Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/699704-8004-4614-b44c-2ca492f6d7a8/1/KwctrYLeRKoApU1-lNG2pUzIRFY.roa
File: KwctrYLeRKoApU1-lNG2pUzIRFY.roa (raw, json)
Hash identifier: 1By8fKUFtlATKn4LhCiJ+z6rFS67TtSuGlxf5SYKGN4=
Subject key identifier: 2B:07:2D:AD:82:DE:44:AA:00:A5:4D:7E:94:D1:B6:A5:4C:C8:44:56
Certificate issuer: /CN=74a4f3c0b66a4c93e80ff5f6d89ad8673e943c5f
Certificate serial: 019B7DCB4B5632E0E83CC6140BFAFC3072F0
Authority key identifier: 74:A4:F3:C0:B6:6A:4C:93:E8:0F:F5:F6:D8:9A:D8:67:3E:94:3C:5F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dKTzwLZqTJPoD_X22JrYZz6UPF8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a6/699704-8004-4614-b44c-2ca492f6d7a8/1/KwctrYLeRKoApU1-lNG2pUzIRFY.roa
Signing time: Fri 02 Jan 2026 08:20:33 +0000
ROA not before: Fri 02 Jan 2026 08:20:33 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 50213
IP address blocks: 91.213.203.0/24 maxlen: 24
2001:67c:398::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a6/699704-8004-4614-b44c-2ca492f6d7a8/1/dKTzwLZqTJPoD_X22JrYZz6UPF8.crl
rsync://rpki.ripe.net/repository/DEFAULT/a6/699704-8004-4614-b44c-2ca492f6d7a8/1/dKTzwLZqTJPoD_X22JrYZz6UPF8.mft
rsync://rpki.ripe.net/repository/DEFAULT/dKTzwLZqTJPoD_X22JrYZz6UPF8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7d:cb:4b:56:32:e0:e8:3c:c6:14:0b:fa:fc:30:72:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=74a4f3c0b66a4c93e80ff5f6d89ad8673e943c5f
Validity
Not Before: Jan 2 08:20:33 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2b072dad82de44aa00a54d7e94d1b6a54cc84456
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:ca:dc:15:67:a7:1c:cb:cf:de:3e:72:95:b8:
0c:89:95:d5:d9:e5:8f:b7:a5:7b:35:fb:65:d1:d1:
c3:25:10:01:6b:7f:f0:f0:b3:5d:c6:1d:c4:64:e0:
4f:16:c5:17:d9:c9:52:ec:9c:4c:6f:03:5a:2a:6e:
cd:17:0a:28:f1:45:4e:00:cb:7e:42:da:b7:cf:e5:
0e:72:14:f1:f9:62:df:c5:e5:9b:30:ec:73:fa:c9:
06:6a:f7:cc:35:b8:33:ca:95:6f:b9:93:09:b5:b0:
81:2a:5e:4d:99:11:ba:98:44:11:f5:7d:b2:90:f9:
4e:7d:4c:96:c5:d3:8e:4e:29:ef:1c:f7:79:94:32:
5a:92:6e:11:a0:ff:15:40:1b:33:7d:a9:16:f0:c1:
8d:68:e9:4d:f5:e3:d8:39:70:3a:78:67:fe:e9:64:
47:5e:b7:14:48:10:27:5d:7c:12:7d:04:da:42:7f:
56:9e:a4:18:71:e2:76:2c:42:ad:54:de:bd:43:a3:
f3:09:6c:a1:c3:cf:f3:79:6c:e2:46:a6:0d:c3:73:
cd:77:37:8a:c2:27:eb:70:9c:38:c6:8d:75:99:ad:
5a:d9:0d:5b:d8:00:c4:ea:58:12:aa:0a:0f:f4:e7:
5a:a2:c8:ed:37:0b:f4:ef:0d:0f:34:7e:ea:7f:c8:
67:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:07:2D:AD:82:DE:44:AA:00:A5:4D:7E:94:D1:B6:A5:4C:C8:44:56
X509v3 Authority Key Identifier:
keyid:74:A4:F3:C0:B6:6A:4C:93:E8:0F:F5:F6:D8:9A:D8:67:3E:94:3C:5F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dKTzwLZqTJPoD_X22JrYZz6UPF8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/699704-8004-4614-b44c-2ca492f6d7a8/1/KwctrYLeRKoApU1-lNG2pUzIRFY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/699704-8004-4614-b44c-2ca492f6d7a8/1/dKTzwLZqTJPoD_X22JrYZz6UPF8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.213.203.0/24
