Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/KNNuaQBFjVM4qdMaB7UWNnS6AWI.roa
File: KNNuaQBFjVM4qdMaB7UWNnS6AWI.roa (raw, json)
Hash identifier: Q/rToyq2iR8m6rWdvFLxXk7Bzl+HpGn1ikTUqvJguUY=
Subject key identifier: 28:D3:6E:69:00:45:8D:53:38:A9:D3:1A:07:B5:16:36:74:BA:01:62
Certificate issuer: /CN=9e1533c4702c2ccb5a9e0e87ab27ad56b15f2c76
Certificate serial: 019D11976C83EA5C62314BD9F4B73EC8FBB0
Authority key identifier: 9E:15:33:C4:70:2C:2C:CB:5A:9E:0E:87:AB:27:AD:56:B1:5F:2C:76
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nhUzxHAsLMtang6HqyetVrFfLHY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/KNNuaQBFjVM4qdMaB7UWNnS6AWI.roa
Signing time: Sat 21 Mar 2026 18:10:29 +0000
ROA not before: Sat 21 Mar 2026 18:10:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 64445
IP address blocks: 91.193.55.0/24 maxlen: 24
2a12:e6c0::/32 maxlen: 64
2a12:e6c0:c50::/48 maxlen: 48
2a12:e6c0:1337::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/nhUzxHAsLMtang6HqyetVrFfLHY.crl
rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/nhUzxHAsLMtang6HqyetVrFfLHY.mft
rsync://rpki.ripe.net/repository/DEFAULT/nhUzxHAsLMtang6HqyetVrFfLHY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:11:97:6c:83:ea:5c:62:31:4b:d9:f4:b7:3e:c8:fb:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9e1533c4702c2ccb5a9e0e87ab27ad56b15f2c76
Validity
Not Before: Mar 21 18:10:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=28d36e6900458d5338a9d31a07b5163674ba0162
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:30:66:c8:5b:40:e8:9e:44:af:a1:28:9c:f9:
75:19:6f:40:f2:b0:3a:8c:c0:af:ca:7e:4a:57:f0:
ed:c5:d6:16:1d:da:9e:e5:bf:d0:39:7c:0e:1f:b9:
25:65:1d:7a:41:c3:d7:a2:49:9a:cc:19:5b:0a:8d:
2b:12:1e:a3:5f:82:89:db:5f:fa:20:22:2c:f7:c9:
27:3a:f0:24:8b:6e:50:79:a0:d6:b6:69:c6:65:dd:
b0:71:90:88:09:8a:b8:fc:11:a4:59:bf:86:28:14:
d2:94:d2:aa:28:6f:38:a9:bc:51:f6:af:f7:11:0e:
6e:2d:28:77:4f:bd:0a:51:15:26:3a:8b:76:17:2c:
53:aa:f9:ff:c1:9f:00:fe:76:df:6b:aa:e4:7d:14:
c5:8b:27:80:ea:50:75:e5:a3:fb:29:3b:94:fc:20:
74:e0:60:3a:81:00:6a:d7:93:8c:60:70:ec:66:f2:
3e:81:02:13:12:0f:7c:61:1a:af:75:03:28:c3:29:
18:7d:a7:cb:0d:ea:da:74:cd:08:e0:e9:0d:d8:01:
77:b8:9b:87:96:a0:f3:00:95:85:3a:04:4d:40:51:
8c:89:b7:de:81:e4:d9:eb:da:95:6f:c8:eb:c3:16:
82:c4:c2:27:d6:cf:d1:8b:8c:c0:e9:8a:e1:29:db:
ef:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:D3:6E:69:00:45:8D:53:38:A9:D3:1A:07:B5:16:36:74:BA:01:62
X509v3 Authority Key Identifier:
keyid:9E:15:33:C4:70:2C:2C:CB:5A:9E:0E:87:AB:27:AD:56:B1:5F:2C:76
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nhUzxHAsLMtang6HqyetVrFfLHY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/KNNuaQBFjVM4qdMaB7UWNnS6AWI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/nhUzxHAsLMtang6HqyetVrFfLHY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.193.55.0/24
