Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/KLUXDZMxyyRyCwYraujCeLXcq4I.roa
File: KLUXDZMxyyRyCwYraujCeLXcq4I.roa (raw, json)
Hash identifier: rSJ+e284oz5lMB+bDzv7cN4w5yuHBdQ+/Ck3DvIsrIw=
Subject key identifier: 28:B5:17:0D:93:31:CB:24:72:0B:06:2B:6A:E8:C2:78:B5:DC:AB:82
Certificate issuer: /CN=4ba7b24f87ea51446d519afd4fe60419198ec012
Certificate serial: 019DDDA4380860EF7A10CF39C5116E572409
Authority key identifier: 4B:A7:B2:4F:87:EA:51:44:6D:51:9A:FD:4F:E6:04:19:19:8E:C0:12
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S6eyT4fqUURtUZr9T-YEGRmOwBI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/KLUXDZMxyyRyCwYraujCeLXcq4I.roa
Signing time: Thu 30 Apr 2026 09:07:00 +0000
ROA not before: Thu 30 Apr 2026 09:07:00 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 49010
IP address blocks: 84.252.76.0/22 maxlen: 22
86.62.24.0/22 maxlen: 22
91.207.2.0/23 maxlen: 23
109.232.72.0/21 maxlen: 21
185.20.140.0/22 maxlen: 22
193.187.164.0/22 maxlen: 22
2a00:19f8::/32 maxlen: 32
2a09:5500::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/S6eyT4fqUURtUZr9T-YEGRmOwBI.crl
rsync://rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/S6eyT4fqUURtUZr9T-YEGRmOwBI.mft
rsync://rpki.ripe.net/repository/DEFAULT/S6eyT4fqUURtUZr9T-YEGRmOwBI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 18:01:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:dd:a4:38:08:60:ef:7a:10:cf:39:c5:11:6e:57:24:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4ba7b24f87ea51446d519afd4fe60419198ec012
Validity
Not Before: Apr 30 09:07:00 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=28b5170d9331cb24720b062b6ae8c278b5dcab82
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:1c:4f:90:27:39:65:b0:c8:d7:be:9d:89:ff:
48:a7:8a:6a:b0:b1:55:ce:4e:bb:bf:6e:e8:bd:a3:
a9:01:e0:62:f1:94:16:54:47:87:04:f0:c7:5f:2c:
69:c9:72:ba:7c:56:56:11:54:0f:8f:da:ed:d6:fc:
24:7c:bb:60:8e:a5:d0:31:03:ea:e4:66:cf:4b:6a:
d6:cc:43:cf:38:dc:e1:61:f9:93:51:5f:c8:f8:79:
0c:47:37:65:55:cd:0a:c9:74:89:b6:97:54:25:c4:
84:28:fb:b0:f5:45:fd:a0:90:8b:ed:72:f8:3d:fb:
c0:9c:33:92:22:a6:65:2c:26:02:ee:13:b8:64:f2:
ba:77:b4:6f:06:5c:b6:72:a8:5e:73:29:53:79:6c:
d9:07:75:b2:aa:72:60:01:0f:87:93:4b:50:03:07:
ff:19:a1:fc:86:d9:27:a1:a1:0e:31:ff:59:5d:a1:
d9:e0:fd:65:f9:26:e7:86:ac:e0:ee:f1:52:e1:9c:
41:f4:6a:c1:87:cb:7c:33:50:36:28:48:9a:b0:df:
c8:17:2b:b5:12:18:5e:2a:f4:70:14:6a:27:19:3d:
c9:bd:11:08:6c:22:a4:5b:ec:45:03:56:d1:19:3e:
f0:8a:c9:9b:1a:27:97:53:16:da:b8:bd:43:5e:ea:
97:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:B5:17:0D:93:31:CB:24:72:0B:06:2B:6A:E8:C2:78:B5:DC:AB:82
X509v3 Authority Key Identifier:
keyid:4B:A7:B2:4F:87:EA:51:44:6D:51:9A:FD:4F:E6:04:19:19:8E:C0:12
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S6eyT4fqUURtUZr9T-YEGRmOwBI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/KLUXDZMxyyRyCwYraujCeLXcq4I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/S6eyT4fqUURtUZr9T-YEGRmOwBI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.252.76.0/22
