Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/d7ab0c-3c22-4c61-a201-dd6cc97c9bdd/1/yQjAs4xF22oRn2TDP5OhDwh_HPQ.roa
File: yQjAs4xF22oRn2TDP5OhDwh_HPQ.roa (raw, json)
Hash identifier: oDeuw6jGraU/69aT8Ow6CZRe31AKBkCRzLeWSGLimD0=
Subject key identifier: C9:08:C0:B3:8C:45:DB:6A:11:9F:64:C3:3F:93:A1:0F:08:7F:1C:F4
Certificate issuer: /CN=55b296d6b534fe3a32cc1c3a4e81358f216c93c7
Certificate serial: 019DF83D7C1C3C337A262DAA3F8A474F78C3
Authority key identifier: 55:B2:96:D6:B5:34:FE:3A:32:CC:1C:3A:4E:81:35:8F:21:6C:93:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VbKW1rU0_joyzBw6ToE1jyFsk8c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/32/d7ab0c-3c22-4c61-a201-dd6cc97c9bdd/1/yQjAs4xF22oRn2TDP5OhDwh_HPQ.roa
Signing time: Tue 05 May 2026 13:04:32 +0000
ROA not before: Tue 05 May 2026 13:04:32 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 0
IP address blocks: 2a02:569::/32 maxlen: 32
2a02:56a::/32 maxlen: 48
2a02:56b::/32 maxlen: 48
2a02:56c::/32 maxlen: 48
2a02:56d::/32 maxlen: 48
2a02:56e::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/32/d7ab0c-3c22-4c61-a201-dd6cc97c9bdd/1/VbKW1rU0_joyzBw6ToE1jyFsk8c.crl
rsync://rpki.ripe.net/repository/DEFAULT/32/d7ab0c-3c22-4c61-a201-dd6cc97c9bdd/1/VbKW1rU0_joyzBw6ToE1jyFsk8c.mft
rsync://rpki.ripe.net/repository/DEFAULT/VbKW1rU0_joyzBw6ToE1jyFsk8c.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:f8:3d:7c:1c:3c:33:7a:26:2d:aa:3f:8a:47:4f:78:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=55b296d6b534fe3a32cc1c3a4e81358f216c93c7
Validity
Not Before: May 5 13:04:32 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c908c0b38c45db6a119f64c33f93a10f087f1cf4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:97:b7:5a:09:30:57:32:6d:3c:9a:d6:2d:44:
a8:63:17:7b:31:dc:81:0a:6b:db:0a:0f:c5:15:ec:
20:4e:0a:1d:b3:90:b5:eb:30:e6:05:81:06:c0:e6:
e7:d1:ca:5e:c4:8f:ab:3a:a9:8a:05:8e:c7:bb:be:
73:8a:09:77:15:ab:c3:5a:1a:5c:67:17:e5:31:56:
88:cb:ff:b4:e9:06:4a:4e:41:d9:32:46:26:e4:9c:
f2:6f:d9:a3:f0:5c:1f:32:27:c1:90:b3:cf:cc:b7:
27:4c:01:d0:4b:e6:ac:36:7e:fb:98:6a:5a:c9:ea:
36:62:00:7b:59:ab:59:55:aa:fc:2f:d6:f7:40:b1:
c8:37:32:c1:7d:12:57:9d:42:66:37:9b:dd:ec:34:
59:31:f2:44:b7:ad:1a:7b:8d:83:ff:7b:67:fd:38:
ed:96:a8:d6:63:9c:8c:73:1b:24:9f:c9:38:7b:14:
d6:03:e0:56:09:7a:4f:87:d8:e0:af:a3:ee:67:7d:
ab:c0:c6:f0:b7:4a:6a:e5:73:05:db:f9:77:7e:5b:
86:06:4c:91:2d:7a:ff:da:1c:cc:45:70:eb:3c:fa:
e0:2f:36:96:de:ed:ea:d5:80:bd:3c:17:1a:a2:e5:
5e:f6:65:fd:ba:bf:58:7b:f7:9f:76:ad:2c:da:8d:
0b:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:08:C0:B3:8C:45:DB:6A:11:9F:64:C3:3F:93:A1:0F:08:7F:1C:F4
X509v3 Authority Key Identifier:
