Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/dde351-79a2-43a4-81b9-6c9b48bdbfe5/1/t7k_beV3qkNWRdLGwtpfAS6V7HA.roa
File: t7k_beV3qkNWRdLGwtpfAS6V7HA.roa (raw, json)
Hash identifier: vZai5iXmOI1X+EFyUMtGKdKYCWdym2JXQnnjYc/fJOI=
Subject key identifier: B7:B9:3F:6D:E5:77:AA:43:56:45:D2:C6:C2:DA:5F:01:2E:95:EC:70
Certificate issuer: /CN=42d9ec5e228b4af7f03c345bc3967f51d6ff8a09
Certificate serial: 019C47B691DA51A657CAB76E131B2784755D
Authority key identifier: 42:D9:EC:5E:22:8B:4A:F7:F0:3C:34:5B:C3:96:7F:51:D6:FF:8A:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QtnsXiKLSvfwPDRbw5Z_Udb_igk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/dde351-79a2-43a4-81b9-6c9b48bdbfe5/1/t7k_beV3qkNWRdLGwtpfAS6V7HA.roa
Signing time: Tue 10 Feb 2026 13:21:13 +0000
ROA not before: Tue 10 Feb 2026 13:21:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 57707
IP address blocks: 171.25.220.0/23 maxlen: 32
171.25.222.0/24 maxlen: 32
2001:678:88c::/48 maxlen: 128
2a11:db80::/29 maxlen: 128
2a11:db80::/32 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/62/dde351-79a2-43a4-81b9-6c9b48bdbfe5/1/QtnsXiKLSvfwPDRbw5Z_Udb_igk.crl
rsync://rpki.ripe.net/repository/DEFAULT/62/dde351-79a2-43a4-81b9-6c9b48bdbfe5/1/QtnsXiKLSvfwPDRbw5Z_Udb_igk.mft
rsync://rpki.ripe.net/repository/DEFAULT/QtnsXiKLSvfwPDRbw5Z_Udb_igk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:47:b6:91:da:51:a6:57:ca:b7:6e:13:1b:27:84:75:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=42d9ec5e228b4af7f03c345bc3967f51d6ff8a09
Validity
Not Before: Feb 10 13:21:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b7b93f6de577aa435645d2c6c2da5f012e95ec70
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:41:53:11:2b:98:11:86:ed:8d:8f:95:6b:3f:
ca:2d:80:8c:cc:4a:b7:07:2a:3e:02:fb:8c:f5:fb:
1b:3c:3c:34:69:1e:21:94:1e:7b:d7:2a:cf:74:d7:
8b:0c:db:04:32:58:83:87:71:29:80:99:33:f6:06:
3f:82:58:ca:d9:5b:df:cf:1c:ab:94:de:25:5c:3d:
93:1e:d1:1f:88:05:2e:4c:56:c6:8a:3b:52:7d:fa:
56:23:f9:fe:a4:e3:0a:02:20:b1:93:e2:a5:86:53:
be:8f:03:86:94:b8:e2:a3:82:3f:08:1a:a9:4d:d8:
c9:81:40:3b:1a:ab:58:3d:d7:0d:7c:b4:04:4b:16:
d3:6a:bb:a5:bd:d3:33:82:b8:f8:91:dd:d0:6a:eb:
27:1d:15:e3:0f:de:db:5f:cc:85:47:1e:93:12:3b:
7d:3a:00:62:af:97:e2:1a:d5:47:e1:cf:49:1b:0f:
10:67:9b:d9:91:92:e0:d5:59:cc:2e:b7:f7:7a:a6:
e4:fc:95:78:e4:96:9d:a2:a3:8a:3f:e8:a8:0f:db:
ec:79:5e:06:a5:80:df:bb:9b:30:3f:de:71:3f:b4:
79:5e:9d:d5:cf:a0:c4:47:82:28:0e:52:e6:dc:13:
78:ab:ec:aa:b2:6f:74:35:3f:33:fc:eb:a9:79:83:
74:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:B9:3F:6D:E5:77:AA:43:56:45:D2:C6:C2:DA:5F:01:2E:95:EC:70
X509v3 Authority Key Identifier:
keyid:42:D9:EC:5E:22:8B:4A:F7:F0:3C:34:5B:C3:96:7F:51:D6:FF:8A:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QtnsXiKLSvfwPDRbw5Z_Udb_igk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/dde351-79a2-43a4-81b9-6c9b48bdbfe5/1/t7k_beV3qkNWRdLGwtpfAS6V7HA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/dde351-79a2-43a4-81b9-6c9b48bdbfe5/1/QtnsXiKLSvfwPDRbw5Z_Udb_igk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
