Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/811463-39ff-48fa-b3c5-e83689433dc0/1/IFU9yqMojf3OF6XRbPbAyfRClxk.roa
File: IFU9yqMojf3OF6XRbPbAyfRClxk.roa (raw, json)
Hash identifier: 35a15I7jZQOPlqYRrp7fhGZKGwSIuTjFX5WUsqtUd2U=
Subject key identifier: 20:55:3D:CA:A3:28:8D:FD:CE:17:A5:D1:6C:F6:C0:C9:F4:42:97:19
Certificate issuer: /CN=b118ae24c94cd40274b3807babfc8b9bccea8b36
Certificate serial: 019B7BA33D140C6E91E929EE50B20B1AE932
Authority key identifier: B1:18:AE:24:C9:4C:D4:02:74:B3:80:7B:AB:FC:8B:9B:CC:EA:8B:36
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sRiuJMlM1AJ0s4B7q_yLm8zqizY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/811463-39ff-48fa-b3c5-e83689433dc0/1/IFU9yqMojf3OF6XRbPbAyfRClxk.roa
Signing time: Thu 01 Jan 2026 22:17:34 +0000
ROA not before: Thu 01 Jan 2026 22:17:34 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 210775
IP address blocks: 2001:67c:848::/48 maxlen: 48
2001:67c:84c::/48 maxlen: 48
2001:67c:850::/48 maxlen: 48
2001:67c:854::/48 maxlen: 48
2001:67c:858::/48 maxlen: 48
2001:67c:85c::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/811463-39ff-48fa-b3c5-e83689433dc0/1/sRiuJMlM1AJ0s4B7q_yLm8zqizY.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/811463-39ff-48fa-b3c5-e83689433dc0/1/sRiuJMlM1AJ0s4B7q_yLm8zqizY.mft
rsync://rpki.ripe.net/repository/DEFAULT/sRiuJMlM1AJ0s4B7q_yLm8zqizY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 13:00:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7b:a3:3d:14:0c:6e:91:e9:29:ee:50:b2:0b:1a:e9:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b118ae24c94cd40274b3807babfc8b9bccea8b36
Validity
Not Before: Jan 1 22:17:34 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=20553dcaa3288dfdce17a5d16cf6c0c9f4429719
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:9c:b9:6b:5e:ff:1c:94:46:f2:e4:31:47:ac:
25:00:ac:27:07:a3:b1:97:de:2f:e1:18:fb:7a:53:
20:bf:f6:91:67:32:6c:aa:44:05:63:ee:ab:6c:f5:
d8:da:77:66:eb:2a:12:1e:ad:c9:04:4e:05:c5:0f:
d8:30:c2:bf:01:d5:0f:03:84:83:c1:75:34:a2:a0:
c9:3f:5d:65:ac:4f:aa:39:69:a7:52:6f:57:29:83:
35:2a:c8:c7:93:d9:02:94:a9:d9:a7:8f:c6:a3:55:
bd:13:d1:37:3a:54:bc:50:c6:33:bc:80:17:51:ec:
bc:0f:f3:66:69:81:a7:8d:19:ba:de:af:da:e1:bc:
32:4d:73:02:cb:26:23:af:f9:28:4f:ff:87:34:4b:
fc:92:44:e4:ae:a5:68:25:26:57:75:4c:06:f2:ff:
1f:5f:d9:ee:fd:76:b2:0f:d9:c0:83:c5:81:23:e8:
75:b4:72:83:ad:bf:01:e4:b3:9b:1a:4c:89:3f:17:
ee:33:ac:c2:1d:74:3e:8e:f3:67:ff:97:9d:0d:6a:
8b:eb:01:c0:26:56:49:a0:f6:66:4d:dd:5d:dc:96:
ae:91:41:2b:cb:0b:5b:65:8b:2f:50:09:11:f2:07:
ce:5e:cd:d9:a5:3a:41:b0:14:ec:e2:9b:d4:df:d9:
88:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:55:3D:CA:A3:28:8D:FD:CE:17:A5:D1:6C:F6:C0:C9:F4:42:97:19
X509v3 Authority Key Identifier:
keyid:B1:18:AE:24:C9:4C:D4:02:74:B3:80:7B:AB:FC:8B:9B:CC:EA:8B:36
