Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/IL0F6yFMaBjVjUPbOk1OfPuS4kI.roa
File: IL0F6yFMaBjVjUPbOk1OfPuS4kI.roa (raw, json)
Hash identifier: KS3UNapFjrnwtbqG25bWZith7R8byYpg03cu4j54MCU=
Subject key identifier: 20:BD:05:EB:21:4C:68:18:D5:8D:43:DB:3A:4D:4E:7C:FB:92:E2:42
Certificate issuer: /CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
Certificate serial: 019D4CD9A7667856631778107E6F9C287086
Authority key identifier: 3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/IL0F6yFMaBjVjUPbOk1OfPuS4kI.roa
Signing time: Thu 02 Apr 2026 06:20:25 +0000
ROA not before: Thu 02 Apr 2026 06:20:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 1759
IP address blocks: 2001:2000:6000::/40 maxlen: 40
2001:2001:6000::/40 maxlen: 40
2001:2003::/32 maxlen: 32
2001:2060::/27 maxlen: 27
2001:2060::/32 maxlen: 32
2001:2061::/32 maxlen: 32
2001:2062::/32 maxlen: 32
2001:2063::/32 maxlen: 32
2001:2063:ff::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.crl
rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.mft
rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 21:00:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:4c:d9:a7:66:78:56:63:17:78:10:7e:6f:9c:28:70:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
Validity
Not Before: Apr 2 06:20:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=20bd05eb214c6818d58d43db3a4d4e7cfb92e242
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:56:07:c0:cd:53:ad:77:7b:da:b0:04:a9:5c:
8e:8a:8f:ea:6b:0b:5f:90:f1:13:74:ef:01:53:67:
27:7d:1f:8e:70:a5:c6:82:02:59:2a:d6:02:ac:a4:
f6:3a:a1:39:5d:6d:85:8e:2e:33:45:e4:12:4c:dd:
e5:94:bf:8b:5a:f4:00:29:80:d4:de:87:51:aa:ac:
77:49:49:ba:04:2e:25:96:26:1b:ce:90:12:d0:b7:
38:17:50:2f:fa:39:78:ce:87:93:e1:1e:0d:3b:62:
0a:c6:c7:f4:44:ec:58:27:9b:d0:45:25:87:eb:1a:
17:d3:db:cb:b9:a2:e2:a1:da:28:0f:42:e9:26:f0:
51:70:11:ba:2c:8f:8f:9b:32:bd:5b:1e:5f:35:40:
c3:a1:7d:22:34:b9:26:43:74:61:9c:43:b4:36:4b:
5a:59:be:ac:ed:28:58:9f:d0:42:e0:ff:26:c9:9f:
c1:2c:3c:b7:94:3a:37:3a:8e:22:35:0d:8d:c7:87:
80:f7:fe:a7:b2:fd:34:45:e2:76:2f:b7:fd:9f:ff:
1f:39:ba:74:db:d0:9f:3e:5d:07:a5:fe:87:af:df:
75:75:91:bc:05:ee:96:a0:c4:9c:38:a5:fb:77:42:
dd:8b:2f:76:f5:25:65:4f:f0:e3:42:df:f6:9c:18:
bf:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:BD:05:EB:21:4C:68:18:D5:8D:43:DB:3A:4D:4E:7C:FB:92:E2:42
X509v3 Authority Key Identifier:
keyid:3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/IL0F6yFMaBjVjUPbOk1OfPuS4kI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:2000:6000::/40
