Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/DfHWpmAWUgCCErY8uLt82E-U1FA.roa
File: DfHWpmAWUgCCErY8uLt82E-U1FA.roa (raw, json)
Hash identifier: +Qi5uESsKdV2qG1rG182kIlHI1TpCDtCPoj/zgTI3/E=
Subject key identifier: 0D:F1:D6:A6:60:16:52:00:82:12:B6:3C:B8:BB:7C:D8:4F:94:D4:50
Certificate issuer: /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial: 019DB469819F60C0C6CC10204F0FD872F618
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/DfHWpmAWUgCCErY8uLt82E-U1FA.roa
Signing time: Wed 22 Apr 2026 08:58:26 +0000
ROA not before: Wed 22 Apr 2026 08:58:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 212238
IP address blocks: 2a07:7780::/29 maxlen: 29
2a07:7780::/32 maxlen: 32
2a07:7781::/32 maxlen: 32
2a07:7782::/32 maxlen: 32
2a07:7783::/32 maxlen: 32
2a07:7784::/32 maxlen: 32
2a07:7785::/32 maxlen: 32
2a07:7786::/32 maxlen: 32
2a07:7787::/32 maxlen: 32
2a07:c100::/29 maxlen: 32
2a07:c100::/32 maxlen: 32
2a07:c101::/32 maxlen: 32
2a07:c102::/32 maxlen: 32
2a07:c103::/32 maxlen: 32
2a07:c104::/32 maxlen: 32
2a07:c106::/32 maxlen: 32
2a07:c107::/32 maxlen: 32
2a09:cec0::/29 maxlen: 29
2a09:cec0::/32 maxlen: 32
2a09:cec1::/32 maxlen: 32
2a09:cec2::/32 maxlen: 32
2a09:cec3::/32 maxlen: 32
2a09:cec4::/32 maxlen: 32
2a09:cec5::/32 maxlen: 32
2a09:cec6::/32 maxlen: 32
2a09:cec7::/32 maxlen: 32
2a0a:100::/29 maxlen: 48
2a0a:3280::/29 maxlen: 48
2a0a:3680::/29 maxlen: 29
2a0a:3680::/32 maxlen: 32
2a0a:3681::/32 maxlen: 32
2a0a:3682::/32 maxlen: 32
2a0a:3683::/32 maxlen: 32
2a0a:3684::/32 maxlen: 32
2a0a:3685::/32 maxlen: 32
2a0a:3686::/32 maxlen: 32
2a0a:3687::/32 maxlen: 32
2a0a:f780::/29 maxlen: 48
2a0a:fa00::/29 maxlen: 48
2a0b:f00::/29 maxlen: 48
2a0c:a400::/29 maxlen: 29
2a0c:a400::/32 maxlen: 32
2a0c:a401::/32 maxlen: 32
2a0c:a402::/32 maxlen: 32
2a0c:a403::/32 maxlen: 32
2a0c:a404::/32 maxlen: 32
2a0c:a405::/32 maxlen: 32
2a0c:a406::/32 maxlen: 32
2a0c:a407::/32 maxlen: 32
2a0d:3280::/29 maxlen: 29
2a0d:3280::/32 maxlen: 32
2a0d:3281::/32 maxlen: 32
2a0d:3282::/32 maxlen: 32
2a0d:3283::/32 maxlen: 32
2a0d:3284::/32 maxlen: 32
2a0d:3285::/32 maxlen: 32
2a0d:3286::/32 maxlen: 32
2a0d:3287::/32 maxlen: 32
2a0d:4fc0::/29 maxlen: 48
2a0d:f3c0::/29 maxlen: 29
2a0d:f3c0::/32 maxlen: 32
2a0d:f3c1::/32 maxlen: 32
2a0d:f3c2::/32 maxlen: 32
2a0d:f3c3::/32 maxlen: 32
2a0d:f3c4::/32 maxlen: 32
2a0d:f3c5::/32 maxlen: 32
2a0d:f3c6::/32 maxlen: 32
2a0d:f3c7::/32 maxlen: 32
2a10:53c0::/29 maxlen: 29
2a10:53c0::/32 maxlen: 32
2a10:53c1::/32 maxlen: 32
2a10:53c2::/32 maxlen: 32
2a10:53c3::/32 maxlen: 32
2a10:53c4::/32 maxlen: 32
2a10:53c5::/32 maxlen: 32
2a10:53c6::/32 maxlen: 32
2a10:53c7::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Apr 2026 14:01:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:b4:69:81:9f:60:c0:c6:cc:10:20:4f:0f:d8:72:f6:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Validity
Not Before: Apr 22 08:58:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0df1d6a6601652008212b63cb8bb7cd84f94d450
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:5b:2d:43:cc:eb:ec:ab:3c:8f:ca:87:f5:8e:
3d:cb:0b:3a:e3:50:3f:d8:e2:9f:4b:40:ae:d5:c3:
0c:97:2e:c8:b8:39:d2:c5:2a:f8:6e:ee:29:d7:c0:
58:96:81:99:bb:22:2e:82:f0:6c:e4:b0:9d:d3:3c:
b1:de:ca:24:c6:97:db:57:68:37:4d:9d:49:ac:dc:
f2:07:23:6b:bb:85:a9:b3:18:85:4f:ed:ab:86:ed:
