Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/UfvcmzB9ufveZXNq6a3lzW1eP7E.roa
File: UfvcmzB9ufveZXNq6a3lzW1eP7E.roa (raw, json)
Hash identifier: nK8nCgu5Jrf1isVMQJjHmLaet1ZMEXT1NgArVFrZdB4=
Subject key identifier: 51:FB:DC:9B:30:7D:B9:FB:DE:65:73:6A:E9:AD:E5:CD:6D:5E:3F:B1
Certificate issuer: /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial: 019D1C29DCE873C2C40E8B90565F86106AEE
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/UfvcmzB9ufveZXNq6a3lzW1eP7E.roa
Signing time: Mon 23 Mar 2026 19:26:38 +0000
ROA not before: Mon 23 Mar 2026 19:26:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 0
IP address blocks: 2a07:f240::/29 maxlen: 29
2a0b:8440::/29 maxlen: 29
2a0b:a4c0::/29 maxlen: 29
2a0b:b480::/29 maxlen: 29
2a0f:63c0::/29 maxlen: 29
2a0f:89c0::/29 maxlen: 29
2a10:3e80::/29 maxlen: 29
2a10:7ac0::/29 maxlen: 29
2a10:a9c0::/29 maxlen: 29
2a13:5040::/29 maxlen: 29
2a13:be40::/32 maxlen: 32
2a13:be41::/32 maxlen: 32
2a13:be42::/32 maxlen: 32
2a13:be44::/32 maxlen: 32
2a13:be45::/32 maxlen: 32
2a13:be46::/32 maxlen: 32
2a13:be47::/32 maxlen: 32
2a13:bec0::/29 maxlen: 29
2a13:cdc0::/29 maxlen: 29
2a13:d0c0::/29 maxlen: 29
2a13:d140::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:1c:29:dc:e8:73:c2:c4:0e:8b:90:56:5f:86:10:6a:ee
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
Validity
Not Before: Mar 23 19:26:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=51fbdc9b307db9fbde65736ae9ade5cd6d5e3fb1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:fa:50:86:cf:29:6f:d7:64:41:4b:32:e6:c8:
71:6c:a6:eb:d7:74:de:77:d1:aa:f4:08:2f:c2:2e:
6b:d5:a6:c3:70:c4:bc:9b:64:93:f8:07:ea:ed:3f:
58:f0:d8:16:58:f8:13:49:6b:90:14:32:fc:5c:63:
d6:ad:ad:f7:58:84:fe:0c:fe:2f:0e:69:50:67:89:
36:2e:31:55:0d:90:8c:c1:e1:27:59:85:6b:53:46:
3a:dd:8e:1a:79:0c:46:36:20:2f:6c:5e:32:3f:06:
77:82:54:51:a3:a7:1a:12:e9:48:5e:39:f1:d5:16:
51:b1:5e:d1:7f:9a:d7:19:1a:2d:6e:17:de:ac:c1:
67:14:17:72:3c:fa:90:11:7e:8e:e4:ed:3b:c4:e5:
25:77:35:f9:6d:d8:1e:66:f6:c8:26:87:79:cb:08:
24:07:a9:d5:3b:76:24:f3:bb:d5:19:59:a0:b5:87:
59:04:f4:e2:79:67:96:ca:e3:dd:8d:5c:3d:c1:3b:
21:ed:ae:74:30:d1:ad:fd:cc:a1:9b:13:70:87:9e:
41:55:ed:e0:5b:02:45:51:c9:93:d4:38:e7:9e:c3:
07:a8:b1:7b:ba:74:39:18:be:0f:f5:c9:06:de:1f:
7c:41:fa:cd:32:e3:0c:8b:4b:db:9f:3e:bc:41:52:
44:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:FB:DC:9B:30:7D:B9:FB:DE:65:73:6A:E9:AD:E5:CD:6D:5E:3F:B1
X509v3 Authority Key Identifier:
keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/UfvcmzB9ufveZXNq6a3lzW1eP7E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a07:f240::/29
2a0b:8440::/29