IPv6:
2a12:e6c0::/32
Signature Algorithm: sha256WithRSAEncryption
30:20:07:91:bf:d2:2e:b2:ec:13:f9:89:0d:c8:57:d0:30:07:
ae:29:25:9b:51:cd:84:45:7e:0f:90:9d:e0:3e:8a:11:dc:dc:
73:a2:09:16:af:16:40:87:a7:0c:13:38:b8:82:26:b9:d9:36:
1b:b9:b0:75:4a:a7:43:96:56:ea:33:53:12:43:ea:39:47:e4:
47:7d:05:be:eb:aa:56:f1:a3:18:3e:5c:42:2e:b3:64:a9:89:
33:4a:eb:6e:af:57:cf:85:9e:2a:8c:8e:6a:1c:3b:ba:87:37:
fa:95:ab:71:2f:e6:bc:09:77:84:7c:6d:63:d2:63:c9:df:fb:
61:15:1a:37:7f:b0:da:69:8c:a5:52:0b:c5:2f:52:53:aa:4a:
aa:9a:bb:cd:be:12:bf:98:97:a3:fb:ee:2e:2e:93:00:41:c4:
e8:5d:42:6a:3b:63:0b:cc:fd:b9:dd:59:f9:1b:1b:d2:52:6e:
7c:07:6d:bf:65:d4:f3:bf:d8:6a:cb:31:ef:ee:a3:a0:88:f4:
07:3f:22:c6:c2:c1:a3:f1:4e:f4:1b:01:fe:17:ee:ba:c4:8a:
fa:d3:20:b5:0d:26:30:71:fd:da:e2:e2:6d:ea:0c:25:01:2e:
28:57:15:58:3d:68:8a:9f:d8:36:5f:02:0f:b1:f5:df:f1:34:
28:7d:84:77
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ0Rl2yD6lxiMUvZ9Lc+yPuwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMTUzM2M0NzAyYzJjY2I1YTllMGU4N2FiMjdhZDU2YjE1
ZjJjNzYwHhcNMjYwMzIxMTgxMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGQzNmU2OTAwNDU4ZDUzMzhhOWQzMWEwN2I1MTYzNjc0YmEwMTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDBmyFtA6J5Er6EonPl1GW9A8rA6
jMCvyn5KV/DtxdYWHdqe5b/QOXwOH7klZR16QcPXokmazBlbCo0rEh6jX4KJ21/6
ICIs98knOvAki25QeaDWtmnGZd2wcZCICYq4/BGkWb+GKBTSlNKqKG84qbxR9q/3
EQ5uLSh3T70KURUmOot2FyxTqvn/wZ8A/nbfa6rkfRTFiyeA6lB15aP7KTuU/CB0
4GA6gQBq15OMYHDsZvI+gQITEg98YRqvdQMowykYfafLDeradM0I4OkN2AF3uJuH
lqDzAJWFOgRNQFGMibfegeTZ69qVb8jrwxaCxMIn1s/Ri4zA6YrhKdvvbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCjTbmkARY1TOKnTGge1FjZ0ugFiMB8GA1UdIwQY
MBaAFJ4VM8RwLCzLWp4Oh6snrVaxXyx2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmhVenhIQXNMTXRhbmc2SHF5ZXRWckZmTEhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8yNjg4YjYtZGE3MC00YWJkLThmNTkt
MWE4MzFiNTk5YzE4LzEvS05OdWFRQkZqVk00cWRNYUI3VVdOblM2QVdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8yNjg4YjYtZGE3MC00YWJkLThmNTktMWE4MzFiNTk5YzE4
LzEvbmhVenhIQXNMTXRhbmc2SHF5ZXRWckZmTEhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8E3MA0E
AgACMAcDBQAqEubAMA0GCSqGSIb3DQEBCwUAA4IBAQAwIAeRv9IusuwT+YkNyFfQ
MAeuKSWbUc2ERX4PkJ3gPooR3NxzogkWrxZAh6cMEzi4gia52TYbubB1SqdDllbq
M1MSQ+o5R+RHfQW+66pW8aMYPlxCLrNkqYkzSutur1fPhZ4qjI5qHDu6hzf6latx
L+a8CXeEfG1j0mPJ3/thFRo3f7DaaYylUgvFL1JTqkqqmrvNvhK/mJej++4uLpMA
QcToXUJqO2MLzP253Vn5GxvSUm58B22/ZdTzv9hqyzHv7qOgiPQHPyLGwsGj8U70
GwH+F+66xIr60yC1DSYwcf3a4uJt6gwlAS4oVxVYPWiKn9g2XwIPsfXf8TQofYR3
-----END CERTIFICATE-----
Generated at Thu Mar 26 06:36:32 2026 by rpki-client