Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/O9rqaflBtIrZMFU4yx_kg_9xPyU.roa
File: O9rqaflBtIrZMFU4yx_kg_9xPyU.roa (raw, json)
Hash identifier: 5bvfMOGO3bzYhXnBDQ9LEiKMN4Sn1bfX7T0pXHZoGE8=
Subject key identifier: 3B:DA:EA:69:F9:41:B4:8A:D9:30:55:38:CB:1F:E4:83:FF:71:3F:25
Certificate issuer: /CN=993e814676f32f264771c7ad767a4df87d3c63e2
Certificate serial: 019D74B100CBD9C2A80FB342E55B4C0271C3
Authority key identifier: 99:3E:81:46:76:F3:2F:26:47:71:C7:AD:76:7A:4D:F8:7D:3C:63:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mT6BRnbzLyZHccetdnpN-H08Y-I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/O9rqaflBtIrZMFU4yx_kg_9xPyU.roa
Signing time: Fri 10 Apr 2026 00:00:50 +0000
ROA not before: Fri 10 Apr 2026 00:00:50 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 215563
IP address blocks: 2a0d:b083::/32 maxlen: 33
2a0d:b083:8000::/33 maxlen: 33
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/mT6BRnbzLyZHccetdnpN-H08Y-I.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/mT6BRnbzLyZHccetdnpN-H08Y-I.mft
rsync://rpki.ripe.net/repository/DEFAULT/mT6BRnbzLyZHccetdnpN-H08Y-I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:74:b1:00:cb:d9:c2:a8:0f:b3:42:e5:5b:4c:02:71:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=993e814676f32f264771c7ad767a4df87d3c63e2
Validity
Not Before: Apr 10 00:00:50 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3bdaea69f941b48ad9305538cb1fe483ff713f25
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:ce:73:a9:3c:fe:4f:6e:32:6e:05:fa:a7:bb:
3a:b4:66:8d:78:3c:41:0d:63:38:21:06:be:5e:de:
73:6a:db:9b:96:17:e4:f9:ae:72:ca:34:f0:b7:6d:
62:9d:af:92:74:1d:0f:14:57:34:96:26:bb:74:0b:
95:05:18:64:56:02:43:6b:2c:f1:f5:b0:51:c3:c7:
08:ee:f3:a9:2d:02:02:80:8a:42:35:7f:4b:c1:e3:
a7:3d:35:52:ff:66:74:a3:e5:51:e0:b2:e3:a0:85:
27:e4:a2:b2:0c:b4:00:a8:6f:c7:d1:d4:23:32:61:
1b:74:6c:51:1e:a0:f5:4a:35:68:d9:1a:65:65:76:
9a:b1:2b:f7:cc:3c:a6:fa:bd:dc:28:ca:76:ae:97:
3a:73:8c:a6:04:d8:24:e4:a7:86:56:ca:f5:54:a7:
73:52:52:2c:95:a6:dc:7e:1e:dd:b2:6b:7f:17:e0:
26:ec:b9:b3:58:39:fd:f1:a7:17:92:42:ea:24:59:
d1:ae:e8:f0:53:48:16:ef:92:7f:f1:71:d0:c2:b0:
41:30:c0:6d:13:47:1c:40:d5:c8:50:19:7c:9f:59:
87:30:f8:ae:f7:c1:63:55:18:84:7d:af:7d:ca:8d:
b2:d6:50:3b:56:e9:97:2e:f7:15:55:e0:1c:b9:f4:
a5:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:DA:EA:69:F9:41:B4:8A:D9:30:55:38:CB:1F:E4:83:FF:71:3F:25
X509v3 Authority Key Identifier:
keyid:99:3E:81:46:76:F3:2F:26:47:71:C7:AD:76:7A:4D:F8:7D:3C:63:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mT6BRnbzLyZHccetdnpN-H08Y-I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/O9rqaflBtIrZMFU4yx_kg_9xPyU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/mT6BRnbzLyZHccetdnpN-H08Y-I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0d:b083::/32
