Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ab49f2-301d-4a36-86a3-3f8695d7e4df/1/lU_WZzSGPkN2lCXxCgcT0qQBuOo.roa
File: lU_WZzSGPkN2lCXxCgcT0qQBuOo.roa (raw, json)
Hash identifier: tCgmfSIJNiS09xw5Xo1JHjiKnprFuPx/FKkDIUMpTuk=
Subject key identifier: 95:4F:D6:67:34:86:3E:43:76:94:25:F1:0A:07:13:D2:A4:01:B8:EA
Certificate issuer: /CN=d2f3f8686b617c5f91c9bdc1973ba29a1e4a0906
Certificate serial: 019DE7B9D6CA4518374CFC0F4C5AF6E8E2A7
Authority key identifier: D2:F3:F8:68:6B:61:7C:5F:91:C9:BD:C1:97:3B:A2:9A:1E:4A:09:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0vP4aGthfF-Ryb3Blzuimh5KCQY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/ab49f2-301d-4a36-86a3-3f8695d7e4df/1/lU_WZzSGPkN2lCXxCgcT0qQBuOo.roa
Signing time: Sat 02 May 2026 08:06:49 +0000
ROA not before: Sat 02 May 2026 08:06:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 20473
IP address blocks: 2a0f:3e00::/29 maxlen: 32
2a10:1c80::/29 maxlen: 32
2a10:2500::/29 maxlen: 32
2a11:ed00::/29 maxlen: 32
2a11:ef00::/29 maxlen: 32
2a11:f100::/29 maxlen: 32
2a11:f300::/29 maxlen: 32
2a11:f500::/29 maxlen: 32
2a11:f900::/29 maxlen: 32
2a12:7240::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/01/ab49f2-301d-4a36-86a3-3f8695d7e4df/1/0vP4aGthfF-Ryb3Blzuimh5KCQY.crl
rsync://rpki.ripe.net/repository/DEFAULT/01/ab49f2-301d-4a36-86a3-3f8695d7e4df/1/0vP4aGthfF-Ryb3Blzuimh5KCQY.mft
rsync://rpki.ripe.net/repository/DEFAULT/0vP4aGthfF-Ryb3Blzuimh5KCQY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 11:01:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:e7:b9:d6:ca:45:18:37:4c:fc:0f:4c:5a:f6:e8:e2:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d2f3f8686b617c5f91c9bdc1973ba29a1e4a0906
Validity
Not Before: May 2 08:06:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=954fd66734863e43769425f10a0713d2a401b8ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:95:22:c0:34:c4:6b:75:93:42:96:5e:ad:1e:
61:cc:25:4f:9d:64:8e:da:a6:b8:9c:0b:09:08:fc:
9a:02:68:df:16:24:c3:93:87:ca:8d:04:0d:b9:ae:
4b:cc:3f:90:b4:7a:9c:8a:24:6a:be:0e:6b:2e:27:
9c:80:85:8b:aa:b5:43:00:fa:7f:d9:dd:11:00:23:
6d:2e:76:6c:06:c8:81:82:bb:26:4e:32:98:c5:4d:
d9:02:7c:fe:17:67:7e:75:45:a5:99:3a:28:d8:c8:
90:fe:35:72:74:1f:66:a5:23:ce:a4:b6:16:c8:2f:
5c:e9:9f:f0:eb:e6:b8:70:65:1d:31:71:48:a2:a9:
8e:0a:15:43:a8:54:fc:8f:f5:0d:39:4a:b3:55:ab:
70:84:b2:9c:a2:c6:75:89:c6:d0:38:e4:48:ab:22:
00:02:3a:78:25:5e:56:b2:6f:7d:a1:c6:10:ec:c6:
f7:af:cb:f2:57:a6:f4:c4:6a:10:0b:40:96:b6:06:
cb:a6:86:71:32:48:c1:7d:02:b8:bd:42:29:ea:88:
5b:16:e6:85:3e:33:8a:09:7e:11:40:4e:69:c3:43:
ea:21:59:40:77:90:54:63:95:fc:09:18:bf:1b:a6:
07:ff:8a:44:3e:e8:7b:83:8d:69:35:f7:21:4c:18:
d3:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:4F:D6:67:34:86:3E:43:76:94:25:F1:0A:07:13:D2:A4:01:B8:EA
X509v3 Authority Key Identifier:
