Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/mjAEITCabur0axxusIEwH3ACFzQ.roa
File: mjAEITCabur0axxusIEwH3ACFzQ.roa (raw, json)
Hash identifier: D+f5ZlnsuTJu8gdaHWCiaZcGyn+9TSMFzESMV/fxCQc=
Subject key identifier: 9A:30:04:21:30:9A:6E:EA:F4:6B:1C:6E:B0:81:30:1F:70:02:17:34
Certificate issuer: /CN=9dc28ae9937ff7e49ec4f1234e53d8b9dd694541
Certificate serial: 019DD8B849DDAB33B3D97AEC2C8FA6407F93
Authority key identifier: 9D:C2:8A:E9:93:7F:F7:E4:9E:C4:F1:23:4E:53:D8:B9:DD:69:45:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ncKK6ZN_9-SexPEjTlPYud1pRUE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/mjAEITCabur0axxusIEwH3ACFzQ.roa
Signing time: Wed 29 Apr 2026 10:10:49 +0000
ROA not before: Wed 29 Apr 2026 10:10:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 401776
IP address blocks: 2a09:3940::/29 maxlen: 29
2a11:2000::/29 maxlen: 29
2a11:4500::/29 maxlen: 29
2a11:7940::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ncKK6ZN_9-SexPEjTlPYud1pRUE.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ncKK6ZN_9-SexPEjTlPYud1pRUE.mft
rsync://rpki.ripe.net/repository/DEFAULT/ncKK6ZN_9-SexPEjTlPYud1pRUE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 06 May 2026 18:48:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:d8:b8:49:dd:ab:33:b3:d9:7a:ec:2c:8f:a6:40:7f:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9dc28ae9937ff7e49ec4f1234e53d8b9dd694541
Validity
Not Before: Apr 29 10:10:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9a300421309a6eeaf46b1c6eb081301f70021734
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:b6:0b:a7:5d:b5:cd:2e:6c:20:96:49:ad:44:
d1:af:17:8e:1a:3f:78:8a:0c:cf:18:6f:81:d1:7f:
40:12:6f:4e:9e:ac:e5:f7:03:b7:75:ec:03:81:b3:
24:f9:fe:db:b6:89:6b:db:59:27:2f:c9:fa:93:7f:
56:8c:ac:e0:0a:d5:35:4a:fa:7e:7d:17:c7:da:15:
38:f7:27:97:0d:61:9c:60:87:69:72:a3:e6:69:49:
6f:21:7a:e9:0b:9f:1d:96:cf:f0:38:76:83:e3:08:
ff:84:92:a5:ed:9f:39:f3:01:9f:5e:47:44:b2:5e:
bc:e1:d4:d1:7d:79:90:8d:03:e6:6e:14:1b:86:7b:
a7:d9:d1:e0:6d:b5:53:75:02:43:3e:f5:b3:d4:16:
c3:e5:f6:0c:26:f1:50:cc:08:e5:3b:16:f6:ee:c3:
8d:7b:2f:11:3d:24:3c:d6:7e:07:8d:28:b8:f9:28:
c2:60:09:62:eb:83:6f:56:cc:66:92:ca:5a:d8:4f:
76:2c:cc:15:94:76:8b:71:27:59:92:da:65:e3:7e:
6e:36:ff:3f:4a:cf:a7:16:61:8c:b2:43:b1:06:76:
14:9d:4f:21:32:52:4d:24:51:61:71:00:6a:9c:37:
66:12:d2:c0:96:30:58:7f:1a:76:c1:90:19:0a:19:
47:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:30:04:21:30:9A:6E:EA:F4:6B:1C:6E:B0:81:30:1F:70:02:17:34
X509v3 Authority Key Identifier:
keyid:9D:C2:8A:E9:93:7F:F7:E4:9E:C4:F1:23:4E:53:D8:B9:DD:69:45:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ncKK6ZN_9-SexPEjTlPYud1pRUE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/mjAEITCabur0axxusIEwH3ACFzQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ncKK6ZN_9-SexPEjTlPYud1pRUE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:3940::/29
