Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/tCiyGtakbmS-hkNH0HW8_YohxbE.roa
File: tCiyGtakbmS-hkNH0HW8_YohxbE.roa (raw, json)
Hash identifier: 0kbqzbmcamtnxXVE6dSXdUJzJrO80eC7C3aPFLP4CRA=
Subject key identifier: B4:28:B2:1A:D6:A4:6E:64:BE:86:43:47:D0:75:BC:FD:8A:21:C5:B1
Certificate issuer: /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial: 019DDA13458B4E28BA83C5465E8B52C196CA
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/tCiyGtakbmS-hkNH0HW8_YohxbE.roa
Signing time: Wed 29 Apr 2026 16:29:49 +0000
ROA not before: Wed 29 Apr 2026 16:29:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 211486
IP address blocks: 77.91.71.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 06 May 2026 13:57:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:da:13:45:8b:4e:28:ba:83:c5:46:5e:8b:52:c1:96:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Validity
Not Before: Apr 29 16:29:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b428b21ad6a46e64be864347d075bcfd8a21c5b1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:28:e2:d3:5a:27:e0:4a:eb:c8:35:42:1c:38:
6d:fe:62:42:bb:d2:cb:f5:d0:fb:6b:38:eb:95:1c:
ff:c2:b4:12:e4:f5:20:bc:26:b7:7e:09:85:32:3f:
db:a0:ce:91:2b:32:b3:83:c7:45:7a:91:e4:63:32:
a7:03:d0:e0:08:95:28:1a:21:e6:0d:0c:72:0d:2e:
12:6b:26:f9:31:ca:c5:2c:de:d6:f5:b6:81:c6:21:
4e:be:23:79:8f:9c:b1:0d:52:61:31:a7:d6:d3:40:
74:52:18:4b:89:79:90:14:72:8c:24:17:5c:46:56:
b3:a6:90:19:44:a8:20:b6:73:66:71:55:7a:43:a3:
4e:f0:fb:18:b9:b8:ac:57:3f:3b:ba:92:9c:4f:c6:
cd:81:9b:f7:45:38:10:b1:6b:e9:02:13:90:ba:e0:
a2:04:00:13:8c:72:8b:34:e7:44:fd:26:84:f6:0b:
07:b1:b4:a9:89:7e:49:58:f3:4d:f3:fa:8d:c7:2f:
31:86:80:23:4c:76:47:b6:8b:9f:13:32:ff:49:64:
21:aa:e3:1d:ce:53:d1:12:4a:8a:e5:5b:a5:44:18:
f1:b4:65:2f:ed:22:56:4b:7e:46:bf:7a:28:7b:cb:
b0:21:97:12:d4:a0:50:c2:53:04:66:71:b2:63:eb:
cd:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:28:B2:1A:D6:A4:6E:64:BE:86:43:47:D0:75:BC:FD:8A:21:C5:B1
X509v3 Authority Key Identifier:
keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/tCiyGtakbmS-hkNH0HW8_YohxbE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.91.71.0/24
Signature Algorithm: sha256WithRSAEncryption
b5:56:28:19:10:47:5c:3f:9d:74:28:a4:00:cf:26:c0:54:34:
b3:40:0b:4d:99:95:97:9a:2b:34:85:04:0d:4f:db:73:a1:db:
bf:64:b0:4b:64:fb:89:31:fe:39:e5:d4:07:16:a3:f9:2b:26:
14:83:d9:b2:08:d1:8e:2a:75:0b:b8:06:64:05:84:95:57:f3:
c3:56:9f:4a:5d:67:80:15:5e:ac:7a:ac:9b:ee:bb:81:71:5d:
97:bc:ee:24:a7:3d:89:82:ac:c5:90:cb:66:9a:f0:4b:25:79:
1e:4a:cf:5a:48:a7:1a:cd:77:e8:5e:51:38:7a:a6:9e:da:90:
96:ad:8d:7f:bb:cf:08:40:87:ef:ab:bd:5f:59:b9:91:2d:d6:
b7:f3:08:37:63:bb:fa:cd:93:81:96:48:45:ee:58:77:22:aa:
9c:3a:8d:f3:69:ef:e1:70:e1:56:e1:63:5f:da:8c:54:68:0f:
32:37:13:e6:5d:f8:7f:a8:82:c8:11:23:ab:89:64:a5:9f:bb:
3a:b3:56:36:23:73:bd:d9:60:67:ec:41:b0:c3:52:cc:de:0d:
99:f8:79:24:54:fc:31:86:e2:8f:35:1c:eb:eb:19:28:83:d1:
bd:24:06:a1:76:fe:eb:d5:25:d6:00:af:84:de:2f:3b:eb:65:
3e:57:47:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3aE0WLTii6g8VGXotSwZbKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjYwNDI5MTYyOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDI4YjIxYWQ2YTQ2ZTY0YmU4NjQzNDdkMDc1YmNmZDhhMjFjNWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCji01on4ErryDVCHDht/mJCu9LL
9dD7azjrlRz/wrQS5PUgvCa3fgmFMj/boM6RKzKzg8dFepHkYzKnA9DgCJUoGiHm
DQxyDS4Sayb5McrFLN7W9baBxiFOviN5j5yxDVJhMafW00B0UhhLiXmQFHKMJBdc
RlazppAZRKggtnNmcVV6Q6NO8PsYubisVz87upKcT8bNgZv3RTgQsWvpAhOQuuCi
BAATjHKLNOdE/SaE9gsHsbSpiX5JWPNN8/qNxy8xhoAjTHZHtoufEzL/SWQhquMd
zlPREkqK5VulRBjxtGUv7SJWS35Gv3ooe8uwIZcS1KBQwlMEZnGyY+vNZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQoshrWpG5kvoZDR9B1vP2KIcWxMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvdENpeUd0YWtibVMtaGtOSDBIVzhfWW9oeGJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVtHMA0G
CSqGSIb3DQEBCwUAA4IBAQC1VigZEEdcP510KKQAzybAVDSzQAtNmZWXmis0hQQN
T9tzodu/ZLBLZPuJMf455dQHFqP5KyYUg9myCNGOKnULuAZkBYSVV/PDVp9KXWeA
FV6seqyb7ruBcV2XvO4kpz2JgqzFkMtmmvBLJXkeSs9aSKcazXfoXlE4eqae2pCW
rY1/u88IQIfvq71fWbmRLda38wg3Y7v6zZOBlkhF7lh3IqqcOo3zae/hcOFW4WNf
2oxUaA8yNxPmXfh/qILIESOriWSln7s6s1Y2I3O92WBn7EGww1LM3g2Z+HkkVPwx
huKPNRzr6xkog9G9JAahdv7r1SXWAK+E3i8762U+V0d1
-----END CERTIFICATE-----
Generated at Tue May 5 21:21:08 2026 by rpki-client