Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/TIdfXJOxAhHLcLFODv0ToSZIZhw.roa
File: TIdfXJOxAhHLcLFODv0ToSZIZhw.roa (raw, json)
Hash identifier: nM/GDFbtviUzKwacCNxiqdK6zqFcWb0+5zH7VN6m7lY=
Subject key identifier: 4C:87:5F:5C:93:B1:02:11:CB:70:B1:4E:0E:FD:13:A1:26:48:66:1C
Certificate issuer: /CN=9dc28ae9937ff7e49ec4f1234e53d8b9dd694541
Certificate serial: 019E899386F0465067E5E081D58800E8390A
Authority key identifier: 9D:C2:8A:E9:93:7F:F7:E4:9E:C4:F1:23:4E:53:D8:B9:DD:69:45:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ncKK6ZN_9-SexPEjTlPYud1pRUE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/TIdfXJOxAhHLcLFODv0ToSZIZhw.roa
Signing time: Tue 02 Jun 2026 18:23:27 +0000
ROA not before: Tue 02 Jun 2026 18:23:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 401776
IP address blocks: 2a09:3940::/29 maxlen: 29
2a11:2000::/29 maxlen: 29
2a11:4500::/29 maxlen: 29
2a11:7940::/29 maxlen: 29
2a11:d3c0::/29 maxlen: 29
2a11:f3c0::/29 maxlen: 29
2a12:9b80::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ncKK6ZN_9-SexPEjTlPYud1pRUE.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ncKK6ZN_9-SexPEjTlPYud1pRUE.mft
rsync://rpki.ripe.net/repository/DEFAULT/ncKK6ZN_9-SexPEjTlPYud1pRUE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 06 Jun 2026 17:49:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:89:93:86:f0:46:50:67:e5:e0:81:d5:88:00:e8:39:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9dc28ae9937ff7e49ec4f1234e53d8b9dd694541
Validity
Not Before: Jun 2 18:23:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4c875f5c93b10211cb70b14e0efd13a12648661c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:e3:86:73:4b:e4:f9:e6:86:6e:6b:8f:43:90:
db:a0:35:14:7f:bd:e1:55:51:c1:52:45:45:79:28:
3a:6d:dc:f6:f8:81:f4:00:2c:30:06:7a:45:96:10:
c9:e5:01:c0:7a:c7:c5:ce:64:46:85:31:be:93:0d:
35:7a:29:3c:5b:d0:6b:02:0c:ab:0a:08:9a:f0:45:
73:93:03:10:4d:44:f5:0a:ae:9c:a6:c3:7e:bf:b9:
20:e3:2e:9f:2b:a8:ee:92:fb:e7:ff:36:35:2f:25:
a0:c2:d4:08:09:af:ad:88:ca:ee:99:a6:27:c0:4c:
12:25:4e:41:4c:f3:e6:a5:15:8c:60:a2:8b:aa:1e:
98:57:9a:77:2c:ff:3e:f3:8a:b1:94:cd:59:af:14:
a5:a2:37:3b:f7:ad:95:d5:83:ab:f8:f6:5f:65:0e:
cf:85:3d:ad:99:a5:ee:49:a6:0b:39:21:15:7d:0a:
0b:78:38:d9:87:21:4d:06:2d:1b:08:d0:4d:51:f6:
74:dd:96:ac:1c:ec:d7:12:1f:f5:67:e0:ff:0c:ab:
31:c9:57:92:b5:fe:e4:f0:82:00:9a:4f:9c:ae:91:
45:3a:96:47:cf:94:1a:0b:63:3c:96:a3:02:36:5f:
de:72:87:20:1b:f7:a3:ba:22:73:df:a8:36:82:81:
e9:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:87:5F:5C:93:B1:02:11:CB:70:B1:4E:0E:FD:13:A1:26:48:66:1C
X509v3 Authority Key Identifier:
keyid:9D:C2:8A:E9:93:7F:F7:E4:9E:C4:F1:23:4E:53:D8:B9:DD:69:45:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ncKK6ZN_9-SexPEjTlPYud1pRUE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/TIdfXJOxAhHLcLFODv0ToSZIZhw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ncKK6ZN_9-SexPEjTlPYud1pRUE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:3940::/29
