Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/ACAlli7g0O4SaAuBMEG33oqVDNg.roa
File: ACAlli7g0O4SaAuBMEG33oqVDNg.roa (raw, json)
Hash identifier: LR3cThLmPZU74WiY2Hs/Bqsbtxc4sKTKodU0FrsSnhI=
Subject key identifier: 00:20:25:96:2E:E0:D0:EE:12:68:0B:81:30:41:B7:DE:8A:95:0C:D8
Certificate issuer: /CN=1d25d0c8845b79886c199345b890f5e8acd516d8
Certificate serial: 019EEE7812D75D823EC7C5396C7E27B904E5
Authority key identifier: 1D:25:D0:C8:84:5B:79:88:6C:19:93:45:B8:90:F5:E8:AC:D5:16:D8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HSXQyIRbeYhsGZNFuJD16KzVFtg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/ACAlli7g0O4SaAuBMEG33oqVDNg.roa
Signing time: Mon 22 Jun 2026 08:35:07 +0000
ROA not before: Mon 22 Jun 2026 08:35:07 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 6772
IP address blocks: 31.11.0.0/19 maxlen: 19
87.102.128.0/17 maxlen: 17
157.161.0.0/16 maxlen: 16
185.68.64.0/22 maxlen: 22
213.188.224.0/19 maxlen: 19
2001:4060::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/HSXQyIRbeYhsGZNFuJD16KzVFtg.crl
rsync://rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/HSXQyIRbeYhsGZNFuJD16KzVFtg.mft
rsync://rpki.ripe.net/repository/DEFAULT/HSXQyIRbeYhsGZNFuJD16KzVFtg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 30 Jun 2026 20:12:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:ee:78:12:d7:5d:82:3e:c7:c5:39:6c:7e:27:b9:04:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d25d0c8845b79886c199345b890f5e8acd516d8
Validity
Not Before: Jun 22 08:35:07 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=002025962ee0d0ee12680b813041b7de8a950cd8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:4e:a1:52:6f:e1:00:13:65:94:87:76:cd:f7:
1d:14:a5:1c:1c:b8:6a:6b:d3:4b:ce:60:df:61:a4:
b6:f6:e6:b8:d3:24:47:5c:b3:cd:0f:0b:87:cd:43:
95:e8:8a:44:ec:fb:e4:8d:f8:83:76:1c:2b:25:35:
91:11:e2:b7:f5:a7:c0:4c:9c:30:51:bc:8c:5d:21:
fe:b8:62:70:ee:f4:ae:52:a0:b9:eb:e6:b9:59:da:
d6:d5:c9:19:4d:48:e4:bf:d9:dd:a9:cf:7a:6b:03:
89:26:c8:24:e5:b6:08:8f:fc:9f:3e:de:18:fa:3a:
b5:5d:8e:d1:53:50:36:7b:66:24:45:4c:75:f4:ad:
00:de:65:40:10:87:a8:89:d3:31:2c:7b:40:b4:c6:
5a:20:5b:0e:dc:da:1a:14:ca:d2:2f:18:76:a1:86:
f8:ad:a6:a7:50:0b:49:9e:74:a9:5a:94:81:81:1a:
1b:99:d6:45:94:2c:04:ef:3d:32:34:d9:67:0a:a8:
b5:62:77:ac:69:88:2b:97:08:30:6a:ff:79:55:d3:
be:c8:48:c1:3a:8f:0e:63:5a:f3:92:28:2b:2a:de:
8c:ed:2d:d7:05:06:46:c1:d1:64:c0:f6:b8:d7:69:
ce:05:aa:32:4e:9a:c2:8d:54:e7:f7:12:c5:99:c9:
8f:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:20:25:96:2E:E0:D0:EE:12:68:0B:81:30:41:B7:DE:8A:95:0C:D8
X509v3 Authority Key Identifier:
keyid:1D:25:D0:C8:84:5B:79:88:6C:19:93:45:B8:90:F5:E8:AC:D5:16:D8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HSXQyIRbeYhsGZNFuJD16KzVFtg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/ACAlli7g0O4SaAuBMEG33oqVDNg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/HSXQyIRbeYhsGZNFuJD16KzVFtg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.11.0.0/19
