Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/_dx2CJojBdg1dQ90hMAD_lCOwHQ.roa
File: _dx2CJojBdg1dQ90hMAD_lCOwHQ.roa (raw, json)
Hash identifier: 0ULsxNCLOF7Mmtn3rqBfqWSvtKN6lj6291u6ShH3qyo=
Subject key identifier: FD:DC:76:08:9A:23:05:D8:35:75:0F:74:84:C0:03:FE:50:8E:C0:74
Certificate issuer: /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial: 019D10BAC88FD7E8C524087166E0F6A4086A
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/_dx2CJojBdg1dQ90hMAD_lCOwHQ.roa
Signing time: Sat 21 Mar 2026 14:09:29 +0000
ROA not before: Sat 21 Mar 2026 14:09:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 216024
IP address blocks: 45.129.142.0/24 maxlen: 24
45.129.143.0/24 maxlen: 24
146.255.188.0/24 maxlen: 24
2a10:9681::/32 maxlen: 32
2a10:9682::/32 maxlen: 32
2a10:9683::/32 maxlen: 32
2a10:9687::/32 maxlen: 32
2a11:c880::/29 maxlen: 29
2a12:6c40::/32 maxlen: 32
2a12:6c42::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Mar 2026 14:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:10:ba:c8:8f:d7:e8:c5:24:08:71:66:e0:f6:a4:08:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Validity
Not Before: Mar 21 14:09:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fddc76089a2305d835750f7484c003fe508ec074
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:4a:2e:fe:b3:4a:1b:37:28:49:67:e8:6a:a4:
00:5c:7f:ba:8b:4f:6d:85:99:62:f7:59:18:e2:6d:
f0:14:51:4b:3a:9b:78:e1:8a:24:3e:ad:1f:b9:59:
7d:18:4d:0b:57:1a:a8:c8:6d:96:aa:84:e8:fc:19:
5f:d1:1a:29:b1:fb:74:a6:b4:90:36:66:6d:f8:41:
e7:33:f7:e4:a7:ab:98:c7:cd:01:36:7e:5c:e9:d3:
6e:76:63:1f:16:09:c6:7b:e2:87:c2:35:0a:a0:ee:
46:20:e9:65:08:e4:36:a4:3f:7c:bc:b8:51:f4:7f:
87:fa:65:57:45:fa:11:98:a8:ac:f3:94:c9:a0:81:
21:c6:a9:56:a1:76:64:a7:5b:5d:fa:3f:dc:c5:79:
92:69:24:d1:8e:d4:85:a0:42:f1:5f:f6:60:c2:f4:
00:c9:f3:11:69:b2:b8:ce:62:a4:c9:58:4a:57:f6:
a3:83:bf:1b:18:e3:b5:02:c1:c9:92:d1:1e:93:4a:
e7:a0:94:64:e5:ee:d6:86:ba:88:1b:70:38:4e:c7:
8c:7a:85:9d:ab:5d:98:98:a5:24:29:df:28:7c:66:
d3:68:86:83:07:20:a7:ad:86:da:c2:7b:c6:b1:e2:
c2:dc:30:a2:44:5c:03:75:c5:d5:b8:1c:f9:f0:c5:
42:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:DC:76:08:9A:23:05:D8:35:75:0F:74:84:C0:03:FE:50:8E:C0:74
X509v3 Authority Key Identifier:
keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/_dx2CJojBdg1dQ90hMAD_lCOwHQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.129.142.0/23
