Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/hWXBl6lRC6zLGeEcMQA6rqmkmks.roa
File: hWXBl6lRC6zLGeEcMQA6rqmkmks.roa (raw, json)
Hash identifier: +X0ERMiwxmTJ2+TcIOifxb+IglOP2XRfibG25F5MrR8=
Subject key identifier: 85:65:C1:97:A9:51:0B:AC:CB:19:E1:1C:31:00:3A:AE:A9:A4:9A:4B
Certificate issuer: /CN=f73425724cae273f2963060dc865c6f0b0425cad
Certificate serial: 019E6B379C3ADA3F9A16BF09B42CC79142DE
Authority key identifier: F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/hWXBl6lRC6zLGeEcMQA6rqmkmks.roa
Signing time: Wed 27 May 2026 20:54:26 +0000
ROA not before: Wed 27 May 2026 20:54:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9123
IP address blocks: 72.56.0.0/20 maxlen: 32
72.56.32.0/21 maxlen: 32
72.56.232.0/21 maxlen: 32
72.56.240.0/21 maxlen: 32
72.56.248.0/22 maxlen: 32
72.56.252.0/23 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.mft
rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Jun 2026 02:01:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:6b:37:9c:3a:da:3f:9a:16:bf:09:b4:2c:c7:91:42:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f73425724cae273f2963060dc865c6f0b0425cad
Validity
Not Before: May 27 20:54:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8565c197a9510baccb19e11c31003aaea9a49a4b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:b4:8d:4c:10:28:eb:e3:b3:f2:3f:75:3e:ac:
00:b9:26:5e:ae:e9:5a:43:1c:dd:bf:af:55:e9:e1:
7b:ea:b2:c6:a7:9a:52:49:bd:c2:56:fc:76:ec:73:
64:62:82:bd:8f:7c:81:71:f2:fe:09:6f:6b:d8:e6:
42:80:77:e5:74:4a:a3:8e:dc:be:b9:1e:28:69:19:
fa:e7:30:1f:a3:02:43:41:73:7f:40:dd:5b:a9:23:
fa:cb:f2:e2:c5:fc:11:f8:ac:b9:c7:13:db:13:c4:
e5:4a:5c:59:1e:7f:73:79:4f:51:63:f2:ef:42:bb:
b7:c9:f0:3d:af:4e:c0:b2:8f:71:90:e3:fa:46:82:
d5:d5:41:92:c2:d3:9e:8d:94:16:c7:4e:fd:0e:45:
9b:51:84:48:e5:85:70:f0:58:b1:c9:2e:0f:14:ed:
1b:03:5d:f5:08:03:fd:d6:22:c5:0a:4f:87:fe:49:
62:32:34:da:42:d1:ea:6c:d9:bd:61:4e:7e:87:8c:
d8:e9:ec:6b:cc:a6:82:a9:97:2d:61:8c:08:29:df:
87:50:f5:8c:e9:7c:12:ce:de:6c:c0:e8:05:fa:2b:
5f:e5:c9:bb:7b:fe:69:e5:59:bb:bb:b2:4f:e7:ce:
6f:cb:98:63:bc:f3:6d:89:5c:24:c4:12:46:a6:ee:
93:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:65:C1:97:A9:51:0B:AC:CB:19:E1:1C:31:00:3A:AE:A9:A4:9A:4B
X509v3 Authority Key Identifier:
keyid:F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/hWXBl6lRC6zLGeEcMQA6rqmkmks.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
72.56.0.0/20
72.56.32.0/21
