Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/cxrFYholN9HvJ-us9fmJgzA0WI0.roa
File: cxrFYholN9HvJ-us9fmJgzA0WI0.roa (raw, json)
Hash identifier: Wwa5EX50bfWPI0XbhpID/ZlbhKK3J9mlKgRfeQnAMPQ=
Subject key identifier: 73:1A:C5:62:1A:25:37:D1:EF:27:EB:AC:F5:F9:89:83:30:34:58:8D
Certificate issuer: /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial: 019CD762040DD5AB31888387D4DEEB49632A
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/cxrFYholN9HvJ-us9fmJgzA0WI0.roa
Signing time: Tue 10 Mar 2026 10:54:10 +0000
ROA not before: Tue 10 Mar 2026 10:54:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213861
IP address blocks: 2a12:2cc6::/32 maxlen: 32
2a12:3bc0::/32 maxlen: 32
2a12:3bc1::/32 maxlen: 32
2a14:9703::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 12 Mar 2026 22:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:d7:62:04:0d:d5:ab:31:88:83:87:d4:de:eb:49:63:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Validity
Not Before: Mar 10 10:54:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=731ac5621a2537d1ef27ebacf5f989833034588d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:67:06:8f:bd:f7:53:67:20:b1:12:60:05:fa:
c4:22:4f:0b:c7:49:ef:ad:b9:ff:2b:b4:37:ed:ee:
6b:41:6d:45:73:8a:58:77:7f:ad:ba:62:05:02:41:
71:b0:cd:53:8d:f4:e9:89:b0:00:b5:2b:a3:2d:e3:
4c:41:e5:d7:a5:e7:5a:4d:81:8b:2d:5d:5b:83:2b:
e5:ba:0b:0c:b8:07:12:0e:1e:5e:bc:5b:17:93:ce:
f8:ca:e2:af:a0:21:49:14:9d:31:54:06:38:5c:35:
2b:40:c3:0f:28:45:6e:88:db:9f:e3:f1:75:c4:8d:
9b:c7:37:c1:ca:1d:9e:29:af:45:a8:76:95:64:43:
19:61:d5:33:8b:73:23:74:8f:30:47:c5:14:0b:8d:
14:d3:3d:10:7e:5a:40:82:a4:75:d2:41:fe:e5:a3:
1b:b7:d4:f5:2f:1b:12:b5:d8:c6:b0:28:a2:d4:5d:
c5:bf:d8:55:f3:e7:4f:fc:9d:e9:13:01:e9:3a:76:
46:19:8e:a4:db:0b:8a:e3:12:88:51:87:17:de:da:
55:76:80:df:06:e1:7c:87:5b:b8:5c:c9:bc:29:67:
95:92:5b:4a:dc:79:08:fd:74:08:b6:cd:f4:1c:25:
89:c2:87:16:f1:e5:39:b8:6f:05:f3:cc:50:4c:5e:
c7:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:1A:C5:62:1A:25:37:D1:EF:27:EB:AC:F5:F9:89:83:30:34:58:8D
X509v3 Authority Key Identifier:
keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/cxrFYholN9HvJ-us9fmJgzA0WI0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:2cc6::/32
2a12:3bc0::/31
2a14:9703::/32
Signature Algorithm: sha256WithRSAEncryption
b3:79:45:21:79:cf:27:5c:c8:42:51:ed:d2:e3:f7:94:88:42:
81:7a:88:12:d5:49:7e:fd:f1:83:fd:8f:5a:1a:f9:c1:2f:ba:
ab:2f:5a:91:70:fd:04:14:b1:97:1a:3a:f5:4e:22:ed:e6:0f:
c5:fc:09:37:97:11:16:c6:e5:7c:3b:86:8e:b5:ef:2f:8e:6f:
d2:ec:ac:cb:91:04:b1:de:6b:04:f8:55:4f:69:a8:47:90:7a:
15:e7:4c:d1:15:5b:2f:36:0d:92:30:ab:05:5e:52:29:19:b3:
47:59:c3:0c:8c:0e:86:87:5b:f7:31:9a:57:a0:25:08:88:d9:
bb:17:2d:5e:94:3c:1e:82:d4:1f:13:3e:d0:c1:33:88:6a:40:
8f:d3:7d:93:fc:26:04:79:e1:f6:c7:3d:54:3e:e8:10:d7:47:
eb:17:29:2b:35:c8:62:23:54:85:16:e1:75:42:cb:97:94:22:
9c:cc:cf:79:5b:11:ac:a7:8f:12:bb:5a:1a:39:ef:0d:41:e3:
18:38:1c:19:8b:3d:31:94:a7:e9:99:41:92:76:94:f8:8c:cd:
9f:16:b7:40:d0:fe:58:81:d2:96:1b:93:f1:3e:6e:ca:89:ec:
54:20:ea:0e:47:c9:27:75:ed:2d:68:1b:a9:b9:b3:4a:0e:59:
96:76:54:f2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZzXYgQN1asxiIOH1N7rSWMqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjYwMzEwMTA1NDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzFhYzU2MjFhMjUzN2QxZWYyN2ViYWNmNWY5ODk4MzMwMzQ1ODhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmcGj733U2cgsRJgBfrEIk8Lx0nv
rbn/K7Q37e5rQW1Fc4pYd3+tumIFAkFxsM1TjfTpibAAtSujLeNMQeXXpedaTYGL
LV1bgyvlugsMuAcSDh5evFsXk874yuKvoCFJFJ0xVAY4XDUrQMMPKEVuiNuf4/F1
xI2bxzfByh2eKa9FqHaVZEMZYdUzi3MjdI8wR8UUC40U0z0QflpAgqR10kH+5aMb
t9T1LxsStdjGsCii1F3Fv9hV8+dP/J3pEwHpOnZGGY6k2wuK4xKIUYcX3tpVdoDf
BuF8h1u4XMm8KWeVkltK3HkI/XQIts30HCWJwocW8eU5uG8F88xQTF7HGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHMaxWIaJTfR7yfrrPX5iYMwNFiNMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvY3hyRllob2xOOUh2Si11czlmbUpnekEwV0kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKhIsxgMF
ASoSO8ADBQAqFJcDMA0GCSqGSIb3DQEBCwUAA4IBAQCzeUUhec8nXMhCUe3S4/eU
iEKBeogS1Ul+/fGD/Y9aGvnBL7qrL1qRcP0EFLGXGjr1TiLt5g/F/Ak3lxEWxuV8
O4aOte8vjm/S7KzLkQSx3msE+FVPaahHkHoV50zRFVsvNg2SMKsFXlIpGbNHWcMM
jA6Gh1v3MZpXoCUIiNm7Fy1elDwegtQfEz7QwTOIakCP032T/CYEeeH2xz1UPugQ
10frFykrNchiI1SFFuF1QsuXlCKczM95WxGsp48Su1oaOe8NQeMYOBwZiz0xlKfp
mUGSdpT4jM2fFrdA0P5YgdKWG5PxPm7KiexUIOoOR8knde0taBupubNKDlmWdlTy
-----END CERTIFICATE-----
Generated at Thu Mar 12 08:16:28 2026 by rpki-client