146.255.188.0/24
IPv6:
2a10:9681::-2a10:9683:ffff:ffff:ffff:ffff:ffff:ffff
2a10:9687::/32
2a11:c880::/29
2a12:6c40::/32
2a12:6c42::/32
Signature Algorithm: sha256WithRSAEncryption
12:66:a5:64:52:15:97:b7:4b:10:fb:2c:c3:15:1f:31:83:8d:
34:0b:21:e1:e7:4b:3b:cd:ab:6b:50:91:da:f5:bf:b6:4d:21:
17:48:db:12:1b:83:b5:ea:ae:26:d9:e0:c4:f2:d6:63:fb:d7:
40:95:e1:bd:53:bf:d7:44:63:5b:9d:69:bb:71:03:b0:3e:3e:
57:ed:9f:dc:8a:f4:2d:88:cd:4f:d7:61:85:18:5c:4d:3a:50:
26:a7:92:90:fd:1e:88:0b:14:82:35:af:93:33:c9:66:d6:e4:
e5:64:4f:51:a6:f3:3f:80:82:57:79:70:b0:2c:f5:28:8d:8b:
34:61:9b:77:8b:8c:c1:3e:7e:92:73:9e:05:53:22:4b:27:34:
64:e2:6f:69:b3:65:dd:e2:41:a3:9b:dd:d8:f2:52:0a:07:28:
c6:fc:a2:6e:25:52:88:3e:59:32:68:97:04:27:a7:1f:da:25:
dd:14:b5:75:de:0e:d5:eb:ba:c2:ae:a3:fb:82:48:4b:c8:bc:
4f:64:30:87:e7:b6:31:d4:0d:76:df:97:9e:1c:57:55:06:6c:
7d:b7:cf:7f:58:df:0d:8d:ef:e5:37:c6:59:93:48:60:d2:52:
46:1e:3f:a2:43:62:0d:33:f7:8a:66:7e:1e:ea:11:32:7d:6f:
42:42:bd:84
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZ0QusiP1+jFJAhxZuD2pAhqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjYwMzIxMTQwOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGRjNzYwODlhMjMwNWQ4MzU3NTBmNzQ4NGMwMDNmZTUwOGVjMDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0ou/rNKGzcoSWfoaqQAXH+6i09t
hZli91kY4m3wFFFLOpt44YokPq0fuVl9GE0LVxqoyG2WqoTo/Blf0Ropsft0prSQ
NmZt+EHnM/fkp6uYx80BNn5c6dNudmMfFgnGe+KHwjUKoO5GIOllCOQ2pD98vLhR
9H+H+mVXRfoRmKis85TJoIEhxqlWoXZkp1td+j/cxXmSaSTRjtSFoELxX/ZgwvQA
yfMRabK4zmKkyVhKV/ajg78bGOO1AsHJktEek0rnoJRk5e7WhrqIG3A4TseMeoWd
q12YmKUkKd8ofGbTaIaDByCnrYbawnvGseLC3DCiRFwDdcXVuBz58MVCEQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFP3cdgiaIwXYNXUPdITAA/5QjsB0MB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvX2R4MkNKb2pCZGcxZFE5MGhNQURfbENPd0hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDASBAIAATAMAwQBLYGOAwQA
kv+8MDIEAgACMCwwDgMFACoQloEDBQIqEJaAAwUAKhCWhwMFAyoRyIADBQAqEmxA
AwUAKhJsQjANBgkqhkiG9w0BAQsFAAOCAQEAEmalZFIVl7dLEPsswxUfMYONNAsh
4edLO82ra1CR2vW/tk0hF0jbEhuDtequJtngxPLWY/vXQJXhvVO/10RjW51pu3ED
sD4+V+2f3Ir0LYjNT9dhhRhcTTpQJqeSkP0eiAsUgjWvkzPJZtbk5WRPUabzP4CC
V3lwsCz1KI2LNGGbd4uMwT5+knOeBVMiSyc0ZOJvabNl3eJBo5vd2PJSCgcoxvyi
biVSiD5ZMmiXBCenH9ol3RS1dd4O1eu6wq6j+4JIS8i8T2Qwh+e2MdQNdt+XnhxX
VQZsfbfPf1jfDY3v5TfGWZNIYNJSRh4/okNiDTP3imZ+HuoRMn1vQkK9hA==
-----END CERTIFICATE-----
Generated at Sat Mar 21 20:38:29 2026 by rpki-client