72.56.232.0-72.56.253.255
Signature Algorithm: sha256WithRSAEncryption
8e:17:b0:1e:60:f2:74:e3:24:fc:7a:91:ee:15:4b:a7:3c:23:
1e:41:bb:52:ef:b1:ca:a8:df:23:b2:db:75:b3:29:47:7a:33:
ae:39:94:d6:5a:94:38:9b:f6:26:b8:c4:09:bc:1c:3d:43:57:
f7:d6:6d:bc:d4:b1:7b:49:7d:c1:38:89:01:61:01:55:49:d4:
b7:54:82:25:13:20:6b:96:9c:90:85:e2:70:d2:9d:c8:74:88:
f6:a3:07:51:5c:c1:57:c5:10:c6:ff:70:7b:2d:d5:02:2b:39:
29:07:54:47:77:47:cc:b7:a4:df:84:a6:53:76:37:5d:18:71:
e3:66:c0:38:15:6d:29:e8:42:c8:af:56:4b:33:fc:82:86:c0:
4f:d4:83:2e:9d:bd:79:88:6f:b7:40:76:db:a6:81:26:97:c5:
b8:4e:50:e1:56:92:6a:76:60:0c:25:c7:ea:2d:b9:c7:71:81:
a4:91:22:6a:d8:7b:bb:ac:ed:a1:ba:4a:ae:d2:19:e5:ee:75:
1d:28:75:14:42:a8:d3:87:cd:c0:5e:8c:66:e6:e6:ac:79:13:
ed:90:8b:ff:29:af:2f:2f:17:e3:64:64:6b:f5:d1:0a:3c:5e:
75:c7:f5:07:dc:c6:cd:c4:fb:62:25:a2:e3:c7:18:17:15:9a:
03:e9:cc:50
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZ5rN5w62j+aFr8JtCzHkULeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MzQyNTcyNGNhZTI3M2YyOTYzMDYwZGM4NjVjNmYwYjA0
MjVjYWQwHhcNMjYwNTI3MjA1NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTY1YzE5N2E5NTEwYmFjY2IxOWUxMWMzMTAwM2FhZWE5YTQ5YTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbSNTBAo6+Oz8j91PqwAuSZerula
Qxzdv69V6eF76rLGp5pSSb3CVvx27HNkYoK9j3yBcfL+CW9r2OZCgHfldEqjjty+
uR4oaRn65zAfowJDQXN/QN1bqSP6y/LixfwR+Ky5xxPbE8TlSlxZHn9zeU9RY/Lv
Qru3yfA9r07Aso9xkOP6RoLV1UGSwtOejZQWx079DkWbUYRI5YVw8FixyS4PFO0b
A131CAP91iLFCk+H/kliMjTaQtHqbNm9YU5+h4zY6exrzKaCqZctYYwIKd+HUPWM
6XwSzt5swOgF+itf5cm7e/5p5Vm7u7JP585vy5hjvPNtiVwkxBJGpu6TrwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFIVlwZepUQusyxnhHDEAOq6ppJpLMB8GA1UdIwQY
MBaAFPc0JXJMric/KWMGDchlxvCwQlytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUt
ZTg3MWIyMTc5MGRlLzEvaFdYQmw2bFJDNnpMR2VFY01RQTZycW1rbWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUtZTg3MWIyMTc5MGRl
LzEvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQESDgAAwQD
SDggMAwDBANIOOgDBAFIOPwwDQYJKoZIhvcNAQELBQADggEBAI4XsB5g8nTjJPx6
ke4VS6c8Ix5Bu1Lvscqo3yOy23WzKUd6M645lNZalDib9ia4xAm8HD1DV/fWbbzU
sXtJfcE4iQFhAVVJ1LdUgiUTIGuWnJCF4nDSnch0iPajB1FcwVfFEMb/cHst1QIr
OSkHVEd3R8y3pN+EplN2N10YceNmwDgVbSnoQsivVksz/IKGwE/Ugy6dvXmIb7dA
dtumgSaXxbhOUOFWkmp2YAwlx+otucdxgaSRImrYe7us7aG6Sq7SGeXudR0odRRC
qNOHzcBejGbm5qx5E+2Qi/8pry8vF+NkZGv10Qo8XnXH9Qfcxs3E+2IlouPHGBcV
mgPpzFA=
-----END CERTIFICATE-----
Generated at Sat Jun 6 12:03:58 2026 by rpki-client