7c:ba:9c:43:85:81:28:ec:83:
a7:8e:36:5c:e0:27:87:a4:f0:7b:a8:a5:16:a3:dd:07:65:1a:
a9:df:92:41
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZ4Gg8fAhkt0kHubQMFqiLfMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwNTA4MDczNjAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDA2M2I4ZjZmOGUxYjQ5NDM2NDNkOGM4ODU5ZTc5YjM5YjAxZmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7dPZ1ZAvLicg8cXAF6SGVgqkSax
9FuSJsN0StuplUU7+a66utkcMdFiwtZE1vgUcRVUyDY9kZ3bdtkmV1DYVbIinqBS
R5j86OBfcGsuAf0fXLbn4d2y//O2l5fjgbKcEjnKLvdAdbrdMzxUqOP3tVu5yUOh
fdcLT8HsfkPHj/SoFdd9/F6ESIpU1BCv1sUoJCaPaRp3wZh4iJgH8emeOxdfcpSU
ZMJzMMCoulsaYat7ogsoF2eVn9qbntpdhPF7exHOCjqrhTHt2OOlKy0m/CHt3Xf6
WCUuryD1Zms8GYL4loDg77w5e6+GbFuKjPau2EZ7sF2fu7jaVsvYv4j+LwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFA0GO49vjhtJQ2Q9jIhZ55s5sB/jMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvRFFZN2oyLU9HMGxEWkQyTWlGbm5tem13SC1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTA7BAIAAjA1AwcAKhRnwaEj
AwcAKhRnwaEpAwcAKhRnwbFHAwYAKhRnwcMDBwAqFGfBxwADBwEqFGfCA/AwDQYJ
KoZIhvcNAQELBQADggEBAJfRrjYH5FkRAi8fB/ye3zY6J/IrjGM/P3EiDi1HCzRb
htlJWOGDL6YE8EEHEWybz5RQN46BFNKzq7vVet4eZeaJ6GcK+1A5TXdFm9E/omTu
qPpsPG6t2IRtGdu5V6B89LTgtNkodXsGkSe2FcbsLMjeZN9QMxnP1lN47V6gR/xl
3iS4rXl3BPXpClnEtDxYgnLqenaBqOfWcb/piwvIp96xJwlPjtkBd1Mj/3AwgUfB
Zo3HEt/ac8Iwor/cF5Cpq/YWilUkcTwrjHbTRM4snZFEaicBHaOZD+Spl+Iuakwe
l3y6nEOFgSjsg6eONlzgJ4ek8HuopRaj3QdlGqnfkkE=
-----END CERTIFICATE-----
Generated at Tue May 12 21:53:11 2026 by rpki-client