Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/KF0QvzJGblVPKQsNf06hZ3SB34U.roa
File: KF0QvzJGblVPKQsNf06hZ3SB34U.roa (raw, json)
Hash identifier: beoVL4CcUiF/X+RqTuUlwhqclMvthXIihpSTECe+GcU=
Subject key identifier: 28:5D:10:BF:32:46:6E:55:4F:29:0B:0D:7F:4E:A1:67:74:81:DF:85
Certificate issuer: /CN=f73425724cae273f2963060dc865c6f0b0425cad
Certificate serial: 019D90DFD04C85ECAD7135993FE5AD4E25C5
Authority key identifier: F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/KF0QvzJGblVPKQsNf06hZ3SB34U.roa
Signing time: Wed 15 Apr 2026 11:21:20 +0000
ROA not before: Wed 15 Apr 2026 11:21:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9123
IP address blocks: 72.56.0.0/20 maxlen: 24
72.56.32.0/21 maxlen: 24
72.56.232.0/21 maxlen: 32
72.56.240.0/21 maxlen: 24
72.56.248.0/22 maxlen: 24
72.56.252.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.mft
rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:90:df:d0:4c:85:ec:ad:71:35:99:3f:e5:ad:4e:25:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f73425724cae273f2963060dc865c6f0b0425cad
Validity
Not Before: Apr 15 11:21:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=285d10bf32466e554f290b0d7f4ea1677481df85
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:10:bf:b4:ec:3e:0f:80:5c:df:e4:f8:eb:6e:
8b:6c:b0:ba:bf:c6:f6:8c:55:33:1a:cd:07:53:f5:
3f:a6:d0:6c:c4:5c:22:63:45:f6:67:34:c4:14:45:
b2:6d:c3:09:f1:7b:b5:1a:86:07:bb:ac:b1:60:11:
62:6a:bc:00:25:38:a3:32:ff:5f:b1:a5:26:15:87:
f6:4c:d6:23:5c:15:66:9f:a1:28:7c:58:9d:2a:62:
97:4e:bb:e1:5e:23:0e:c8:c2:dd:3e:ed:9e:ad:24:
9b:14:f2:0d:4d:37:70:9e:eb:4a:bd:ca:27:95:3c:
09:b2:f4:c7:92:78:6a:31:ed:95:3c:d4:ca:c7:e4:
97:db:14:44:bc:a7:bd:38:28:8b:5b:63:70:6b:24:
7c:16:71:63:82:1b:2f:6f:60:32:e7:d9:42:1a:be:
64:76:38:6d:89:73:37:8b:07:ef:0b:5e:28:6c:03:
7f:92:af:1a:a2:f1:f5:31:e4:bc:99:cb:f8:a5:05:
f0:ac:f2:e5:cb:81:79:38:ab:f3:15:71:02:b1:b9:
91:a0:f4:1b:2e:4c:01:c7:4e:ad:d1:22:01:d6:32:
96:0d:49:9d:f3:78:38:fd:76:92:68:32:5c:7b:c3:
ea:e0:f6:47:70:04:7c:f8:58:6d:14:d4:e5:bc:4f:
6f:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:5D:10:BF:32:46:6E:55:4F:29:0B:0D:7F:4E:A1:67:74:81:DF:85
X509v3 Authority Key Identifier:
keyid:F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/KF0QvzJGblVPKQsNf06hZ3SB34U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
72.56.0.0/20
72.56.32.0/21
72.56.232.0-72.56.253.255