86.62.24.0/22
91.207.2.0/23
109.232.72.0/21
185.20.140.0/22
193.187.164.0/22
IPv6:
2a00:19f8::/32
2a09:5500::/29
Signature Algorithm: sha256WithRSAEncryption
31:16:54:f2:1c:73:bf:ce:ce:8f:9f:ff:09:40:c7:3a:ee:b5:
98:c4:16:e8:fc:6a:21:68:8d:86:ae:f0:3e:09:67:b1:d2:90:
7d:1e:d9:57:1d:a3:d6:d2:fa:99:18:ce:2d:99:38:df:26:82:
dc:89:39:cb:0d:72:85:6c:fb:9e:a1:54:e0:fd:ba:97:05:bd:
44:5f:66:16:fd:49:b0:a0:a4:c1:bb:dc:68:88:3e:27:30:2a:
41:71:d1:c1:f7:f0:b2:23:25:e8:92:ee:4d:16:85:bf:f1:8a:
81:30:85:c4:63:6c:a0:44:3d:a3:6a:af:af:bc:a7:01:12:ff:
90:c3:f3:3f:f8:e0:ff:1c:b2:12:e6:40:45:dc:6b:ef:a4:de:
89:23:c9:3c:b8:a6:90:48:e3:10:6a:6c:bb:47:24:ed:a3:b6:
ad:6d:d7:22:e5:91:42:50:f2:63:b5:76:d2:24:9b:61:a6:08:
f8:a5:1b:e9:4a:45:55:d5:5b:1d:c9:0d:df:9a:f9:f6:13:d2:
e5:ef:2c:44:1a:c5:07:55:f0:09:52:30:3d:c3:b4:81:74:2f:
43:e1:b7:53:f1:4b:0a:ce:dd:99:27:82:ba:ef:70:8a:32:9b:
07:95:57:79:b3:c4:dc:fc:19:c8:00:b4:0e:62:ec:f1:32:44:
9c:9b:22:e8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZ3dpDgIYO96EM85xRFuVyQJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiYTdiMjRmODdlYTUxNDQ2ZDUxOWFmZDRmZTYwNDE5MTk4
ZWMwMTIwHhcNMjYwNDMwMDkwNzAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGI1MTcwZDkzMzFjYjI0NzIwYjA2MmI2YWU4YzI3OGI1ZGNhYjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRxPkCc5ZbDI176dif9Ip4pqsLFV
zk67v27ovaOpAeBi8ZQWVEeHBPDHXyxpyXK6fFZWEVQPj9rt1vwkfLtgjqXQMQPq
5GbPS2rWzEPPONzhYfmTUV/I+HkMRzdlVc0KyXSJtpdUJcSEKPuw9UX9oJCL7XL4
PfvAnDOSIqZlLCYC7hO4ZPK6d7RvBly2cqhecylTeWzZB3WyqnJgAQ+Hk0tQAwf/
GaH8htknoaEOMf9ZXaHZ4P1l+Sbnhqzg7vFS4ZxB9GrBh8t8M1A2KEiasN/IFyu1
EhheKvRwFGonGT3JvREIbCKkW+xFA1bRGT7wismbGieXUxbauL1DXuqXfQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFCi1Fw2TMcskcgsGK2rowni13KuCMB8GA1UdIwQY
MBaAFEunsk+H6lFEbVGa/U/mBBkZjsASMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzZleVQ0ZnFVVVJ0VVpyOVQtWUVHUm1Pd0JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi8zMWZkZWQtNmZkZS00NWNlLWIzNTgt
YTI2ODg5ZWUyMmMyLzEvS0xVWERaTXh5eVJ5Q3dZcmF1akNlTFhjcTRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi8zMWZkZWQtNmZkZS00NWNlLWIzNTgtYTI2ODg5ZWUyMmMy
LzEvUzZleVQ0ZnFVVVJ0VVpyOVQtWUVHUm1Pd0JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQCVPxMAwQC
Vj4YAwQBW88CAwQDbehIAwQCuRSMAwQCwbukMBQEAgACMA4DBQAqABn4AwUDKglV
ADANBgkqhkiG9w0BAQsFAAOCAQEAMRZU8hxzv87Oj5//CUDHOu61mMQW6PxqIWiN
hq7wPglnsdKQfR7ZVx2j1tL6mRjOLZk43yaC3Ik5yw1yhWz7nqFU4P26lwW9RF9m
Fv1JsKCkwbvcaIg+JzAqQXHRwffwsiMl6JLuTRaFv/GKgTCFxGNsoEQ9o2qvr7yn
ARL/kMPzP/jg/xyyEuZARdxr76TeiSPJPLimkEjjEGpsu0ck7aO2rW3XIuWRQlDy
Y7V20iSbYaYI+KUb6UpFVdVbHckN35r59hPS5e8sRBrFB1XwCVIwPcO0gXQvQ+G3
U/FLCs7dmSeCuu9wijKbB5VXebPE3PwZyAC0DmLs8TJEnJsi6A==
-----END CERTIFICATE-----
Generated at Wed May 13 02:47:57 2026 by rpki-client