Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/Bs-3X2_3s1_ylp9HZ3u0qmqsKIc.roa
File: Bs-3X2_3s1_ylp9HZ3u0qmqsKIc.roa (raw, json)
Hash identifier: OvB48quyvlskwvKB99l4RCiO0DI4olHfo4hrb7chq3E=
Subject key identifier: 06:CF:B7:5F:6F:F7:B3:5F:F2:96:9F:47:67:7B:B4:AA:6A:AC:28:87
Certificate issuer: /CN=f73425724cae273f2963060dc865c6f0b0425cad
Certificate serial: 019F00C805911DE7FD3B63C930853030D8DE
Authority key identifier: F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/Bs-3X2_3s1_ylp9HZ3u0qmqsKIc.roa
Signing time: Thu 25 Jun 2026 21:55:36 +0000
ROA not before: Thu 25 Jun 2026 21:55:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9123
IP address blocks: 72.56.0.0/20 maxlen: 32
72.56.32.0/21 maxlen: 32
72.56.232.0/21 maxlen: 32
72.56.240.0/21 maxlen: 32
72.56.248.0/22 maxlen: 32
72.56.252.0/23 maxlen: 32
201.24.112.0/20 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.mft
rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 28 Jun 2026 18:01:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9f:00:c8:05:91:1d:e7:fd:3b:63:c9:30:85:30:30:d8:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f73425724cae273f2963060dc865c6f0b0425cad
Validity
Not Before: Jun 25 21:55:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=06cfb75f6ff7b35ff2969f47677bb4aa6aac2887
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:23:1c:ca:91:67:d8:2f:87:2e:cf:58:3c:d5:
04:f5:f9:14:87:a0:4e:7f:ac:be:cb:50:ce:58:a4:
d3:b7:22:9d:14:03:89:54:d4:c0:1c:fe:1c:af:a7:
5c:c2:a6:65:8a:9d:f2:76:43:59:e8:78:3b:a1:e8:
7d:f3:7e:fd:71:38:f4:a2:c2:29:71:6b:b7:8e:ca:
6f:a7:27:24:eb:61:5e:5b:6e:b9:aa:bf:bc:df:92:
6c:4c:6a:b1:7c:5d:c4:41:98:84:1f:31:7c:06:01:
af:ac:3c:22:7e:70:18:89:a8:cf:3a:d2:40:4b:df:
7b:60:19:bd:43:98:6e:df:dc:41:3f:f2:be:48:33:
b9:c4:7c:71:ef:3d:f9:24:ac:1f:15:ec:c8:54:a2:
6d:ab:d8:a9:d5:b7:23:f3:72:3c:83:b1:95:bd:70:
72:bc:c1:1b:e2:43:6a:0f:f6:f4:86:d0:ac:a5:99:
48:41:9b:62:9f:9b:24:88:2a:9d:63:8f:40:c2:5e:
5d:d0:1a:90:38:1d:fc:e0:31:87:d7:fc:b7:c7:ba:
a4:1c:ee:f6:18:10:23:7d:97:df:31:98:88:9c:31:
b7:c9:99:3b:02:bf:01:52:71:23:38:7f:9a:cf:19:
03:eb:74:8d:76:1f:31:cd:47:20:7c:15:6d:92:f6:
eb:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:CF:B7:5F:6F:F7:B3:5F:F2:96:9F:47:67:7B:B4:AA:6A:AC:28:87
X509v3 Authority Key Identifier:
keyid:F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/Bs-3X2_3s1_ylp9HZ3u0qmqsKIc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
72.56.0.0/20
