Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/I9OU46hLv3YAsUVV8jYm-K3ogQc.roa
File: I9OU46hLv3YAsUVV8jYm-K3ogQc.roa (raw, json)
Hash identifier: PTrVMEbjSSvbOH15AKpjuFbu9tPLz/RRTf10Mbtb4p4=
Subject key identifier: 23:D3:94:E3:A8:4B:BF:76:00:B1:45:55:F2:36:26:F8:AD:E8:81:07
Certificate issuer: /CN=d57c7db04e78c221f3df2a2af082b518d962a8f0
Certificate serial: 019B7C7F9EFC4697DB3CCCD7032C4787EC93
Authority key identifier: D5:7C:7D:B0:4E:78:C2:21:F3:DF:2A:2A:F0:82:B5:18:D9:62:A8:F0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Xx9sE54wiHz3yoq8IK1GNliqPA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/I9OU46hLv3YAsUVV8jYm-K3ogQc.roa
Signing time: Fri 02 Jan 2026 02:18:17 +0000
ROA not before: Fri 02 Jan 2026 02:18:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43380
IP address blocks: 91.206.3.0/24 maxlen: 24
2a0f:f4c0::/32 maxlen: 64
2a0f:f4c1::/32 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/1Xx9sE54wiHz3yoq8IK1GNliqPA.crl
rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/1Xx9sE54wiHz3yoq8IK1GNliqPA.mft
rsync://rpki.ripe.net/repository/DEFAULT/1Xx9sE54wiHz3yoq8IK1GNliqPA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 17:00:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:7f:9e:fc:46:97:db:3c:cc:d7:03:2c:47:87:ec:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d57c7db04e78c221f3df2a2af082b518d962a8f0
Validity
Not Before: Jan 2 02:18:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=23d394e3a84bbf7600b14555f23626f8ade88107
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:d2:05:2f:fa:5d:cf:75:46:1e:66:2f:f1:40:
bb:43:1d:1d:21:72:2e:77:f6:28:4a:a9:92:c6:ab:
bc:94:cd:68:0e:ba:9b:e7:a4:01:36:eb:c9:31:ea:
22:a4:7c:04:31:e3:d9:a3:55:24:14:ef:e2:22:66:
cc:36:5a:ef:f6:9e:57:08:d2:40:e8:85:4f:ab:c1:
b0:50:a1:97:b1:a6:38:1f:69:07:47:fc:1a:4c:95:
66:66:e2:59:28:70:ab:4f:3f:b9:67:1e:c0:a5:6a:
bc:db:a6:52:b2:b0:2f:f0:3b:5b:28:a2:2a:68:f1:
b3:23:f7:0a:bf:7c:31:cc:60:49:95:ae:7b:f2:e8:
81:95:71:e9:bc:a7:27:60:b9:bf:6c:3e:f5:5f:56:
f1:30:6d:a1:cb:cc:a4:93:eb:4c:27:3a:f8:3c:ad:
aa:91:08:40:34:d2:6d:07:dd:e4:62:04:ec:9d:e7:
15:3a:3c:c9:50:15:6c:8c:4e:3b:5c:cb:d4:be:be:
9e:0c:b5:c8:3e:16:40:35:52:42:71:a2:11:98:d7:
9f:64:cf:98:a9:2a:e8:e2:6b:b2:80:38:b6:68:04:
68:d8:bd:1c:1c:b7:2a:4f:d0:e5:ab:a4:f5:af:19:
a1:1a:2e:f6:19:cc:78:49:3a:ca:96:56:56:cb:99:
19:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:D3:94:E3:A8:4B:BF:76:00:B1:45:55:F2:36:26:F8:AD:E8:81:07
X509v3 Authority Key Identifier:
keyid:D5:7C:7D:B0:4E:78:C2:21:F3:DF:2A:2A:F0:82:B5:18:D9:62:A8:F0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Xx9sE54wiHz3yoq8IK1GNliqPA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/I9OU46hLv3YAsUVV8jYm-K3ogQc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/1Xx9sE54wiHz3yoq8IK1GNliqPA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.206.3.0/24
