Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/b13b55-1288-45e6-8876-a70db58280fc/1/KJfyUjYhSbcTj4BqhcYlT-NV3k0.roa
File: KJfyUjYhSbcTj4BqhcYlT-NV3k0.roa (raw, json)
Hash identifier: PTxZGqD0eutJIRMtp0zEf920MlkzT2rTXHG1ErOVkNE=
Subject key identifier: 28:97:F2:52:36:21:49:B7:13:8F:80:6A:85:C6:25:4F:E3:55:DE:4D
Certificate issuer: /CN=2672b9fb546b365e323230dcea9ba8c9fbedfeb8
Certificate serial: 019E5F9CDF0CCAE29107327BCE31C27FFC41
Authority key identifier: 26:72:B9:FB:54:6B:36:5E:32:32:30:DC:EA:9B:A8:C9:FB:ED:FE:B8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JnK5-1RrNl4yMjDc6puoyfvt_rg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/b13b55-1288-45e6-8876-a70db58280fc/1/KJfyUjYhSbcTj4BqhcYlT-NV3k0.roa
Signing time: Mon 25 May 2026 14:49:36 +0000
ROA not before: Mon 25 May 2026 14:49:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9123
IP address blocks: 104.171.128.0/24 maxlen: 32
104.171.129.0/24 maxlen: 32
104.171.130.0/24 maxlen: 32
104.171.131.0/24 maxlen: 32
104.171.132.0/24 maxlen: 32
104.171.133.0/24 maxlen: 32
104.171.134.0/24 maxlen: 32
104.171.135.0/24 maxlen: 32
104.171.136.0/24 maxlen: 32
104.171.137.0/24 maxlen: 32
104.171.138.0/24 maxlen: 32
104.171.139.0/24 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/b13b55-1288-45e6-8876-a70db58280fc/1/JnK5-1RrNl4yMjDc6puoyfvt_rg.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/b13b55-1288-45e6-8876-a70db58280fc/1/JnK5-1RrNl4yMjDc6puoyfvt_rg.mft
rsync://rpki.ripe.net/repository/DEFAULT/JnK5-1RrNl4yMjDc6puoyfvt_rg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Jun 2026 04:00:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:5f:9c:df:0c:ca:e2:91:07:32:7b:ce:31:c2:7f:fc:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2672b9fb546b365e323230dcea9ba8c9fbedfeb8
Validity
Not Before: May 25 14:49:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2897f252362149b7138f806a85c6254fe355de4d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:97:40:d2:8b:1c:7c:10:8b:e7:04:06:c4:e5:
d1:71:7b:a6:51:02:7c:6b:43:5d:4a:c7:14:62:dc:
7e:01:78:0a:a5:e1:52:0d:db:a4:a9:1e:a0:cb:0d:
81:77:bf:22:ea:a8:ff:5f:33:b9:df:73:7b:4f:0c:
b0:10:5a:95:4f:53:0c:83:f8:b1:1f:c6:d1:05:c6:
c4:48:9a:3b:a3:a9:b5:11:3a:78:14:37:1f:5f:2b:
ed:1d:6d:99:2d:cb:d4:ee:09:1c:91:79:05:13:27:
63:54:22:0f:2f:c1:d1:9c:de:93:f6:d4:3e:f6:2c:
0b:92:71:3d:d9:4c:bd:58:e7:9e:3e:8a:02:fc:33:
d7:f6:63:f4:2b:36:a4:93:06:18:20:f5:06:70:f1:
73:5f:7d:9d:51:02:23:ee:c5:50:25:da:d4:36:4e:
82:37:01:b6:b8:28:b6:8b:93:e9:ee:64:e1:d1:56:
e9:ec:4b:86:6d:af:df:9b:a7:85:8a:d3:06:2a:61:
20:85:85:3d:37:cd:f8:ab:9c:05:d0:79:0b:d3:d1:
3f:73:f8:c1:87:19:9d:ec:27:e6:ec:cc:51:ba:fc:
b1:17:bc:e5:7d:e5:68:85:e8:27:21:a6:d7:78:04:
1c:d1:f6:55:ff:b2:d9:84:06:34:04:0b:91:0e:9c:
15:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:97:F2:52:36:21:49:B7:13:8F:80:6A:85:C6:25:4F:E3:55:DE:4D
X509v3 Authority Key Identifier:
keyid:26:72:B9:FB:54:6B:36:5E:32:32:30:DC:EA:9B:A8:C9:FB:ED:FE:B8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JnK5-1RrNl4yMjDc6puoyfvt_rg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/b13b55-1288-45e6-8876-a70db58280fc/1/KJfyUjYhSbcTj4BqhcYlT-NV3k0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/b13b55-1288-45e6-8876-a70db58280fc/1/JnK5-1RrNl4yMjDc6puoyfvt_rg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
104.171.128.0-104.171.139.255
Signature Algorithm: sha256WithRSAEncryption
64:ac:3a:0c:73:c3:9e:06:fa:88:52:eb:e5:94:27:97:8e:8a:
d5:9c:18:22:9d:78:0e:42:52:18:94:ca:be:ef:80:97:86:52:
fc:2d:eb:a5:72:0d:d9:e6:8e:14:f0:5a:8c:9a:d2:5d:59:f0:
71:d6:d2:28:60:8c:69:b2:8a:14:77:43:53:51:11:c5:36:a4:
00:a2:07:a2:e7:40:68:45:54:ca:52:49:12:03:78:0e:4f:3b:
c3:ad:7a:14:34:f4:88:57:80:62:c6:5d:e7:38:29:68:ee:41:
21:2f:7e:71:8f:51:cc:f5:8e:df:69:c5:99:7e:a0:a7:a6:a8:
47:ec:0c:d8:5c:e7:a6:a8:88:29:73:96:6b:71:df:2e:90:eb:
91:93:69:cf:70:9b:3a:3b:38:d8:8f:de:85:c3:98:82:16:b5:
55:3e:2f:18:e8:9d:c0:69:bd:30:19:0f:89:b1:10:c2:4c:23:
9b:ba:62:4d:00:c3:04:4b:8f:57:ef:31:fb:85:37:74:cb:ba:
71:9a:f0:86:38:aa:61:0b:ea:b8:71:8c:2b:46:51:42:fb:54:
86:e1:d8:56:c5:63:4e:32:6f:6a:e1:de:68:c0:31:50:9b:d7:
b6:0f:d4:ed:bd:d3:fe:d1:0d:d5:5e:3a:69:cf:84:59:4a:b3:
f8:b4:70:7d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ5fnN8MyuKRBzJ7zjHCf/xBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NzJiOWZiNTQ2YjM2NWUzMjMyMzBkY2VhOWJhOGM5ZmJl
ZGZlYjgwHhcNMjYwNTI1MTQ0OTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODk3ZjI1MjM2MjE0OWI3MTM4ZjgwNmE4NWM2MjU0ZmUzNTVkZTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspdA0oscfBCL5wQGxOXRcXumUQJ8
a0NdSscUYtx+AXgKpeFSDdukqR6gyw2Bd78i6qj/XzO533N7TwywEFqVT1MMg/ix
H8bRBcbESJo7o6m1ETp4FDcfXyvtHW2ZLcvU7gkckXkFEydjVCIPL8HRnN6T9tQ+
9iwLknE92Uy9WOeePooC/DPX9mP0KzakkwYYIPUGcPFzX32dUQIj7sVQJdrUNk6C
NwG2uCi2i5Pp7mTh0Vbp7EuGba/fm6eFitMGKmEghYU9N834q5wF0HkL09E/c/jB
hxmd7Cfm7MxRuvyxF7zlfeVohegnIabXeAQc0fZV/7LZhAY0BAuRDpwVBQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCiX8lI2IUm3E4+AaoXGJU/jVd5NMB8GA1UdIwQY
MBaAFCZyuftUazZeMjIw3OqbqMn77f64MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm5LNS0xUnJObDR5TWpEYzZwdW95ZnZ0X3JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9iMTNiNTUtMTI4OC00NWU2LTg4NzYt
YTcwZGI1ODI4MGZjLzEvS0pmeVVqWWhTYmNUajRCcWhjWWxULU5WM2swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9iMTNiNTUtMTI4OC00NWU2LTg4NzYtYTcwZGI1ODI4MGZj
LzEvSm5LNS0xUnJObDR5TWpEYzZwdW95ZnZ0X3JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAdoq4AD
BAJoq4gwDQYJKoZIhvcNAQELBQADggEBAGSsOgxzw54G+ohS6+WUJ5eOitWcGCKd
eA5CUhiUyr7vgJeGUvwt66VyDdnmjhTwWoya0l1Z8HHW0ihgjGmyihR3Q1NREcU2
pACiB6LnQGhFVMpSSRIDeA5PO8OtehQ09IhXgGLGXec4KWjuQSEvfnGPUcz1jt9p
xZl+oKemqEfsDNhc56aoiClzlmtx3y6Q65GTac9wmzo7ONiP3oXDmIIWtVU+Lxjo
ncBpvTAZD4mxEMJMI5u6Yk0AwwRLj1fvMfuFN3TLunGa8IY4qmEL6rhxjCtGUUL7
VIbh2FbFY04yb2rh3mjAMVCb17YP1O290/7RDdVeOmnPhFlKs/i0cH0=
-----END CERTIFICATE-----
Generated at Sat Jun 6 12:06:13 2026 by rpki-client