Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/p9NX5ZxA7fCPs2z83T83CZuodKQ.roa
File: p9NX5ZxA7fCPs2z83T83CZuodKQ.roa (raw, json)
Hash identifier: +jV0RGIBw16gruTWuyqa49U0WDrMVjE3103TpmVP/1M=
Subject key identifier: A7:D3:57:E5:9C:40:ED:F0:8F:B3:6C:FC:DD:3F:37:09:9B:A8:74:A4
Certificate issuer: /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial: 019CFD0ACEE5B950E99BD20F99E972335642
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/p9NX5ZxA7fCPs2z83T83CZuodKQ.roa
Signing time: Tue 17 Mar 2026 18:24:29 +0000
ROA not before: Tue 17 Mar 2026 18:24:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 0
IP address blocks: 2a05:9a40::/29 maxlen: 29
2a06:5fc0::/29 maxlen: 29
2a0f:9b40::/29 maxlen: 29
2a10:3c81::/32 maxlen: 32
2a10:3f80::/29 maxlen: 29
2a13:b9c0::/29 maxlen: 29
2a13:bb40::/29 maxlen: 29
2a13:c240::/29 maxlen: 29
2a13:c340::/29 maxlen: 29
2a14:1100::/32 maxlen: 32
2a14:1101::/32 maxlen: 32
2a14:1102::/32 maxlen: 32
2a14:1103::/32 maxlen: 32
2a14:1104::/32 maxlen: 32
2a14:1105::/32 maxlen: 32
2a14:1106::/32 maxlen: 32
2a14:1107::/32 maxlen: 32
2a14:42c0::/29 maxlen: 29
2a14:62c0::/29 maxlen: 29
2a14:6a40::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 19 Mar 2026 23:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:fd:0a:ce:e5:b9:50:e9:9b:d2:0f:99:e9:72:33:56:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Validity
Not Before: Mar 17 18:24:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a7d357e59c40edf08fb36cfcdd3f37099ba874a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:c4:a5:4e:1e:66:ed:d4:1a:d8:60:ac:69:44:
2b:e9:a0:34:f2:81:68:02:64:d8:b5:0a:0b:24:fc:
c8:b9:49:0b:40:e9:f0:1e:1c:32:c7:f7:be:9f:e6:
c2:b2:c2:b2:9a:ea:1e:7d:05:c2:33:68:33:86:b4:
ef:4a:2a:b5:3c:76:b4:9c:48:55:89:27:c6:bc:bf:
d0:0e:ba:8a:4d:a6:6c:10:bd:c5:d1:34:3a:f0:fa:
e0:c2:98:82:f7:8e:8d:90:30:ed:35:51:b6:27:b7:
0c:c1:7f:7b:15:a2:95:cb:b7:39:8b:82:dd:b9:4b:
0f:f4:e7:8a:ec:3c:06:b4:eb:23:4b:1d:18:55:b3:
63:82:30:7d:74:10:4d:5c:be:b0:d0:1a:d5:7f:c4:
b6:e2:2f:2b:c2:68:54:22:8b:4c:12:98:cb:4a:69:
b1:e7:b6:13:47:e9:cb:be:4d:94:f1:20:1f:1c:9d:
15:59:ca:0f:e4:9c:ae:96:78:51:0f:06:19:f4:b9:
6f:af:2a:d1:d5:c1:7f:dd:7a:a8:43:8b:15:99:2b:
67:38:89:03:52:3c:48:17:6d:d9:56:e3:0e:74:ed:
5f:a1:dc:5f:ac:ae:b5:17:0d:92:69:2b:9b:a0:d8:
37:21:72:2b:4a:d0:7e:65:80:7b:09:43:84:5f:e7:
56:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:D3:57:E5:9C:40:ED:F0:8F:B3:6C:FC:DD:3F:37:09:9B:A8:74:A4
X509v3 Authority Key Identifier:
keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/p9NX5ZxA7fCPs2z83T83CZuodKQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:9a40::/29
2a06:5fc0::/29
2a0f:9b40::/29
2a10:3c81::/32
2a10:3f80::/29
2a13:b9c0::/29
2a13:bb40::/29
2a13:c240::/29
2a13:c340::/29
2a14:1100::/29
2a14:42c0::/29
2a14:62c0::/29
2a14:6a40::/32
Signature Algorithm: sha256WithRSAEncryption
64:23:31:4c:dd:ef:ed:02:5b:2f:03:8c:0c:a8:8f:a7:d5:15:
67:c2:34:df:8b:ed:37:81:9b:40:44:c5:65:b0:a7:0b:59:7b:
ff:2b:54:b8:62:06:e4:ef:62:bc:ba:ab:06:06:cb:b5:98:5e:
82:3f:08:80:b6:57:04:33:24:da:20:92:90:df:99:fb:cf:a9:
15:14:cd:60:b2:26:f6:fc:e3:dc:36:ca:91:2d:38:19:41:57:
cb:b0:7b:d1:7c:45:11:65:3e:b8:47:b0:b2:5e:85:7c:ce:11:
27:c9:bf:0f:ae:5b:96:78:fa:2a:63:9e:86:8f:3d:cb:67:3b:
50:f3:4b:70:ef:1a:5e:11:e1:d9:cd:9d:b0:69:19:a4:17:5d:
f9:be:2a:ce:f0:31:0c:f8:ac:ed:13:15:4b:10:47:30:5c:5e:
a6:2f:85:4c:a4:6f:44:ff:92:f5:61:63:4b:ac:28:0c:94:41:
07:d7:e5:b9:c9:56:a3:db:e1:e3:a1:7b:41:12:42:e7:31:8e:
49:74:cd:7e:d2:f7:64:82:f0:05:ed:c5:22:c2:9b:1f:92:34:
ef:30:cb:1e:9a:54:ff:06:67:63:5c:11:b5:14:8d:13:d7:07:
73:52:be:f5:da:49:26:da:05:cf:79:d0:6d:5c:8d:32:89:ac:
a8:f7:26:92
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAZz9Cs7luVDpm9IPmelyM1ZCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwMzE3MTgyNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2QzNTdlNTljNDBlZGYwOGZiMzZjZmNkZDNmMzcwOTliYTg3NGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsSlTh5m7dQa2GCsaUQr6aA08oFo
AmTYtQoLJPzIuUkLQOnwHhwyx/e+n+bCssKymuoefQXCM2gzhrTvSiq1PHa0nEhV
iSfGvL/QDrqKTaZsEL3F0TQ68PrgwpiC946NkDDtNVG2J7cMwX97FaKVy7c5i4Ld
uUsP9OeK7DwGtOsjSx0YVbNjgjB9dBBNXL6w0BrVf8S24i8rwmhUIotMEpjLSmmx
57YTR+nLvk2U8SAfHJ0VWcoP5JyulnhRDwYZ9LlvryrR1cF/3XqoQ4sVmStnOIkD
UjxIF23ZVuMOdO1fodxfrK61Fw2SaSuboNg3IXIrStB+ZYB7CUOEX+dWmwIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFKfTV+WcQO3wj7Ns/N0/NwmbqHSkMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvcDlOWDVaeEE3ZkNQczJ6ODNUODNDWnVvZEtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBhBAIAAjBbAwUDKgWaQAMF
AyoGX8ADBQMqD5tAAwUAKhA8gQMFAyoQP4ADBQMqE7nAAwUDKhO7QAMFAyoTwkAD
BQMqE8NAAwUDKhQRAAMFAyoUQsADBQMqFGLAAwUAKhRqQDANBgkqhkiG9w0BAQsF
AAOCAQEAZCMxTN3v7QJbLwOMDKiPp9UVZ8I034vtN4GbQETFZbCnC1l7/ytUuGIG
5O9ivLqrBgbLtZhegj8IgLZXBDMk2iCSkN+Z+8+pFRTNYLIm9vzj3DbKkS04GUFX
y7B70XxFEWU+uEewsl6FfM4RJ8m/D65blnj6KmOeho89y2c7UPNLcO8aXhHh2c2d
sGkZpBdd+b4qzvAxDPis7RMVSxBHMFxepi+FTKRvRP+S9WFjS6woDJRBB9fluclW
o9vh46F7QRJC5zGOSXTNftL3ZILwBe3FIsKbH5I07zDLHppU/wZnY1wRtRSNE9cH
c1K+9dpJJtoFz3nQbVyNMomsqPcmkg==
-----END CERTIFICATE-----
Generated at Thu Mar 19 08:49:34 2026 by rpki-client