Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/dXvzyfOdOJH0q6xYVkjSdHKWSdE.roa
File: dXvzyfOdOJH0q6xYVkjSdHKWSdE.roa (raw, json)
Hash identifier: 7SC4vR0R2kuqeE6TaEujJclCq7gK1eHalGhCH7IVpOw=
Subject key identifier: 75:7B:F3:C9:F3:9D:38:91:F4:AB:AC:58:56:48:D2:74:72:96:49:D1
Certificate issuer: /CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Certificate serial: 019CD49446B1DD48BA3A5D1F7EB931E14C39
Authority key identifier: 2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/dXvzyfOdOJH0q6xYVkjSdHKWSdE.roa
Signing time: Mon 09 Mar 2026 21:50:13 +0000
ROA not before: Mon 09 Mar 2026 21:50:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 42375
IP address blocks: 2a06:7840::/29 maxlen: 29
2a0b:2a80::/29 maxlen: 29
2a0b:2d83::/32 maxlen: 32
2a0b:2d84::/32 maxlen: 32
2a0d:4440::/29 maxlen: 29
2a0f:f02::/32 maxlen: 32
2a0f:f03::/32 maxlen: 32
2a0f:f04::/30 maxlen: 30
2a0f:59c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.mft
rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 09:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:d4:94:46:b1:dd:48:ba:3a:5d:1f:7e:b9:31:e1:4c:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Validity
Not Before: Mar 9 21:50:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=757bf3c9f39d3891f4abac585648d274729649d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:95:c7:20:9f:52:01:8c:f4:84:d2:01:db:0e:
b4:86:92:8b:49:dc:af:0a:8f:fe:65:d8:52:26:75:
20:2d:0c:1f:a5:c2:76:12:66:76:48:95:db:9d:5e:
07:fc:c4:45:1c:1d:54:32:6b:20:1b:59:61:8b:da:
9d:e6:44:bf:0f:39:81:f3:7c:06:15:19:b6:e5:9f:
67:2f:1d:2f:60:32:a5:63:98:c6:3d:5e:5a:8e:da:
db:8c:0f:d8:b6:9e:58:ff:58:6c:41:c4:6f:88:54:
23:36:61:f4:da:55:8e:23:b1:a9:9a:7b:1c:1a:67:
f7:c6:d9:de:6c:79:e2:cd:d2:71:60:11:a9:e7:c0:
24:ac:19:3a:68:01:6f:e0:e4:34:20:8d:c2:f8:b4:
76:ee:5e:e8:3a:46:2c:a0:88:4e:fa:c1:83:a0:68:
9d:ec:5b:f6:fd:c9:69:34:24:38:49:3c:cf:e1:6e:
c1:87:e1:34:2f:f0:fb:9c:f9:e7:a9:3a:ff:58:f9:
b3:fb:29:90:34:18:cb:89:16:cc:1d:15:eb:cd:4f:
09:30:b7:41:06:9e:3d:04:ee:f8:d3:05:6c:0b:57:
b4:bf:92:c1:22:a6:60:52:ee:79:1f:88:ec:34:bb:
e4:4c:7e:db:68:23:69:f8:af:06:a9:95:25:79:8a:
27:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:7B:F3:C9:F3:9D:38:91:F4:AB:AC:58:56:48:D2:74:72:96:49:D1
X509v3 Authority Key Identifier:
keyid:2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/dXvzyfOdOJH0q6xYVkjSdHKWSdE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a06:7840::/29
2a0b:2a80::/29
2a0b:2d83::-2a0b:2d84:ffff:ffff:ffff:ffff:ffff:ffff
2a0d:4440::/29
