Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/n9u8fIoesd4A4uTwrOz4P1zrzO4.roa
File: n9u8fIoesd4A4uTwrOz4P1zrzO4.roa (raw, json)
Hash identifier: cijsYvLKzW1sG0duTGBEtXXlTm9N+GbFilwCze3Bg8c=
Subject key identifier: 9F:DB:BC:7C:8A:1E:B1:DE:00:E2:E4:F0:AC:EC:F8:3F:5C:EB:CC:EE
Certificate issuer: /CN=33b65a8baeba4ff621492ebee6fc1e88adb21b03
Certificate serial: 019D5A88768DDCF060F8D7F88E9E9EE460C0
Authority key identifier: 33:B6:5A:8B:AE:BA:4F:F6:21:49:2E:BE:E6:FC:1E:88:AD:B2:1B:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/M7Zai666T_YhSS6-5vweiK2yGwM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/n9u8fIoesd4A4uTwrOz4P1zrzO4.roa
Signing time: Sat 04 Apr 2026 22:06:25 +0000
ROA not before: Sat 04 Apr 2026 22:06:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213622
IP address blocks: 2a14:9d00::/29 maxlen: 29
2a14:9d07::/44 maxlen: 44
2a14:9d07:110::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/M7Zai666T_YhSS6-5vweiK2yGwM.crl
rsync://rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/M7Zai666T_YhSS6-5vweiK2yGwM.mft
rsync://rpki.ripe.net/repository/DEFAULT/M7Zai666T_YhSS6-5vweiK2yGwM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 16:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:5a:88:76:8d:dc:f0:60:f8:d7:f8:8e:9e:9e:e4:60:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=33b65a8baeba4ff621492ebee6fc1e88adb21b03
Validity
Not Before: Apr 4 22:06:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9fdbbc7c8a1eb1de00e2e4f0acecf83f5cebccee
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:11:07:d5:21:f2:96:b7:39:f1:e4:82:33:05:
9f:54:65:78:24:b7:6a:5f:63:70:67:cd:9f:7e:29:
f3:23:24:fa:70:6b:31:65:48:0b:6b:8f:d6:70:d9:
a4:a0:63:1a:7d:5d:f9:15:0b:ad:0e:16:2d:4d:0e:
2c:19:1b:69:71:32:1e:2e:19:9d:49:07:7e:87:ed:
75:19:d1:f1:c4:77:42:a0:e3:8e:ff:c0:83:f7:ae:
2f:8e:13:d2:40:5a:97:41:5e:c8:a1:6b:cd:78:86:
4f:10:09:47:01:5f:79:48:53:07:52:f0:ab:8f:d7:
f3:e4:59:64:34:bb:d5:63:e4:13:b1:da:54:c4:07:
74:84:41:3d:4c:83:d4:c1:ae:cf:f0:54:4b:88:4a:
2c:11:14:6e:4f:dd:f9:99:5d:67:6f:f4:05:72:3f:
40:a4:3b:1c:95:b7:45:54:28:86:57:3f:93:6c:14:
8e:4a:5d:a8:4d:15:ec:99:18:42:f9:4f:25:0b:2a:
3b:11:9d:6d:fb:99:c3:5c:e4:ea:65:6a:f8:7b:77:
ec:50:68:57:88:1c:d1:ef:74:b7:83:4f:f2:cb:c3:
73:5f:ce:c9:a1:bf:ae:a0:e5:3c:fa:ef:ee:db:dd:
3d:34:cf:4b:a2:14:eb:4e:81:47:5e:59:bb:e6:ba:
24:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:DB:BC:7C:8A:1E:B1:DE:00:E2:E4:F0:AC:EC:F8:3F:5C:EB:CC:EE
X509v3 Authority Key Identifier:
keyid:33:B6:5A:8B:AE:BA:4F:F6:21:49:2E:BE:E6:FC:1E:88:AD:B2:1B:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M7Zai666T_YhSS6-5vweiK2yGwM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/n9u8fIoesd4A4uTwrOz4P1zrzO4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/M7Zai666T_YhSS6-5vweiK2yGwM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:9d00::/29
