Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/O6y0AvVf2NrMxWi9_pXMvByFV2c.roa
File: O6y0AvVf2NrMxWi9_pXMvByFV2c.roa (raw, json)
Hash identifier: kSsfZ765k2c/9b+ZAtD60Pp26htfc1uMeirX/vX3b/4=
Subject key identifier: 3B:AC:B4:02:F5:5F:D8:DA:CC:C5:68:BD:FE:95:CC:BC:1C:85:57:67
Certificate issuer: /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial: 019C0670A345E38122311C8BE44990742410
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/O6y0AvVf2NrMxWi9_pXMvByFV2c.roa
Signing time: Wed 28 Jan 2026 21:09:31 +0000
ROA not before: Wed 28 Jan 2026 21:09:31 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 206306
IP address blocks: 2a0d:b842::/32 maxlen: 32
2a0d:b847::/32 maxlen: 32
2a0d:e243::/32 maxlen: 32
2a0e:19c3::/32 maxlen: 32
2a11:ec7::/32 maxlen: 32
2a12:a501::/32 maxlen: 32
2a12:a505::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:06:70:a3:45:e3:81:22:31:1c:8b:e4:49:90:74:24:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Validity
Not Before: Jan 28 21:09:31 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3bacb402f55fd8daccc568bdfe95ccbc1c855767
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:ec:b4:76:17:2f:f3:9c:f6:4c:a6:a3:60:a4:
7d:a2:12:57:b3:a3:a9:24:bf:a7:85:f1:3e:39:78:
30:e1:0b:96:d5:48:34:88:4a:77:fc:c6:98:81:44:
be:3e:2c:93:1d:ba:1b:82:d9:0e:0a:da:1d:74:e9:
0d:23:37:d7:e5:c3:fa:37:72:ca:e3:0a:23:86:c2:
1c:91:38:08:c0:d0:6d:da:5f:f4:4f:88:a1:b0:9c:
54:29:d8:77:b9:0b:c1:78:f9:79:e2:18:1a:a7:4c:
0b:0a:9c:99:5d:09:5e:79:57:63:46:6a:76:e2:b1:
79:e7:f9:4d:c1:b4:83:6c:ec:ad:93:39:e3:d0:49:
a0:82:91:91:24:35:17:2c:90:20:73:15:d2:89:e5:
53:22:ef:f9:82:40:d9:53:ab:65:2d:78:53:70:f3:
e9:38:14:77:9d:c5:27:3e:47:c5:5b:fd:79:c2:65:
b0:8d:19:d3:d6:9c:39:10:8e:00:19:1b:e8:49:28:
aa:18:b7:75:03:f2:94:d4:07:7c:8b:ad:76:d0:46:
2c:39:87:73:d8:5b:99:c9:12:4b:61:fb:16:c0:f2:
6e:64:e9:47:df:c8:91:b0:15:0d:3d:db:4c:b2:5f:
c5:35:7e:77:21:8e:84:0d:f7:2e:f2:d0:54:8d:72:
99:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:AC:B4:02:F5:5F:D8:DA:CC:C5:68:BD:FE:95:CC:BC:1C:85:57:67
X509v3 Authority Key Identifier:
keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/O6y0AvVf2NrMxWi9_pXMvByFV2c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0d:b842::/32
2a0d:b847::/32
2a0d:e243::/32
2a0e:19c3::/32
2a11:ec7::/32
2a12:a501::/32
2a12:a505::/32
Signature Algorithm: sha256WithRSAEncryption
1b:44:04:6f:1f:6e:13:c7:89:ac:b0:47:fe:ea:5a:8f:07:de:
60:74:db:e2:a9:90:ef:da:54:f4:0c:c7:17:37:75:7d:4f:d4:
77:10:8f:23:0c:c4:3f:df:80:63:ab:1d:06:18:d5:e2:c4:32:
78:95:ba:8e:30:85:01:5f:6c:ae:da:f3:b2:11:97:9f:f7:10:
79:bb:c8:0c:3a:09:82:50:d9:a0:58:87:37:5a:6a:01:30:73:
ab:77:2c:2b:37:6d:46:19:3f:fc:8c:b9:b8:26:68:51:02:70:
5b:81:8d:e7:0f:f1:8f:29:3b:11:96:f8:7b:97:bf:c5:c4:08:
0f:c3:2a:a5:18:34:e3:35:be:d2:30:1b:e4:5a:bf:9f:8c:28:
ec:a5:bf:ec:68:68:06:b8:97:f2:18:fb:61:8e:b4:1d:90:5a:
c6:38:70:03:fd:63:66:e3:ad:de:0f:7c:d0:77:dc:25:3f:16:
2c:8e:57:6e:c1:be:5b:62:99:7f:fc:38:2e:ee:3f:88:eb:18:
2b:72:b3:7b:b2:54:20:3e:e7:52:87:6f:4d:ba:88:8e:c4:17:
e0:fa:66:6c:c1:b1:66:00:d8:76:28:fa:8d:54:8a:69:be:be:
21:ce:59:55:d9:10:d0:93:2a:a2:3f:34:64:43:46:12:45:8a:
9f:30:a8:49
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZwGcKNF44EiMRyL5EmQdCQQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwMTI4MjEwOTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmFjYjQwMmY1NWZkOGRhY2NjNTY4YmRmZTk1Y2NiYzFjODU1NzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxey0dhcv85z2TKajYKR9ohJXs6Op
JL+nhfE+OXgw4QuW1Ug0iEp3/MaYgUS+PiyTHbobgtkOCtoddOkNIzfX5cP6N3LK
4wojhsIckTgIwNBt2l/0T4ihsJxUKdh3uQvBePl54hgap0wLCpyZXQleeVdjRmp2
4rF55/lNwbSDbOytkznj0EmggpGRJDUXLJAgcxXSieVTIu/5gkDZU6tlLXhTcPPp
OBR3ncUnPkfFW/15wmWwjRnT1pw5EI4AGRvoSSiqGLd1A/KU1Ad8i6120EYsOYdz
2FuZyRJLYfsWwPJuZOlH38iRsBUNPdtMsl/FNX53IY6EDfcu8tBUjXKZBQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFDustAL1X9jazMVovf6VzLwchVdnMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvTzZ5MEF2VmYyTnJNeFdpOV9wWE12QnlGVjJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAAjAxAwUAKg24QgMF
ACoNuEcDBQAqDeJDAwUAKg4ZwwMFACoRDscDBQAqEqUBAwUAKhKlBTANBgkqhkiG
9w0BAQsFAAOCAQEAG0QEbx9uE8eJrLBH/upajwfeYHTb4qmQ79pU9AzHFzd1fU/U
dxCPIwzEP9+AY6sdBhjV4sQyeJW6jjCFAV9srtrzshGXn/cQebvIDDoJglDZoFiH
N1pqATBzq3csKzdtRhk//Iy5uCZoUQJwW4GN5w/xjyk7EZb4e5e/xcQID8MqpRg0
4zW+0jAb5Fq/n4wo7KW/7GhoBriX8hj7YY60HZBaxjhwA/1jZuOt3g980HfcJT8W
LI5XbsG+W2KZf/w4Lu4/iOsYK3Kze7JUID7nUodvTbqIjsQX4PpmbMGxZgDYdij6
jVSKab6+Ic5ZVdkQ0JMqoj80ZENGEkWKnzCoSQ==
-----END CERTIFICATE-----
Generated at Mon Mar 2 02:57:58 2026 by rpki-client