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sRiuJMlM1AJ0s4B7q_yLm8zqizY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/811463-39ff-48fa-b3c5-e83689433dc0/1/IFU9yqMojf3OF6XRbPbAyfRClxk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/811463-39ff-48fa-b3c5-e83689433dc0/1/sRiuJMlM1AJ0s4B7q_yLm8zqizY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:848::/48
2001:67c:84c::/48
2001:67c:850::/48
2001:67c:854::/48
2001:67c:858::/48
2001:67c:85c::/48
Signature Algorithm: sha256WithRSAEncryption
69:62:43:56:9f:e6:c2:7f:40:22:a2:e9:56:d9:03:99:29:18:
65:a8:c4:0b:f0:72:7f:18:24:d6:71:0f:e4:90:96:e7:35:54:
ab:2b:e5:14:09:da:2c:f7:bd:a4:5f:ee:67:fb:d7:0f:9d:91:
19:cc:89:19:79:93:30:84:a4:43:c0:4b:04:c6:18:d8:b5:cf:
72:45:f6:f9:30:00:7e:d5:cb:f8:12:c0:ef:2f:05:75:66:95:
e5:57:b4:a6:4f:03:c7:4b:08:86:1a:09:16:7d:2b:1c:7f:db:
22:e7:30:ad:3c:5a:8b:22:1c:99:6d:3b:32:f5:bb:99:00:a4:
d7:54:d3:e1:be:4c:26:45:13:22:0f:56:db:d8:6c:39:06:f2:
c8:68:4d:3d:f3:6e:f4:23:05:4d:ec:27:f6:e4:57:28:72:ce:
fc:5a:e7:fd:e2:a4:21:2e:62:72:e3:f8:92:db:e9:d1:62:33:
4c:4e:6e:10:7d:80:1a:aa:15:4e:55:fe:b2:0d:3e:92:82:99:
8a:4f:c3:ee:d2:cf:4b:bb:dd:44:e6:80:7e:13:2b:a2:47:98:
89:2c:50:c4:be:12:af:06:23:77:28:95:ea:ec:58:95:70:43:
f7:bf:93:2f:70:14:eb:71:47:f5:fb:d8:7e:51:e0:14:96:a7:
f1:3a:cf:34
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZt7oz0UDG6R6SnuULILGukyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMThhZTI0Yzk0Y2Q0MDI3NGIzODA3YmFiZmM4YjliY2Nl
YThiMzYwHhcNMjYwMTAxMjIxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDU1M2RjYWEzMjg4ZGZkY2UxN2E1ZDE2Y2Y2YzBjOWY0NDI5NzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA65y5a17/HJRG8uQxR6wlAKwnB6Ox
l94v4Rj7elMgv/aRZzJsqkQFY+6rbPXY2ndm6yoSHq3JBE4FxQ/YMMK/AdUPA4SD
wXU0oqDJP11lrE+qOWmnUm9XKYM1KsjHk9kClKnZp4/Go1W9E9E3OlS8UMYzvIAX
Uey8D/NmaYGnjRm63q/a4bwyTXMCyyYjr/koT/+HNEv8kkTkrqVoJSZXdUwG8v8f
X9nu/XayD9nAg8WBI+h1tHKDrb8B5LObGkyJPxfuM6zCHXQ+jvNn/5edDWqL6wHA
JlZJoPZmTd1d3JaukUErywtbZYsvUAkR8gfOXs3ZpTpBsBTs4pvU39mI1wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFCBVPcqjKI39zhel0Wz2wMn0QpcZMB8GA1UdIwQY
MBaAFLEYriTJTNQCdLOAe6v8i5vM6os2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1JpdUpNbE0xQUowczRCN3FfeUxtOHpxaXpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS84MTE0NjMtMzlmZi00OGZhLWIzYzUt
ZTgzNjg5NDMzZGMwLzEvSUZVOXlxTW9qZjNPRjZYUmJQYkF5ZlJDbHhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS84MTE0NjMtMzlmZi00OGZhLWIzYzUtZTgzNjg5NDMzZGMw
LzEvc1JpdUpNbE0xQUowczRCN3FfeUxtOHpxaXpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAAjA2AwcAIAEGfAhI
AwcAIAEGfAhMAwcAIAEGfAhQAwcAIAEGfAhUAwcAIAEGfAhYAwcAIAEGfAhcMA0G
CSqGSIb3DQEBCwUAA4IBAQBpYkNWn+bCf0AioulW2QOZKRhlqMQL8HJ/GCTWcQ/k
kJbnNVSrK+UUCdos972kX+5n+9cPnZEZzIkZeZMwhKRDwEsExhjYtc9yRfb5MAB+
1cv4EsDvLwV1ZpXlV7SmTwPHSwiGGgkWfSscf9si5zCtPFqLIhyZbTsy9buZAKTX
VNPhvkwmRRMiD1bb2Gw5BvLIaE098270IwVN7Cf25Fcocs78Wuf94qQhLmJy4/iS
2+nRYjNMTm4QfYAaqhVOVf6yDT6SgpmKT8Pu0s9Lu91E5oB+EyuiR5iJLFDEvhKv
BiN3KJXq7FiVcEP3v5MvcBTrcUf1+9h+UeAUlqfxOs80
-----END CERTIFICATE-----
Generated at Mon Mar 2 19:19:16 2026 by rpki-client