Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/1ffebd-bd37-4393-a33d-48c03520faf7/1/nbQVjAOURx4Qwj5zIcKA26-Xktg.roa
File: nbQVjAOURx4Qwj5zIcKA26-Xktg.roa (raw, json)
Hash identifier: hXW2ndlgxtGzNC8sJFPsKR4NFW6NGQAmeQ9uAICL/bg=
Subject key identifier: 9D:B4:15:8C:03:94:47:1E:10:C2:3E:73:21:C2:80:DB:AF:97:92:D8
Certificate issuer: /CN=6b1ac6914bf8473d180b60387bd098f1d37dac80
Certificate serial: 019B7BA35E68740C363186B2D7E8C8FAE5B0
Authority key identifier: 6B:1A:C6:91:4B:F8:47:3D:18:0B:60:38:7B:D0:98:F1:D3:7D:AC:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/axrGkUv4Rz0YC2A4e9CY8dN9rIA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/1ffebd-bd37-4393-a33d-48c03520faf7/1/nbQVjAOURx4Qwj5zIcKA26-Xktg.roa
Signing time: Thu 01 Jan 2026 22:17:42 +0000
ROA not before: Thu 01 Jan 2026 22:17:42 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202312
IP address blocks: 91.200.88.0/22 maxlen: 22
91.200.88.0/24 maxlen: 24
91.200.89.0/24 maxlen: 24
91.200.90.0/24 maxlen: 24
91.200.91.0/24 maxlen: 24
2a0c:69c0::/32 maxlen: 32
2a0c:69c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/26/1ffebd-bd37-4393-a33d-48c03520faf7/1/axrGkUv4Rz0YC2A4e9CY8dN9rIA.crl
rsync://rpki.ripe.net/repository/DEFAULT/26/1ffebd-bd37-4393-a33d-48c03520faf7/1/axrGkUv4Rz0YC2A4e9CY8dN9rIA.mft
rsync://rpki.ripe.net/repository/DEFAULT/axrGkUv4Rz0YC2A4e9CY8dN9rIA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 04:01:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7b:a3:5e:68:74:0c:36:31:86:b2:d7:e8:c8:fa:e5:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b1ac6914bf8473d180b60387bd098f1d37dac80
Validity
Not Before: Jan 1 22:17:42 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9db4158c0394471e10c23e7321c280dbaf9792d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:a7:6a:24:b6:c8:ac:0b:7c:7f:0a:11:3c:3d:
ed:be:87:73:82:c8:06:82:ce:87:31:1e:e7:e6:c4:
41:ac:26:f0:33:5d:a2:49:54:f6:eb:0f:37:f1:23:
ce:fc:ee:cc:88:ad:3c:0e:e8:53:3d:32:e7:6f:58:
02:5a:42:6f:67:08:ad:72:b9:0e:b6:6f:08:a8:06:
9a:a0:32:cf:57:de:aa:9a:66:2a:92:82:4e:74:f8:
7f:39:d0:b4:a6:68:ea:fc:f3:df:3c:65:37:7f:58:
ca:8a:98:07:d9:db:5c:f6:64:da:5e:43:7b:c8:f9:
2e:5a:f3:c0:2f:3c:ee:19:75:d9:9c:78:d8:29:a0:
e2:a8:42:41:7c:4e:55:c1:36:16:f6:d0:6e:bd:c7:
99:0f:af:a0:e7:c3:b0:8b:11:45:c1:85:fa:a4:74:
65:59:12:31:5d:32:64:98:be:15:76:75:f6:89:d4:
96:6c:ee:db:e3:e5:8d:ed:d9:cb:db:e4:69:7f:6f:
be:f8:0c:79:ba:5d:c1:0d:08:d9:08:c8:92:76:a6:
16:b8:85:23:5e:21:0c:5b:83:df:7f:38:5e:d1:be:
28:12:ad:3a:3c:cd:82:68:32:f4:d4:c8:20:18:44:
d1:2b:84:6d:c3:b0:34:90:3d:c7:cb:f8:f5:b1:08:
e4:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:B4:15:8C:03:94:47:1E:10:C2:3E:73:21:C2:80:DB:AF:97:92:D8
X509v3 Authority Key Identifier:
keyid:6B:1A:C6:91:4B:F8:47:3D:18:0B:60:38:7B:D0:98:F1:D3:7D:AC:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/axrGkUv4Rz0YC2A4e9CY8dN9rIA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/1ffebd-bd37-4393-a33d-48c03520faf7/1/nbQVjAOURx4Qwj5zIcKA26-Xktg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/1ffebd-bd37-4393-a33d-48c03520faf7/1/axrGkUv4Rz0YC2A4e9CY8dN9rIA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.200.88.0/22
IPv6:
2a0c:69c0::/32
Signature Algorithm: sha256WithRSAEncryption
56:1b:da:58:79:f5:c0:62:cd:28:34:aa:e4:b5:43:a2:6e:94:
54:44:26:7a:11:5d:5f:28:20:16:5d:bb:de:0b:23:22:af:83:
0d:3d:ea:94:af:f9:75:78:1a:b0:6b:e9:a4:4c:82:30:50:56:
34:6e:62:90:be:6c:72:0e:b4:fc:d6:48:3d:40:52:83:53:ba:
83:a9:e9:ef:33:62:73:11:73:ff:42:ae:b5:31:63:19:8c:b8:
bf:70:e2:85:f4:ae:87:59:f8:45:1e:5b:5f:8c:06:1b:cb:ba:
c6:34:d1:d6:f2:09:b0:d5:92:1d:1f:a0:ac:d7:e8:cb:a1:8b:
4e:ef:5e:3f:e5:0f:23:2d:c4:06:5e:4c:dd:a1:9a:42:76:02:
5c:6b:6b:3b:2b:1d:f6:61:b4:36:64:26:c3:62:af:aa:56:f2:
f1:ad:c3:d0:c0:ae:ef:07:61:35:b7:8a:1b:4f:cd:a6:74:66:
ea:fd:79:d7:99:ad:bb:8a:a7:b3:9c:b6:09:36:7c:62:ff:ce:
df:fb:11:85:a6:8d:b5:18:4d:c7:a8:d3:45:4d:fa:98:f1:07:
2b:3d:2b:9c:44:b5:8f:95:53:d0:e5:98:33:33:41:3d:85:ec:
9b:f5:20:0b:68:cb:36:45:a5:0f:13:da:cb:3a:09:34:9e:9a:
e5:7a:36:fd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt7o15odAw2MYay1+jI+uWwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMWFjNjkxNGJmODQ3M2QxODBiNjAzODdiZDA5OGYxZDM3
ZGFjODAwHhcNMjYwMTAxMjIxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGI0MTU4YzAzOTQ0NzFlMTBjMjNlNzMyMWMyODBkYmFmOTc5MmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnqdqJLbIrAt8fwoRPD3tvodzgsgG
gs6HMR7n5sRBrCbwM12iSVT26w838SPO/O7MiK08DuhTPTLnb1gCWkJvZwitcrkO
tm8IqAaaoDLPV96qmmYqkoJOdPh/OdC0pmjq/PPfPGU3f1jKipgH2dtc9mTaXkN7
yPkuWvPALzzuGXXZnHjYKaDiqEJBfE5VwTYW9tBuvceZD6+g58OwixFFwYX6pHRl
WRIxXTJkmL4VdnX2idSWbO7b4+WN7dnL2+Rpf2+++Ax5ul3BDQjZCMiSdqYWuIUj
XiEMW4Pffzhe0b4oEq06PM2CaDL01MggGETRK4Rtw7A0kD3Hy/j1sQjktwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ20FYwDlEceEMI+cyHCgNuvl5LYMB8GA1UdIwQY
MBaAFGsaxpFL+Ec9GAtgOHvQmPHTfayAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXhyR2tVdjRSejBZQzJBNGU5Q1k4ZE45cklBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8xZmZlYmQtYmQzNy00MzkzLWEzM2Qt
NDhjMDM1MjBmYWY3LzEvbmJRVmpBT1VSeDRRd2o1ekljS0EyNi1Ya3RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8xZmZlYmQtYmQzNy00MzkzLWEzM2QtNDhjMDM1MjBmYWY3
LzEvYXhyR2tVdjRSejBZQzJBNGU5Q1k4ZE45cklBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCW8hYMA0E
AgACMAcDBQAqDGnAMA0GCSqGSIb3DQEBCwUAA4IBAQBWG9pYefXAYs0oNKrktUOi
bpRURCZ6EV1fKCAWXbveCyMir4MNPeqUr/l1eBqwa+mkTIIwUFY0bmKQvmxyDrT8
1kg9QFKDU7qDqenvM2JzEXP/Qq61MWMZjLi/cOKF9K6HWfhFHltfjAYby7rGNNHW
8gmw1ZIdH6Cs1+jLoYtO714/5Q8jLcQGXkzdoZpCdgJca2s7Kx32YbQ2ZCbDYq+q
VvLxrcPQwK7vB2E1t4obT82mdGbq/XnXma27iqeznLYJNnxi/87f+xGFpo21GE3H
qNNFTfqY8QcrPSucRLWPlVPQ5ZgzM0E9heyb9SALaMs2RaUPE9rLOgk0nprlejb9
-----END CERTIFICATE-----
Generated at Mon Mar 2 12:33:02 2026 by rpki-client