2a0b:a4c0::/29
2a0b:b480::/29
2a0f:63c0::/29
2a0f:89c0::/29
2a10:3e80::/29
2a10:7ac0::/29
2a10:a9c0::/29
2a13:5040::/29
2a13:be40::-2a13:be42:ffff:ffff:ffff:ffff:ffff:ffff
2a13:be44::/30
2a13:bec0::/29
2a13:cdc0::/29
2a13:d0c0::/29
2a13:d140::/29
Signature Algorithm: sha256WithRSAEncryption
35:25:b4:87:72:9a:c2:54:6e:1b:0b:0e:19:bc:a6:6e:17:b4:
cf:c8:8c:57:31:18:fd:e7:1b:3e:5a:38:be:14:2f:a3:08:47:
64:94:b8:36:78:d4:d6:c7:a1:c5:67:7a:52:8e:53:6d:f8:ef:
2e:d0:ad:4d:47:6a:99:6e:25:bb:16:cc:1f:12:b0:00:31:4f:
53:69:e1:f1:8a:72:2b:41:ab:88:4d:90:c3:97:d6:38:f9:99:
3b:b2:c3:c3:96:ca:14:ee:53:f2:e1:d2:dd:ca:95:9c:04:8e:
44:45:bb:ec:22:37:54:01:a2:6e:e4:71:3a:e2:9f:5f:29:b8:
08:9d:66:89:ff:9f:8e:0c:0f:77:23:cc:d7:63:28:6a:70:4e:
5b:1d:2e:d1:f9:74:e1:c7:2f:9d:70:f1:c4:d8:26:01:2b:01:
88:c5:21:41:9e:31:12:20:a3:de:0b:cf:c2:f2:6b:d1:3d:c4:
3f:04:d6:fb:80:92:15:c6:3a:b3:fe:fd:86:47:e5:53:44:60:
65:27:7f:15:6d:81:15:18:f9:f1:78:a7:82:fb:6e:b9:3b:bf:
64:77:34:d2:1c:68:12:a6:50:36:6f:bc:b3:dd:71:72:18:1e:
e4:c0:40:f2:4b:4b:6a:08:d4:73:fe:31:fc:df:9b:70:6b:f9:
3c:b2:44:b0
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZ0cKdzoc8LEDouQVl+GEGruMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwMzIzMTkyNjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWZiZGM5YjMwN2RiOWZiZGU2NTczNmFlOWFkZTVjZDZkNWUzZmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvpQhs8pb9dkQUsy5shxbKbr13Te
d9Gq9Agvwi5r1abDcMS8m2ST+Afq7T9Y8NgWWPgTSWuQFDL8XGPWra33WIT+DP4v
DmlQZ4k2LjFVDZCMweEnWYVrU0Y63Y4aeQxGNiAvbF4yPwZ3glRRo6caEulIXjnx
1RZRsV7Rf5rXGRotbhferMFnFBdyPPqQEX6O5O07xOUldzX5bdgeZvbIJod5ywgk
B6nVO3Yk87vVGVmgtYdZBPTieWeWyuPdjVw9wTsh7a50MNGt/cyhmxNwh55BVe3g
WwJFUcmT1DjnnsMHqLF7unQ5GL4P9ckG3h98QfrNMuMMi0vbnz68QVJELQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFFH73Jswfbn73mVzaumt5c1tXj+xMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvVWZ2Y216Qjl1ZnZlWlhOcTZhM2x6VzFlUDdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGUBggrBgEFBQcBBwEB/wSBhDCBgTB/BAIAAjB5AwUDKgfy
QAMFAyoLhEADBQMqC6TAAwUDKgu0gAMFAyoPY8ADBQMqD4nAAwUDKhA+gAMFAyoQ
esADBQMqEKnAAwUDKhNQQDAOAwUGKhO+QAMFACoTvkIDBQIqE75EAwUDKhO+wAMF
AyoTzcADBQMqE9DAAwUDKhPRQDANBgkqhkiG9w0BAQsFAAOCAQEANSW0h3KawlRu
GwsOGbymbhe0z8iMVzEY/ecbPlo4vhQvowhHZJS4NnjU1sehxWd6Uo5TbfjvLtCt
TUdqmW4luxbMHxKwADFPU2nh8YpyK0GriE2Qw5fWOPmZO7LDw5bKFO5T8uHS3cqV
nASOREW77CI3VAGibuRxOuKfXym4CJ1mif+fjgwPdyPM12MoanBOWx0u0fl04ccv
nXDxxNgmASsBiMUhQZ4xEiCj3gvPwvJr0T3EPwTW+4CSFcY6s/79hkflU0RgZSd/
FW2BFRj58XingvtuuTu/ZHc00hxoEqZQNm+8s91xchge5MBA8ktLagjUc/4x/N+b
cGv5PLJEsA==
-----END CERTIFICATE-----
Generated at Thu Mar 26 06:03:34 2026 by rpki-client