2001:2001:6000::/40
2001:2003::/32
2001:2060::/27
Signature Algorithm: sha256WithRSAEncryption
0c:63:bd:15:54:62:fb:3f:3d:74:22:25:bf:ed:07:44:a2:f4:
1b:23:98:2d:59:f2:da:29:b0:9d:54:a5:7a:d6:16:b0:fc:1f:
bc:f5:f1:27:18:01:e0:cb:74:ae:68:6e:ef:f4:6d:f8:68:35:
de:ba:06:5e:6d:ea:a5:cf:a3:99:28:08:af:19:7f:f9:7a:c5:
c2:60:72:1c:91:1a:c0:48:d2:59:cd:46:7e:5c:c8:48:a0:8f:
ee:da:6c:86:88:7f:df:41:f7:26:5d:a5:70:98:64:eb:f4:e9:
44:a7:60:57:19:70:4f:fd:83:9b:c7:82:5e:48:96:51:6d:41:
72:9c:e7:98:9e:70:7d:c0:80:60:34:5b:09:19:50:a9:c9:f8:
5a:dc:3a:7d:c4:88:ec:f3:fe:f3:a2:43:6a:55:0f:10:81:e0:
68:1d:71:e4:d3:35:e4:d4:f8:88:84:bf:78:d7:60:14:f8:3b:
59:fa:36:99:5c:36:eb:b9:5f:24:ce:00:42:48:99:bc:b5:bc:
fc:8d:ec:49:b8:2b:83:9c:f8:1f:e6:6c:d5:99:29:cb:65:16:
05:3b:c3:a3:9e:d6:f5:2f:a4:2d:0c:69:1c:24:29:d9:35:4d:
19:a7:44:17:0d:74:5c:6b:f2:0d:b8:99:ae:f1:68:cf:42:3d:
3e:71:d5:96
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZ1M2admeFZjF3gQfm+cKHCGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYTViMWMwOWFhMzFmNjcxM2M2MWIzMmU1NTgxMDllNDc5
NjZkNDIwHhcNMjYwNDAyMDYyMDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGJkMDVlYjIxNGM2ODE4ZDU4ZDQzZGIzYTRkNGU3Y2ZiOTJlMjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6lYHwM1TrXd72rAEqVyOio/qawtf
kPETdO8BU2cnfR+OcKXGggJZKtYCrKT2OqE5XW2Fji4zReQSTN3llL+LWvQAKYDU
3odRqqx3SUm6BC4lliYbzpAS0Lc4F1Av+jl4zoeT4R4NO2IKxsf0ROxYJ5vQRSWH
6xoX09vLuaLiodooD0LpJvBRcBG6LI+PmzK9Wx5fNUDDoX0iNLkmQ3RhnEO0Nkta
Wb6s7ShYn9BC4P8myZ/BLDy3lDo3Oo4iNQ2Nx4eA9/6nsv00ReJ2L7f9n/8fObp0
29CfPl0Hpf6Hr991dZG8Be6WoMScOKX7d0Ldiy929SVlT/DjQt/2nBi/QwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCC9BeshTGgY1Y1D2zpNTnz7kuJCMB8GA1UdIwQY
MBaAFDulscCaox9nE8YbMuVYEJ5Hlm1CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQt
NDY2ZTljYWI3ODY0LzEvSUwwRjZ5Rk1hQmpWalVQYk9rMU9mUHVTNGtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQtNDY2ZTljYWI3ODY0
LzEvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAAjAeAwYAIAEgAGAD
BgAgASABYAMFACABIAMDBQUgASBgMA0GCSqGSIb3DQEBCwUAA4IBAQAMY70VVGL7
Pz10IiW/7QdEovQbI5gtWfLaKbCdVKV61haw/B+89fEnGAHgy3SuaG7v9G34aDXe
ugZebeqlz6OZKAivGX/5esXCYHIckRrASNJZzUZ+XMhIoI/u2myGiH/fQfcmXaVw
mGTr9OlEp2BXGXBP/YObx4JeSJZRbUFynOeYnnB9wIBgNFsJGVCpyfha3Dp9xIjs
8/7zokNqVQ8QgeBoHXHk0zXk1PiIhL9412AU+DtZ+jaZXDbruV8kzgBCSJm8tbz8
jexJuCuDnPgf5mzVmSnLZRYFO8Ojntb1L6QtDGkcJCnZNU0Zp0QXDXRca/INuJmu
8WjPQj0+cdWW
-----END CERTIFICATE-----
Generated at Fri Apr 17 06:51:39 2026 by rpki-client