171.25.220.0-171.25.222.255
IPv6:
2001:678:88c::/48
2a11:db80::/29
Signature Algorithm: sha256WithRSAEncryption
92:03:21:e0:06:f4:9e:e3:ad:de:ac:20:52:f8:d7:09:27:f1:
35:0d:74:33:dc:04:ed:8d:cc:57:3f:03:b8:d3:f4:e7:ba:8a:
bf:4c:07:69:b8:b7:42:ac:f7:9f:90:31:22:28:75:7d:08:e9:
63:df:d6:e3:b5:2e:7e:13:00:3b:ca:c6:dc:cd:91:3d:fc:bf:
15:47:d1:aa:d9:a7:ab:c6:73:3d:68:a2:3c:64:08:e2:ce:e2:
b5:1e:cf:b7:e7:96:96:c7:20:e2:4e:c2:b7:84:ec:af:db:98:
d5:20:6a:ef:4a:03:56:c9:1c:35:55:f6:2a:8a:e5:4f:7d:60:
4b:bc:ff:04:55:60:dc:f6:e3:4b:5b:4b:a8:aa:69:51:bc:fa:
38:0e:7a:c6:68:30:02:ee:88:2b:68:98:64:03:d5:6f:e7:4d:
a5:0a:50:96:f4:9b:74:a7:e0:46:70:e6:5d:d8:4c:5a:d1:b5:
03:9a:d2:67:a0:bf:81:46:c9:92:0b:f5:11:fc:56:a9:8c:ee:
13:56:7b:ca:ac:2d:e5:8a:31:76:e6:e2:d8:27:5a:57:ee:f2:
ba:14:94:86:2c:13:ab:b5:bc:94:cf:d7:a5:df:dc:71:6d:20:
45:de:16:c3:07:1a:81:d6:a1:53:a0:06:ea:39:be:35:b5:e2:
20:4b:fe:7f
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZxHtpHaUaZXyrduExsnhHVdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZDllYzVlMjI4YjRhZjdmMDNjMzQ1YmMzOTY3ZjUxZDZm
ZjhhMDkwHhcNMjYwMjEwMTMyMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2I5M2Y2ZGU1NzdhYTQzNTY0NWQyYzZjMmRhNWYwMTJlOTVlYzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UFTESuYEYbtjY+Vaz/KLYCMzEq3
Byo+AvuM9fsbPDw0aR4hlB571yrPdNeLDNsEMliDh3EpgJkz9gY/gljK2Vvfzxyr
lN4lXD2THtEfiAUuTFbGijtSffpWI/n+pOMKAiCxk+KlhlO+jwOGlLjio4I/CBqp
TdjJgUA7GqtYPdcNfLQESxbTarulvdMzgrj4kd3QausnHRXjD97bX8yFRx6TEjt9
OgBir5fiGtVH4c9JGw8QZ5vZkZLg1VnMLrf3eqbk/JV45JadoqOKP+ioD9vseV4G
pYDfu5swP95xP7R5Xp3Vz6DER4IoDlLm3BN4q+yqsm90NT8z/OupeYN0GQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFLe5P23ld6pDVkXSxsLaXwEulexwMB8GA1UdIwQY
MBaAFELZ7F4ii0r38Dw0W8OWf1HW/4oJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXRuc1hpS0xTdmZ3UERSYnc1Wl9VZGJfaWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9kZGUzNTEtNzlhMi00M2E0LTgxYjkt
NmM5YjQ4YmRiZmU1LzEvdDdrX2JlVjNxa05XUmRMR3d0cGZBUzZWN0hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9kZGUzNTEtNzlhMi00M2E0LTgxYjktNmM5YjQ4YmRiZmU1
LzEvUXRuc1hpS0xTdmZ3UERSYnc1Wl9VZGJfaWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAUBAIAATAOMAwDBAKrGdwD
BACrGd4wFgQCAAIwEAMHACABBngIjAMFAyoR24AwDQYJKoZIhvcNAQELBQADggEB
AJIDIeAG9J7jrd6sIFL41wkn8TUNdDPcBO2NzFc/A7jT9Oe6ir9MB2m4t0Ks95+Q
MSIodX0I6WPf1uO1Ln4TADvKxtzNkT38vxVH0arZp6vGcz1oojxkCOLO4rUez7fn
lpbHIOJOwreE7K/bmNUgau9KA1bJHDVV9iqK5U99YEu8/wRVYNz240tbS6iqaVG8
+jgOesZoMALuiCtomGQD1W/nTaUKUJb0m3Sn4EZw5l3YTFrRtQOa0megv4FGyZIL
9RH8VqmM7hNWe8qsLeWKMXbm4tgnWlfu8roUlIYsE6u1vJTP16Xf3HFtIEXeFsMH
GoHWoVOgBuo5vjW14iBL/n8=
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:28:45 2026 by rpki-client