IPv6:
2a0f:f4c0::/31
Signature Algorithm: sha256WithRSAEncryption
9c:d5:cb:1a:8c:9b:76:35:c4:c6:ac:d5:9d:eb:69:bb:38:ef:
ff:65:76:6b:ce:b1:82:71:4e:d2:fd:9b:53:3a:13:d2:e6:f1:
29:dd:af:8c:67:99:77:bf:75:d4:71:f3:a7:1c:79:af:dd:2a:
9c:09:f6:9d:c7:fe:17:21:d0:2f:72:59:11:0a:93:6c:2b:df:
95:85:23:6a:37:a7:5a:37:6f:53:d2:ae:79:f7:de:c1:e4:72:
45:e4:7f:78:d3:a2:44:b1:ee:13:94:f8:eb:e4:f1:1e:45:2f:
22:ca:05:50:97:14:9f:c3:55:ee:91:e2:26:a8:3d:f1:26:bb:
63:71:29:32:68:d2:40:53:f1:31:c3:d0:42:92:cd:dd:07:d8:
17:8f:44:96:31:ae:94:4b:b9:35:0f:77:36:a4:c7:e5:f5:6f:
4a:71:a7:49:0e:ed:37:94:34:7d:36:74:a7:28:ba:a9:09:a1:
e2:81:97:f1:4d:68:87:f9:4e:43:61:ec:82:42:e3:91:ae:84:
ca:d3:49:b1:19:ee:d9:ed:ff:6b:52:9c:8c:4d:35:b6:26:95:
61:f9:15:6d:1c:94:2c:43:98:e3:42:b4:5c:81:03:3b:12:99:
8e:92:d9:2b:26:16:b5:13:e4:0c:8a:92:76:6f:a1:0d:e5:30:
af:24:b2:8c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt8f578RpfbPMzXAyxHh+yTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1N2M3ZGIwNGU3OGMyMjFmM2RmMmEyYWYwODJiNTE4ZDk2
MmE4ZjAwHhcNMjYwMTAyMDIxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2QzOTRlM2E4NGJiZjc2MDBiMTQ1NTVmMjM2MjZmOGFkZTg4MTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4tIFL/pdz3VGHmYv8UC7Qx0dIXIu
d/YoSqmSxqu8lM1oDrqb56QBNuvJMeoipHwEMePZo1UkFO/iImbMNlrv9p5XCNJA
6IVPq8GwUKGXsaY4H2kHR/waTJVmZuJZKHCrTz+5Zx7ApWq826ZSsrAv8DtbKKIq
aPGzI/cKv3wxzGBJla578uiBlXHpvKcnYLm/bD71X1bxMG2hy8ykk+tMJzr4PK2q
kQhANNJtB93kYgTsnecVOjzJUBVsjE47XMvUvr6eDLXIPhZANVJCcaIRmNefZM+Y
qSro4muygDi2aARo2L0cHLcqT9Dlq6T1rxmhGi72Gcx4STrKllZWy5kZ2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCPTlOOoS792ALFFVfI2Jvit6IEHMB8GA1UdIwQY
MBaAFNV8fbBOeMIh898qKvCCtRjZYqjwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVh4OXNFNTR3aUh6M3lvcThJSzFHTmxpcVBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8xOGQwNTktM2NiMi00NmJmLWE1ODgt
ZmU5NWE5YWYzYWRjLzEvSTlPVTQ2aEx2M1lBc1VWVjhqWW0tSzNvZ1FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8xOGQwNTktM2NiMi00NmJmLWE1ODgtZmU5NWE5YWYzYWRj
LzEvMVh4OXNFNTR3aUh6M3lvcThJSzFHTmxpcVBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW84DMA0E
AgACMAcDBQEqD/TAMA0GCSqGSIb3DQEBCwUAA4IBAQCc1csajJt2NcTGrNWd62m7
OO//ZXZrzrGCcU7S/ZtTOhPS5vEp3a+MZ5l3v3XUcfOnHHmv3SqcCfadx/4XIdAv
clkRCpNsK9+VhSNqN6daN29T0q55997B5HJF5H9406JEse4TlPjr5PEeRS8iygVQ
lxSfw1XukeImqD3xJrtjcSkyaNJAU/Exw9BCks3dB9gXj0SWMa6US7k1D3c2pMfl
9W9KcadJDu03lDR9NnSnKLqpCaHigZfxTWiH+U5DYeyCQuORroTK00mxGe7Z7f9r
UpyMTTW2JpVh+RVtHJQsQ5jjQrRcgQM7EpmOktkrJha1E+QMipJ2b6EN5TCvJLKM
-----END CERTIFICATE-----
Generated at Tue Mar 3 02:02:35 2026 by rpki-client