Signature Algorithm: sha256WithRSAEncryption
5b:8f:08:17:74:a7:69:65:db:dc:2e:60:7c:ba:6e:5e:0a:77:
17:f1:7d:40:fe:49:5e:25:d9:2a:09:55:69:e3:5f:16:0d:24:
62:c4:61:24:b9:1b:3c:a6:c9:27:40:b4:64:19:ba:d9:f8:10:
55:dc:4e:90:0a:14:9a:72:31:11:77:45:25:c3:50:b9:0f:52:
e9:d5:8d:99:e1:f9:03:a7:63:83:75:c9:8e:79:90:95:d3:bf:
bf:99:56:d4:77:ad:89:62:f0:ac:39:ee:8d:7c:fe:10:76:bc:
8b:68:08:f8:f9:de:df:da:43:51:74:3f:12:92:95:26:54:49:
e7:9d:bf:fa:42:4b:c6:0f:17:7b:2f:ff:4b:b9:d2:f2:ea:24:
c5:93:29:a5:17:8d:26:95:de:05:06:d5:24:34:40:07:d4:9d:
e9:c7:06:7a:2a:dc:43:29:b0:70:3e:f3:8e:00:0e:5b:c3:94:
56:a0:c4:29:b5:82:25:db:e4:f9:b6:b0:7d:22:e4:46:cb:2b:
64:39:82:f7:5a:00:d8:9e:a4:35:4c:e6:97:be:dd:f1:e0:68:
e8:7f:98:1e:9d:6a:eb:cc:f5:91:49:b3:38:bc:70:75:89:9b:
12:34:52:eb:cc:db:f2:65:75:d5:47:ea:4c:78:cb:1e:2a:e7:
93:a1:34:33
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZ2Q39BMheytcTWZP+WtTiXFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MzQyNTcyNGNhZTI3M2YyOTYzMDYwZGM4NjVjNmYwYjA0
MjVjYWQwHhcNMjYwNDE1MTEyMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODVkMTBiZjMyNDY2ZTU1NGYyOTBiMGQ3ZjRlYTE2Nzc0ODFkZjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxC/tOw+D4Bc3+T4626LbLC6v8b2
jFUzGs0HU/U/ptBsxFwiY0X2ZzTEFEWybcMJ8Xu1GoYHu6yxYBFiarwAJTijMv9f
saUmFYf2TNYjXBVmn6EofFidKmKXTrvhXiMOyMLdPu2erSSbFPINTTdwnutKvcon
lTwJsvTHknhqMe2VPNTKx+SX2xREvKe9OCiLW2NwayR8FnFjghsvb2Ay59lCGr5k
djhtiXM3iwfvC14obAN/kq8aovH1MeS8mcv4pQXwrPLly4F5OKvzFXECsbmRoPQb
LkwBx06t0SIB1jKWDUmd83g4/XaSaDJce8Pq4PZHcAR8+FhtFNTlvE9vgQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFChdEL8yRm5VTykLDX9OoWd0gd+FMB8GA1UdIwQY
MBaAFPc0JXJMric/KWMGDchlxvCwQlytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUt
ZTg3MWIyMTc5MGRlLzEvS0YwUXZ6SkdibFZQS1FzTmYwNmhaM1NCMzRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUtZTg3MWIyMTc5MGRl
LzEvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQESDgAAwQD
SDggMAwDBANIOOgDBAFIOPwwDQYJKoZIhvcNAQELBQADggEBAFuPCBd0p2ll29wu
YHy6bl4KdxfxfUD+SV4l2SoJVWnjXxYNJGLEYSS5GzymySdAtGQZutn4EFXcTpAK
FJpyMRF3RSXDULkPUunVjZnh+QOnY4N1yY55kJXTv7+ZVtR3rYli8Kw57o18/hB2
vItoCPj53t/aQ1F0PxKSlSZUSeedv/pCS8YPF3sv/0u50vLqJMWTKaUXjSaV3gUG
1SQ0QAfUnenHBnoq3EMpsHA+844ADlvDlFagxCm1giXb5Pm2sH0i5EbLK2Q5gvda
ANiepDVM5pe+3fHgaOh/mB6dauvM9ZFJszi8cHWJmxI0UuvM2/JlddVH6kx4yx4q
55OhNDM=
-----END CERTIFICATE-----
Generated at Fri Apr 17 06:02:06 2026 by rpki-client