Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/3eaa70-0520-4559-841a-4ca956b08a41/1/1-GyqlA5KmcLfrL7pM3klE299nlw.roa
File: 1-GyqlA5KmcLfrL7pM3klE299nlw.roa (raw, json)
Hash identifier: J/BXL3XYbhHb/gfys6Z72uUSQjUFONh9EZ4ff4040ZQ=
Subject key identifier: F8:6C:AA:94:0E:4A:99:C2:DF:AC:BE:E9:33:79:25:13:6F:7D:9E:5C
Certificate issuer: /CN=b49eb50cb8bac92dc176e8a87cf25552822194fa
Certificate serial: 019C7AAC2594BDB7E940725D559297767E70
Authority key identifier: B4:9E:B5:0C:B8:BA:C9:2D:C1:76:E8:A8:7C:F2:55:52:82:21:94:FA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tJ61DLi6yS3BduiofPJVUoIhlPo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ce/3eaa70-0520-4559-841a-4ca956b08a41/1/1-GyqlA5KmcLfrL7pM3klE299nlw.roa
Signing time: Fri 20 Feb 2026 10:50:28 +0000
ROA not before: Fri 20 Feb 2026 10:50:28 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 55081
IP address blocks: 2a06:8640::/32 maxlen: 32
2a06:8641::/32 maxlen: 32
2a06:8642::/32 maxlen: 32
2a06:8643::/32 maxlen: 32
2a06:8644::/32 maxlen: 32
2a06:8645::/32 maxlen: 32
2a06:8646::/32 maxlen: 32
2a06:8647::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ce/3eaa70-0520-4559-841a-4ca956b08a41/1/tJ61DLi6yS3BduiofPJVUoIhlPo.crl
rsync://rpki.ripe.net/repository/DEFAULT/ce/3eaa70-0520-4559-841a-4ca956b08a41/1/tJ61DLi6yS3BduiofPJVUoIhlPo.mft
rsync://rpki.ripe.net/repository/DEFAULT/tJ61DLi6yS3BduiofPJVUoIhlPo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:7a:ac:25:94:bd:b7:e9:40:72:5d:55:92:97:76:7e:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b49eb50cb8bac92dc176e8a87cf25552822194fa
Validity
Not Before: Feb 20 10:50:28 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f86caa940e4a99c2dfacbee9337925136f7d9e5c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:df:e7:a2:57:8f:57:aa:06:e9:d0:3c:06:c7:
74:82:5d:b8:e0:3e:b9:e1:67:03:c2:fa:e5:41:97:
dd:24:74:fc:6f:d8:54:a7:e3:8a:39:b9:b1:7b:f3:
cf:b6:c5:98:0f:25:4e:46:8b:90:ed:6a:16:34:c4:
59:4a:37:ce:c3:2f:b6:79:b2:6a:4c:46:8f:47:3e:
d6:44:ef:1c:73:c7:17:07:78:bd:47:0c:cb:c8:6f:
d9:da:c6:22:5f:00:51:e3:07:12:c3:0d:8b:ef:85:
b6:37:e9:13:78:6c:d1:77:bb:d3:bc:11:7c:b9:1a:
54:a8:99:bf:89:c8:70:21:20:f3:f0:84:f2:c8:b9:
61:51:a8:9a:02:2b:34:a2:a1:7a:42:e5:79:79:cb:
ba:7f:39:f4:4b:fe:ef:14:af:a5:87:ce:6c:a7:5f:
c6:d3:a0:b2:b9:f9:9d:da:4d:7e:b1:9a:43:72:fe:
8f:73:1e:05:7e:63:1d:65:d4:06:35:58:98:96:c6:
dd:14:c2:1c:9b:1a:3e:de:41:b5:75:50:e8:6a:45:
a2:45:60:1e:32:b4:14:ba:8d:31:54:b3:06:af:0c:
cf:94:66:00:56:4b:90:9f:4a:5a:18:8c:2e:d4:25:
3b:08:39:55:d8:2d:cf:17:82:c3:12:04:e2:3e:02:
6b:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:6C:AA:94:0E:4A:99:C2:DF:AC:BE:E9:33:79:25:13:6F:7D:9E:5C
X509v3 Authority Key Identifier:
keyid:B4:9E:B5:0C:B8:BA:C9:2D:C1:76:E8:A8:7C:F2:55:52:82:21:94:FA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tJ61DLi6yS3BduiofPJVUoIhlPo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/3eaa70-0520-4559-841a-4ca956b08a41/1/1-GyqlA5KmcLfrL7pM3klE299nlw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/3eaa70-0520-4559-841a-4ca956b08a41/1/tJ61DLi6yS3BduiofPJVUoIhlPo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a06:8640::/29
Signature Algorithm: sha256WithRSAEncryption
32:59:e7:8c:e4:35:26:34:0f:e9:bc:63:b6:ea:0b:2b:99:03:
8d:3c:95:27:70:d6:40:1f:cf:b9:22:21:0b:3b:d7:ff:7b:92:
99:8c:1a:7c:75:e9:f6:a0:9a:df:de:7e:d8:21:6d:09:f6:11:
2d:71:25:71:39:ad:f7:7a:50:8c:53:10:c8:5e:c6:57:14:4e:
c7:5e:64:98:7b:5c:8f:25:c0:08:b2:8b:35:c9:f9:69:22:8f:
ce:7d:be:15:9d:71:1c:5e:b4:05:13:93:48:12:76:c5:c2:0b:
bb:ee:6b:89:04:b4:44:63:27:c1:0f:df:d7:c4:b9:b1:5f:ca:
90:89:d9:bb:f1:17:cc:c7:fb:aa:ae:7b:89:87:38:cc:26:10:
aa:34:48:cf:ac:e1:2c:29:ad:83:f5:2f:3b:c1:a2:6f:d5:4b:
d0:eb:e8:69:b3:39:03:a6:27:be:a3:4d:83:f8:b5:e1:07:fc:
c7:7a:60:57:53:3c:87:44:a6:d5:bd:9d:7d:65:c5:f8:6f:7c:
08:5b:fb:41:c9:01:bb:79:3b:f6:95:95:35:da:6c:1a:a7:c9:
74:19:aa:50:f5:73:35:2a:f6:05:c6:6c:f1:16:76:51:55:d8:
ef:b9:46:39:cc:b6:28:67:5d:63:a5:f6:05:3b:46:3e:e4:f3:
17:fe:47:9b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZx6rCWUvbfpQHJdVZKXdn5wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0OWViNTBjYjhiYWM5MmRjMTc2ZThhODdjZjI1NTUyODIy
MTk0ZmEwHhcNMjYwMjIwMTA1MDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODZjYWE5NDBlNGE5OWMyZGZhY2JlZTkzMzc5MjUxMzZmN2Q5ZTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxd/nolePV6oG6dA8Bsd0gl244D65
4WcDwvrlQZfdJHT8b9hUp+OKObmxe/PPtsWYDyVORouQ7WoWNMRZSjfOwy+2ebJq
TEaPRz7WRO8cc8cXB3i9RwzLyG/Z2sYiXwBR4wcSww2L74W2N+kTeGzRd7vTvBF8
uRpUqJm/ichwISDz8ITyyLlhUaiaAis0oqF6QuV5ecu6fzn0S/7vFK+lh85sp1/G
06Cyufmd2k1+sZpDcv6Pcx4FfmMdZdQGNViYlsbdFMIcmxo+3kG1dVDoakWiRWAe
MrQUuo0xVLMGrwzPlGYAVkuQn0paGIwu1CU7CDlV2C3PF4LDEgTiPgJrJwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPhsqpQOSpnC36y+6TN5JRNvfZ5cMB8GA1UdIwQY
MBaAFLSetQy4usktwXboqHzyVVKCIZT6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEo2MURMaTZ5UzNCZHVpb2ZQSlZVb0lobFBvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS8zZWFhNzAtMDUyMC00NTU5LTg0MWEt
NGNhOTU2YjA4YTQxLzEvMS1HeXFsQTVLbWNMZnJMN3BNM2tsRTI5OW5sdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvY2UvM2VhYTcwLTA1MjAtNDU1OS04NDFhLTRjYTk1NmIwOGE0
MS8xL3RKNjFETGk2eVMzQmR1aW9mUEpWVW9JaGxQby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoGhkAw
DQYJKoZIhvcNAQELBQADggEBADJZ54zkNSY0D+m8Y7bqCyuZA408lSdw1kAfz7ki
IQs71/97kpmMGnx16fagmt/eftghbQn2ES1xJXE5rfd6UIxTEMhexlcUTsdeZJh7
XI8lwAiyizXJ+Wkij859vhWdcRxetAUTk0gSdsXCC7vua4kEtERjJ8EP39fEubFf
ypCJ2bvxF8zH+6que4mHOMwmEKo0SM+s4SwprYP1LzvBom/VS9Dr6GmzOQOmJ76j
TYP4teEH/Md6YFdTPIdEptW9nX1lxfhvfAhb+0HJAbt5O/aVlTXabBqnyXQZqlD1
czUq9gXGbPEWdlFV2O+5RjnMtihnXWOl9gU7Rj7k8xf+R5s=
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:26:24 2026 by rpki-client