Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/2W9_jCTsudiwCTWg80p-6Utk6CU.roa
File: 2W9_jCTsudiwCTWg80p-6Utk6CU.roa (raw, json)
Hash identifier: c9Y10aZq7HtEk57NMryhqo8eeOEHPgFUNSm9TxH2iqk=
Subject key identifier: D9:6F:7F:8C:24:EC:B9:D8:B0:09:35:A0:F3:4A:7E:E9:4B:64:E8:25
Certificate issuer: /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial: 019CD7173FB1F99AA6F6578DBF9B82798143
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/2W9_jCTsudiwCTWg80p-6Utk6CU.roa
Signing time: Tue 10 Mar 2026 09:32:30 +0000
ROA not before: Tue 10 Mar 2026 09:32:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 216024
IP address blocks: 45.129.142.0/24 maxlen: 24
45.129.143.0/24 maxlen: 24
146.255.188.0/24 maxlen: 24
2a10:9681::/32 maxlen: 32
2a10:9682::/32 maxlen: 32
2a10:9683::/32 maxlen: 32
2a10:9687::/32 maxlen: 32
2a11:c880::/29 maxlen: 29
2a12:6c40::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 13 Mar 2026 11:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:d7:17:3f:b1:f9:9a:a6:f6:57:8d:bf:9b:82:79:81:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Validity
Not Before: Mar 10 09:32:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d96f7f8c24ecb9d8b00935a0f34a7ee94b64e825
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:0a:d6:a4:77:77:73:75:3f:ee:17:10:9f:65:
2c:00:3a:79:45:60:e7:6c:ab:91:9c:e3:93:57:ca:
d8:a5:be:07:75:14:a2:08:ca:49:a9:f6:9b:e8:61:
5b:98:6c:09:dd:22:c8:16:f4:f2:43:1f:63:fc:41:
33:56:a1:ed:33:9c:fd:75:95:19:04:61:41:0e:27:
bc:bc:a1:69:5c:61:89:16:7f:90:a9:11:fb:67:ae:
1f:69:72:4a:d8:4e:5f:69:04:19:18:95:c6:c7:27:
96:01:5d:6d:70:de:b2:87:92:87:3f:e4:1c:79:3d:
3d:7e:0a:56:6e:f9:c6:e2:f7:17:31:13:00:d3:38:
5b:3d:72:96:cd:98:4d:6d:f9:f8:97:d8:a8:fa:e1:
4d:d3:91:36:ad:aa:6b:0e:91:69:50:ed:ff:a0:e1:
f4:6a:c9:df:e6:eb:c6:d7:08:c1:0c:cf:19:b9:39:
65:a2:97:69:5c:b0:68:4e:ae:e7:dc:93:f3:ec:f0:
13:29:f6:3e:c3:57:55:55:73:72:5e:e5:2e:9f:2c:
33:4f:0c:ad:6f:dc:bb:52:a8:53:0a:b1:50:e2:82:
f7:fa:7d:24:36:75:24:58:5c:55:cd:ac:72:65:02:
9f:60:dd:c5:a1:ba:b8:7d:65:58:1e:aa:ad:ae:c7:
9c:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:6F:7F:8C:24:EC:B9:D8:B0:09:35:A0:F3:4A:7E:E9:4B:64:E8:25
X509v3 Authority Key Identifier:
keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/2W9_jCTsudiwCTWg80p-6Utk6CU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.129.142.0/23