a6:6e:85:01:38:d5:e9:5d:52:4b:a6:1e:49:1d:f8:
cb:bc:6c:cc:ad:57:08:ef:a3:c6:b5:01:da:1e:48:
23:82:46:ec:bf:a0:d4:1c:e9:d2:90:c2:dc:fe:51:
f8:11:70:37:df:b3:ff:62:88:23:29:5b:f7:6e:99:
0a:19:04:79:85:63:0d:1e:db:20:d5:58:5f:3b:d4:
11:ec:d8:97:19:72:37:c2:53:a0:14:32:d5:d4:db:
94:a8:40:75:9c:17:5f:63:fa:24:b7:25:13:94:a8:
dd:74:97:34:d3:3d:92:71:0f:e8:f0:dd:38:8c:b2:
d0:e2:75:9f:98:c4:3a:52:8d:dd:4a:a5:75:9c:82:
2d:2e:ac:35:01:a6:e8:e1:2b:99:b1:11:ce:ac:12:
c1:bc:9a:2f:92:c0:a8:50:1f:07:5e:03:43:7f:96:
09:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:F1:D6:A6:60:16:52:00:82:12:B6:3C:B8:BB:7C:D8:4F:94:D4:50
X509v3 Authority Key Identifier:
keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/DfHWpmAWUgCCErY8uLt82E-U1FA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a07:7780::/29
2a07:c100::/29
2a09:cec0::/29
2a0a:100::/29
2a0a:3280::/29
2a0a:3680::/29
2a0a:f780::/29
2a0a:fa00::/29
2a0b:f00::/29
2a0c:a400::/29
2a0d:3280::/29
2a0d:4fc0::/29
2a0d:f3c0::/29
2a10:53c0::/29
Signature Algorithm: sha256WithRSAEncryption
46:f4:e1:79:3c:65:07:cb:4b:9e:da:37:d1:23:58:91:95:b9:
c0:8f:d4:51:4b:68:51:d3:88:8c:bb:dc:bd:9e:1c:65:19:ec:
d2:b3:9b:15:ac:e7:f6:6a:2e:80:ca:f2:85:b8:57:5d:29:6b:
03:96:93:91:5a:92:08:47:0b:1e:01:bb:11:0c:90:8b:37:b1:
6c:4e:f9:2e:87:33:9c:18:c7:ef:e2:31:59:e9:cb:c0:40:57:
e6:6b:50:cd:62:91:17:ed:ff:bd:cc:2a:b4:2f:77:3c:eb:b2:
5b:65:b8:61:b3:eb:7a:12:02:dd:03:80:21:9f:87:d9:22:91:
50:55:ff:26:23:37:27:d0:bf:31:5c:b1:83:b5:8e:fa:05:3f:
19:13:96:3d:76:97:be:5f:ee:76:2d:a1:95:e5:f8:91:96:56:
01:bc:6c:9a:2c:4f:f4:22:b2:ae:7e:6d:af:42:8e:57:eb:88:
16:d8:01:07:d8:b1:2b:ad:87:26:42:70:61:e7:3f:6d:e9:d8:
61:6e:0f:a5:c5:4b:d5:bc:d1:a9:f0:1f:65:5a:fd:13:c0:a2:
88:a5:89:04:35:39:b4:92:e4:56:f3:33:94:11:7a:af:cb:b4:
36:7a:cf:7c:8d:84:e4:c2:f4:33:56:40:e1:63:ef:0c:bc:d1:
ed:48:fe:57
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAZ20aYGfYMDGzBAgTw/YcvYYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjYwNDIyMDg1ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGYxZDZhNjYwMTY1MjAwODIxMmI2M2NiOGJiN2NkODRmOTRkNDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6lstQ8zr7Ks8j8qH9Y49yws641A/
2OKfS0Cu1cMMly7IuDnSxSr4bu4p18BYloGZuyIugvBs5LCd0zyx3sokxpfbV2g3
TZ1JrNzyByNru4WpsxiFT+2rhu2mboUBONXpXVJLph5JHfjLvGzMrVcI76PGtQHa
Hkgjgkbsv6DUHOnSkMLc/lH4EXA337P/YogjKVv3bpkKGQR5hWMNHtsg1VhfO9QR
7NiXGXI3wlOgFDLV1NuUqEB1nBdfY/oktyUTlKjddJc00z2ScQ/o8N04jLLQ4nWf
mMQ6Uo3dSqV1nIItLqw1Aabo4SuZsRHOrBLBvJovksCoUB8HXgNDf5YJiQIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFA3x1qZgFlIAghK2PLi7fNhPlNRQMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvRGZIV3BtQVdVZ0NDRXJZOHVMdDgyRS1VMUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAAjBiAwUDKgd3gAMF
AyoHwQADBQMqCc7AAwUDKgoBAAMFAyoKMoADBQMqCjaAAwUDKgr3gAMFAyoK+gAD
BQMqCw8AAwUDKgykAAMFAyoNMoADBQMqDU/AAwUDKg3zwAMFAyoQU8AwDQYJKoZI
hvcNAQELBQADggEBAEb04Xk8ZQfLS57aN9EjWJGVucCP1FFLaFHTiIy73L2eHGUZ
7NKzmxWs5/ZqLoDK8oW4V10pawOWk5FakghHCx4BuxEMkIs3sWxO+S6HM5wYx+/i
MVnpy8BAV+ZrUM1ikRft/73MKrQvdzzrsltluGGz63oSAt0DgCGfh9kikVBV/yYj
NyfQvzFcsYO1jvoFPxkTlj12l75f7nYtoZXl+JGWVgG8bJosT/Qisq5+ba9Cjlfr
iBbYAQfYsSuthyZCcGHnP23p2GFuD6XFS9W80anwH2Va/RPAooiliQQ1ObSS5Fbz
M5QReq/LtDZ6z3yNhOTC9DNWQOFj7wy80e1I/lc=
-----END CERTIFICATE-----
Generated at Mon Apr 27 20:07:43 2026 by rpki-client