2a11:2000::/29
2a11:4500::/29
2a11:7940::/29
2a11:d3c0::/29
2a11:f3c0::/29
2a12:9b80::/29
Signature Algorithm: sha256WithRSAEncryption
2b:3b:f0:8f:c0:a0:11:ea:4a:cc:f2:0f:c0:87:05:95:ee:bb:
6b:dd:8b:82:02:8f:f5:62:e0:8d:51:2e:82:6e:89:b4:43:b2:
8b:c9:83:03:61:8a:cb:35:4e:12:89:69:2d:a4:04:b0:42:94:
af:06:96:59:42:0e:7f:72:29:48:15:73:e2:ba:3e:e4:f0:83:
57:59:20:c4:27:87:18:5b:58:6e:e1:76:ab:cc:8d:f0:24:26:
96:b8:9d:a3:f3:a3:54:61:5d:6c:f7:2e:bd:4a:9a:3d:09:bf:
91:d6:c0:84:1b:ec:e7:a5:71:31:d2:7d:f6:a3:6a:c3:6b:f0:
28:28:a0:83:91:db:83:0f:f0:ac:10:ec:6b:46:67:66:b2:2d:
51:6b:ea:e4:af:fa:9f:41:24:9c:49:16:64:69:3d:00:e8:b9:
ab:78:81:3e:40:0d:83:0f:ec:47:08:5f:05:ca:9d:41:32:48:
cc:b3:28:01:f1:a2:81:67:90:6c:62:59:a9:43:c4:be:f4:67:
7a:74:d5:98:0c:7b:a8:c1:ee:aa:73:49:64:9b:e6:cf:a0:51:
8e:5e:f4:21:be:d5:19:57:e0:de:12:e7:9e:5e:48:d0:c5:9a:
a0:1e:b8:cc:0b:79:d8:2f:2c:72:fd:99:34:dc:6e:bc:15:00:
84:fe:31:be
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZ6Jk4bwRlBn5eCB1YgA6DkKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYzI4YWU5OTM3ZmY3ZTQ5ZWM0ZjEyMzRlNTNkOGI5ZGQ2
OTQ1NDEwHhcNMjYwNjAyMTgyMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yzg3NWY1YzkzYjEwMjExY2I3MGIxNGUwZWZkMTNhMTI2NDg2NjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApeOGc0vk+eaGbmuPQ5DboDUUf73h
VVHBUkVFeSg6bdz2+IH0ACwwBnpFlhDJ5QHAesfFzmRGhTG+kw01eik8W9BrAgyr
Cgia8EVzkwMQTUT1Cq6cpsN+v7kg4y6fK6jukvvn/zY1LyWgwtQICa+tiMrumaYn
wEwSJU5BTPPmpRWMYKKLqh6YV5p3LP8+84qxlM1ZrxSlojc7962V1YOr+PZfZQ7P
hT2tmaXuSaYLOSEVfQoLeDjZhyFNBi0bCNBNUfZ03ZasHOzXEh/1Z+D/DKsxyVeS
tf7k8IIAmk+crpFFOpZHz5QaC2M8lqMCNl/ecocgG/ejuiJz36g2goHpGQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFEyHX1yTsQIRy3CxTg79E6EmSGYcMB8GA1UdIwQY
MBaAFJ3CiumTf/fknsTxI05T2LndaUVBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmNLSzZaTl85LVNleFBFalRsUFl1ZDFwUlVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9jMDMzMGMtOTg3Mi00YWM2LWEyMmMt
MTkyY2JkMDhkYjUxLzEvVElkZlhKT3hBaEhMY0xGT0R2MFRvU1pJWmh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9jMDMzMGMtOTg3Mi00YWM2LWEyMmMtMTkyY2JkMDhkYjUx
LzEvbmNLSzZaTl85LVNleFBFalRsUFl1ZDFwUlVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAAjAxAwUDKgk5QAMF
AyoRIAADBQMqEUUAAwUDKhF5QAMFAyoR08ADBQMqEfPAAwUDKhKbgDANBgkqhkiG
9w0BAQsFAAOCAQEAKzvwj8CgEepKzPIPwIcFle67a92LggKP9WLgjVEugm6JtEOy
i8mDA2GKyzVOEolpLaQEsEKUrwaWWUIOf3IpSBVz4ro+5PCDV1kgxCeHGFtYbuF2
q8yN8CQmlrido/OjVGFdbPcuvUqaPQm/kdbAhBvs56VxMdJ99qNqw2vwKCigg5Hb
gw/wrBDsa0ZnZrItUWvq5K/6n0EknEkWZGk9AOi5q3iBPkANgw/sRwhfBcqdQTJI
zLMoAfGigWeQbGJZqUPEvvRnenTVmAx7qMHuqnNJZJvmz6BRjl70Ib7VGVfg3hLn
nl5I0MWaoB64zAt52C8scv2ZNNxuvBUAhP4xvg==
-----END CERTIFICATE-----
Generated at Fri Jun 5 23:33:08 2026 by rpki-client