Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/7BQpbfkI7KtFIkaa5tap11n7o50.roa
File: 7BQpbfkI7KtFIkaa5tap11n7o50.roa (raw, json)
Hash identifier: cfRQ06d/pKrFLfoRplI10GmvMEr0CkqHvkZqYmlAuns=
Subject key identifier: EC:14:29:6D:F9:08:EC:AB:45:22:46:9A:E6:D6:A9:D7:59:FB:A3:9D
Certificate issuer: /CN=f73425724cae273f2963060dc865c6f0b0425cad
Certificate serial: 019CBE13FD68BA931B33D89DEEB514154E08
Authority key identifier: F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/7BQpbfkI7KtFIkaa5tap11n7o50.roa
Signing time: Thu 05 Mar 2026 12:58:26 +0000
ROA not before: Thu 05 Mar 2026 12:58:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 210976
IP address blocks: 72.56.16.0/20 maxlen: 24
72.56.32.0/21 maxlen: 24
72.56.40.0/23 maxlen: 24
72.56.64.0/19 maxlen: 24
72.56.96.0/19 maxlen: 24
72.56.232.0/21 maxlen: 24
72.56.240.0/21 maxlen: 24
72.56.248.0/22 maxlen: 24
72.56.252.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.mft
rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Mar 2026 13:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:be:13:fd:68:ba:93:1b:33:d8:9d:ee:b5:14:15:4e:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f73425724cae273f2963060dc865c6f0b0425cad
Validity
Not Before: Mar 5 12:58:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ec14296df908ecab4522469ae6d6a9d759fba39d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:9c:70:7d:1d:3d:97:f5:b2:7b:64:d7:67:73:
e2:8b:eb:1c:0e:eb:89:15:6c:2c:f7:ab:51:55:58:
66:76:5e:a4:6e:ac:78:3c:c3:01:11:7d:15:db:f4:
80:bf:4a:59:2d:f9:9e:b8:36:ba:2c:53:df:8a:60:
6e:71:0a:91:75:57:e4:d7:2d:06:f9:5e:92:ab:57:
72:c6:8f:94:5a:db:91:4d:df:e8:ed:5c:b1:64:8b:
f0:25:53:10:d6:2c:f3:6e:63:b7:90:f7:a4:22:23:
21:cc:b9:7f:52:ca:89:6e:f6:09:d9:da:02:44:f0:
bc:84:a0:43:41:a0:0b:d6:f7:53:ab:d6:08:ea:26:
3f:02:6c:c6:42:d2:93:9d:47:31:06:a4:a7:8f:d2:
86:70:09:59:cb:b8:a0:94:4f:0d:d0:36:c2:91:02:
4c:87:f8:06:35:59:19:16:32:7c:51:da:f3:3c:06:
b9:74:b0:4d:a4:70:04:e1:06:0e:4c:a1:4e:31:9b:
b8:92:e7:ea:50:ad:20:af:0f:ad:81:3c:d5:d3:9e:
69:4f:92:76:8f:d7:0c:d9:35:74:d4:f7:e7:59:7e:
b5:d8:27:e5:c0:79:af:69:90:5b:b8:05:77:a2:a9:
ce:48:d5:c0:2f:e6:57:f9:dd:13:95:68:7d:4f:15:
ae:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:14:29:6D:F9:08:EC:AB:45:22:46:9A:E6:D6:A9:D7:59:FB:A3:9D
X509v3 Authority Key Identifier:
keyid:F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/7BQpbfkI7KtFIkaa5tap11n7o50.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