146.255.188.0/24
IPv6:
2a10:9681::-2a10:9683:ffff:ffff:ffff:ffff:ffff:ffff
2a10:9687::/32
2a11:c880::/29
2a12:6c40::/32
Signature Algorithm: sha256WithRSAEncryption
a0:91:99:d3:45:3f:b3:f0:d0:d8:2b:ae:7c:e8:7b:c4:27:4e:
9b:76:73:88:ea:e4:7c:95:8f:9a:b9:c1:eb:c8:b4:af:d2:11:
d4:e1:4c:40:18:4c:ac:16:05:f6:8e:63:63:6b:b4:c1:15:3e:
fd:6e:c6:ad:98:ff:96:1b:a4:21:1f:45:b7:7b:c7:a5:51:9c:
67:66:20:94:ea:ef:c3:8b:bf:79:80:72:76:e7:db:8b:14:7d:
37:42:e5:3d:79:9e:cb:1c:2a:76:27:90:63:9f:2c:49:81:b6:
22:83:d2:da:e1:a1:79:d1:23:04:a6:b4:3a:5f:71:97:25:bf:
3a:86:db:47:c1:9f:d8:6e:c5:de:f7:17:a7:00:a4:6d:3a:9a:
23:5d:ae:61:47:07:a9:a4:dc:bb:4b:5c:4d:7b:73:59:6a:18:
e4:4d:a7:d0:05:a1:f1:bf:6d:8d:ca:cf:5f:19:41:a2:d1:3d:
2d:ff:82:88:11:f9:9a:5d:fe:6c:cc:04:6a:a2:6d:4f:dc:18:
bb:a5:87:eb:cf:9b:81:b5:bd:9a:6b:2d:03:4f:80:54:5a:c8:
2f:ab:1a:b4:d4:b8:f4:bc:88:3b:54:b0:ce:b6:c3:6c:5d:fb:
ef:de:bd:e1:c8:ac:34:41:c3:3e:84:15:66:bc:a8:ca:ef:24:
29:64:62:00
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZzXFz+x+Zqm9leNv5uCeYFDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjYwMzEwMDkzMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTZmN2Y4YzI0ZWNiOWQ4YjAwOTM1YTBmMzRhN2VlOTRiNjRlODI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQrWpHd3c3U/7hcQn2UsADp5RWDn
bKuRnOOTV8rYpb4HdRSiCMpJqfab6GFbmGwJ3SLIFvTyQx9j/EEzVqHtM5z9dZUZ
BGFBDie8vKFpXGGJFn+QqRH7Z64faXJK2E5faQQZGJXGxyeWAV1tcN6yh5KHP+Qc
eT09fgpWbvnG4vcXMRMA0zhbPXKWzZhNbfn4l9io+uFN05E2raprDpFpUO3/oOH0
asnf5uvG1wjBDM8ZuTllopdpXLBoTq7n3JPz7PATKfY+w1dVVXNyXuUunywzTwyt
b9y7UqhTCrFQ4oL3+n0kNnUkWFxVzaxyZQKfYN3Fobq4fWVYHqqtrsecRwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFNlvf4wk7LnYsAk1oPNKfulLZOglMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvMlc5X2pDVHN1ZGl3Q1RXZzgwcC02VXRrNkNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTASBAIAATAMAwQBLYGOAwQA
kv+8MCsEAgACMCUwDgMFACoQloEDBQIqEJaAAwUAKhCWhwMFAyoRyIADBQAqEmxA
MA0GCSqGSIb3DQEBCwUAA4IBAQCgkZnTRT+z8NDYK6586HvEJ06bdnOI6uR8lY+a
ucHryLSv0hHU4UxAGEysFgX2jmNja7TBFT79bsatmP+WG6QhH0W3e8elUZxnZiCU
6u/Di795gHJ259uLFH03QuU9eZ7LHCp2J5BjnyxJgbYig9La4aF50SMEprQ6X3GX
Jb86httHwZ/YbsXe9xenAKRtOpojXa5hRweppNy7S1xNe3NZahjkTafQBaHxv22N
ys9fGUGi0T0t/4KIEfmaXf5szARqom1P3Bi7pYfrz5uBtb2aay0DT4BUWsgvqxq0
1Lj0vIg7VLDOtsNsXfvv3r3hyKw0QcM+hBVmvKjK7yQpZGIA
-----END CERTIFICATE-----
Generated at Thu Mar 12 19:04:11 2026 by rpki-client