Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ms9zpdd9zlOcjapjAaxqZBBDlKU.roa
File: Ms9zpdd9zlOcjapjAaxqZBBDlKU.roa (raw, json)
Hash identifier: rIAxc4kIqbbRubTLMkvMxB4E2UqpS44Y9guULdQbDdQ=
Subject key identifier: 32:CF:73:A5:D7:7D:CE:53:9C:8D:AA:63:01:AC:6A:64:10:43:94:A5
Certificate issuer: /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial: 019D3A5062B0DE6B171FE73128A4C4D6EC24
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ms9zpdd9zlOcjapjAaxqZBBDlKU.roa
Signing time: Sun 29 Mar 2026 15:57:19 +0000
ROA not before: Sun 29 Mar 2026 15:57:19 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 215296
IP address blocks: 2a06:de00:1000::/48 maxlen: 48
2a06:de00:1001::/48 maxlen: 48
2a10:ccc0:140::/44 maxlen: 48
2a10:ccc0:140::/48 maxlen: 48
2a10:ccc0:141::/48 maxlen: 48
2a10:ccc0:142::/48 maxlen: 48
2a10:ccc0:144::/48 maxlen: 48
2a10:ccc0:14a::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 31 Mar 2026 10:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:3a:50:62:b0:de:6b:17:1f:e7:31:28:a4:c4:d6:ec:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Validity
Not Before: Mar 29 15:57:19 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=32cf73a5d77dce539c8daa6301ac6a64104394a5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:73:c9:b9:b5:3a:97:fb:83:6b:36:37:df:2b:
16:f0:eb:c8:34:87:52:f7:6c:75:88:96:40:ac:70:
26:dd:16:e5:ab:0c:ae:e9:b4:33:43:73:f2:51:4e:
ab:70:5b:4f:12:8b:3f:ef:ed:18:9d:43:f1:bb:7d:
c1:34:98:89:c7:87:15:0d:35:fc:24:b8:03:a6:1b:
40:dc:50:52:4c:25:fc:bb:c9:cd:5e:56:bc:e1:ea:
3a:24:4d:58:db:a5:71:d6:57:5e:07:30:0a:50:75:
15:b0:2a:22:cf:c5:3d:7c:a0:06:eb:94:b9:31:e6:
45:10:d9:ae:0f:eb:5a:29:a9:b8:44:77:6f:23:ba:
26:b5:3c:56:5c:d6:b8:da:72:73:3a:92:75:54:f2:
2c:63:93:cb:07:18:22:69:bf:2d:99:75:d6:ae:ec:
07:a9:b2:d7:66:ba:a7:00:f1:d5:a2:1e:e0:27:f0:
f2:2d:79:cc:71:6c:e5:cd:c4:2a:ea:80:88:d0:dc:
16:89:2a:54:e8:6e:5d:5c:81:06:c5:0c:e9:f4:3b:
50:1b:4c:2e:f1:86:37:37:98:3e:90:19:75:89:1c:
82:11:c6:46:64:22:82:ea:b6:90:e5:bf:d6:de:95:
4d:c1:8c:7e:93:37:63:e2:9f:ab:1c:2c:65:61:da:
2b:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:CF:73:A5:D7:7D:CE:53:9C:8D:AA:63:01:AC:6A:64:10:43:94:A5
X509v3 Authority Key Identifier:
keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ms9zpdd9zlOcjapjAaxqZBBDlKU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a06:de00:1000::/47
2a10:ccc0:140::/44
Signature Algorithm: sha256WithRSAEncryption
b5:c2:eb:86:3a:ff:b1:e7:ce:74:33:f8:87:3b:fd:8c:91:5e:
29:b8:91:98:c1:f4:aa:a9:b5:0b:d5:36:76:51:03:41:1e:7f:
3d:c2:5f:5b:7f:97:df:17:70:e8:8c:05:64:95:85:6d:23:b8:
ea:47:29:60:2f:e5:53:5b:23:64:84:cd:7b:01:45:5a:9b:39:
d5:94:2e:2f:5f:1e:31:79:e5:6b:42:f6:ef:16:a8:a1:8a:73:
98:35:fd:1a:f8:fb:63:90:6c:c9:7b:03:e2:78:1a:86:7d:43:
8b:28:36:57:30:c8:5b:f4:9e:01:4e:07:a4:86:b0:12:0b:45:
1a:51:75:6e:d5:89:7a:1e:ec:85:d7:72:ea:f4:bb:f7:4a:28:
a7:9a:a6:e3:ee:42:9e:3c:18:ef:7c:41:8c:3d:fa:2a:eb:aa:
33:e8:76:36:45:28:ef:b5:99:00:fc:56:e4:01:e3:a1:67:e1:
fe:e7:53:48:43:e6:80:06:9c:dc:ff:c8:37:07:e2:e0:2b:9a:
b7:0d:ab:06:24:16:45:21:d2:80:d6:96:2c:67:d7:ec:62:c7:
7a:e2:01:45:ec:54:06:43:05:92:a6:a5:9f:34:23:3f:31:e7:
cb:a1:7d:13:25:c9:9d:c4:a7:46:79:aa:d1:a9:f0:6a:d3:28:
42:4f:80:bc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ06UGKw3msXH+cxKKTE1uwkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwMzI5MTU1NzE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmNmNzNhNWQ3N2RjZTUzOWM4ZGFhNjMwMWFjNmE2NDEwNDM5NGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnPJubU6l/uDazY33ysW8OvINIdS
92x1iJZArHAm3Rblqwyu6bQzQ3PyUU6rcFtPEos/7+0YnUPxu33BNJiJx4cVDTX8
JLgDphtA3FBSTCX8u8nNXla84eo6JE1Y26Vx1ldeBzAKUHUVsCoiz8U9fKAG65S5
MeZFENmuD+taKam4RHdvI7omtTxWXNa42nJzOpJ1VPIsY5PLBxgiab8tmXXWruwH
qbLXZrqnAPHVoh7gJ/DyLXnMcWzlzcQq6oCI0NwWiSpU6G5dXIEGxQzp9DtQG0wu
8YY3N5g+kBl1iRyCEcZGZCKC6raQ5b/W3pVNwYx+kzdj4p+rHCxlYdorHQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDLPc6XXfc5TnI2qYwGsamQQQ5SlMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTXM5enBkZDl6bE9jamFwakFheHFaQkJEbEtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcBKgbeABAA
AwcEKhDMwAFAMA0GCSqGSIb3DQEBCwUAA4IBAQC1wuuGOv+x5850M/iHO/2MkV4p
uJGYwfSqqbUL1TZ2UQNBHn89wl9bf5ffF3DojAVklYVtI7jqRylgL+VTWyNkhM17
AUVamznVlC4vXx4xeeVrQvbvFqihinOYNf0a+PtjkGzJewPieBqGfUOLKDZXMMhb
9J4BTgekhrASC0UaUXVu1Yl6HuyF13Lq9Lv3Siinmqbj7kKePBjvfEGMPfoq66oz
6HY2RSjvtZkA/FbkAeOhZ+H+51NIQ+aABpzc/8g3B+LgK5q3DasGJBZFIdKA1pYs
Z9fsYsd64gFF7FQGQwWSpqWfNCM/MefLoX0TJcmdxKdGearRqfBq0yhCT4C8
-----END CERTIFICATE-----
Generated at Mon Mar 30 14:37:02 2026 by rpki-client