Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/riOkNghSYTw9yafk9VJfteSyTC4.roa
File: riOkNghSYTw9yafk9VJfteSyTC4.roa (raw, json)
Hash identifier: 2dASlVYei/Vsy2geGSfTPcu2uRMGmLtm3nWtYZPrR0A=
Subject key identifier: AE:23:A4:36:08:52:61:3C:3D:C9:A7:E4:F5:52:5F:B5:E4:B2:4C:2E
Certificate issuer: /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial: 019C0F1DB4D4A2DCB7D3F64B2DBD1E0586EF
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/riOkNghSYTw9yafk9VJfteSyTC4.roa
Signing time: Fri 30 Jan 2026 13:35:30 +0000
ROA not before: Fri 30 Jan 2026 13:35:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202736
IP address blocks: 2a06:cac0::/29 maxlen: 48
2a11:9600::/29 maxlen: 48
2a12:ec0::/29 maxlen: 48
2a12:1900::/29 maxlen: 48
2a12:28c0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl
rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.mft
rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Feb 2026 09:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:0f:1d:b4:d4:a2:dc:b7:d3:f6:4b:2d:bd:1e:05:86:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Validity
Not Before: Jan 30 13:35:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ae23a4360852613c3dc9a7e4f5525fb5e4b24c2e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:01:1b:0a:9c:b9:ad:80:05:11:3c:30:c9:5c:
96:ee:96:bd:33:69:35:52:f9:f0:2f:2d:ef:c7:37:
23:bc:10:2e:40:d6:24:63:0d:e9:87:48:10:34:f7:
79:58:9a:49:c3:ae:ae:31:50:0f:43:bc:c0:7b:d9:
83:27:29:62:76:44:2e:99:7f:03:c1:eb:fc:26:91:
3a:d7:98:61:12:4c:7e:f3:40:54:84:f9:be:a9:f7:
f3:b6:12:d0:29:4c:e3:86:b5:ea:cf:bc:38:d6:3e:
2f:88:72:d4:72:d4:92:1a:48:55:69:d0:3f:a3:3d:
13:17:1a:dd:30:f2:2b:74:8a:96:36:41:56:2e:a5:
4f:19:3c:18:06:10:0e:61:15:15:ab:05:ba:a3:cc:
6a:61:de:91:79:5f:29:7d:7a:39:bd:a1:7e:fc:87:
16:5b:20:4b:d1:0c:3e:05:f5:51:a0:03:fb:f8:45:
38:ae:71:c5:26:b0:52:99:e4:8b:7b:36:97:67:9b:
85:9d:02:60:97:87:45:0f:d6:42:80:08:f6:3b:5d:
ce:0c:7b:76:04:96:8f:e3:35:5c:47:14:84:c6:17:
66:8c:59:cb:b4:b4:c8:c2:cb:ba:98:89:14:a8:b8:
d3:a8:84:13:a3:a3:2c:7c:2c:ed:eb:cf:32:20:6e:
d2:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:23:A4:36:08:52:61:3C:3D:C9:A7:E4:F5:52:5F:B5:E4:B2:4C:2E
X509v3 Authority Key Identifier:
keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/riOkNghSYTw9yafk9VJfteSyTC4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a06:cac0::/29
2a11:9600::/29
2a12:ec0::/29
2a12:1900::/29
2a12:28c0::/29
Signature Algorithm: sha256WithRSAEncryption
4e:1f:d7:81:c4:d1:0b:89:b3:4c:68:c8:d3:65:ae:68:8b:5d:
1d:93:3e:3a:4f:19:f8:c0:55:59:64:7d:13:aa:68:42:57:c9:
d9:25:04:61:b9:8b:7d:61:49:c1:0e:ff:eb:0d:0b:a3:14:bb:
94:2e:5d:a6:34:48:e4:76:88:90:b4:44:e3:fe:14:96:9f:ba:
48:06:a1:2b:22:24:7c:8d:e6:44:64:0f:a2:22:87:69:06:bc:
a2:64:c9:ae:66:30:c9:e7:2c:b7:2b:d4:82:a6:70:8f:0f:bd:
aa:ca:76:c6:5e:9b:61:14:17:07:6b:b7:5a:e6:ef:10:6a:d5:
fb:0d:8a:cf:7c:79:3b:8b:26:59:67:4f:e3:de:b9:3e:f9:e8:
a9:52:5c:b5:35:51:cc:55:c0:c2:74:66:91:7b:73:35:19:00:
7f:06:3f:5e:69:32:ed:e4:4e:44:71:98:ad:b0:8d:1b:57:29:
be:2e:07:63:30:be:55:4b:cd:59:8e:2c:a9:32:0c:39:e6:e4:
5c:e9:73:a4:3d:dc:e9:78:33:c8:e2:b2:a1:bc:d2:cc:0a:60:
f3:b1:41:d1:2f:87:d6:97:e4:4c:ad:97:1f:75:d5:57:97:8d:
ff:9c:00:38:32:95:ba:14:b3:93:46:10:f8:42:c6:5b:9e:0c:
25:70:b9:fc
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZwPHbTUoty30/ZLLb0eBYbvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjYwMTMwMTMzNTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTIzYTQzNjA4NTI2MTNjM2RjOWE3ZTRmNTUyNWZiNWU0YjI0YzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAEbCpy5rYAFETwwyVyW7pa9M2k1
UvnwLy3vxzcjvBAuQNYkYw3ph0gQNPd5WJpJw66uMVAPQ7zAe9mDJylidkQumX8D
wev8JpE615hhEkx+80BUhPm+qffzthLQKUzjhrXqz7w41j4viHLUctSSGkhVadA/
oz0TFxrdMPIrdIqWNkFWLqVPGTwYBhAOYRUVqwW6o8xqYd6ReV8pfXo5vaF+/IcW
WyBL0Qw+BfVRoAP7+EU4rnHFJrBSmeSLezaXZ5uFnQJgl4dFD9ZCgAj2O13ODHt2
BJaP4zVcRxSExhdmjFnLtLTIwsu6mIkUqLjTqIQTo6MsfCzt688yIG7SLwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFK4jpDYIUmE8Pcmn5PVSX7XkskwuMB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvcmlPa05naFNZVHc5eWFmazlWSmZ0ZVN5VEM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUtYTJhNGM2YTYyMWNk
LzEvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzApBAIAAjAjAwUDKgbKwAMF
AyoRlgADBQMqEg7AAwUDKhIZAAMFAyoSKMAwDQYJKoZIhvcNAQELBQADggEBAE4f
14HE0QuJs0xoyNNlrmiLXR2TPjpPGfjAVVlkfROqaEJXydklBGG5i31hScEO/+sN
C6MUu5QuXaY0SOR2iJC0ROP+FJafukgGoSsiJHyN5kRkD6Iih2kGvKJkya5mMMnn
LLcr1IKmcI8PvarKdsZem2EUFwdrt1rm7xBq1fsNis98eTuLJllnT+PeuT756KlS
XLU1UcxVwMJ0ZpF7czUZAH8GP15pMu3kTkRxmK2wjRtXKb4uB2MwvlVLzVmOLKky
DDnm5Fzpc6Q93Ol4M8jisqG80swKYPOxQdEvh9aX5Eytlx911VeXjf+cADgylboU
s5NGEPhCxlueDCVwufw=
-----END CERTIFICATE-----
Generated at Thu Feb 26 15:34:17 2026 by rpki-client