Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/1-wPkdqZfuQPb-us3mtvdNi_uLQg.roa
File: 1-wPkdqZfuQPb-us3mtvdNi_uLQg.roa (raw, json)
Hash identifier: H1N6Z5DzveVH88EiF3Mi59Seq2Gi2/rQkZ53jTCYKSw=
Subject key identifier: FB:03:E4:76:A6:5F:B9:03:DB:FA:EB:37:9A:DB:DD:36:2F:EE:2D:08
Certificate issuer: /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial: 019E50B4F52CEAFD63A25C62AEE26B5D96D0
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/1-wPkdqZfuQPb-us3mtvdNi_uLQg.roa
Signing time: Fri 22 May 2026 17:21:37 +0000
ROA not before: Fri 22 May 2026 17:21:37 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 31898
IP address blocks: 2a14:67c1:a123::/48 maxlen: 48
2a14:67c1:a129::/48 maxlen: 48
2a14:67c1:b147::/48 maxlen: 48
2a14:67c1:c220::/44 maxlen: 44
2a14:67c1:c300::/40 maxlen: 48
2a14:67c1:c700::/48 maxlen: 48
2a14:67c2:3f0::/48 maxlen: 48
2a14:67c2:3f1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 29 May 2026 05:00:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:50:b4:f5:2c:ea:fd:63:a2:5c:62:ae:e2:6b:5d:96:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Validity
Not Before: May 22 17:21:37 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fb03e476a65fb903dbfaeb379adbdd362fee2d08
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:23:81:68:f7:86:df:91:ce:06:0f:5a:14:f0:
63:76:3c:6a:a9:63:12:bd:df:d3:b1:ba:62:02:4f:
cf:fb:72:48:20:49:50:4d:4e:23:06:26:e9:78:57:
8b:eb:ed:46:a7:7a:e8:b0:39:85:c4:ef:2f:f5:73:
67:4a:cc:7e:87:ea:36:87:99:5f:35:09:69:16:b5:
9f:23:48:39:65:1d:ac:5f:c9:d1:ee:8a:d0:1a:2c:
e0:fa:e3:fc:84:62:e6:6b:33:26:e4:03:ac:01:b7:
e5:56:89:a2:61:84:9f:09:e8:1b:55:5c:f5:b9:8b:
17:14:33:86:1f:03:12:51:f5:4e:14:77:0e:88:d4:
bf:e8:b5:73:98:23:22:49:35:0d:3d:7c:5a:d2:aa:
59:c1:19:9c:a6:cf:b9:b1:f7:56:b2:d8:83:f2:a3:
45:8b:27:1d:32:8e:11:00:2c:0d:5f:a7:cf:cb:fc:
78:bc:be:7c:bf:05:95:08:a5:c4:2e:d0:e0:50:ca:
25:54:69:1b:b0:49:5b:a6:c6:43:11:7a:a6:e8:12:
d6:f6:dd:02:98:ba:c9:4e:69:0c:87:1a:42:b2:11:
28:89:e5:f0:07:01:1d:1c:7a:52:43:55:3a:5e:9d:
7c:bd:6a:7c:90:4b:6c:75:8c:5d:5d:49:22:1e:ac:
27:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:03:E4:76:A6:5F:B9:03:DB:FA:EB:37:9A:DB:DD:36:2F:EE:2D:08
X509v3 Authority Key Identifier:
keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/1-wPkdqZfuQPb-us3mtvdNi_uLQg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:67c1:a123::/48
2a14:67c1:a129::/48
2a14:67c1:b147::/48
2a14:67c1:c220::/44
2a14:67c1:c300::/40
