Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/iERc2hyUhgd9UMtG5zUPQed-Qgk.roa
File: iERc2hyUhgd9UMtG5zUPQed-Qgk.roa (raw, json)
Hash identifier: lUMOt80U6+SkRlcQJCxaP5YyQPpTDBvq1gzC8Me8rMg=
Subject key identifier: 88:44:5C:DA:1C:94:86:07:7D:50:CB:46:E7:35:0F:41:E7:7E:42:09
Certificate issuer: /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial: 019D6AD55A0FA2EE13DF7A12426ED8466320
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/iERc2hyUhgd9UMtG5zUPQed-Qgk.roa
Signing time: Wed 08 Apr 2026 02:04:20 +0000
ROA not before: Wed 08 Apr 2026 02:04:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 20473
IP address blocks: 2a06:9801:214::/48 maxlen: 48
2a06:9801:267::/48 maxlen: 48
2a06:9801:280::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 02:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:6a:d5:5a:0f:a2:ee:13:df:7a:12:42:6e:d8:46:63:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
Validity
Not Before: Apr 8 02:04:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=88445cda1c9486077d50cb46e7350f41e77e4209
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:a9:39:a4:23:0a:40:b2:24:2f:67:d2:d3:b8:
cf:fd:bb:e5:6a:90:96:d9:86:c7:2f:fd:9f:c2:fd:
ee:af:9e:cf:0a:e1:a3:ff:65:31:ee:e2:bf:3a:c4:
c8:23:b2:da:ee:7b:f0:46:aa:b1:ed:ac:28:23:82:
ad:eb:03:62:e0:ed:50:1c:82:5a:71:49:35:a6:d7:
e6:ec:bb:c9:6d:8d:64:64:3d:7e:02:9c:1b:9d:e0:
52:15:1f:c4:d8:27:af:9a:7c:a0:8c:11:5e:92:5e:
89:6b:2d:6f:a4:2a:96:10:62:4e:77:c6:7f:e2:08:
8c:b0:d1:10:bc:6b:3c:b5:bb:10:a9:62:05:84:df:
0f:30:19:14:81:45:c0:eb:f5:b0:8f:ec:fa:ec:47:
5b:01:a9:b8:23:10:b2:85:34:44:0f:c0:34:05:70:
1d:bd:b5:4a:b1:fd:97:c0:44:92:3f:c8:cc:e2:e8:
28:a6:e9:ce:2d:bb:4a:f6:0f:18:ad:fa:c4:a0:64:
ed:7b:2f:76:1a:1c:b4:75:cc:de:11:a2:72:05:82:
ce:ea:45:d4:30:f2:50:bf:93:1e:43:3d:33:82:06:
04:a2:47:ca:71:52:39:c6:58:89:8f:bc:47:34:d4:
c2:77:e3:55:31:ec:90:df:75:73:0f:e0:64:e6:40:
e2:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:44:5C:DA:1C:94:86:07:7D:50:CB:46:E7:35:0F:41:E7:7E:42:09
X509v3 Authority Key Identifier:
keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/iERc2hyUhgd9UMtG5zUPQed-Qgk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a06:9801:214::/48
2a06:9801:267::/48
2a06:9801:280::/48
Signature Algorithm: sha256WithRSAEncryption
02:18:28:94:26:2b:f4:19:09:9d:fb:5e:5f:b7:d7:73:13:0c:
95:a3:3c:f2:d2:8f:dd:84:d9:60:0c:8d:db:10:aa:d9:99:75:
73:6b:c1:b8:1b:90:a8:73:9a:4f:7d:83:ba:f5:f2:be:b5:94:
37:e0:1f:7b:ad:79:87:97:70:5a:c7:b4:ac:10:61:4b:72:bf:
c9:05:2c:6f:b3:88:29:6d:6a:56:4a:da:22:4f:22:3a:3a:d8:
c8:cc:19:cc:28:84:4a:67:20:71:e4:69:61:ab:b1:f8:e9:21:
a6:49:3e:48:95:05:40:4f:10:1c:c3:82:0e:e7:e3:b0:73:4f:
77:68:c8:f3:57:14:4d:00:37:59:6f:93:01:21:6e:15:18:81:
a7:0f:62:a9:2b:a5:58:52:01:39:d8:1a:02:48:74:0e:ca:10:
1f:cf:d6:f9:11:33:4a:01:07:71:27:ab:e2:37:56:c0:c8:32:
cb:d0:a2:b8:73:38:69:f7:13:60:df:88:07:bd:b5:da:7b:a5:
83:52:fc:80:f0:de:c2:8e:a7:81:a5:a8:1a:5e:6b:d5:3a:e5:
ef:44:8d:61:f1:bc:38:10:65:bc:0d:e9:79:85:b7:df:39:39:
88:8c:53:5e:81:32:65:43:3a:b8:19:f8:cf:ba:85:6e:92:87:
ac:02:7c:cb
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ1q1VoPou4T33oSQm7YRmMgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNDA4MDIwNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODQ0NWNkYTFjOTQ4NjA3N2Q1MGNiNDZlNzM1MGY0MWU3N2U0MjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56k5pCMKQLIkL2fS07jP/bvlapCW
2YbHL/2fwv3ur57PCuGj/2Ux7uK/OsTII7La7nvwRqqx7awoI4Kt6wNi4O1QHIJa
cUk1ptfm7LvJbY1kZD1+ApwbneBSFR/E2CevmnygjBFekl6Jay1vpCqWEGJOd8Z/
4giMsNEQvGs8tbsQqWIFhN8PMBkUgUXA6/Wwj+z67EdbAam4IxCyhTRED8A0BXAd
vbVKsf2XwESSP8jM4ugopunOLbtK9g8YrfrEoGTtey92Ghy0dczeEaJyBYLO6kXU
MPJQv5MeQz0zggYEokfKcVI5xliJj7xHNNTCd+NVMeyQ33VzD+Bk5kDi+wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIhEXNoclIYHfVDLRuc1D0HnfkIJMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvaUVSYzJoeVVoZ2Q5VU10RzV6VVBRZWQtUWdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKgaYAQIU
AwcAKgaYAQJnAwcAKgaYAQKAMA0GCSqGSIb3DQEBCwUAA4IBAQACGCiUJiv0GQmd
+15ft9dzEwyVozzy0o/dhNlgDI3bEKrZmXVza8G4G5Coc5pPfYO69fK+tZQ34B97
rXmHl3Bax7SsEGFLcr/JBSxvs4gpbWpWStoiTyI6OtjIzBnMKIRKZyBx5Glhq7H4
6SGmST5IlQVATxAcw4IO5+Owc093aMjzVxRNADdZb5MBIW4VGIGnD2KpK6VYUgE5
2BoCSHQOyhAfz9b5ETNKAQdxJ6viN1bAyDLL0KK4czhp9xNg34gHvbXae6WDUvyA
8N7CjqeBpagaXmvVOuXvRI1h8bw4EGW8Del5hbffOTmIjFNegTJlQzq4GfjPuoVu
koesAnzL
-----END CERTIFICATE-----
Generated at Sun Apr 19 10:15:51 2026 by rpki-client