Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/Q6wq2o9V_bMuXNVekullESKSczY.roa
File: Q6wq2o9V_bMuXNVekullESKSczY.roa (raw, json)
Hash identifier: 1IRZKxlgzm+cRZFtDXNnbQzz695RIK0eg3cfYVgpQ1M=
Subject key identifier: 43:AC:2A:DA:8F:55:FD:B3:2E:5C:D5:5E:92:E9:65:11:22:92:73:36
Certificate issuer: /CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
Certificate serial: 019E8993859E39A2D8EF0BA8F1DC54695309
Authority key identifier: 70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/Q6wq2o9V_bMuXNVekullESKSczY.roa
Signing time: Tue 02 Jun 2026 18:23:27 +0000
ROA not before: Tue 02 Jun 2026 18:23:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 214266
IP address blocks: 2a11:23c0::/29 maxlen: 29
2a11:8dc0::/29 maxlen: 29
2a11:a200::/29 maxlen: 29
2a12:7a00::/29 maxlen: 29
2a12:cb00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.crl
rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.mft
rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Jun 2026 02:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:89:93:85:9e:39:a2:d8:ef:0b:a8:f1:dc:54:69:53:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
Validity
Not Before: Jun 2 18:23:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=43ac2ada8f55fdb32e5cd55e92e9651122927336
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:37:d3:0d:1b:e7:1d:26:e6:90:13:a9:fc:df:
a3:00:a5:31:26:0f:7b:72:1f:e2:4d:fa:5e:5a:ef:
6f:da:3a:f7:f9:8e:f9:a9:f8:31:5a:2e:ea:11:4a:
f2:d8:8f:55:a2:a7:d4:c3:ff:17:d4:e8:06:cd:7e:
2a:40:4b:3f:1b:82:1a:da:85:95:8b:73:5e:f8:76:
3e:7f:4d:6c:d2:36:33:45:29:55:b8:78:1a:bb:50:
93:a5:6d:4a:94:39:e0:22:1c:b7:e7:58:c3:73:5e:
1c:eb:fe:50:17:c1:fa:de:4b:97:f0:67:7b:18:19:
61:18:e0:4e:d2:21:d0:ca:2a:24:1b:51:7d:24:0c:
9a:82:83:5e:36:0a:16:d7:7f:ba:58:68:ee:23:6c:
61:bb:cd:56:f6:07:f7:37:31:bc:a5:0a:80:b0:01:
8e:01:6b:bb:4a:b5:93:6a:d7:ba:5d:18:9a:4b:5f:
98:bc:3c:b1:86:0e:23:f4:90:af:3d:f4:ef:1f:21:
d5:9c:fc:22:84:07:37:b5:b8:f8:3d:67:af:6e:4a:
24:3f:42:22:6a:fb:ab:bd:55:83:65:88:6a:ff:7a:
87:3d:ca:01:b1:a0:ca:28:c9:48:9d:80:0c:e4:3a:
83:9a:71:11:1f:cf:06:67:0d:b9:a9:35:9e:40:a4:
df:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:AC:2A:DA:8F:55:FD:B3:2E:5C:D5:5E:92:E9:65:11:22:92:73:36
X509v3 Authority Key Identifier:
keyid:70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/Q6wq2o9V_bMuXNVekullESKSczY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:23c0::/29
2a11:8dc0::/29
2a11:a200::/29
