Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/bd3eb8-4966-4d57-9440-17fe65850132/1/3Xscd_ZJOuzIHPLw7rwpxL3jTXA.roa
File: 3Xscd_ZJOuzIHPLw7rwpxL3jTXA.roa (raw, json)
Hash identifier: YmDdfUHRtmrSE+rbUcYGzhhvi5z3wkkQ1u00RCAfcEw=
Subject key identifier: DD:7B:1C:77:F6:49:3A:EC:C8:1C:F2:F0:EE:BC:29:C4:BD:E3:4D:70
Certificate issuer: /CN=085fb6df2105f2c081578624d18731439f06f26b
Certificate serial: 019DD4F2673AB1F62F16905131D7B250A68F
Authority key identifier: 08:5F:B6:DF:21:05:F2:C0:81:57:86:24:D1:87:31:43:9F:06:F2:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CF-23yEF8sCBV4Yk0YcxQ58G8ms.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/84/bd3eb8-4966-4d57-9440-17fe65850132/1/3Xscd_ZJOuzIHPLw7rwpxL3jTXA.roa
Signing time: Tue 28 Apr 2026 16:35:49 +0000
ROA not before: Tue 28 Apr 2026 16:35:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202858
IP address blocks: 2001:67c:298::/48 maxlen: 48
2001:67c:e8c::/48 maxlen: 48
2001:67c:16c8::/48 maxlen: 48
2001:67c:1908::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/84/bd3eb8-4966-4d57-9440-17fe65850132/1/CF-23yEF8sCBV4Yk0YcxQ58G8ms.crl
rsync://rpki.ripe.net/repository/DEFAULT/84/bd3eb8-4966-4d57-9440-17fe65850132/1/CF-23yEF8sCBV4Yk0YcxQ58G8ms.mft
rsync://rpki.ripe.net/repository/DEFAULT/CF-23yEF8sCBV4Yk0YcxQ58G8ms.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 22:01:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:d4:f2:67:3a:b1:f6:2f:16:90:51:31:d7:b2:50:a6:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=085fb6df2105f2c081578624d18731439f06f26b
Validity
Not Before: Apr 28 16:35:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=dd7b1c77f6493aecc81cf2f0eebc29c4bde34d70
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:bc:39:4d:09:25:71:aa:72:ee:fa:b1:60:77:
b1:72:b5:8d:22:46:6a:90:4e:33:09:41:20:36:5b:
f6:c7:61:fa:3a:88:b5:40:39:61:32:9e:d3:6f:1e:
f8:16:be:a2:f1:d1:43:d4:c4:53:d2:e9:7d:cb:51:
0a:b5:68:cd:58:ee:93:fa:e4:b6:c7:d1:f7:0b:9d:
52:0d:0f:84:39:86:61:d9:91:fd:79:ed:2f:39:cf:
3a:fd:56:8e:e7:7f:5a:36:64:29:b4:e4:5e:c8:12:
cf:5c:b1:ea:5b:36:c5:6f:e2:83:e0:86:e9:f1:47:
73:cc:3a:cf:14:2f:f5:51:a9:2c:0a:d5:20:44:0d:
5f:bb:57:b2:6c:fa:8f:22:50:d5:fd:bc:0d:10:8e:
6f:a2:c0:c7:02:0c:6c:2d:d4:57:e1:53:c3:2b:de:
02:45:de:34:e7:cc:6f:63:db:92:39:98:ff:1d:aa:
90:d7:77:cb:bb:0f:f2:32:52:71:ac:1c:48:97:05:
8a:bb:6a:af:b2:5f:b3:67:3c:4a:89:1a:35:d3:1e:
b4:e5:50:bc:81:6a:39:23:55:2b:8a:6d:49:f0:72:
de:5b:58:cc:58:37:df:5c:3a:73:4a:15:fe:a8:27:
fd:04:d8:13:e1:49:b8:1d:a8:ca:37:e6:18:dd:f5:
93:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:7B:1C:77:F6:49:3A:EC:C8:1C:F2:F0:EE:BC:29:C4:BD:E3:4D:70
X509v3 Authority Key Identifier:
keyid:08:5F:B6:DF:21:05:F2:C0:81:57:86:24:D1:87:31:43:9F:06:F2:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CF-23yEF8sCBV4Yk0YcxQ58G8ms.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/bd3eb8-4966-4d57-9440-17fe65850132/1/3Xscd_ZJOuzIHPLw7rwpxL3jTXA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/84/bd3eb8-4966-4d57-9440-17fe65850132/1/CF-23yEF8sCBV4Yk0YcxQ58G8ms.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:298::/48
2001:67c:e8c::/48
2001:67c:16c8::/48
2001:67c:1908::/48
Signature Algorithm: sha256WithRSAEncryption
be:2a:1e:93:4f:09:64:ca:98:53:c7:5d:58:5c:4b:fa:29:f3:
8d:34:03:79:aa:4d:a4:52:78:a5:9d:6c:5c:82:62:d0:e2:f3:
0f:80:c9:e3:55:58:2e:ac:cf:ed:9d:cb:d0:65:e1:ff:4a:35:
6e:c2:a5:3b:f5:39:62:76:0a:da:dd:01:2a:d9:2e:f2:2c:c6:
66:17:ee:a0:9b:07:0a:92:0a:33:c2:72:d8:db:c7:d7:d9:d5:
d6:e0:25:5a:5e:46:e9:ea:ba:70:ed:4d:fd:5a:5c:d5:37:a3:
52:72:5f:a3:05:f8:ba:ec:d0:4f:84:d0:e5:42:95:0d:76:21:
ec:63:67:a4:9a:9e:0b:40:18:0c:21:89:88:5c:d8:86:cb:4c:
a8:44:5d:e0:56:26:fc:51:bd:7c:19:1a:3f:63:75:63:30:c8:
cb:18:a0:28:ac:7c:b6:bd:84:46:2d:2d:9a:dd:12:68:da:cb:
75:c2:d5:64:6f:d0:a9:ef:61:2d:4f:fa:1a:68:de:d1:62:12:
f2:d8:f4:d3:58:b9:c8:08:3e:be:22:26:b9:51:e8:45:28:df:
3c:8d:1e:58:89:1b:24:95:b7:10:cc:5a:a9:2b:19:c2:e9:0f:
d2:93:f9:e2:ef:d1:98:57:f3:fa:ea:68:a6:86:f0:d1:8e:e1:
bc:2c:03:77
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ3U8mc6sfYvFpBRMdeyUKaPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NWZiNmRmMjEwNWYyYzA4MTU3ODYyNGQxODczMTQzOWYw
NmYyNmIwHhcNMjYwNDI4MTYzNTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDdiMWM3N2Y2NDkzYWVjYzgxY2YyZjBlZWJjMjljNGJkZTM0ZDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6bw5TQklcapy7vqxYHexcrWNIkZq
kE4zCUEgNlv2x2H6Ooi1QDlhMp7Tbx74Fr6i8dFD1MRT0ul9y1EKtWjNWO6T+uS2
x9H3C51SDQ+EOYZh2ZH9ee0vOc86/VaO539aNmQptOReyBLPXLHqWzbFb+KD4Ibp
8UdzzDrPFC/1UaksCtUgRA1fu1eybPqPIlDV/bwNEI5vosDHAgxsLdRX4VPDK94C
Rd4058xvY9uSOZj/HaqQ13fLuw/yMlJxrBxIlwWKu2qvsl+zZzxKiRo10x605VC8
gWo5I1Urim1J8HLeW1jMWDffXDpzShX+qCf9BNgT4Um4HajKN+YY3fWTTQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFN17HHf2STrsyBzy8O68KcS9401wMB8GA1UdIwQY
MBaAFAhftt8hBfLAgVeGJNGHMUOfBvJrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0YtMjN5RUY4c0NCVjRZazBZY3hRNThHOG1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9iZDNlYjgtNDk2Ni00ZDU3LTk0NDAt
MTdmZTY1ODUwMTMyLzEvM1hzY2RfWkpPdXpJSFBMdzdyd3B4TDNqVFhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9iZDNlYjgtNDk2Ni00ZDU3LTk0NDAtMTdmZTY1ODUwMTMy
LzEvQ0YtMjN5RUY4c0NCVjRZazBZY3hRNThHOG1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAAjAkAwcAIAEGfAKY
AwcAIAEGfA6MAwcAIAEGfBbIAwcAIAEGfBkIMA0GCSqGSIb3DQEBCwUAA4IBAQC+
Kh6TTwlkyphTx11YXEv6KfONNAN5qk2kUnilnWxcgmLQ4vMPgMnjVVgurM/tncvQ
ZeH/SjVuwqU79Tlidgra3QEq2S7yLMZmF+6gmwcKkgozwnLY28fX2dXW4CVaXkbp
6rpw7U39WlzVN6NScl+jBfi67NBPhNDlQpUNdiHsY2ekmp4LQBgMIYmIXNiGy0yo
RF3gVib8Ub18GRo/Y3VjMMjLGKAorHy2vYRGLS2a3RJo2st1wtVkb9Cp72EtT/oa
aN7RYhLy2PTTWLnICD6+Iia5UehFKN88jR5YiRsklbcQzFqpKxnC6Q/Sk/ni79GY
V/P66mimhvDRjuG8LAN3
-----END CERTIFICATE-----
Generated at Wed May 13 06:48:35 2026 by rpki-client