Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/K72M0eQ91LUvPmgbf1TD9RJOOzE.roa
File: K72M0eQ91LUvPmgbf1TD9RJOOzE.roa (raw, json)
Hash identifier: S2SZxBEr4TYx0vstbs14/OJg1zVQ6WlQ8FoARL2ed1w=
Subject key identifier: 2B:BD:8C:D1:E4:3D:D4:B5:2F:3E:68:1B:7F:54:C3:F5:12:4E:3B:31
Certificate issuer: /CN=f73425724cae273f2963060dc865c6f0b0425cad
Certificate serial: 019C9A68854D5B15E6CE6CF980F6850F8A3B
Authority key identifier: F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/K72M0eQ91LUvPmgbf1TD9RJOOzE.roa
Signing time: Thu 26 Feb 2026 14:44:27 +0000
ROA not before: Thu 26 Feb 2026 14:44:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 209183
IP address blocks: 72.56.47.0/24 maxlen: 24
72.56.48.0/24 maxlen: 24
72.56.49.0/24 maxlen: 24
72.56.50.0/24 maxlen: 24
72.56.51.0/24 maxlen: 24
72.56.56.0/24 maxlen: 24
72.56.57.0/24 maxlen: 24
72.56.59.0/24 maxlen: 24
72.56.60.0/24 maxlen: 24
72.56.61.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.mft
rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 23:00:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:9a:68:85:4d:5b:15:e6:ce:6c:f9:80:f6:85:0f:8a:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f73425724cae273f2963060dc865c6f0b0425cad
Validity
Not Before: Feb 26 14:44:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2bbd8cd1e43dd4b52f3e681b7f54c3f5124e3b31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:91:4d:0a:03:cf:ad:df:92:88:ec:23:24:11:
af:d0:75:08:4d:9b:18:8d:40:eb:0b:04:ec:bd:88:
f3:10:e2:1d:0d:5c:dd:49:fd:e5:38:dc:ba:61:c1:
f9:f8:6f:44:a9:36:35:b6:e3:7c:d5:a3:c5:b0:71:
27:5b:df:d3:41:87:d0:bb:22:d7:b4:8a:4b:d4:eb:
d7:62:dd:41:1c:b9:24:88:0c:7b:25:cd:94:3a:ac:
f4:5c:79:59:3d:1c:c4:24:6c:c6:09:4c:2e:fe:58:
c2:bd:79:12:c7:00:07:77:d2:96:2e:bd:4a:5a:71:
2c:9b:a1:a0:bd:b0:5d:89:91:ca:3d:77:f8:e9:be:
2b:33:13:9c:c9:b9:e7:4e:98:c3:cc:5e:7d:14:98:
0b:4c:f0:99:11:69:c4:cf:a7:be:01:2d:d4:77:98:
19:aa:00:21:e6:47:38:cb:b7:e2:07:25:6e:0b:95:
51:d6:4d:04:b7:c9:c5:13:95:76:38:91:5d:6b:10:
53:d2:23:21:ae:a0:99:40:51:86:02:f8:6c:3e:2b:
eb:d3:15:83:ad:3a:fd:42:4b:4d:aa:3b:e1:bf:ba:
c2:c6:b0:10:fe:0d:7c:90:59:09:71:0a:3a:94:13:
1d:e9:5a:4a:6e:fe:c8:cd:07:1a:d5:49:f0:85:b5:
64:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:BD:8C:D1:E4:3D:D4:B5:2F:3E:68:1B:7F:54:C3:F5:12:4E:3B:31
X509v3 Authority Key Identifier:
keyid:F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/K72M0eQ91LUvPmgbf1TD9RJOOzE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
