Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/i5NFOERwMKPd1G5rCIpENURG36Y.roa
File: i5NFOERwMKPd1G5rCIpENURG36Y.roa (raw, json)
Hash identifier: 84eBi/bngp6RmF/IJ2uqUJlCVKk6loTdhjQ26H2kbE8=
Subject key identifier: 8B:93:45:38:44:70:30:A3:DD:D4:6E:6B:08:8A:44:35:44:46:DF:A6
Certificate issuer: /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial: 019D249B6DB613640F3422BA57C042FE75EF
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/i5NFOERwMKPd1G5rCIpENURG36Y.roa
Signing time: Wed 25 Mar 2026 10:47:39 +0000
ROA not before: Wed 25 Mar 2026 10:47:39 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 14618
IP address blocks: 2a14:67c1:a128::/48 maxlen: 48
2a14:67c1:a129::/48 maxlen: 48
2a14:67c2:510::/48 maxlen: 48
2a14:67c2:576::/48 maxlen: 48
2a14:67c3:30::/44 maxlen: 44
2a14:67c3:180::/44 maxlen: 48
2a14:67c3:cafe::/48 maxlen: 48
2a14:67c3:e622::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 02:04:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:24:9b:6d:b6:13:64:0f:34:22:ba:57:c0:42:fe:75:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Validity
Not Before: Mar 25 10:47:39 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8b934538447030a3ddd46e6b088a44354446dfa6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:5b:b5:78:91:a1:71:48:7e:87:54:e4:d4:b0:
0b:d2:a8:22:b2:d3:51:bd:b2:e2:f6:35:cf:d6:13:
89:6c:db:71:39:eb:08:f5:8c:47:70:43:cd:a6:f4:
3d:f6:8e:78:48:e8:94:19:27:c9:ef:d7:4c:96:16:
c6:7b:e9:4a:82:c8:85:49:06:13:77:50:ee:1c:c6:
35:48:a1:2a:f8:d7:8e:1b:0c:45:e4:c2:5e:9c:0d:
19:99:82:68:8c:a6:0d:d6:5b:34:b7:d6:85:79:ec:
7d:19:78:87:4c:53:9f:62:e4:1e:a5:76:f3:f4:de:
f5:2d:38:1a:46:69:27:bc:34:1c:71:5c:eb:de:f0:
d7:9a:4a:87:6e:e3:00:b0:1d:29:35:c6:4d:30:da:
75:41:fa:ab:f6:86:e7:02:98:a5:5b:81:28:f8:39:
1b:30:9c:1e:82:93:7a:6a:51:15:14:e2:75:e4:b4:
f9:b4:f9:21:0c:d5:03:aa:c5:c2:d6:85:4a:d5:ec:
46:66:22:c1:f2:fe:7d:8f:2d:9f:d9:02:e3:e5:22:
41:02:cd:d3:10:89:c1:c8:95:25:19:e1:fe:58:5b:
0a:6a:81:95:c4:5f:b5:a2:07:03:43:7b:fb:89:ab:
32:4a:a2:c0:66:7b:2a:28:81:20:28:8d:5d:b0:48:
09:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:93:45:38:44:70:30:A3:DD:D4:6E:6B:08:8A:44:35:44:46:DF:A6
X509v3 Authority Key Identifier:
keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/i5NFOERwMKPd1G5rCIpENURG36Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:67c1:a128::/47