Signature Algorithm: sha256WithRSAEncryption
22:08:f3:07:02:94:18:ca:79:c5:cb:e1:ef:f1:4e:2f:2a:24:
49:d6:e4:83:50:a7:f7:f7:b3:05:c5:e2:49:2f:b8:d9:70:f5:
48:e1:3f:f3:26:6b:6b:69:1a:a6:91:cb:b6:a2:c1:43:21:33:
8d:b7:15:9a:a3:26:7d:7f:f5:e8:43:1e:7f:9c:0a:92:eb:76:
41:07:cc:de:68:1e:f5:58:7a:33:75:96:c5:90:02:0c:b4:5d:
fe:a6:47:3d:37:f7:a4:ff:4c:7d:b3:20:28:e1:3a:5f:b9:52:
5c:6a:74:5f:bb:29:df:94:d5:2a:bb:ed:9c:dc:c3:e0:23:3b:
27:1f:62:eb:e7:37:5c:83:59:93:2f:56:35:7a:e2:16:15:c5:
9b:34:3b:10:90:0f:9f:26:12:7e:3c:7f:a5:5f:0f:95:69:f4:
c9:b1:46:4e:13:7f:75:95:92:03:e8:eb:6a:cd:e3:17:b8:0c:
57:89:5d:0f:2d:1f:4c:ec:97:9d:16:4c:0f:bd:d6:4d:b5:5f:
73:0a:cf:df:f1:2a:b0:d1:07:f9:d4:74:f4:b6:7f:96:db:8c:
9a:9a:2d:9a:4b:51:70:bd:48:fa:6b:93:6e:41:ef:44:40:66:
b3:1f:02:8d:ce:a8:12:0a:69:ac:39:6e:3f:c2:25:a7:4c:9e:
46:7e:20:82
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ1aiHaN3PBg+Nf4jp6e5GDAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYjY1YThiYWViYTRmZjYyMTQ5MmViZWU2ZmMxZTg4YWRi
MjFiMDMwHhcNMjYwNDA0MjIwNjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmRiYmM3YzhhMWViMWRlMDBlMmU0ZjBhY2VjZjgzZjVjZWJjY2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmREH1SHylrc58eSCMwWfVGV4JLdq
X2NwZ82ffinzIyT6cGsxZUgLa4/WcNmkoGMafV35FQutDhYtTQ4sGRtpcTIeLhmd
SQd+h+11GdHxxHdCoOOO/8CD964vjhPSQFqXQV7IoWvNeIZPEAlHAV95SFMHUvCr
j9fz5FlkNLvVY+QTsdpUxAd0hEE9TIPUwa7P8FRLiEosERRuT935mV1nb/QFcj9A
pDsclbdFVCiGVz+TbBSOSl2oTRXsmRhC+U8lCyo7EZ1t+5nDXOTqZWr4e3fsUGhX
iBzR73S3g0/yy8NzX87Job+uoOU8+u/u2909NM9LohTrToFHXlm75rokpwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJ/bvHyKHrHeAOLk8Kzs+D9c68zuMB8GA1UdIwQY
MBaAFDO2Wouuuk/2IUkuvub8HoitshsDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTdaYWk2NjZUX1loU1M2LTV2d2VpSzJ5R3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9hYWJjNmMtMDQ1Ni00OTM1LWE0Njkt
ZDU0NzE4NTUxMmRlLzEvbjl1OGZJb2VzZDRBNHVUd3JPejRQMXpyek80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9hYWJjNmMtMDQ1Ni00OTM1LWE0NjktZDU0NzE4NTUxMmRl
LzEvTTdaYWk2NjZUX1loU1M2LTV2d2VpSzJ5R3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhSdADAN
BgkqhkiG9w0BAQsFAAOCAQEAIgjzBwKUGMp5xcvh7/FOLyokSdbkg1Cn9/ezBcXi
SS+42XD1SOE/8yZra2kappHLtqLBQyEzjbcVmqMmfX/16EMef5wKkut2QQfM3mge
9Vh6M3WWxZACDLRd/qZHPTf3pP9MfbMgKOE6X7lSXGp0X7sp35TVKrvtnNzD4CM7
Jx9i6+c3XINZky9WNXriFhXFmzQ7EJAPnyYSfjx/pV8PlWn0ybFGThN/dZWSA+jr
as3jF7gMV4ldDy0fTOyXnRZMD73WTbVfcwrP3/EqsNEH+dR09LZ/ltuMmpotmktR
cL1I+muTbkHvREBmsx8Cjc6oEgpprDluP8Ilp0yeRn4ggg==
-----END CERTIFICATE-----
Generated at Fri Apr 17 19:54:53 2026 by rpki-client