keyid:D2:F3:F8:68:6B:61:7C:5F:91:C9:BD:C1:97:3B:A2:9A:1E:4A:09:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0vP4aGthfF-Ryb3Blzuimh5KCQY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ab49f2-301d-4a36-86a3-3f8695d7e4df/1/lU_WZzSGPkN2lCXxCgcT0qQBuOo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ab49f2-301d-4a36-86a3-3f8695d7e4df/1/0vP4aGthfF-Ryb3Blzuimh5KCQY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:3e00::/29
2a10:1c80::/29
2a10:2500::/29
2a11:ed00::/29
2a11:ef00::/29
2a11:f100::/29
2a11:f300::/29
2a11:f500::/29
2a11:f900::/29
2a12:7240::/29
Signature Algorithm: sha256WithRSAEncryption
7a:e6:4a:30:0d:f7:18:d7:e0:dd:81:57:88:39:78:9a:32:64:
ba:22:c7:1c:ac:ef:d2:de:08:fc:b5:73:c0:f6:8d:1f:69:69:
b3:ee:44:12:5d:d5:2c:2b:ae:0f:93:d2:94:f4:5e:90:85:90:
1b:b2:02:a1:fa:9f:11:d7:87:38:39:29:83:92:74:1f:21:20:
0e:bd:00:e1:4a:bc:8e:90:df:8f:f6:91:77:26:30:dc:54:c9:
15:94:7e:db:21:7e:89:ae:eb:9a:e3:8d:50:29:0a:2d:73:15:
1c:a8:d2:fe:8b:3e:06:f0:91:fe:54:31:c6:bd:95:ec:3b:49:
a0:5a:ff:22:39:09:52:3e:b4:c7:0e:5b:fc:e3:97:53:04:e4:
84:f0:35:ba:45:57:bc:15:98:5b:6b:79:00:76:96:53:8a:23:
96:c6:7c:73:d3:98:46:64:8b:67:0d:1c:f4:94:c6:43:0a:59:
ce:d0:a1:82:65:17:64:b5:a8:36:e9:cf:25:79:13:97:a9:1b:
64:69:f2:9b:38:87:bd:92:97:6d:b4:58:ad:b8:22:03:07:c0:
20:54:69:65:cf:27:16:2f:27:0f:93:ec:f6:9e:40:06:83:e8:
a4:ad:14:21:52:c0:8b:08:8b:cd:52:a8:0b:5c:e7:c7:3c:d4:
eb:e0:bf:33
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZ3nudbKRRg3TPwPTFr26OKnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyZjNmODY4NmI2MTdjNWY5MWM5YmRjMTk3M2JhMjlhMWU0
YTA5MDYwHhcNMjYwNTAyMDgwNjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTRmZDY2NzM0ODYzZTQzNzY5NDI1ZjEwYTA3MTNkMmE0MDFiOGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5UiwDTEa3WTQpZerR5hzCVPnWSO
2qa4nAsJCPyaAmjfFiTDk4fKjQQNua5LzD+QtHqciiRqvg5rLiecgIWLqrVDAPp/
2d0RACNtLnZsBsiBgrsmTjKYxU3ZAnz+F2d+dUWlmToo2MiQ/jVydB9mpSPOpLYW
yC9c6Z/w6+a4cGUdMXFIoqmOChVDqFT8j/UNOUqzVatwhLKcosZ1icbQOORIqyIA
Ajp4JV5Wsm99ocYQ7Mb3r8vyV6b0xGoQC0CWtgbLpoZxMkjBfQK4vUIp6ohbFuaF
PjOKCX4RQE5pw0PqIVlAd5BUY5X8CRi/G6YH/4pEPuh7g41pNfchTBjTEwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFJVP1mc0hj5DdpQl8QoHE9KkAbjqMB8GA1UdIwQY
MBaAFNLz+GhrYXxfkcm9wZc7opoeSgkGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHZQNGFHdGhmRi1SeWIzQmx6dWltaDVLQ1FZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hYjQ5ZjItMzAxZC00YTM2LTg2YTMt
M2Y4Njk1ZDdlNGRmLzEvbFVfV1p6U0dQa04ybENYeENnY1QwcVFCdU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hYjQ5ZjItMzAxZC00YTM2LTg2YTMtM2Y4Njk1ZDdlNGRm
LzEvMHZQNGFHdGhmRi1SeWIzQmx6dWltaDVLQ1FZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAAjBGAwUDKg8+AAMF
AyoQHIADBQMqECUAAwUDKhHtAAMFAyoR7wADBQMqEfEAAwUDKhHzAAMFAyoR9QAD
BQMqEfkAAwUDKhJyQDANBgkqhkiG9w0BAQsFAAOCAQEAeuZKMA33GNfg3YFXiDl4
mjJkuiLHHKzv0t4I/LVzwPaNH2lps+5EEl3VLCuuD5PSlPRekIWQG7ICofqfEdeH
ODkpg5J0HyEgDr0A4Uq8jpDfj/aRdyYw3FTJFZR+2yF+ia7rmuONUCkKLXMVHKjS
/os+BvCR/lQxxr2V7DtJoFr/IjkJUj60xw5b/OOXUwTkhPA1ukVXvBWYW2t5AHaW
U4ojlsZ8c9OYRmSLZw0c9JTGQwpZztChgmUXZLWoNunPJXkTl6kbZGnymziHvZKX
bbRYrbgiAwfAIFRpZc8nFi8nD5Ps9p5ABoPopK0UIVLAiwiLzVKoC1znxzzU6+C/
Mw==
-----END CERTIFICATE-----
Generated at Tue May 12 21:53:01 2026 by rpki-client