72.56.16.0-72.56.41.255
72.56.64.0/18
72.56.232.0-72.56.253.255
Signature Algorithm: sha256WithRSAEncryption
a1:42:15:5a:45:ea:6d:81:ff:a9:a2:09:68:98:b0:96:40:a2:
38:17:ef:f1:4e:bd:71:69:cb:24:2c:46:32:77:53:2b:e2:d4:
b5:39:bf:e5:e2:1b:a2:43:89:ff:99:c2:da:35:7b:49:b3:bf:
2d:63:38:2e:2b:4e:8e:c8:61:2c:df:0b:51:6a:c5:ce:be:29:
44:04:e8:26:9c:96:c1:80:1a:2a:85:e0:f3:53:e5:39:c0:24:
3a:5f:48:3d:af:bf:59:88:cb:cf:ae:0a:61:d3:17:35:65:c4:
c7:20:cf:c4:de:42:1d:bf:39:98:e5:5f:d3:3a:8e:cb:c0:03:
6e:e8:20:ec:27:d4:1f:cc:f1:8b:4e:a9:08:92:ba:b2:af:71:
97:85:af:03:ac:74:f3:9e:da:4e:24:38:75:88:0f:7f:0d:72:
17:ce:24:50:0f:a8:a3:c5:7d:e0:b6:87:e5:f7:6c:d1:dd:40:
82:45:fb:5e:7f:99:99:f7:7b:6b:66:08:55:44:97:d6:a2:59:
e7:b9:f2:f3:04:1c:0e:73:62:27:ba:00:cc:e8:e4:98:d7:e0:
5a:91:5d:12:64:54:96:d7:08:fe:b3:f0:e3:43:0a:b6:59:c9:
92:42:81:2a:45:48:c1:21:51:44:a5:c1:77:ab:2f:1b:aa:f6:
0a:0e:0f:f1
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZy+E/1oupMbM9id7rUUFU4IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MzQyNTcyNGNhZTI3M2YyOTYzMDYwZGM4NjVjNmYwYjA0
MjVjYWQwHhcNMjYwMzA1MTI1ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzE0Mjk2ZGY5MDhlY2FiNDUyMjQ2OWFlNmQ2YTlkNzU5ZmJhMzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5xwfR09l/Wye2TXZ3Pii+scDuuJ
FWws96tRVVhmdl6kbqx4PMMBEX0V2/SAv0pZLfmeuDa6LFPfimBucQqRdVfk1y0G
+V6Sq1dyxo+UWtuRTd/o7VyxZIvwJVMQ1izzbmO3kPekIiMhzLl/UsqJbvYJ2doC
RPC8hKBDQaAL1vdTq9YI6iY/AmzGQtKTnUcxBqSnj9KGcAlZy7iglE8N0DbCkQJM
h/gGNVkZFjJ8UdrzPAa5dLBNpHAE4QYOTKFOMZu4kufqUK0grw+tgTzV055pT5J2
j9cM2TV01PfnWX612CflwHmvaZBbuAV3oqnOSNXAL+ZX+d0TlWh9TxWumQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFOwUKW35COyrRSJGmubWqddZ+6OdMB8GA1UdIwQY
MBaAFPc0JXJMric/KWMGDchlxvCwQlytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUt
ZTg3MWIyMTc5MGRlLzEvN0JRcGJma0k3S3RGSWthYTV0YXAxMW43bzUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUtZTg3MWIyMTc5MGRl
LzEvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBARIOBAD
BAFIOCgDBAZIOEAwDAMEA0g46AMEAUg4/DANBgkqhkiG9w0BAQsFAAOCAQEAoUIV
WkXqbYH/qaIJaJiwlkCiOBfv8U69cWnLJCxGMndTK+LUtTm/5eIbokOJ/5nC2jV7
SbO/LWM4LitOjshhLN8LUWrFzr4pRAToJpyWwYAaKoXg81PlOcAkOl9IPa+/WYjL
z64KYdMXNWXExyDPxN5CHb85mOVf0zqOy8ADbugg7CfUH8zxi06pCJK6sq9xl4Wv
A6x0857aTiQ4dYgPfw1yF84kUA+oo8V94LaH5fds0d1AgkX7Xn+Zmfd7a2YIVUSX
1qJZ57ny8wQcDnNiJ7oAzOjkmNfgWpFdEmRUltcI/rPw40MKtlnJkkKBKkVIwSFR
RKXBd6svG6r2Cg4P8Q==
-----END CERTIFICATE-----
Generated at Sat Mar 7 22:42:17 2026 by rpki-client