Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/UyVAFR0gphSEN1GFg9PolDmdUlE.roa
File: UyVAFR0gphSEN1GFg9PolDmdUlE.roa (raw, json)
Hash identifier: ZDwbLJzAZIlbx73UMk/ihv+OV2VksmCerH9QUd5Oa88=
Subject key identifier: 53:25:40:15:1D:20:A6:14:84:37:51:85:83:D3:E8:94:39:9D:52:51
Certificate issuer: /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial: 019C1B706730A799546E956A7FD1AF50AF19
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/UyVAFR0gphSEN1GFg9PolDmdUlE.roa
Signing time: Sun 01 Feb 2026 23:01:17 +0000
ROA not before: Sun 01 Feb 2026 23:01:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213702
IP address blocks: 2a12:bec4:150::/44 maxlen: 44
2a12:bec4:1460::/44 maxlen: 44
2a12:bec4:1a70::/44 maxlen: 44
2a12:bec4:1a80::/44 maxlen: 44
2a12:bec4:1c70::/44 maxlen: 44
2a12:bec4:1c80::/44 maxlen: 44
2a12:bec4:1c90::/44 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:1b:70:67:30:a7:99:54:6e:95:6a:7f:d1:af:50:af:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Validity
Not Before: Feb 1 23:01:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=532540151d20a6148437518583d3e894399d5251
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:f9:ef:0d:0c:cf:c5:6c:78:cd:67:57:23:f9:
04:e1:5a:3c:70:54:63:d1:d2:87:de:9e:d5:78:a5:
a2:63:f8:52:00:fe:f6:a3:58:59:c2:de:04:c8:7c:
5d:d3:07:c7:d4:79:9d:eb:19:a2:3f:bd:c4:fd:0a:
3f:2e:4b:96:da:e5:c4:51:c8:5a:a4:10:25:8a:e7:
22:e6:e3:0d:d1:b9:8a:4e:62:65:89:6b:2c:1b:bf:
fe:1e:7b:56:52:cb:87:a3:51:c6:71:8a:1d:a4:ae:
90:ed:3b:4f:2b:1c:e5:55:d0:2d:52:0b:e8:88:30:
96:ba:b7:1a:53:7d:ec:9f:6d:2f:d0:cd:d2:e3:87:
b0:b6:2b:22:6a:74:15:b7:34:57:68:85:52:77:7a:
3e:26:ef:1c:93:1f:7d:95:02:43:a8:bf:3f:b4:d5:
3d:a8:02:92:71:7a:58:85:ba:e6:3c:77:00:5e:02:
d4:fb:c5:f2:46:47:30:63:45:1f:39:66:91:d3:9f:
1e:2c:6f:4d:5a:17:fd:9d:91:db:76:b6:31:b8:01:
92:2a:ac:f0:8d:91:3a:38:1f:59:ea:2a:ba:dd:7c:
1c:dc:dd:a7:c7:ab:0d:93:19:4a:93:1f:76:55:c5:
37:15:17:8c:9a:9f:29:2b:91:14:c5:06:73:12:94:
f6:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:25:40:15:1D:20:A6:14:84:37:51:85:83:D3:E8:94:39:9D:52:51
X509v3 Authority Key Identifier:
keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/UyVAFR0gphSEN1GFg9PolDmdUlE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:bec4:150::/44
2a12:bec4:1460::/44
2a12:bec4:1a70::-2a12:bec4:1a8f:ffff:ffff:ffff:ffff:ffff
2a12:bec4:1c70::-2a12:bec4:1c9f:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
c3:86:9b:65:50:01:47:cd:12:51:eb:b1:29:83:27:64:5a:93:
89:13:87:b6:f8:f2:f8:c4:1b:df:b2:cc:76:fe:33:d7:cb:58:
f8:23:a4:18:3e:77:bb:97:f0:7f:59:b3:f2:64:36:8b:ba:6d:
27:5a:4e:30:39:3a:90:10:e5:c0:c9:66:fb:28:00:9e:fd:f0:
05:25:9a:af:31:45:44:d2:21:1c:67:8e:a9:ce:f5:37:ad:74:
c8:ff:5c:b5:09:6f:23:64:30:64:9e:9d:35:69:34:e7:1b:79:
92:fd:68:f8:73:90:48:f6:e0:68:1b:0c:3c:46:9e:eb:bb:3d:
8c:d5:ec:73:d4:bc:31:ed:ff:c4:72:52:6d:90:c1:94:0f:7b:
8d:c7:cb:05:ba:24:78:9a:a7:02:6d:8b:0d:47:93:14:a3:31:
6e:8d:b9:59:1d:80:6f:ee:85:2f:43:52:ea:a8:af:58:ab:bf:
9b:db:c1:3e:f0:c3:ee:4d:df:18:4f:e2:f8:e2:3c:9a:27:66:
6e:45:95:6a:bf:7b:c7:eb:78:d5:20:61:cd:dd:c0:c7:47:d2:
31:28:97:7d:6c:60:cc:bd:bc:fb:d0:b0:1c:85:24:aa:41:a1:
54:01:6f:b3:29:8a:21:e5:3c:2b:49:c6:2b:47:81:64:ab:52:
f8:d5:5e:ba
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZwbcGcwp5lUbpVqf9GvUK8ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjYwMjAxMjMwMTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzI1NDAxNTFkMjBhNjE0ODQzNzUxODU4M2QzZTg5NDM5OWQ1MjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPnvDQzPxWx4zWdXI/kE4Vo8cFRj
0dKH3p7VeKWiY/hSAP72o1hZwt4EyHxd0wfH1Hmd6xmiP73E/Qo/LkuW2uXEUcha
pBAliuci5uMN0bmKTmJliWssG7/+HntWUsuHo1HGcYodpK6Q7TtPKxzlVdAtUgvo
iDCWurcaU33sn20v0M3S44ewtisianQVtzRXaIVSd3o+Ju8ckx99lQJDqL8/tNU9
qAKScXpYhbrmPHcAXgLU+8XyRkcwY0UfOWaR058eLG9NWhf9nZHbdrYxuAGSKqzw
jZE6OB9Z6iq63Xwc3N2nx6sNkxlKkx92VcU3FReMmp8pK5EUxQZzEpT2QwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFFMlQBUdIKYUhDdRhYPT6JQ5nVJRMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvVXlWQUZSMGdwaFNFTjFHRmc5UG9sRG1kVWxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAAjA6AwcEKhK+xAFQ
AwcEKhK+xBRgMBIDBwQqEr7EGnADBwQqEr7EGoAwEgMHBCoSvsQccAMHBSoSvsQc
gDANBgkqhkiG9w0BAQsFAAOCAQEAw4abZVABR80SUeuxKYMnZFqTiROHtvjy+MQb
37LMdv4z18tY+COkGD53u5fwf1mz8mQ2i7ptJ1pOMDk6kBDlwMlm+ygAnv3wBSWa
rzFFRNIhHGeOqc71N610yP9ctQlvI2QwZJ6dNWk05xt5kv1o+HOQSPbgaBsMPEae
67s9jNXsc9S8Me3/xHJSbZDBlA97jcfLBbokeJqnAm2LDUeTFKMxbo25WR2Ab+6F
L0NS6qivWKu/m9vBPvDD7k3fGE/i+OI8midmbkWVar97x+t41SBhzd3Ax0fSMSiX
fWxgzL28+9CwHIUkqkGhVAFvsymKIeU8K0nGK0eBZKtS+NVeug==
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:18:35 2026 by rpki-client