72.56.47.0-72.56.51.255
72.56.56.0/23
72.56.59.0-72.56.61.255
Signature Algorithm: sha256WithRSAEncryption
65:97:7f:45:4c:8f:22:d9:83:d8:5d:d0:ac:5b:3c:73:fa:18:
99:54:b8:f7:ea:cc:d5:57:c2:6c:c5:32:46:86:72:60:8f:ba:
66:69:a2:42:af:25:a5:cc:20:7c:dd:f4:cd:5d:ba:1c:a8:eb:
26:a5:33:58:b7:db:34:08:40:b7:a7:6c:34:00:7e:09:fc:50:
f0:56:83:3e:1a:94:d9:ac:5c:03:c8:b3:6f:b3:6d:c7:1a:9f:
21:9d:de:56:f4:88:fc:69:d2:df:8b:ca:12:4d:08:e9:80:8c:
06:2d:85:63:27:c5:a5:91:13:ca:a5:85:11:ec:3b:f6:7c:c3:
bf:e5:5b:66:73:2c:d6:7e:ba:5f:74:f9:99:93:a4:04:90:27:
17:91:4e:85:94:97:fa:d9:5b:91:63:65:08:ae:ea:10:ba:c0:
61:04:4e:3d:de:5c:6c:6a:2c:eb:d4:c1:18:c2:2f:fa:c7:a3:
ea:3e:3b:3b:b4:75:20:c9:1c:d5:eb:4c:26:21:4a:5b:ad:42:
d4:93:36:b4:e6:3f:e6:e4:ab:53:72:c1:ac:45:81:78:60:5c:
b2:85:34:4d:61:45:9a:e8:65:d0:ee:f9:53:fa:80:05:87:74:
ff:ea:3c:9b:73:17:29:d4:19:b7:10:83:75:59:be:fb:f3:35:
80:4e:9c:65
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZyaaIVNWxXmzmz5gPaFD4o7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MzQyNTcyNGNhZTI3M2YyOTYzMDYwZGM4NjVjNmYwYjA0
MjVjYWQwHhcNMjYwMjI2MTQ0NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmJkOGNkMWU0M2RkNGI1MmYzZTY4MWI3ZjU0YzNmNTEyNGUzYjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5FNCgPPrd+SiOwjJBGv0HUITZsY
jUDrCwTsvYjzEOIdDVzdSf3lONy6YcH5+G9EqTY1tuN81aPFsHEnW9/TQYfQuyLX
tIpL1OvXYt1BHLkkiAx7Jc2UOqz0XHlZPRzEJGzGCUwu/ljCvXkSxwAHd9KWLr1K
WnEsm6GgvbBdiZHKPXf46b4rMxOcybnnTpjDzF59FJgLTPCZEWnEz6e+AS3Ud5gZ
qgAh5kc4y7fiByVuC5VR1k0Et8nFE5V2OJFdaxBT0iMhrqCZQFGGAvhsPivr0xWD
rTr9QktNqjvhv7rCxrAQ/g18kFkJcQo6lBMd6VpKbv7IzQca1UnwhbVkCwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFCu9jNHkPdS1Lz5oG39Uw/USTjsxMB8GA1UdIwQY
MBaAFPc0JXJMric/KWMGDchlxvCwQlytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUt
ZTg3MWIyMTc5MGRlLzEvSzcyTTBlUTkxTFV2UG1nYmYxVEQ5UkpPT3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUtZTg3MWIyMTc5MGRl
LzEvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBABIOC8D
BAJIODADBAFIODgwDAMEAEg4OwMEAUg4PDANBgkqhkiG9w0BAQsFAAOCAQEAZZd/
RUyPItmD2F3QrFs8c/oYmVS49+rM1VfCbMUyRoZyYI+6ZmmiQq8lpcwgfN30zV26
HKjrJqUzWLfbNAhAt6dsNAB+CfxQ8FaDPhqU2axcA8izb7NtxxqfIZ3eVvSI/GnS
34vKEk0I6YCMBi2FYyfFpZETyqWFEew79nzDv+VbZnMs1n66X3T5mZOkBJAnF5FO
hZSX+tlbkWNlCK7qELrAYQROPd5cbGos69TBGMIv+sej6j47O7R1IMkc1etMJiFK
W61C1JM2tOY/5uSrU3LBrEWBeGBcsoU0TWFFmuhl0O75U/qABYd0/+o8m3MXKdQZ
txCDdVm++/M1gE6cZQ==
-----END CERTIFICATE-----
Generated at Mon Mar 2 06:07:20 2026 by rpki-client