2a12:7a00::/29
2a12:cb00::/29
Signature Algorithm: sha256WithRSAEncryption
25:2e:89:66:51:4d:3d:c9:e5:01:de:15:ac:86:ca:c7:b9:b2:
6e:3a:79:9d:2f:3f:6b:42:7a:fa:e0:ac:15:a6:76:63:4b:7d:
ba:9f:78:5b:bc:b7:2c:cd:e1:06:b0:aa:01:6a:0e:b9:30:ef:
05:e9:52:67:8b:56:5f:de:cb:00:75:c7:19:df:c0:44:3a:e4:
20:94:74:00:ba:e2:78:f2:20:38:21:d3:e4:b7:83:66:26:e8:
11:18:62:28:9c:87:47:d9:64:67:3d:1a:44:e4:f5:d8:f2:2b:
fe:d8:02:7f:55:fd:c5:f9:64:a6:9f:a8:2d:68:20:9d:5d:e8:
d2:dc:81:2b:2e:95:5a:6f:5d:b3:13:35:cf:14:a3:79:e2:8d:
c7:ea:56:59:9c:ad:fd:9e:4f:5f:73:68:25:4d:11:3a:13:47:
95:b3:9f:18:33:2d:9c:02:8f:d2:50:8e:99:4c:63:50:a3:6b:
17:32:e4:63:bb:7d:b6:93:f5:58:d5:04:c3:97:cb:3f:a4:bc:
d8:1a:e8:c1:98:81:27:c5:dc:c4:55:11:da:fe:6a:74:c6:0a:
89:0f:f0:d0:d1:26:9c:38:c7:db:be:4f:26:8f:d4:38:26:ed:
8b:c7:07:48:11:dc:ed:72:c9:7e:41:28:ea:35:ab:03:1f:9d:
6e:e6:b2:3c
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZ6Jk4WeOaLY7wuo8dxUaVMJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNmQzYWJiYjQ3OGI3NGVmMmFkZWY5YmI3YzQzMzZlMzQx
MTFkNTEwHhcNMjYwNjAyMTgyMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2FjMmFkYThmNTVmZGIzMmU1Y2Q1NWU5MmU5NjUxMTIyOTI3MzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzfTDRvnHSbmkBOp/N+jAKUxJg97
ch/iTfpeWu9v2jr3+Y75qfgxWi7qEUry2I9VoqfUw/8X1OgGzX4qQEs/G4Ia2oWV
i3Ne+HY+f01s0jYzRSlVuHgau1CTpW1KlDngIhy351jDc14c6/5QF8H63kuX8Gd7
GBlhGOBO0iHQyiokG1F9JAyagoNeNgoW13+6WGjuI2xhu81W9gf3NzG8pQqAsAGO
AWu7SrWTate6XRiaS1+YvDyxhg4j9JCvPfTvHyHVnPwihAc3tbj4PWevbkokP0Ii
avurvVWDZYhq/3qHPcoBsaDKKMlInYAM5DqDmnERH88GZw25qTWeQKTfAQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFEOsKtqPVf2zLlzVXpLpZREiknM2MB8GA1UdIwQY
MBaAFHBtOru0eLdO8q3vm7fEM240ER1RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYt
YTQyMTNjOTNmMWY3LzEvUTZ3cTJvOVZfYk11WE5WZWt1bGxFU0tTY3pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYtYTQyMTNjOTNmMWY3
LzEvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzApBAIAAjAjAwUDKhEjwAMF
AyoRjcADBQMqEaIAAwUDKhJ6AAMFAyoSywAwDQYJKoZIhvcNAQELBQADggEBACUu
iWZRTT3J5QHeFayGyse5sm46eZ0vP2tCevrgrBWmdmNLfbqfeFu8tyzN4QawqgFq
Drkw7wXpUmeLVl/eywB1xxnfwEQ65CCUdAC64njyIDgh0+S3g2Ym6BEYYiich0fZ
ZGc9GkTk9djyK/7YAn9V/cX5ZKafqC1oIJ1d6NLcgSsulVpvXbMTNc8Uo3nijcfq
Vlmcrf2eT19zaCVNEToTR5WznxgzLZwCj9JQjplMY1Cjaxcy5GO7fbaT9VjVBMOX
yz+kvNga6MGYgSfF3MRVEdr+anTGCokP8NDRJpw4x9u+TyaP1Dgm7YvHB0gR3O1y
yX5BKOo1qwMfnW7msjw=
-----END CERTIFICATE-----
Generated at Sat Jun 6 11:46:31 2026 by rpki-client