Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/47a54a-637c-4486-b12c-7db9dfbc4ae9/1/1-pGUh5eoM3ZeUskzeaaKM7PLY6M.roa
File: 1-pGUh5eoM3ZeUskzeaaKM7PLY6M.roa (raw, json)
Hash identifier: yFYmsEHjskSi49uzOqgkpPy9RGM1shgkNOzvgFJ7/8o=
Subject key identifier: FA:91:94:87:97:A8:33:76:5E:52:C9:33:79:A6:8A:33:B3:CB:63:A3
Certificate issuer: /CN=d9ee5a4c9f30498680e4d7b59ddb08f82bc6f4c7
Certificate serial: 019D9785C8D96B64E733FC17DECEEF6783D7
Authority key identifier: D9:EE:5A:4C:9F:30:49:86:80:E4:D7:B5:9D:DB:08:F8:2B:C6:F4:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2e5aTJ8wSYaA5Ne1ndsI-CvG9Mc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bf/47a54a-637c-4486-b12c-7db9dfbc4ae9/1/1-pGUh5eoM3ZeUskzeaaKM7PLY6M.roa
Signing time: Thu 16 Apr 2026 18:20:20 +0000
ROA not before: Thu 16 Apr 2026 18:20:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 209216
IP address blocks: 2.56.76.0/22 maxlen: 22
2.56.76.0/23 maxlen: 23
2.56.78.0/24 maxlen: 24
2.56.79.0/24 maxlen: 24
2a09:d0c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bf/47a54a-637c-4486-b12c-7db9dfbc4ae9/1/2e5aTJ8wSYaA5Ne1ndsI-CvG9Mc.crl
rsync://rpki.ripe.net/repository/DEFAULT/bf/47a54a-637c-4486-b12c-7db9dfbc4ae9/1/2e5aTJ8wSYaA5Ne1ndsI-CvG9Mc.mft
rsync://rpki.ripe.net/repository/DEFAULT/2e5aTJ8wSYaA5Ne1ndsI-CvG9Mc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:97:85:c8:d9:6b:64:e7:33:fc:17:de:ce:ef:67:83:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d9ee5a4c9f30498680e4d7b59ddb08f82bc6f4c7
Validity
Not Before: Apr 16 18:20:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fa91948797a833765e52c93379a68a33b3cb63a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:39:0f:d7:61:65:73:d5:75:8b:a9:84:34:e8:
ad:f1:8d:ea:fe:4e:ad:c1:af:8d:91:87:be:ed:2d:
60:ff:ae:68:93:da:a7:b5:ab:6c:f9:19:82:d8:58:
81:d8:e7:a6:39:f4:b0:b4:03:ec:89:95:29:b0:d9:
64:cd:58:f3:e1:38:47:be:5c:cb:3b:86:0c:bb:3e:
66:71:39:dc:d5:07:b6:02:24:de:bc:bc:02:86:98:
55:5e:90:02:e9:64:ad:bb:72:47:53:13:f4:3a:61:
47:3a:bf:0a:93:6f:8a:df:d8:eb:71:c9:f2:f2:dd:
49:56:d5:94:77:3c:8f:81:d5:b4:53:ed:85:90:30:
b2:e5:5a:4f:54:19:1d:3f:ee:8f:15:cc:ee:24:f1:
58:cc:37:be:10:ce:89:71:9a:a7:d7:e2:3d:e4:2f:
55:e3:fd:40:80:2a:5c:44:98:73:e4:9e:3f:0d:8f:
93:5d:b2:4d:4a:91:37:c6:07:be:62:09:11:39:5a:
a5:5d:9d:7f:83:76:7d:60:61:28:2a:1c:6a:f1:68:
d1:01:a1:e0:64:e2:0c:e0:ea:6c:52:1c:7e:dc:bb:
3b:a2:45:b6:b5:31:ec:41:fb:47:e7:48:f2:8b:46:
29:ac:8e:f5:7e:03:71:8e:cd:0a:08:bc:19:44:74:
97:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:91:94:87:97:A8:33:76:5E:52:C9:33:79:A6:8A:33:B3:CB:63:A3
X509v3 Authority Key Identifier:
keyid:D9:EE:5A:4C:9F:30:49:86:80:E4:D7:B5:9D:DB:08:F8:2B:C6:F4:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e5aTJ8wSYaA5Ne1ndsI-CvG9Mc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/47a54a-637c-4486-b12c-7db9dfbc4ae9/1/1-pGUh5eoM3ZeUskzeaaKM7PLY6M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/47a54a-637c-4486-b12c-7db9dfbc4ae9/1/2e5aTJ8wSYaA5Ne1ndsI-CvG9Mc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.76.0/22
IPv6:
2a09:d0c0::/29
Signature Algorithm: sha256WithRSAEncryption
6a:28:60:17:94:78:a4:1e:8a:47:e2:77:e8:bd:00:8e:31:96:
cb:59:1b:10:24:5b:f9:11:ff:4b:08:73:24:79:06:e5:48:85:
41:3c:be:87:73:22:98:ce:8e:cb:a8:8b:06:71:12:fc:5f:e4:
c6:ba:fd:5d:4b:cb:45:aa:c2:19:f9:09:e7:ca:b1:43:e9:28:
fc:cf:7b:10:db:29:d0:e0:0b:c5:9c:a4:6e:06:77:81:21:d0:
ec:e7:fc:c0:ac:fb:6c:96:89:83:e2:06:50:62:8f:90:eb:ce:
d2:f0:34:d6:b3:52:36:c4:7a:9f:73:ff:df:6b:58:89:8a:cb:
ca:33:44:32:30:2e:59:8a:be:a5:84:e1:f8:64:07:e6:83:3f:
60:2b:7a:19:7d:98:5e:a9:65:02:e2:7e:77:34:31:d2:03:86:
15:93:f2:42:73:c2:64:df:13:36:c5:d8:1f:75:80:51:b6:cb:
6f:19:73:b6:ae:9c:aa:3c:a7:0a:e0:6a:93:bb:cd:bf:bf:e2:
d1:60:8b:2b:97:04:ac:1b:25:f3:d2:76:62:82:63:44:6b:df:
a2:59:87:e7:88:00:57:bd:5a:3c:01:f4:7f:15:1a:64:fd:c2:
0b:70:5e:83:ee:37:af:52:13:1d:85:4c:77:10:de:bb:ab:f1:
53:4d:45:88
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZ2XhcjZa2TnM/wX3s7vZ4PXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZWU1YTRjOWYzMDQ5ODY4MGU0ZDdiNTlkZGIwOGY4MmJj
NmY0YzcwHhcNMjYwNDE2MTgyMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTkxOTQ4Nzk3YTgzMzc2NWU1MmM5MzM3OWE2OGEzM2IzY2I2M2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTkP12Flc9V1i6mENOit8Y3q/k6t
wa+NkYe+7S1g/65ok9qntats+RmC2FiB2OemOfSwtAPsiZUpsNlkzVjz4ThHvlzL
O4YMuz5mcTnc1Qe2AiTevLwChphVXpAC6WStu3JHUxP0OmFHOr8Kk2+K39jrccny
8t1JVtWUdzyPgdW0U+2FkDCy5VpPVBkdP+6PFczuJPFYzDe+EM6JcZqn1+I95C9V
4/1AgCpcRJhz5J4/DY+TXbJNSpE3xge+YgkROVqlXZ1/g3Z9YGEoKhxq8WjRAaHg
ZOIM4OpsUhx+3Ls7okW2tTHsQftH50jyi0YprI71fgNxjs0KCLwZRHSX+wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPqRlIeXqDN2XlLJM3mmijOzy2OjMB8GA1UdIwQY
MBaAFNnuWkyfMEmGgOTXtZ3bCPgrxvTHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmU1YVRKOHdTWWFBNU5lMW5kc0ktQ3ZHOU1jLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi80N2E1NGEtNjM3Yy00NDg2LWIxMmMt
N2RiOWRmYmM0YWU5LzEvMS1wR1VoNWVvTTNaZVVza3plYWFLTTdQTFk2TS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmYvNDdhNTRhLTYzN2MtNDQ4Ni1iMTJjLTdkYjlkZmJjNGFl
OS8xLzJlNWFUSjh3U1lhQTVOZTFuZHNJLUN2RzlNYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAgI4TDAN
BAIAAjAHAwUDKgnQwDANBgkqhkiG9w0BAQsFAAOCAQEAaihgF5R4pB6KR+J36L0A
jjGWy1kbECRb+RH/SwhzJHkG5UiFQTy+h3MimM6Oy6iLBnES/F/kxrr9XUvLRarC
GfkJ58qxQ+ko/M97ENsp0OALxZykbgZ3gSHQ7Of8wKz7bJaJg+IGUGKPkOvO0vA0
1rNSNsR6n3P/32tYiYrLyjNEMjAuWYq+pYTh+GQH5oM/YCt6GX2YXqllAuJ+dzQx
0gOGFZPyQnPCZN8TNsXYH3WAUbbLbxlztq6cqjynCuBqk7vNv7/i0WCLK5cErBsl
89J2YoJjRGvfolmH54gAV71aPAH0fxUaZP3CC3Beg+43r1ITHYVMdxDeu6vxU01F
iA==
-----END CERTIFICATE-----
Generated at Fri Apr 17 08:14:48 2026 by rpki-client