2a14:67c1:c700::/48
2a14:67c2:3f0::/47
Signature Algorithm: sha256WithRSAEncryption
6f:5b:22:12:95:06:54:a1:c9:97:c8:3f:b1:82:77:86:95:46:
cc:f6:01:6d:20:4a:a8:4a:fe:4a:fc:79:79:00:86:ac:8d:a6:
88:74:dc:c6:76:12:4d:90:d8:07:eb:95:28:f3:6a:11:d0:04:
82:b9:ee:3b:5c:d0:b7:87:8a:59:76:58:6a:49:1c:3f:42:0e:
37:e2:d0:86:4f:fb:f7:0d:a6:87:81:ba:14:14:9a:76:eb:ba:
a2:77:02:40:18:ea:70:1b:16:4d:ce:6a:51:eb:d7:bf:10:1e:
10:d2:ea:cc:5f:63:95:25:6e:08:4c:e3:a9:01:18:87:6e:88:
e4:93:c3:a1:51:75:38:9a:8d:b7:5a:04:ce:90:ec:84:f6:db:
ed:2a:3f:2b:a8:38:ef:55:82:54:2c:e3:28:19:75:a8:15:be:
31:4e:38:2f:12:e7:25:38:a9:c5:ec:30:82:01:23:55:0d:ee:
04:eb:1f:76:f2:14:03:e1:25:6e:59:2b:ee:b6:72:90:69:f2:
78:d3:34:f6:f9:04:f0:44:2f:28:76:94:b8:a8:cd:44:48:bd:
65:2e:eb:02:44:b3:53:6d:30:86:70:77:e1:c5:12:fb:d4:7e:
59:86:98:cc:b6:09:12:75:e0:4a:1b:b8:9d:4a:de:23:47:3c:
bc:33:2e:57
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZ5QtPUs6v1jolxiruJrXZbQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwNTIyMTcyMTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjAzZTQ3NmE2NWZiOTAzZGJmYWViMzc5YWRiZGQzNjJmZWUyZDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3SOBaPeG35HOBg9aFPBjdjxqqWMS
vd/TsbpiAk/P+3JIIElQTU4jBibpeFeL6+1Gp3rosDmFxO8v9XNnSsx+h+o2h5lf
NQlpFrWfI0g5ZR2sX8nR7orQGizg+uP8hGLmazMm5AOsAbflVomiYYSfCegbVVz1
uYsXFDOGHwMSUfVOFHcOiNS/6LVzmCMiSTUNPXxa0qpZwRmcps+5sfdWstiD8qNF
iycdMo4RACwNX6fPy/x4vL58vwWVCKXELtDgUMolVGkbsElbpsZDEXqm6BLW9t0C
mLrJTmkMhxpCshEoieXwBwEdHHpSQ1U6Xp18vWp8kEtsdYxdXUkiHqwnJwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFPsD5HamX7kD2/rrN5rb3TYv7i0IMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvMS13UGtkcVpmdVFQYi11czNtdHZkTmlfdUxRZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDAvNzMyYjZjLTQ4ZTQtNDM1MC04YTU2LWY2Y2M0ZWYwZjdk
Zi8xL1pfTWIza1pSWTBmMDdmeS1NTzJzbWduazRPQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBXBggrBgEFBQcBBwEB/wRIMEYwRAQCAAIwPgMHACoUZ8Gh
IwMHACoUZ8GhKQMHACoUZ8GxRwMHBCoUZ8HCIAMGACoUZ8HDAwcAKhRnwccAAwcB
KhRnwgPwMA0GCSqGSIb3DQEBCwUAA4IBAQBvWyISlQZUocmXyD+xgneGlUbM9gFt
IEqoSv5K/Hl5AIasjaaIdNzGdhJNkNgH65Uo82oR0ASCue47XNC3h4pZdlhqSRw/
Qg434tCGT/v3DaaHgboUFJp267qidwJAGOpwGxZNzmpR69e/EB4Q0urMX2OVJW4I
TOOpARiHbojkk8OhUXU4mo23WgTOkOyE9tvtKj8rqDjvVYJULOMoGXWoFb4xTjgv
EuclOKnF7DCCASNVDe4E6x928hQD4SVuWSvutnKQafJ40zT2+QTwRC8odpS4qM1E
SL1lLusCRLNTbTCGcHfhxRL71H5ZhpjMtgkSdeBKG7idSt4jRzy8My5X
-----END CERTIFICATE-----
Generated at Thu May 28 15:24:06 2026 by rpki-client