keyid:55:B2:96:D6:B5:34:FE:3A:32:CC:1C:3A:4E:81:35:8F:21:6C:93:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbKW1rU0_joyzBw6ToE1jyFsk8c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/d7ab0c-3c22-4c61-a201-dd6cc97c9bdd/1/yQjAs4xF22oRn2TDP5OhDwh_HPQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/32/d7ab0c-3c22-4c61-a201-dd6cc97c9bdd/1/VbKW1rU0_joyzBw6ToE1jyFsk8c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a02:569::-2a02:56e:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
c9:f3:8c:71:84:c2:c0:28:ac:8f:0c:74:5e:4a:f8:20:f8:99:
69:e4:59:e4:b8:56:a4:ea:d5:90:df:8c:90:1c:95:2e:ae:fd:
0b:ef:d8:12:18:c8:69:10:62:57:9f:c1:c1:9f:95:a1:cd:83:
92:9f:f9:0d:04:91:5f:61:6d:8d:bf:da:cd:89:59:50:9e:70:
96:59:7e:7a:d3:9a:05:f4:89:d3:81:eb:cf:23:da:40:6c:a3:
48:ac:ad:5c:94:00:3b:df:93:ae:d7:f0:86:bc:b5:32:bf:22:
f7:39:01:db:3c:05:3f:6b:79:05:05:ea:92:75:60:a6:c9:69:
2c:84:0d:c0:09:b9:ef:99:7b:8d:5f:ca:aa:36:33:05:84:c3:
54:50:92:ad:71:16:82:7f:dd:05:09:4c:ee:bb:06:3f:50:7d:
c8:1f:b2:e3:21:2e:37:e5:c5:7f:8f:32:27:a0:63:26:ec:3e:
22:96:74:f4:c2:db:d0:ab:77:b4:21:6c:e4:58:ee:87:33:ed:
df:a4:1c:f9:3f:f2:c1:89:8a:e5:50:d2:09:48:d5:9f:c1:39:
ec:d9:96:ab:83:e4:d5:e5:33:4e:26:4c:75:c3:93:98:57:13:
3d:44:79:96:c4:22:f1:8e:18:b5:4d:56:2c:cc:45:01:ab:08:
db:b9:4b:d3
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZ34PXwcPDN6Ji2qP4pHT3jDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YjI5NmQ2YjUzNGZlM2EzMmNjMWMzYTRlODEzNThmMjE2
YzkzYzcwHhcNMjYwNTA1MTMwNDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTA4YzBiMzhjNDVkYjZhMTE5ZjY0YzMzZjkzYTEwZjA4N2YxY2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJe3WgkwVzJtPJrWLUSoYxd7MdyB
CmvbCg/FFewgTgods5C16zDmBYEGwObn0cpexI+rOqmKBY7Hu75zigl3FavDWhpc
ZxflMVaIy/+06QZKTkHZMkYm5Jzyb9mj8FwfMifBkLPPzLcnTAHQS+asNn77mGpa
yeo2YgB7WatZVar8L9b3QLHINzLBfRJXnUJmN5vd7DRZMfJEt60ae42D/3tn/Tjt
lqjWY5yMcxskn8k4exTWA+BWCXpPh9jgr6PuZ32rwMbwt0pq5XMF2/l3fluGBkyR
LXr/2hzMRXDrPPrgLzaW3u3q1YC9PBcaouVe9mX9ur9Ye/efdq0s2o0LdwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFMkIwLOMRdtqEZ9kwz+ToQ8Ifxz0MB8GA1UdIwQY
MBaAFFWylta1NP46MswcOk6BNY8hbJPHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJLVzFyVTBfam95ekJ3NlRvRTFqeUZzazhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9kN2FiMGMtM2MyMi00YzYxLWEyMDEt
ZGQ2Y2M5N2M5YmRkLzEveVFqQXM0eEYyMm9SbjJURFA1T2hEd2hfSFBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9kN2FiMGMtM2MyMi00YzYxLWEyMDEtZGQ2Y2M5N2M5YmRk
LzEvVmJLVzFyVTBfam95ekJ3NlRvRTFqeUZzazhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQMA4DBQAqAgVp
AwUAKgIFbjANBgkqhkiG9w0BAQsFAAOCAQEAyfOMcYTCwCisjwx0Xkr4IPiZaeRZ
5LhWpOrVkN+MkByVLq79C+/YEhjIaRBiV5/BwZ+Voc2Dkp/5DQSRX2Ftjb/azYlZ
UJ5wlll+etOaBfSJ04HrzyPaQGyjSKytXJQAO9+Trtfwhry1Mr8i9zkB2zwFP2t5
BQXqknVgpslpLIQNwAm575l7jV/KqjYzBYTDVFCSrXEWgn/dBQlM7rsGP1B9yB+y
4yEuN+XFf48yJ6BjJuw+IpZ09MLb0Kt3tCFs5FjuhzPt36Qc+T/ywYmK5VDSCUjV
n8E57NmWq4Pk1eUzTiZMdcOTmFcTPUR5lsQi8Y4YtU1WLMxFAasI27lL0w==
-----END CERTIFICATE-----
Generated at Tue May 12 21:52:52 2026 by rpki-client