Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/d8O9-xryFRHHMMLoa4gYHXiQz_M.roa
File: d8O9-xryFRHHMMLoa4gYHXiQz_M.roa (raw, json)
Hash identifier: K6KChYku/ucjOAPxpIUjf4jIExAYejCm8b8eeFH5/Nw=
Subject key identifier: 77:C3:BD:FB:1A:F2:15:11:C7:30:C2:E8:6B:88:18:1D:78:90:CF:F3
Certificate issuer: /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial: 019C33CB5E2A4A9953F1658B89872527E45C
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/d8O9-xryFRHHMMLoa4gYHXiQz_M.roa
Signing time: Fri 06 Feb 2026 16:31:31 +0000
ROA not before: Fri 06 Feb 2026 16:31:31 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 20473
IP address blocks: 2a14:67c1:b700::/40 maxlen: 48
2a14:67c1:b800::/40 maxlen: 48
2a14:67c1:c400::/40 maxlen: 48
2a14:67c2:1010::/48 maxlen: 48
2a14:67c3:2ac::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 09:38:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:33:cb:5e:2a:4a:99:53:f1:65:8b:89:87:25:27:e4:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Validity
Not Before: Feb 6 16:31:31 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=77c3bdfb1af21511c730c2e86b88181d7890cff3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:f6:61:8d:ad:6b:8e:d3:da:a2:f4:4f:9c:2f:
d2:dc:30:16:94:78:78:14:1f:51:8b:60:f2:d3:dd:
f9:60:88:6c:01:08:e0:8f:ec:20:47:f7:25:e3:45:
72:e2:a4:fc:f8:81:fd:e5:52:f1:9e:e3:9e:72:52:
fa:d4:3b:0f:fe:c0:9e:62:eb:14:e4:a3:9e:aa:39:
1e:76:d6:b6:2e:c9:52:54:6d:51:c7:44:13:d3:ee:
c4:a8:ba:8b:0a:d2:1d:bd:88:33:3e:25:bf:5c:8f:
1f:9d:dd:c2:35:84:cb:6f:43:fc:14:b9:c8:68:32:
b7:00:95:eb:d6:9e:57:99:97:79:7c:04:52:6e:cd:
ef:4e:cf:fb:f8:c3:dd:be:9e:4a:42:9a:5d:8e:a3:
bc:71:04:f8:fd:0b:91:d1:69:37:07:06:ef:63:1c:
da:b6:d7:f9:90:36:ff:70:d8:67:b1:e1:22:8c:14:
6f:ff:d7:e2:95:bd:33:5b:ff:80:b5:4d:01:3b:a0:
d1:a7:e7:46:c0:0a:b8:39:a3:11:46:53:d0:53:e9:
83:a1:56:ae:9e:4d:25:c1:31:49:9c:1a:a0:65:2b:
96:60:e5:5b:e0:a6:4e:27:99:73:ed:11:9d:cc:0b:
51:76:54:ed:80:c8:de:de:94:bc:d2:6f:d4:ec:43:
0a:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:C3:BD:FB:1A:F2:15:11:C7:30:C2:E8:6B:88:18:1D:78:90:CF:F3
X509v3 Authority Key Identifier:
keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/d8O9-xryFRHHMMLoa4gYHXiQz_M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:67c1:b700::-2a14:67c1:b8ff:ffff:ffff:ffff:ffff:ffff
2a14:67c1:c400::/40
2a14:67c2:1010::/48
2a14:67c3:2ac::/48
Signature Algorithm: sha256WithRSAEncryption
58:70:db:e0:f8:6d:e8:a6:c8:92:63:68:6b:0c:84:70:c4:96:
a2:ba:df:9a:75:2a:89:f7:dd:42:30:66:fe:77:c6:1f:61:d6:
fd:95:e1:11:63:c2:54:25:d0:a7:cf:b7:73:e7:f7:48:7a:08:
e1:a6:95:6f:a6:68:94:f8:e4:11:aa:cf:97:15:25:41:b9:da:
01:ff:93:a9:79:5d:ef:ce:85:c8:c1:f8:4a:ab:0e:a5:12:17:
11:f6:01:7a:be:37:4a:68:29:e3:4f:be:b1:e5:ed:0f:0b:64:
00:7d:b6:35:a6:f7:38:0c:ce:2d:fd:1a:6c:ff:bf:78:ee:43:
96:ef:42:bf:28:82:38:66:25:e2:42:c3:08:bd:4f:88:af:ff:
24:39:9e:c6:d5:b5:dc:82:7f:ca:2d:04:cd:9b:54:6d:50:77:
aa:65:49:cb:51:cf:fb:cd:97:cd:58:13:6d:df:ba:04:d6:ea:
6e:50:8a:d5:45:1c:13:9a:05:d3:b3:d4:3e:4f:bf:41:1c:8c:
af:cd:5c:28:39:59:3e:83:42:c2:ab:09:04:2d:67:5e:4e:85:
e7:1c:a5:5e:b5:1e:47:98:2e:c6:d8:42:14:64:1d:9f:5d:c8:
5d:9b:e5:7c:5c:9b:da:e6:49:65:34:fd:92:5b:15:ce:24:2a:
ec:d9:3d:ee
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZwzy14qSplT8WWLiYclJ+RcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwMjA2MTYzMTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2MzYmRmYjFhZjIxNTExYzczMGMyZTg2Yjg4MTgxZDc4OTBjZmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfZhja1rjtPaovRPnC/S3DAWlHh4
FB9Ri2Dy0935YIhsAQjgj+wgR/cl40Vy4qT8+IH95VLxnuOeclL61DsP/sCeYusU
5KOeqjkedta2LslSVG1Rx0QT0+7EqLqLCtIdvYgzPiW/XI8fnd3CNYTLb0P8FLnI
aDK3AJXr1p5XmZd5fARSbs3vTs/7+MPdvp5KQppdjqO8cQT4/QuR0Wk3BwbvYxza
ttf5kDb/cNhnseEijBRv/9filb0zW/+AtU0BO6DRp+dGwAq4OaMRRlPQU+mDoVau
nk0lwTFJnBqgZSuWYOVb4KZOJ5lz7RGdzAtRdlTtgMje3pS80m/U7EMKmwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFHfDvfsa8hURxzDC6GuIGB14kM/zMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvZDhPOS14cnlGUkhITU1Mb2E0Z1lIWGlRel9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAAjAsMBADBgAqFGfB
twMGACoUZ8G4AwYAKhRnwcQDBwAqFGfCEBADBwAqFGfDAqwwDQYJKoZIhvcNAQEL
BQADggEBAFhw2+D4beimyJJjaGsMhHDElqK635p1Kon33UIwZv53xh9h1v2V4RFj
wlQl0KfPt3Pn90h6COGmlW+maJT45BGqz5cVJUG52gH/k6l5Xe/OhcjB+EqrDqUS
FxH2AXq+N0poKeNPvrHl7Q8LZAB9tjWm9zgMzi39Gmz/v3juQ5bvQr8ogjhmJeJC
wwi9T4iv/yQ5nsbVtdyCf8otBM2bVG1Qd6plSctRz/vNl81YE23fugTW6m5QitVF
HBOaBdOz1D5Pv0EcjK/NXCg5WT6DQsKrCQQtZ15OheccpV61HkeYLsbYQhRkHZ9d
yF2b5Xxcm9rmSWU0/ZJbFc4kKuzZPe4=
-----END CERTIFICATE-----
Generated at Sun Mar 1 20:19:47 2026 by rpki-client