Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/37b33d-d9a0-4fae-907d-0cca97efdc57/1/_iJFcG2sgekOOkyWmNE601znn2c.roa
File: _iJFcG2sgekOOkyWmNE601znn2c.roa (raw, json)
Hash identifier: tJKrcJXxI5249vfDepqcTcwbwny+qpaz1JP2S0AoM0g=
Subject key identifier: FE:22:45:70:6D:AC:81:E9:0E:3A:4C:96:98:D1:3A:D3:5C:E7:9F:67
Certificate issuer: /CN=b19b647fe0a10b3400a903faf2eb64a3c58feb07
Certificate serial: 019CE6F439E3A359EB3874FEA4F3C941B663
Authority key identifier: B1:9B:64:7F:E0:A1:0B:34:00:A9:03:FA:F2:EB:64:A3:C5:8F:EB:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sZtkf-ChCzQAqQP68utko8WP6wc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/37b33d-d9a0-4fae-907d-0cca97efdc57/1/_iJFcG2sgekOOkyWmNE601znn2c.roa
Signing time: Fri 13 Mar 2026 11:28:10 +0000
ROA not before: Fri 13 Mar 2026 11:28:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 214618
IP address blocks: 2a14:7240:a10::/48 maxlen: 48
2a14:7240:e02::/48 maxlen: 48
2a14:7240:e03::/48 maxlen: 48
2a14:7240:e01c::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f3/37b33d-d9a0-4fae-907d-0cca97efdc57/1/sZtkf-ChCzQAqQP68utko8WP6wc.crl
rsync://rpki.ripe.net/repository/DEFAULT/f3/37b33d-d9a0-4fae-907d-0cca97efdc57/1/sZtkf-ChCzQAqQP68utko8WP6wc.mft
rsync://rpki.ripe.net/repository/DEFAULT/sZtkf-ChCzQAqQP68utko8WP6wc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 17 Mar 2026 00:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:e6:f4:39:e3:a3:59:eb:38:74:fe:a4:f3:c9:41:b6:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b19b647fe0a10b3400a903faf2eb64a3c58feb07
Validity
Not Before: Mar 13 11:28:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fe2245706dac81e90e3a4c9698d13ad35ce79f67
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:8e:99:7b:03:6b:6d:d8:82:73:cb:bc:7f:c7:
a0:00:02:bc:ed:a3:bb:46:ab:c1:9a:4b:52:b6:d5:
cf:b8:95:69:56:8c:e2:66:e1:d7:37:cb:12:b7:a3:
f0:e1:7e:f3:6f:31:d5:14:a0:57:45:4a:5d:c7:b9:
de:74:7f:31:e3:97:8c:7d:bb:2f:a1:56:62:7c:c5:
99:46:b6:85:4d:9a:b6:cc:9b:68:46:df:8d:2b:8c:
24:44:05:c2:91:4b:9a:88:d9:76:64:02:16:cd:ba:
d8:5c:9a:14:59:24:9a:da:6e:52:0b:76:04:87:42:
b3:b3:15:0b:65:0d:bc:1b:17:c7:d1:4a:dc:58:3a:
11:e0:f0:d1:ae:5e:47:cc:3a:f5:72:5b:eb:a9:d1:
69:e2:1b:74:63:00:b8:b4:82:8b:b1:55:a3:ff:d0:
ff:76:ef:52:0f:69:3d:5a:07:f1:37:6f:d5:c2:4f:
06:7a:65:6e:fb:84:43:2b:c9:a8:b5:91:52:fe:93:
7c:ec:5c:90:1f:e4:c6:1c:4a:b6:9c:4b:0d:1e:cc:
20:9e:8f:48:7a:d9:c9:a4:f5:a9:1a:69:c2:fd:ce:
e9:a1:6a:83:54:a6:f7:7e:c7:a7:30:0a:50:6a:9b:
a3:52:2e:27:cd:74:7a:c8:60:fb:83:cc:81:67:87:
86:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:22:45:70:6D:AC:81:E9:0E:3A:4C:96:98:D1:3A:D3:5C:E7:9F:67
X509v3 Authority Key Identifier:
keyid:B1:9B:64:7F:E0:A1:0B:34:00:A9:03:FA:F2:EB:64:A3:C5:8F:EB:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sZtkf-ChCzQAqQP68utko8WP6wc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/37b33d-d9a0-4fae-907d-0cca97efdc57/1/_iJFcG2sgekOOkyWmNE601znn2c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/37b33d-d9a0-4fae-907d-0cca97efdc57/1/sZtkf-ChCzQAqQP68utko8WP6wc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:7240:a10::/48
2a14:7240:e02::/47
2a14:7240:e01c::/48
Signature Algorithm: sha256WithRSAEncryption
a1:f9:d8:6f:0c:fd:ce:e4:e8:16:cc:e3:36:8d:e8:9b:6c:be:
89:48:dc:10:a9:09:55:13:c1:cb:79:ae:d2:56:81:7a:4c:c0:
cd:96:e3:1e:78:0d:f4:f8:8c:e1:ff:11:cc:9e:17:ae:77:58:
6b:87:cd:44:5e:ce:d7:09:bc:85:1c:06:c1:f8:2a:6b:54:3d:
8b:a0:c5:7c:34:25:3e:e6:32:90:a7:a2:cd:b8:f2:00:6d:ae:
7e:35:a2:2b:06:33:49:29:a2:22:f5:9a:eb:1a:90:c0:48:9c:
19:b7:1f:30:9e:f3:19:1e:8c:26:af:13:d9:bc:e9:50:65:6d:
2b:9d:4a:9e:28:1e:af:0e:dc:d8:01:e9:db:43:cf:82:03:a3:
f8:65:05:0b:65:74:36:11:8b:90:1c:d9:df:1b:32:6f:d3:91:
f2:69:39:77:61:d1:f6:d8:65:9e:10:b0:6b:82:8d:c6:f6:b5:
64:2a:74:50:b5:79:36:f8:ef:b9:6c:f5:09:c2:de:cd:88:94:
ea:aa:37:46:23:86:ff:92:b4:63:e7:22:89:3e:3a:58:4c:a9:
22:c3:e7:06:31:ce:71:20:9c:b3:9b:55:6c:1c:60:65:bb:46:
9f:ef:48:65:d8:9e:00:92:7b:86:87:ad:17:25:84:bb:5d:e8:
13:71:31:63
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZzm9Dnjo1nrOHT+pPPJQbZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxOWI2NDdmZTBhMTBiMzQwMGE5MDNmYWYyZWI2NGEzYzU4
ZmViMDcwHhcNMjYwMzEzMTEyODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTIyNDU3MDZkYWM4MWU5MGUzYTRjOTY5OGQxM2FkMzVjZTc5ZjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxY6ZewNrbdiCc8u8f8egAAK87aO7
RqvBmktSttXPuJVpVoziZuHXN8sSt6Pw4X7zbzHVFKBXRUpdx7nedH8x45eMfbsv
oVZifMWZRraFTZq2zJtoRt+NK4wkRAXCkUuaiNl2ZAIWzbrYXJoUWSSa2m5SC3YE
h0KzsxULZQ28GxfH0UrcWDoR4PDRrl5HzDr1clvrqdFp4ht0YwC4tIKLsVWj/9D/
du9SD2k9WgfxN2/Vwk8GemVu+4RDK8motZFS/pN87FyQH+TGHEq2nEsNHswgno9I
etnJpPWpGmnC/c7poWqDVKb3fsenMApQapujUi4nzXR6yGD7g8yBZ4eGeQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFP4iRXBtrIHpDjpMlpjROtNc559nMB8GA1UdIwQY
MBaAFLGbZH/goQs0AKkD+vLrZKPFj+sHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1p0a2YtQ2hDelFBcVFQNjh1dGtvOFdQNndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8zN2IzM2QtZDlhMC00ZmFlLTkwN2Qt
MGNjYTk3ZWZkYzU3LzEvX2lKRmNHMnNnZWtPT2t5V21ORTYwMXpubjJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8zN2IzM2QtZDlhMC00ZmFlLTkwN2QtMGNjYTk3ZWZkYzU3
LzEvc1p0a2YtQ2hDelFBcVFQNjh1dGtvOFdQNndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKhRyQAoQ
AwcBKhRyQA4CAwcAKhRyQOAcMA0GCSqGSIb3DQEBCwUAA4IBAQCh+dhvDP3O5OgW
zOM2jeibbL6JSNwQqQlVE8HLea7SVoF6TMDNluMeeA30+Izh/xHMnheud1hrh81E
Xs7XCbyFHAbB+CprVD2LoMV8NCU+5jKQp6LNuPIAba5+NaIrBjNJKaIi9ZrrGpDA
SJwZtx8wnvMZHowmrxPZvOlQZW0rnUqeKB6vDtzYAenbQ8+CA6P4ZQULZXQ2EYuQ
HNnfGzJv05HyaTl3YdH22GWeELBrgo3G9rVkKnRQtXk2+O+5bPUJwt7NiJTqqjdG
I4b/krRj5yKJPjpYTKkiw+cGMc5xIJyzm1VsHGBlu0af70hl2J4AknuGh60XJYS7
XegTcTFj
-----END CERTIFICATE-----
Generated at Mon Mar 16 09:39:44 2026 by rpki-client