Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/2ZGMZIs7EcRssd1CLQZ2oFdwovc.roa
File: 2ZGMZIs7EcRssd1CLQZ2oFdwovc.roa (raw, json)
Hash identifier: FJX0xf+6Khi1sD3/MsuRXxTtmPMBormQPs9DPh9iWwQ=
Subject key identifier: D9:91:8C:64:8B:3B:11:C4:6C:B1:DD:42:2D:06:76:A0:57:70:A2:F7
Certificate issuer: /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial: 019D74E902D5E4FF905D4C0454CC65890084
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/2ZGMZIs7EcRssd1CLQZ2oFdwovc.roa
Signing time: Fri 10 Apr 2026 01:02:00 +0000
ROA not before: Fri 10 Apr 2026 01:02:00 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 201667
IP address blocks: 2a06:9801:1e::/48 maxlen: 48
2a06:9801:c5::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:74:e9:02:d5:e4:ff:90:5d:4c:04:54:cc:65:89:00:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
Validity
Not Before: Apr 10 01:02:00 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d9918c648b3b11c46cb1dd422d0676a05770a2f7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:ba:fc:cb:24:f9:1d:d6:49:af:f1:e8:ea:f9:
34:b9:95:73:0e:71:22:f1:8d:97:ea:02:ee:8c:40:
b8:a8:1d:a3:03:31:51:bd:a5:54:66:da:26:92:31:
05:aa:da:8a:93:dc:4f:37:14:45:d1:2d:bc:65:fe:
a0:38:5f:3f:fe:d0:af:f8:e2:b1:e1:00:9e:cf:39:
45:c7:1b:56:47:1c:88:95:ee:7a:c5:81:c2:0f:5b:
c2:e8:01:0d:20:24:8f:50:72:49:31:4e:65:d3:0b:
15:7c:c3:36:17:73:7d:d7:4e:5e:d2:4f:35:e6:a7:
ad:3d:c5:97:93:b2:e6:d6:28:f6:2f:1c:00:8b:b2:
b0:cf:55:a6:7d:61:a2:69:36:f6:ea:71:ba:23:eb:
af:bd:50:fc:4c:8e:16:df:68:a1:fe:4a:ca:15:7c:
56:5c:ec:24:ac:04:4f:ef:97:97:e4:2c:5b:ee:19:
f8:f3:3a:44:6d:00:b3:60:f4:2f:b8:97:73:40:a6:
ed:fc:bb:2e:02:9f:71:0e:a5:68:24:f4:e7:94:4c:
42:bd:9b:45:ea:c1:c5:26:fa:c1:05:73:41:e7:c7:
23:c0:5e:9d:c7:94:6e:9a:4a:fd:58:58:05:ee:40:
18:01:66:86:b4:11:1d:35:9c:b8:52:a4:bc:cb:d5:
b6:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:91:8C:64:8B:3B:11:C4:6C:B1:DD:42:2D:06:76:A0:57:70:A2:F7
X509v3 Authority Key Identifier:
keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/2ZGMZIs7EcRssd1CLQZ2oFdwovc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a06:9801:1e::/48
2a06:9801:c5::/48
Signature Algorithm: sha256WithRSAEncryption
80:f0:d8:01:4c:2c:36:6b:86:e1:e1:6f:6f:a2:53:13:b3:9e:
40:b0:c1:2b:e9:97:17:f2:08:a2:1b:b2:d3:7e:6c:88:0b:6c:
fc:53:80:eb:78:06:ff:7a:a8:ed:88:3d:70:a9:ce:06:e1:4d:
b2:e3:f4:56:7f:0c:f4:e5:4f:d3:43:07:86:ae:6b:5d:04:0e:
f5:4a:27:8c:ac:66:82:da:4c:d9:d1:b6:47:a5:ac:c7:1f:f3:
76:d5:28:18:17:14:ce:d9:29:a4:a7:86:f4:f5:ed:9c:bf:e2:
d5:0a:ef:7b:62:7a:8c:6f:49:52:24:b6:7d:e3:33:6b:c9:d5:
4a:00:db:36:96:18:ed:b4:3f:91:f1:5c:cb:98:be:49:5c:ba:
35:98:6a:57:00:40:a9:1c:d0:25:ea:23:88:83:97:0e:a3:0b:
40:c2:01:eb:9c:20:e9:6c:83:00:b0:87:4b:dd:b8:55:88:86:
37:46:70:2c:29:52:76:8c:88:53:75:13:54:81:bd:b7:c8:02:
74:cb:af:d7:99:ca:16:37:10:ed:bb:56:d7:53:82:46:ba:6b:
38:da:90:b2:a4:81:cb:66:58:b9:64:8b:5f:6e:96:37:f0:a2:
95:77:e6:20:ec:70:ef:12:57:da:5e:70:5f:e7:0b:55:2f:69:
c0:b8:29:18
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ106QLV5P+QXUwEVMxliQCEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNDEwMDEwMjAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTkxOGM2NDhiM2IxMWM0NmNiMWRkNDIyZDA2NzZhMDU3NzBhMmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrr8yyT5HdZJr/Ho6vk0uZVzDnEi
8Y2X6gLujEC4qB2jAzFRvaVUZtomkjEFqtqKk9xPNxRF0S28Zf6gOF8//tCv+OKx
4QCezzlFxxtWRxyIle56xYHCD1vC6AENICSPUHJJMU5l0wsVfMM2F3N9105e0k81
5qetPcWXk7Lm1ij2LxwAi7Kwz1WmfWGiaTb26nG6I+uvvVD8TI4W32ih/krKFXxW
XOwkrARP75eX5Cxb7hn48zpEbQCzYPQvuJdzQKbt/LsuAp9xDqVoJPTnlExCvZtF
6sHFJvrBBXNB58cjwF6dx5Rumkr9WFgF7kAYAWaGtBEdNZy4UqS8y9W2HwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNmRjGSLOxHEbLHdQi0GdqBXcKL3MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvMlpHTVpJczdFY1Jzc2QxQ0xRWjJvRmR3b3ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgaYAQAe
AwcAKgaYAQDFMA0GCSqGSIb3DQEBCwUAA4IBAQCA8NgBTCw2a4bh4W9volMTs55A
sMEr6ZcX8giiG7LTfmyIC2z8U4DreAb/eqjtiD1wqc4G4U2y4/RWfwz05U/TQweG
rmtdBA71SieMrGaC2kzZ0bZHpazHH/N21SgYFxTO2Smkp4b09e2cv+LVCu97YnqM
b0lSJLZ94zNrydVKANs2lhjttD+R8VzLmL5JXLo1mGpXAECpHNAl6iOIg5cOowtA
wgHrnCDpbIMAsIdL3bhViIY3RnAsKVJ2jIhTdRNUgb23yAJ0y6/XmcoWNxDtu1bX
U4JGums42pCypIHLZli5ZItfbpY38KKVd+Yg7HDvElfaXnBf5wtVL2nAuCkY
-----END CERTIFICATE-----
Generated at Fri Apr 17 16:02:20 2026 by rpki-client