87.102.128.0/17
157.161.0.0/16
185.68.64.0/22
213.188.224.0/19
IPv6:
2001:4060::/32
Signature Algorithm: sha256WithRSAEncryption
53:84:b4:9c:44:f8:e4:e5:19:6f:9a:7b:d1:e4:f9:45:5d:2e:
fa:9c:0f:22:dd:94:8d:13:b2:2f:22:64:89:f3:e3:fb:4f:16:
6e:ae:68:8a:61:db:79:49:8e:1f:c7:b0:e7:ca:ec:65:74:63:
f5:ce:1a:1e:cd:eb:42:eb:9e:71:23:2f:17:6e:42:4e:ea:2c:
53:ed:77:0a:a1:56:dd:61:09:7c:4e:35:04:6b:19:7b:e2:f1:
fe:a1:48:92:61:92:14:ed:63:2c:6d:c4:a1:ed:8a:09:d9:bf:
05:03:fb:ee:20:58:5f:d6:eb:b7:25:94:98:7e:fa:32:5d:b0:
30:47:ed:d9:58:d0:fa:03:3b:51:b4:1f:69:1c:d7:6d:f0:aa:
00:07:5d:20:2b:ae:c4:82:0f:09:f0:0b:ca:45:ba:d9:1a:a1:
1d:b8:bb:0e:a8:ab:24:ee:c3:cc:aa:fd:44:c7:1d:9f:44:64:
72:a1:90:b1:76:30:14:72:41:89:ce:67:9c:3e:0e:f6:21:65:
34:97:62:16:3c:d9:b5:1e:f3:af:ba:60:34:31:32:b6:eb:98:
74:1b:42:86:e0:f9:a2:b2:fc:cc:bd:7c:ed:84:41:f5:90:6a:
a8:d0:d8:6e:35:d5:50:1b:36:61:9e:bb:af:ad:35:71:6d:f1:
3b:4b:a3:42
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZ7ueBLXXYI+x8U5bH4nuQTlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMjVkMGM4ODQ1Yjc5ODg2YzE5OTM0NWI4OTBmNWU4YWNk
NTE2ZDgwHhcNMjYwNjIyMDgzNTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDIwMjU5NjJlZTBkMGVlMTI2ODBiODEzMDQxYjdkZThhOTUwY2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3k6hUm/hABNllId2zfcdFKUcHLhq
a9NLzmDfYaS29ua40yRHXLPNDwuHzUOV6IpE7PvkjfiDdhwrJTWREeK39afATJww
UbyMXSH+uGJw7vSuUqC56+a5WdrW1ckZTUjkv9ndqc96awOJJsgk5bYIj/yfPt4Y
+jq1XY7RU1A2e2YkRUx19K0A3mVAEIeoidMxLHtAtMZaIFsO3NoaFMrSLxh2oYb4
raanUAtJnnSpWpSBgRobmdZFlCwE7z0yNNlnCqi1YnesaYgrlwgwav95VdO+yEjB
Oo8OY1rzkigrKt6M7S3XBQZGwdFkwPa412nOBaoyTprCjVTn9xLFmcmPRQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFAAgJZYu4NDuEmgLgTBBt96KlQzYMB8GA1UdIwQY
MBaAFB0l0MiEW3mIbBmTRbiQ9eis1RbYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFNYUXlJUmJlWWhzR1pORnVKRDE2S3pWRnRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy81NTc1MjQtMjk3ZC00ODQ5LWI0YmUt
YzUyZWI1NmJmYTViLzEvQUNBbGxpN2cwTzRTYUF1Qk1FRzMzb3FWRE5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy81NTc1MjQtMjk3ZC00ODQ5LWI0YmUtYzUyZWI1NmJmYTVi
LzEvSFNYUXlJUmJlWWhzR1pORnVKRDE2S3pWRnRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAjBAIAATAdAwQFHwsAAwQH
V2aAAwMAnaEDBAK5READBAXVvOAwDQQCAAIwBwMFACABQGAwDQYJKoZIhvcNAQEL
BQADggEBAFOEtJxE+OTlGW+ae9Hk+UVdLvqcDyLdlI0Tsi8iZInz4/tPFm6uaIph
23lJjh/HsOfK7GV0Y/XOGh7N60LrnnEjLxduQk7qLFPtdwqhVt1hCXxONQRrGXvi
8f6hSJJhkhTtYyxtxKHtignZvwUD++4gWF/W67cllJh++jJdsDBH7dlY0PoDO1G0
H2kc123wqgAHXSArrsSCDwnwC8pFutkaoR24uw6oqyTuw8yq/UTHHZ9EZHKhkLF2
MBRyQYnOZ5w+DvYhZTSXYhY82bUe86+6YDQxMrbrmHQbQobg+aKy/My9fO2EQfWQ
aqjQ2G411VAbNmGeu6+tNXFt8TtLo0I=
-----END CERTIFICATE-----
Generated at Tue Jun 30 03:26:23 2026 by rpki-client