Signature Algorithm: sha256WithRSAEncryption
51:97:99:08:3c:92:5c:28:61:76:f8:22:d8:35:f2:2c:27:0e:
55:c2:63:3c:f8:d0:0f:26:c5:67:36:f0:16:ee:48:d6:3c:73:
c9:4e:0d:12:3d:3f:3f:a1:b6:11:0c:3b:0f:cf:5e:e5:02:10:
ba:2d:01:9b:c9:ca:54:ed:4d:68:0d:40:83:22:0b:45:ea:94:
63:b8:aa:a0:50:37:55:1f:d7:bb:69:07:9d:07:3b:4b:ca:61:
84:7d:81:f9:86:4a:4b:1e:43:15:8b:b3:24:eb:00:0b:8e:db:
6a:6d:13:46:03:77:3a:58:41:e1:fd:33:94:7a:59:37:f7:a7:
3d:46:95:64:40:d7:b4:b2:be:d8:93:11:47:bd:4b:8b:7b:35:
8c:6f:0b:b1:fa:4a:a3:1f:e4:5a:8a:4a:62:70:77:dc:83:35:
da:b8:97:17:16:25:72:20:74:0e:e1:ec:9f:30:db:1b:44:60:
11:79:3f:ef:ab:63:b5:85:27:cc:e4:f1:38:d1:e7:46:52:ae:
22:01:5a:c1:01:2b:43:82:56:95:5b:5e:5b:36:04:52:0d:88:
3c:fa:20:61:79:1f:09:ea:2a:4d:17:88:ac:85:74:1c:1b:ed:
08:92:ae:55:fe:d6:ab:d2:f3:28:fa:be:f4:a0:4a:89:09:05:
67:01:cc:cb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ10sQDL2cKoD7NC5VtMAnHDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5M2U4MTQ2NzZmMzJmMjY0NzcxYzdhZDc2N2E0ZGY4N2Qz
YzYzZTIwHhcNMjYwNDEwMDAwMDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmRhZWE2OWY5NDFiNDhhZDkzMDU1MzhjYjFmZTQ4M2ZmNzEzZjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus5zqTz+T24ybgX6p7s6tGaNeDxB
DWM4IQa+Xt5zatublhfk+a5yyjTwt21ina+SdB0PFFc0lia7dAuVBRhkVgJDayzx
9bBRw8cI7vOpLQICgIpCNX9LweOnPTVS/2Z0o+VR4LLjoIUn5KKyDLQAqG/H0dQj
MmEbdGxRHqD1SjVo2RplZXaasSv3zDym+r3cKMp2rpc6c4ymBNgk5KeGVsr1VKdz
UlIslabcfh7dsmt/F+Am7LmzWDn98acXkkLqJFnRrujwU0gW75J/8XHQwrBBMMBt
E0ccQNXIUBl8n1mHMPiu98FjVRiEfa99yo2y1lA7VumXLvcVVeAcufSlAQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDva6mn5QbSK2TBVOMsf5IP/cT8lMB8GA1UdIwQY
MBaAFJk+gUZ28y8mR3HHrXZ6Tfh9PGPiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVQ2QlJuYnpMeVpIY2NldGRucE4tSDA4WS1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9jMzIxZjUtZDYxMS00MjE4LWFmMWYt
NDhjYjBmY2I5MGMzLzEvTzlycWFmbEJ0SXJaTUZVNHl4X2tnXzl4UHlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9jMzIxZjUtZDYxMS00MjE4LWFmMWYtNDhjYjBmY2I5MGMz
LzEvbVQ2QlJuYnpMeVpIY2NldGRucE4tSDA4WS1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg2wgzAN
BgkqhkiG9w0BAQsFAAOCAQEAUZeZCDySXChhdvgi2DXyLCcOVcJjPPjQDybFZzbw
Fu5I1jxzyU4NEj0/P6G2EQw7D89e5QIQui0Bm8nKVO1NaA1AgyILReqUY7iqoFA3
VR/Xu2kHnQc7S8phhH2B+YZKSx5DFYuzJOsAC47bam0TRgN3OlhB4f0zlHpZN/en
PUaVZEDXtLK+2JMRR71Li3s1jG8LsfpKox/kWopKYnB33IM12riXFxYlciB0DuHs
nzDbG0RgEXk/76tjtYUnzOTxONHnRlKuIgFawQErQ4JWlVteWzYEUg2IPPogYXkf
CeoqTReIrIV0HBvtCJKuVf7Wq9LzKPq+9KBKiQkFZwHMyw==
-----END CERTIFICATE-----
Generated at Fri Apr 17 15:07:34 2026 by rpki-client