2a11:2000::/29
2a11:4500::/29
2a11:7940::/29
Signature Algorithm: sha256WithRSAEncryption
74:3a:24:91:34:5d:52:71:f3:b1:24:5f:39:d7:5f:b7:70:b4:
ef:5e:66:4f:aa:9e:cf:99:62:90:c3:d3:b5:c1:33:93:06:8a:
14:44:9e:b1:15:2a:87:28:ef:85:f6:eb:a1:e8:ce:4e:17:3f:
15:41:b2:d3:45:24:68:be:27:0f:43:2c:9e:f6:2a:e6:5a:0b:
76:5b:9a:55:80:db:8e:ff:a2:f0:7d:c8:1c:e6:ba:22:7d:20:
24:c7:51:c8:09:ee:5e:8f:66:e0:6c:e2:ba:f8:a8:59:d1:98:
c5:8d:ed:8b:15:ea:28:ca:9c:1f:8f:b6:67:ca:73:63:57:e4:
ed:54:5f:b5:e0:a7:52:14:87:0b:86:0f:34:74:0c:65:a0:f1:
38:a7:46:3b:a7:75:2e:f1:89:84:b5:81:8b:c2:5c:f9:32:66:
d3:a1:7c:03:cf:c7:8c:1e:03:42:44:21:1a:40:c8:fb:d3:eb:
97:57:aa:49:a4:db:74:25:28:83:00:4c:bd:e8:62:b5:5b:ac:
0b:2e:2a:d9:8c:96:23:83:61:96:aa:df:13:5a:e9:8f:00:ae:
f8:84:cb:09:ec:00:f6:64:23:31:de:b8:70:ed:b2:94:a3:67:
06:96:eb:03:ee:c5:07:d7:2e:fd:29:64:61:77:c9:6a:d9:97:
b3:e9:a3:69
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZ3YuEndqzOz2XrsLI+mQH+TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYzI4YWU5OTM3ZmY3ZTQ5ZWM0ZjEyMzRlNTNkOGI5ZGQ2
OTQ1NDEwHhcNMjYwNDI5MTAxMDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTMwMDQyMTMwOWE2ZWVhZjQ2YjFjNmViMDgxMzAxZjcwMDIxNzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7YLp121zS5sIJZJrUTRrxeOGj94
igzPGG+B0X9AEm9Onqzl9wO3dewDgbMk+f7btolr21knL8n6k39WjKzgCtU1Svp+
fRfH2hU49yeXDWGcYIdpcqPmaUlvIXrpC58dls/wOHaD4wj/hJKl7Z858wGfXkdE
sl684dTRfXmQjQPmbhQbhnun2dHgbbVTdQJDPvWz1BbD5fYMJvFQzAjlOxb27sON
ey8RPSQ81n4HjSi4+SjCYAli64NvVsxmkspa2E92LMwVlHaLcSdZktpl435uNv8/
Ss+nFmGMskOxBnYUnU8hMlJNJFFhcQBqnDdmEtLAljBYfxp2wZAZChlHOQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFJowBCEwmm7q9GscbrCBMB9wAhc0MB8GA1UdIwQY
MBaAFJ3CiumTf/fknsTxI05T2LndaUVBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmNLSzZaTl85LVNleFBFalRsUFl1ZDFwUlVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9jMDMzMGMtOTg3Mi00YWM2LWEyMmMt
MTkyY2JkMDhkYjUxLzEvbWpBRUlUQ2FidXIwYXh4dXNJRXdIM0FDRnpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9jMDMzMGMtOTg3Mi00YWM2LWEyMmMtMTkyY2JkMDhkYjUx
LzEvbmNLSzZaTl85LVNleFBFalRsUFl1ZDFwUlVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUDKgk5QAMF
AyoRIAADBQMqEUUAAwUDKhF5QDANBgkqhkiG9w0BAQsFAAOCAQEAdDokkTRdUnHz
sSRfOddft3C0715mT6qez5likMPTtcEzkwaKFESesRUqhyjvhfbroejOThc/FUGy
00UkaL4nD0MsnvYq5loLdluaVYDbjv+i8H3IHOa6In0gJMdRyAnuXo9m4Gziuvio
WdGYxY3tixXqKMqcH4+2Z8pzY1fk7VRfteCnUhSHC4YPNHQMZaDxOKdGO6d1LvGJ
hLWBi8Jc+TJm06F8A8/HjB4DQkQhGkDI+9Prl1eqSaTbdCUogwBMvehitVusCy4q
2YyWI4NhlqrfE1rpjwCu+ITLCewA9mQjMd64cO2ylKNnBpbrA+7FB9cu/SlkYXfJ
atmXs+mjaQ==
-----END CERTIFICATE-----
Generated at Wed May 6 01:14:18 2026 by rpki-client