72.56.32.0/21
72.56.232.0-72.56.253.255
201.24.112.0/20
Signature Algorithm: sha256WithRSAEncryption
2a:6f:f7:bc:c8:55:3a:21:16:99:4a:ae:a6:5a:d3:41:52:ad:
17:df:d8:cc:5d:c7:de:e4:59:16:f5:51:9b:51:04:43:06:61:
3f:63:d3:15:ce:1a:ed:94:4b:96:5d:3e:bc:55:a0:64:95:6f:
0a:ec:b9:4d:cf:34:3d:ec:51:27:41:53:68:40:65:cb:5e:8e:
f0:e2:67:9c:39:e1:c3:76:e6:24:fb:79:8b:0b:6c:4c:13:5d:
7b:22:14:f5:ae:10:a3:16:f0:86:e0:b9:9e:4f:5c:69:79:08:
ed:74:99:86:1b:ba:fb:4f:5c:dd:0d:d5:bd:55:27:43:24:19:
11:e9:12:fb:4a:47:14:71:68:bf:5e:d9:25:6e:ab:d2:70:1b:
a8:43:24:3f:b2:43:a7:6e:01:8c:64:4c:10:bb:14:1b:95:7c:
15:4c:6c:32:2e:7b:04:20:94:9f:fe:a8:47:d2:22:6e:7a:7f:
86:4b:ac:00:bd:37:21:8b:23:2d:29:a3:f4:cc:82:d6:0b:12:
6e:93:60:35:ae:1b:81:d3:a0:37:bb:60:e1:a1:10:af:fb:d0:
4e:1e:27:88:eb:35:1e:10:51:83:6c:ee:44:fd:dc:e8:3a:48:
64:47:f9:7a:e0:ec:44:54:b8:77:28:6e:cf:61:50:25:aa:50:
6f:f8:4c:1d
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ8AyAWRHef9O2PJMIUwMNjeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MzQyNTcyNGNhZTI3M2YyOTYzMDYwZGM4NjVjNmYwYjA0
MjVjYWQwHhcNMjYwNjI1MjE1NTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmNmYjc1ZjZmZjdiMzVmZjI5NjlmNDc2NzdiYjRhYTZhYWMyODg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAniMcypFn2C+HLs9YPNUE9fkUh6BO
f6y+y1DOWKTTtyKdFAOJVNTAHP4cr6dcwqZlip3ydkNZ6Hg7oeh98379cTj0osIp
cWu3jspvpyck62FeW265qr+835JsTGqxfF3EQZiEHzF8BgGvrDwifnAYiajPOtJA
S997YBm9Q5hu39xBP/K+SDO5xHxx7z35JKwfFezIVKJtq9ip1bcj83I8g7GVvXBy
vMEb4kNqD/b0htCspZlIQZtin5skiCqdY49Awl5d0BqQOB384DGH1/y3x7qkHO72
GBAjfZffMZiInDG3yZk7Ar8BUnEjOH+azxkD63SNdh8xzUcgfBVtkvbrrwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFAbPt19v97Nf8pafR2d7tKpqrCiHMB8GA1UdIwQY
MBaAFPc0JXJMric/KWMGDchlxvCwQlytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUt
ZTg3MWIyMTc5MGRlLzEvQnMtM1gyXzNzMV95bHA5SFozdTBxbXFzS0ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUtZTg3MWIyMTc5MGRl
LzEvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQESDgAAwQD
SDggMAwDBANIOOgDBAFIOPwDBATJGHAwDQYJKoZIhvcNAQELBQADggEBACpv97zI
VTohFplKrqZa00FSrRff2Mxdx97kWRb1UZtRBEMGYT9j0xXOGu2US5ZdPrxVoGSV
bwrsuU3PND3sUSdBU2hAZctejvDiZ5w54cN25iT7eYsLbEwTXXsiFPWuEKMW8Ibg
uZ5PXGl5CO10mYYbuvtPXN0N1b1VJ0MkGRHpEvtKRxRxaL9e2SVuq9JwG6hDJD+y
Q6duAYxkTBC7FBuVfBVMbDIuewQglJ/+qEfSIm56f4ZLrAC9NyGLIy0po/TMgtYL
Em6TYDWuG4HToDe7YOGhEK/70E4eJ4jrNR4QUYNs7kT93Og6SGRH+Xrg7ERUuHco
bs9hUCWqUG/4TB0=
-----END CERTIFICATE-----
Generated at Sun Jun 28 04:10:48 2026 by rpki-client