Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/bnBXojz6Wny6NkNfI2W0jG8XDmo.roa
File: bnBXojz6Wny6NkNfI2W0jG8XDmo.roa (raw, json)
Hash identifier: vzj7uxAEojSznDM0jFKJKYObptPPT5D87+/ZMwiXeWc=
Subject key identifier: 6E:70:57:A2:3C:FA:5A:7C:BA:36:43:5F:23:65:B4:8C:6F:17:0E:6A
Certificate issuer: /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial: 019D3BF3ABC51112A095DE58D791B2483759
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/bnBXojz6Wny6NkNfI2W0jG8XDmo.roa
Signing time: Sun 29 Mar 2026 23:35:17 +0000
ROA not before: Sun 29 Mar 2026 23:35:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 215439
IP address blocks: 2a12:bec4:110::/44 maxlen: 44
2a12:bec4:1180::/44 maxlen: 44
2a12:bec4:1b90::/48 maxlen: 48
2a12:bec4:1b91::/48 maxlen: 48
2a12:bec4:1b92::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 02:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:3b:f3:ab:c5:11:12:a0:95:de:58:d7:91:b2:48:37:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Validity
Not Before: Mar 29 23:35:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6e7057a23cfa5a7cba36435f2365b48c6f170e6a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:dd:3e:ac:e2:19:82:6b:9f:e1:1f:b1:77:67:
f4:7f:02:81:30:60:cd:a2:30:85:c6:73:70:82:be:
24:06:2c:8f:10:a6:cf:b9:2c:4b:1e:ce:4d:a7:63:
30:9d:5a:73:df:42:e2:4b:db:6e:9d:a5:69:b0:4e:
64:23:d7:8e:4a:53:c9:31:fc:19:1d:9d:83:8c:17:
88:96:81:66:e2:40:52:c1:22:fd:2c:4c:42:22:5d:
ca:6d:30:70:e6:ef:0b:14:eb:8e:92:a0:3b:39:9f:
3d:ab:a8:d2:eb:e7:7d:0a:48:af:df:41:67:2b:f8:
8e:8b:78:d7:b0:81:90:83:b4:6d:b3:28:a8:44:97:
6c:7a:a7:32:71:83:8b:d7:67:03:d9:0c:93:54:b3:
f5:fb:e3:df:89:0e:25:c8:0e:a4:24:16:9b:ee:c5:
7b:ba:47:1c:76:7c:b3:07:d4:5e:35:28:77:1a:da:
ef:e1:11:2c:da:ac:c6:ce:76:90:50:75:b4:f2:e3:
ed:67:2d:a9:92:64:d5:d5:22:21:70:15:89:e7:17:
42:ee:6c:af:2a:f0:a3:e9:cd:52:72:a0:82:a1:ad:
f0:6b:f1:76:3c:88:08:3b:c2:f6:13:8f:6e:7e:ec:
46:90:e9:dc:76:2f:d1:92:50:23:8c:10:9e:4d:b3:
35:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:70:57:A2:3C:FA:5A:7C:BA:36:43:5F:23:65:B4:8C:6F:17:0E:6A
X509v3 Authority Key Identifier:
keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/bnBXojz6Wny6NkNfI2W0jG8XDmo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:bec4:110::/44
2a12:bec4:1180::/44
2a12:bec4:1b90::-2a12:bec4:1b92:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
4d:80:19:3f:f9:ae:6b:87:1c:ea:b3:6f:b3:b0:62:5f:aa:2a:
b4:2d:b3:92:de:65:9c:2d:c4:c4:88:76:34:63:c2:5f:02:56:
95:1c:ce:d3:81:ba:ba:9b:4d:f2:ff:9f:13:bd:0e:3d:29:bc:
e5:1b:89:cc:ff:1f:19:1e:2d:32:b1:f7:06:25:1d:22:88:02:
bb:93:df:f9:fc:5a:26:8d:43:ed:fc:2d:54:fa:53:5d:4e:48:
45:9f:f6:c5:94:9f:a1:cf:42:9b:ac:fe:cb:ed:11:25:84:3d:
fa:be:02:09:1f:82:a7:7d:d9:73:f4:e6:55:53:66:f9:74:13:
68:ae:75:47:e7:e8:a6:f7:00:42:09:d7:d4:41:13:8f:74:ca:
f0:04:c2:a1:73:7f:8f:c4:ed:cb:c9:7c:c2:25:c1:57:19:4b:
bf:7b:f7:ad:dd:61:99:4b:1b:3d:08:81:24:f3:3e:2e:77:25:
2b:ba:a2:35:47:c1:17:95:75:99:3f:21:16:55:5c:8b:e9:87:
45:bb:4b:69:4d:1e:6a:b8:c7:a3:e5:6c:3d:33:04:89:af:b2:
b3:f2:30:90:c1:15:63:43:72:de:21:ad:dd:50:1d:03:61:a2:
30:7b:4d:1e:9b:bf:35:a5:64:87:8c:0e:b0:65:9a:99:78:e1:
1c:2b:d0:c9
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZ0786vFERKgld5Y15GySDdZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjYwMzI5MjMzNTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTcwNTdhMjNjZmE1YTdjYmEzNjQzNWYyMzY1YjQ4YzZmMTcwZTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwN0+rOIZgmuf4R+xd2f0fwKBMGDN
ojCFxnNwgr4kBiyPEKbPuSxLHs5Np2MwnVpz30LiS9tunaVpsE5kI9eOSlPJMfwZ
HZ2DjBeIloFm4kBSwSL9LExCIl3KbTBw5u8LFOuOkqA7OZ89q6jS6+d9Ckiv30Fn
K/iOi3jXsIGQg7RtsyioRJdseqcycYOL12cD2QyTVLP1++PfiQ4lyA6kJBab7sV7
ukccdnyzB9ReNSh3Gtrv4REs2qzGznaQUHW08uPtZy2pkmTV1SIhcBWJ5xdC7myv
KvCj6c1ScqCCoa3wa/F2PIgIO8L2E49ufuxGkOncdi/RklAjjBCeTbM1JQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFG5wV6I8+lp8ujZDXyNltIxvFw5qMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvYm5CWG9qejZXbnk2TmtOZkkyVzBqRzhYRG1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAAjAmAwcEKhK+xAEQ
AwcEKhK+xBGAMBIDBwQqEr7EG5ADBwAqEr7EG5IwDQYJKoZIhvcNAQELBQADggEB
AE2AGT/5rmuHHOqzb7OwYl+qKrQts5LeZZwtxMSIdjRjwl8CVpUcztOBurqbTfL/
nxO9Dj0pvOUbicz/HxkeLTKx9wYlHSKIAruT3/n8WiaNQ+38LVT6U11OSEWf9sWU
n6HPQpus/svtESWEPfq+Agkfgqd92XP05lVTZvl0E2iudUfn6Kb3AEIJ19RBE490
yvAEwqFzf4/E7cvJfMIlwVcZS797963dYZlLGz0IgSTzPi53JSu6ojVHwReVdZk/
IRZVXIvph0W7S2lNHmq4x6PlbD0zBImvsrPyMJDBFWNDct4hrd1QHQNhojB7TR6b
vzWlZIeMDrBlmpl44Rwr0Mk=
-----END CERTIFICATE-----
Generated at Sun Apr 19 12:10:18 2026 by rpki-client