Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/00314c-9660-4558-908b-399c10b3aac5/1/lV9CMhz_3PFwnZdWl_EZLvM-2A4.roa
File: lV9CMhz_3PFwnZdWl_EZLvM-2A4.roa (raw, json)
Hash identifier: Db/0BlhSAHqLGE4mtBqvJ8NyCXiNUptWO0NntS5+WMw=
Subject key identifier: 95:5F:42:32:1C:FF:DC:F1:70:9D:97:56:97:F1:19:2E:F3:3E:D8:0E
Certificate issuer: /CN=c000da36c5842ce130fd068912ebfc0c69e76606
Certificate serial: 019B797E2A4F3699D5402552D30AC6F98589
Authority key identifier: C0:00:DA:36:C5:84:2C:E1:30:FD:06:89:12:EB:FC:0C:69:E7:66:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wADaNsWELOEw_QaJEuv8DGnnZgY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/00314c-9660-4558-908b-399c10b3aac5/1/lV9CMhz_3PFwnZdWl_EZLvM-2A4.roa
Signing time: Thu 01 Jan 2026 12:17:50 +0000
ROA not before: Thu 01 Jan 2026 12:17:50 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 29086
IP address blocks: 217.64.0.0/20 maxlen: 20
217.64.0.0/22 maxlen: 22
217.64.4.0/22 maxlen: 22
217.64.8.0/22 maxlen: 22
217.64.12.0/22 maxlen: 22
2a03:bc00::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a8/00314c-9660-4558-908b-399c10b3aac5/1/wADaNsWELOEw_QaJEuv8DGnnZgY.crl
rsync://rpki.ripe.net/repository/DEFAULT/a8/00314c-9660-4558-908b-399c10b3aac5/1/wADaNsWELOEw_QaJEuv8DGnnZgY.mft
rsync://rpki.ripe.net/repository/DEFAULT/wADaNsWELOEw_QaJEuv8DGnnZgY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:79:7e:2a:4f:36:99:d5:40:25:52:d3:0a:c6:f9:85:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c000da36c5842ce130fd068912ebfc0c69e76606
Validity
Not Before: Jan 1 12:17:50 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=955f42321cffdcf1709d975697f1192ef33ed80e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:8b:e9:5a:3f:4d:83:04:41:97:ea:77:8c:fa:
d9:ba:29:26:ca:bb:a9:e6:57:9d:92:3b:56:fe:23:
21:a3:bd:eb:e3:f1:41:f8:8c:5d:b6:f3:39:cc:aa:
df:3f:01:b8:94:fb:c9:e8:48:57:a1:06:7b:d0:99:
cc:4a:4b:c1:32:3f:64:46:72:b9:26:e7:15:27:3f:
9a:99:92:54:1f:69:e8:0a:8a:47:db:9c:08:2c:89:
8e:2a:ba:7f:72:04:b3:4f:9e:a4:00:24:53:d4:f3:
1e:5d:ab:49:25:73:c1:a2:46:66:f5:a0:11:63:b8:
8d:09:e9:53:34:aa:4f:76:11:8d:60:75:84:4b:2e:
c4:79:27:b0:cb:e1:0c:2f:3e:2f:1c:20:6f:4c:01:
cf:c8:6b:78:ba:84:a7:c8:e6:04:23:53:fb:bc:cd:
8c:58:17:86:2b:59:4b:b0:e8:e7:f3:70:5f:5a:b5:
93:05:94:72:31:f7:94:13:d9:f7:ab:02:9f:6a:44:
67:13:83:00:b0:ec:90:5e:20:cc:d2:25:5b:0f:a9:
77:fd:a7:ea:f4:7d:ce:01:30:d6:da:f9:49:eb:76:
74:9e:92:7c:93:85:0c:bb:6a:8c:7e:e4:64:c8:5e:
43:7b:2c:e1:4e:f3:fa:80:fe:1a:56:19:4c:37:61:
98:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:5F:42:32:1C:FF:DC:F1:70:9D:97:56:97:F1:19:2E:F3:3E:D8:0E
X509v3 Authority Key Identifier:
keyid:C0:00:DA:36:C5:84:2C:E1:30:FD:06:89:12:EB:FC:0C:69:E7:66:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wADaNsWELOEw_QaJEuv8DGnnZgY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/00314c-9660-4558-908b-399c10b3aac5/1/lV9CMhz_3PFwnZdWl_EZLvM-2A4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/00314c-9660-4558-908b-399c10b3aac5/1/wADaNsWELOEw_QaJEuv8DGnnZgY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.64.0.0/20
IPv6:
2a03:bc00::/32
Signature Algorithm: sha256WithRSAEncryption
4a:1a:29:f6:05:43:81:c1:63:2c:9c:22:ce:69:77:bb:77:d3:
8f:0c:6f:10:d7:50:63:b5:6c:7b:32:35:5e:97:02:70:36:f7:
cb:7d:93:b6:cd:6f:29:eb:88:1b:38:31:80:84:a4:71:a6:8a:
f4:dd:e7:e9:b9:47:f2:9a:4a:cc:94:d5:7e:73:11:4c:48:f0:
9f:39:23:8d:f5:de:de:c0:ab:b4:4e:31:07:92:96:dc:38:6e:
df:f5:96:b5:86:aa:53:ab:41:94:b6:c9:73:9f:ab:12:a3:73:
2b:9e:07:17:ad:3e:57:39:f2:ad:09:48:20:28:41:f9:a2:6c:
7a:55:76:44:ad:97:49:f0:7a:86:fb:cb:ec:24:ad:64:71:d8:
ee:69:01:03:03:88:05:34:49:8a:84:21:96:cd:37:87:07:2b:
4d:bd:fc:c4:90:c2:11:5f:88:b5:4c:b0:ed:48:75:21:80:b5:
8f:7d:7c:97:4b:bf:bf:4f:ee:66:f7:fc:c9:8b:5c:52:6d:20:
c4:10:82:57:0b:c4:ac:6a:38:3b:86:c9:dd:e1:20:28:f3:94:
02:0b:2f:24:ea:b7:cc:70:32:5c:cf:0b:d2:5e:77:cf:0e:79:
84:25:32:24:29:16:35:90:3a:9f:bc:16:dd:1c:c8:f8:16:73:
e1:bd:07:d3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt5fipPNpnVQCVS0wrG+YWJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMDBkYTM2YzU4NDJjZTEzMGZkMDY4OTEyZWJmYzBjNjll
NzY2MDYwHhcNMjYwMTAxMTIxNzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTVmNDIzMjFjZmZkY2YxNzA5ZDk3NTY5N2YxMTkyZWYzM2VkODBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIvpWj9NgwRBl+p3jPrZuikmyrup
5ledkjtW/iMho73r4/FB+IxdtvM5zKrfPwG4lPvJ6EhXoQZ70JnMSkvBMj9kRnK5
JucVJz+amZJUH2noCopH25wILImOKrp/cgSzT56kACRT1PMeXatJJXPBokZm9aAR
Y7iNCelTNKpPdhGNYHWESy7EeSewy+EMLz4vHCBvTAHPyGt4uoSnyOYEI1P7vM2M
WBeGK1lLsOjn83BfWrWTBZRyMfeUE9n3qwKfakRnE4MAsOyQXiDM0iVbD6l3/afq
9H3OATDW2vlJ63Z0npJ8k4UMu2qMfuRkyF5DeyzhTvP6gP4aVhlMN2GYzQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJVfQjIc/9zxcJ2XVpfxGS7zPtgOMB8GA1UdIwQY
MBaAFMAA2jbFhCzhMP0GiRLr/Axp52YGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0FEYU5zV0VMT0V3X1FhSkV1djhER25uWmdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC8wMDMxNGMtOTY2MC00NTU4LTkwOGIt
Mzk5YzEwYjNhYWM1LzEvbFY5Q01oel8zUEZ3blpkV2xfRVpMdk0tMkE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC8wMDMxNGMtOTY2MC00NTU4LTkwOGItMzk5YzEwYjNhYWM1
LzEvd0FEYU5zV0VMT0V3X1FhSkV1djhER25uWmdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQE2UAAMA0E
AgACMAcDBQAqA7wAMA0GCSqGSIb3DQEBCwUAA4IBAQBKGin2BUOBwWMsnCLOaXe7
d9OPDG8Q11BjtWx7MjVelwJwNvfLfZO2zW8p64gbODGAhKRxpor03efpuUfymkrM
lNV+cxFMSPCfOSON9d7ewKu0TjEHkpbcOG7f9Za1hqpTq0GUtslzn6sSo3MrngcX
rT5XOfKtCUggKEH5omx6VXZErZdJ8HqG+8vsJK1kcdjuaQEDA4gFNEmKhCGWzTeH
BytNvfzEkMIRX4i1TLDtSHUhgLWPfXyXS7+/T+5m9/zJi1xSbSDEEIJXC8Ssajg7
hsnd4SAo85QCCy8k6rfMcDJczwvSXnfPDnmEJTIkKRY1kDqfvBbdHMj4FnPhvQfT
-----END CERTIFICATE-----
Generated at Mon Mar 2 06:34:20 2026 by rpki-client