IPv6:
2001:67c:398::/48
Signature Algorithm: sha256WithRSAEncryption
ab:70:d9:48:c4:8a:ee:29:6c:58:17:b2:7b:75:02:a0:82:0d:
fa:69:d6:3a:1b:38:71:c9:56:42:62:69:1e:be:12:97:06:b6:
55:ee:d8:23:01:68:e7:8c:53:a9:2f:63:1c:e6:89:40:92:b6:
3b:00:47:e4:20:e7:72:7b:5f:51:2f:e5:26:18:f7:7b:43:79:
31:30:4e:33:82:dd:d7:93:41:83:23:33:18:04:5c:c0:61:f2:
65:2c:24:38:14:7b:17:49:7a:0d:be:55:ec:e0:1c:ef:9d:cb:
b1:e0:78:00:99:e8:d3:4a:cd:b5:03:28:d0:de:b7:90:f5:dc:
9f:2d:97:e8:80:28:25:1c:67:60:01:df:75:ed:37:bb:70:50:
a5:ce:2c:b4:7e:e6:d7:4a:a6:66:34:43:5a:f0:4d:f0:58:0a:
3f:a6:ab:38:66:a7:85:ba:a2:e5:ba:a7:8b:1b:6e:c5:2e:ad:
55:7b:d1:db:0d:a6:70:72:88:90:25:39:86:64:bd:38:3e:bc:
73:2d:b8:d6:d5:76:c3:62:8f:fa:0a:b6:79:b2:7f:51:bb:d0:
68:44:69:f0:91:30:a3:e9:a0:be:76:3c:0c:fe:44:5b:2c:44:
ac:d9:2d:5f:6b:4c:6f:dd:58:8d:ce:7e:29:3a:7b:9f:b9:39:
17:5f:69:50
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt9y0tWMuDoPMYUC/r8MHLwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YTRmM2MwYjY2YTRjOTNlODBmZjVmNmQ4OWFkODY3M2U5
NDNjNWYwHhcNMjYwMTAyMDgyMDMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjA3MmRhZDgyZGU0NGFhMDBhNTRkN2U5NGQxYjZhNTRjYzg0NDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcrcFWenHMvP3j5ylbgMiZXV2eWP
t6V7Nftl0dHDJRABa3/w8LNdxh3EZOBPFsUX2clS7JxMbwNaKm7NFwoo8UVOAMt+
Qtq3z+UOchTx+WLfxeWbMOxz+skGavfMNbgzypVvuZMJtbCBKl5NmRG6mEQR9X2y
kPlOfUyWxdOOTinvHPd5lDJakm4RoP8VQBszfakW8MGNaOlN9ePYOXA6eGf+6WRH
XrcUSBAnXXwSfQTaQn9WnqQYceJ2LEKtVN69Q6PzCWyhw8/zeWziRqYNw3PNdzeK
wifrcJw4xo11ma1a2Q1b2ADE6lgSqgoP9OdaosjtNwv07w0PNH7qf8hnpwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCsHLa2C3kSqAKVNfpTRtqVMyERWMB8GA1UdIwQY
MBaAFHSk88C2akyT6A/19tia2Gc+lDxfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEtUendMWnFUSlBvRF9YMjJKcllaejZVUEY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi82OTk3MDQtODAwNC00NjE0LWI0NGMt
MmNhNDkyZjZkN2E4LzEvS3djdHJZTGVSS29BcFUxLWxORzJwVXpJUkZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi82OTk3MDQtODAwNC00NjE0LWI0NGMtMmNhNDkyZjZkN2E4
LzEvZEtUendMWnFUSlBvRF9YMjJKcllaejZVUEY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9XLMA8E
AgACMAkDBwAgAQZ8A5gwDQYJKoZIhvcNAQELBQADggEBAKtw2UjEiu4pbFgXsnt1
AqCCDfpp1jobOHHJVkJiaR6+EpcGtlXu2CMBaOeMU6kvYxzmiUCStjsAR+Qg53J7
X1Ev5SYY93tDeTEwTjOC3deTQYMjMxgEXMBh8mUsJDgUexdJeg2+VezgHO+dy7Hg
eACZ6NNKzbUDKNDet5D13J8tl+iAKCUcZ2AB33XtN7twUKXOLLR+5tdKpmY0Q1rw
TfBYCj+mqzhmp4W6ouW6p4sbbsUurVV70dsNpnByiJAlOYZkvTg+vHMtuNbVdsNi
j/oKtnmyf1G70GhEafCRMKPpoL52PAz+RFssRKzZLV9rTG/dWI3Ofik6e5+5ORdf
aVA=
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:27:47 2026 by rpki-client