2a14:67c2:510::/48
2a14:67c2:576::/48
2a14:67c3:30::/44
2a14:67c3:180::/44
2a14:67c3:cafe::/48
2a14:67c3:e622::/48
Signature Algorithm: sha256WithRSAEncryption
8e:e2:7f:30:55:cc:dd:50:57:93:1f:4f:ec:dd:5d:ab:98:f8:
0f:49:a4:fa:77:eb:7c:f1:b7:d8:c9:e4:a3:cf:38:30:e8:00:
a7:86:74:38:e5:be:3d:cc:63:d8:4a:67:90:37:28:7c:d7:b6:
2e:d8:50:76:a3:2a:8b:5d:2f:ea:0d:47:a9:5b:d1:d8:89:92:
1a:b1:29:bd:cb:dd:3c:bd:e7:b2:8f:73:08:6a:3f:c5:da:03:
ba:96:51:60:a7:08:c2:62:4e:97:2b:33:f9:b9:35:05:04:a0:
e9:60:24:2a:65:92:6e:97:0e:d4:0c:3b:b7:5c:d2:3c:ca:26:
6d:82:a3:55:53:5b:5d:41:76:f9:12:a7:0d:80:a3:24:21:7a:
c3:4b:3e:dc:15:52:a4:51:3c:de:5c:fd:1a:03:57:b9:3d:e2:
0c:a6:43:80:a5:22:96:98:12:c1:b9:bd:d7:43:1e:f2:f9:d8:
54:70:bd:82:c1:d8:98:e6:00:cb:3e:b0:1e:2b:8f:ce:97:9c:
5f:23:62:4d:b3:69:63:ab:49:11:59:66:44:59:2d:2b:15:ef:
7e:80:42:a3:47:5f:b5:62:d8:43:4e:24:10:05:ad:1e:e6:f5:
e7:30:8b:23:92:6c:a1:da:8f:80:22:55:03:f8:46:a3:58:81:
c9:96:8b:ff
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZ0km222E2QPNCK6V8BC/nXvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwMzI1MTA0NzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjkzNDUzODQ0NzAzMGEzZGRkNDZlNmIwODhhNDQzNTQ0NDZkZmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Vu1eJGhcUh+h1Tk1LAL0qgistNR
vbLi9jXP1hOJbNtxOesI9YxHcEPNpvQ99o54SOiUGSfJ79dMlhbGe+lKgsiFSQYT
d1DuHMY1SKEq+NeOGwxF5MJenA0ZmYJojKYN1ls0t9aFeex9GXiHTFOfYuQepXbz
9N71LTgaRmknvDQccVzr3vDXmkqHbuMAsB0pNcZNMNp1Qfqr9obnApilW4Eo+Dkb
MJwegpN6alEVFOJ15LT5tPkhDNUDqsXC1oVK1exGZiLB8v59jy2f2QLj5SJBAs3T
EInByJUlGeH+WFsKaoGVxF+1ogcDQ3v7iasySqLAZnsqKIEgKI1dsEgJLQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFIuTRThEcDCj3dRuawiKRDVERt+mMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvaTVORk9FUndNS1BkMUc1ckNJcEVOVVJHMzZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAAjA/AwcBKhRnwaEo
AwcAKhRnwgUQAwcAKhRnwgV2AwcEKhRnwwAwAwcEKhRnwwGAAwcAKhRnw8r+AwcA
KhRnw+YiMA0GCSqGSIb3DQEBCwUAA4IBAQCO4n8wVczdUFeTH0/s3V2rmPgPSaT6
d+t88bfYyeSjzzgw6ACnhnQ45b49zGPYSmeQNyh817Yu2FB2oyqLXS/qDUepW9HY
iZIasSm9y908veeyj3MIaj/F2gO6llFgpwjCYk6XKzP5uTUFBKDpYCQqZZJulw7U
DDu3XNI8yiZtgqNVU1tdQXb5EqcNgKMkIXrDSz7cFVKkUTzeXP0aA1e5PeIMpkOA
pSKWmBLBub3XQx7y+dhUcL2CwdiY5gDLPrAeK4/Ol5xfI2JNs2ljq0kRWWZEWS0r
Fe9+gEKjR1+1YthDTiQQBa0e5vXnMIsjkmyh2o+AIlUD+EajWIHJlov/
-----END CERTIFICATE-----
Generated at Thu Mar 26 14:01:56 2026 by rpki-client