Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/2LqMB6nAP53p9Mx5BUqCY2aP11w.roa
File: 2LqMB6nAP53p9Mx5BUqCY2aP11w.roa (raw, json)
Hash identifier: CXwqScjDeWDjJQZWhT8XIJc7YrmcrC7QUMyXMb9Frso=
Subject key identifier: D8:BA:8C:07:A9:C0:3F:9D:E9:F4:CC:79:05:4A:82:63:66:8F:D7:5C
Certificate issuer: /CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
Certificate serial: 019DCE8E047DDCFAD06B04AC88170CF30D3F
Authority key identifier: 3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/2LqMB6nAP53p9Mx5BUqCY2aP11w.roa
Signing time: Mon 27 Apr 2026 10:48:26 +0000
ROA not before: Mon 27 Apr 2026 10:48:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 0
IP address blocks: 2a01:f3c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:ce:8e:04:7d:dc:fa:d0:6b:04:ac:88:17:0c:f3:0d:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
Validity
Not Before: Apr 27 10:48:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d8ba8c07a9c03f9de9f4cc79054a8263668fd75c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:93:6f:86:cc:23:4c:72:57:f6:17:8d:bb:46:
36:24:b0:d3:47:ab:85:bf:f3:7a:72:bb:f0:7b:45:
85:cf:7b:23:d7:81:61:8f:e8:c4:e7:14:c1:14:84:
4f:1b:a1:a5:00:bc:17:68:4b:8b:2b:cc:57:0a:c4:
73:5f:9c:9c:c1:0e:23:3e:5c:3c:08:7e:c0:c7:de:
f3:c9:ec:6f:73:ec:0d:b9:88:1e:80:39:8e:bd:90:
0c:ae:65:5d:27:a4:74:42:d5:56:47:82:6f:f4:0c:
84:81:5e:96:1c:a3:ea:49:bd:b5:bc:28:b7:98:a1:
bc:24:62:e0:4b:34:4e:b6:c7:d9:2f:4f:4c:85:fb:
1f:78:67:cc:be:9f:ee:23:5d:5e:94:9b:4e:91:f2:
54:16:c7:0c:84:c5:73:43:e5:f4:a2:8f:36:f6:91:
fd:f2:5d:fd:06:13:25:29:91:84:dc:4a:cb:73:81:
1e:ab:28:7d:ca:39:7f:38:37:08:95:74:90:1e:6f:
55:a8:bd:d3:14:57:a5:4f:65:1e:31:25:a6:30:7b:
61:8d:dd:0c:73:e1:d0:d7:9e:02:4a:1e:a1:a6:bd:
31:86:2e:bb:5d:8f:ed:92:35:0b:6d:e7:f6:3e:13:
52:38:5d:dc:2a:2d:2b:69:fa:36:bf:09:dd:3d:75:
0f:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:BA:8C:07:A9:C0:3F:9D:E9:F4:CC:79:05:4A:82:63:66:8F:D7:5C
X509v3 Authority Key Identifier:
keyid:3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/2LqMB6nAP53p9Mx5BUqCY2aP11w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:f3c0::/29
Signature Algorithm: sha256WithRSAEncryption
74:b3:68:fc:55:06:5e:a6:55:b9:85:5e:7a:69:bb:c5:63:73:
0e:35:9c:c6:4d:f1:19:67:85:65:dc:c6:46:b2:00:a5:ff:01:
3d:fd:c7:b6:26:ed:90:b0:c2:b2:8d:a7:d9:63:90:7d:e9:45:
d8:6b:ee:47:78:20:6c:46:7b:e7:96:63:19:fe:1f:d2:d6:10:
52:fc:e6:5d:ad:91:26:2a:41:87:aa:42:ee:34:40:da:44:ab:
8c:8a:74:36:55:cb:65:83:a5:fc:b2:25:6a:5d:3e:f4:1c:43:
88:76:26:20:86:eb:49:f7:53:66:80:dd:8a:9b:99:5a:1d:38:
86:cc:45:0a:cf:51:a1:09:30:42:5e:61:cc:a1:11:2f:30:d3:
e6:4a:37:9f:82:c8:09:b7:73:fe:dd:51:f1:6a:cd:25:0f:8b:
9f:1e:8a:03:e9:3b:ec:f8:42:3e:36:9b:55:30:e7:84:59:c4:
82:c2:82:6c:1b:33:f6:47:5e:a4:7d:1d:7e:e2:0c:45:2d:60:
25:b5:56:df:c7:e7:f6:0a:a3:94:81:6c:ca:56:80:1e:6d:65:
97:91:0a:d1:c0:fe:dd:9d:3e:a1:e7:15:56:7b:a2:bf:19:f8:
63:85:ce:5c:cc:aa:39:c8:e1:7c:42:55:be:d8:98:d4:2c:8b:
42:1a:fd:59
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ3OjgR93PrQawSsiBcM8w0/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmM2Y1NTRiODAyODFkZWEyYTMwMDMxOGFhYWQ2ZDJkOTdm
MWNlNDQwHhcNMjYwNDI3MTA0ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGJhOGMwN2E5YzAzZjlkZTlmNGNjNzkwNTRhODI2MzY2OGZkNzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopNvhswjTHJX9heNu0Y2JLDTR6uF
v/N6crvwe0WFz3sj14Fhj+jE5xTBFIRPG6GlALwXaEuLK8xXCsRzX5ycwQ4jPlw8
CH7Ax97zyexvc+wNuYgegDmOvZAMrmVdJ6R0QtVWR4Jv9AyEgV6WHKPqSb21vCi3
mKG8JGLgSzROtsfZL09MhfsfeGfMvp/uI11elJtOkfJUFscMhMVzQ+X0oo829pH9
8l39BhMlKZGE3ErLc4Eeqyh9yjl/ODcIlXSQHm9VqL3TFFelT2UeMSWmMHthjd0M
c+HQ154CSh6hpr0xhi67XY/tkjULbef2PhNSOF3cKi0rafo2vwndPXUPAwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNi6jAepwD+d6fTMeQVKgmNmj9dcMB8GA1UdIwQY
MBaAFD8/VUuAKB3qKjADGKqtbS2X8c5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHo5VlM0QW9IZW9xTUFNWXFxMXRMWmZ4emtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy83OGQ1MjgtN2NkZi00NGMwLWFjZGQt
ZjUzM2I4ZGY4MGE5LzEvMkxxTUI2bkFQNTNwOU14NUJVcUNZMmFQMTF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy83OGQ1MjgtN2NkZi00NGMwLWFjZGQtZjUzM2I4ZGY4MGE5
LzEvUHo5VlM0QW9IZW9xTUFNWXFxMXRMWmZ4emtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHzwDAN
BgkqhkiG9w0BAQsFAAOCAQEAdLNo/FUGXqZVuYVeemm7xWNzDjWcxk3xGWeFZdzG
RrIApf8BPf3HtibtkLDCso2n2WOQfelF2GvuR3ggbEZ755ZjGf4f0tYQUvzmXa2R
JipBh6pC7jRA2kSrjIp0NlXLZYOl/LIlal0+9BxDiHYmIIbrSfdTZoDdipuZWh04
hsxFCs9RoQkwQl5hzKERLzDT5ko3n4LICbdz/t1R8WrNJQ+Lnx6KA+k77PhCPjab
VTDnhFnEgsKCbBsz9kdepH0dfuIMRS1gJbVW38fn9gqjlIFsylaAHm1ll5EK0cD+
3Z0+oecVVnuivxn4Y4XOXMyqOcjhfEJVvtiY1CyLQhr9WQ==
-----END CERTIFICATE-----
Generated at Tue May 12 21:38:46 2026 by rpki-client