2a0f:f02::-2a0f:f07:ffff:ffff:ffff:ffff:ffff:ffff
2a0f:59c0::/29
Signature Algorithm: sha256WithRSAEncryption
0a:c3:6f:04:69:db:21:c6:57:39:90:2b:c6:c9:fe:8e:eb:9b:
65:00:ba:e7:4f:89:05:bd:b5:61:39:e9:c4:d8:d4:53:26:90:
0a:3c:f4:6b:34:d6:ed:0d:52:48:a0:71:f0:78:28:fe:90:28:
8e:dc:c0:b2:ab:89:02:f6:18:d0:b7:88:df:0b:53:bd:a7:05:
7c:19:a9:de:8c:1c:10:fc:15:4b:70:01:81:58:e1:94:ef:25:
13:53:cd:73:3b:28:19:e4:a0:4c:4c:2a:ed:84:06:a8:82:75:
bb:12:60:61:d3:7b:27:8d:61:5b:8d:41:4d:af:76:92:c7:f4:
6c:16:68:51:95:94:05:a4:43:36:dd:30:a5:ce:42:0f:8d:fe:
60:98:2f:0c:50:e9:25:e7:2f:3b:c0:6b:a8:43:78:c2:9b:93:
7a:34:e2:5c:ec:3d:fd:7d:38:dc:32:d2:27:70:94:29:06:f0:
c8:2c:2e:36:db:04:ce:56:c5:32:f1:b6:cb:f0:e0:39:ff:9a:
e7:22:6f:19:2a:d5:fa:12:24:31:44:04:27:cc:09:d6:20:f5:
d7:69:f6:42:e6:88:8e:4e:aa:68:4b:f2:6d:b0:9a:4e:62:b2:
7a:00:0c:f3:67:e2:09:6c:10:1b:08:d5:b3:0d:a3:b2:3a:8e:
7e:08:9e:fe
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZzUlEax3Ui6Ol0ffrkx4Uw5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMTE2NGE5YjUwMTNkNjJmMDUxMzQ0ZjZkZjkxZjEzYmM3
ZWNiMGYwHhcNMjYwMzA5MjE1MDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTdiZjNjOWYzOWQzODkxZjRhYmFjNTg1NjQ4ZDI3NDcyOTY0OWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5XHIJ9SAYz0hNIB2w60hpKLSdyv
Co/+ZdhSJnUgLQwfpcJ2EmZ2SJXbnV4H/MRFHB1UMmsgG1lhi9qd5kS/DzmB83wG
FRm25Z9nLx0vYDKlY5jGPV5ajtrbjA/Ytp5Y/1hsQcRviFQjNmH02lWOI7Gpmnsc
Gmf3xtnebHnizdJxYBGp58AkrBk6aAFv4OQ0II3C+LR27l7oOkYsoIhO+sGDoGid
7Fv2/clpNCQ4STzP4W7Bh+E0L/D7nPnnqTr/WPmz+ymQNBjLiRbMHRXrzU8JMLdB
Bp49BO740wVsC1e0v5LBIqZgUu55H4jsNLvkTH7baCNp+K8GqZUleYonlQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFHV788nznTiR9KusWFZI0nRylknRMB8GA1UdIwQY
MBaAFC4RZKm1AT1i8FE0T235HxO8fssPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEt
ZmQ3ZjE3YmIxYTVjLzEvZFh2enlmT2RPSkgwcTZ4WVZralNkSEtXU2RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEtZmQ3ZjE3YmIxYTVj
LzEvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAAjA8AwUDKgZ4QAMF
AyoLKoAwDgMFACoLLYMDBQAqCy2EAwUDKg1EQDAOAwUBKg8PAgMFAyoPDwADBQMq
D1nAMA0GCSqGSIb3DQEBCwUAA4IBAQAKw28Eadshxlc5kCvGyf6O65tlALrnT4kF
vbVhOenE2NRTJpAKPPRrNNbtDVJIoHHweCj+kCiO3MCyq4kC9hjQt4jfC1O9pwV8
GanejBwQ/BVLcAGBWOGU7yUTU81zOygZ5KBMTCrthAaognW7EmBh03snjWFbjUFN
r3aSx/RsFmhRlZQFpEM23TClzkIPjf5gmC8MUOkl5y87wGuoQ3jCm5N6NOJc7D39
fTjcMtIncJQpBvDILC422wTOVsUy8bbL8OA5/5rnIm8ZKtX6EiQxRAQnzAnWIPXX
afZC5oiOTqpoS/JtsJpOYrJ6AAzzZ+IJbBAbCNWzDaOyOo5+CJ7+
-----END CERTIFICATE-----
Generated at Thu Mar 26 14:00:09 2026 by rpki-client