Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/ERka-Os6ObqqZqi9cGtA6y93DUc.roa
File: ERka-Os6ObqqZqi9cGtA6y93DUc.roa (raw, json)
Hash identifier: xLtVOqUw1SdFOzEQIDV0mLPI1VOtVrObVSKBvt+3WeA=
Subject key identifier: 11:19:1A:F8:EB:3A:39:BA:AA:66:A8:BD:70:6B:40:EB:2F:77:0D:47
Certificate issuer: /CN=0dd441c3ffae829842249e944b03851081f4d9e0
Certificate serial: 019E82A9E24BB4B9E3DD9C8E4917F3DED9A0
Authority key identifier: 0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/ERka-Os6ObqqZqi9cGtA6y93DUc.roa
Signing time: Mon 01 Jun 2026 10:10:31 +0000
ROA not before: Mon 01 Jun 2026 10:10:31 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 44016
IP address blocks: 91.235.168.0/24 maxlen: 24
2001:67c:2d78::/48 maxlen: 48
2a09:8400::/29 maxlen: 48
2a0f:75c0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl
rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.mft
rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 20:26:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:82:a9:e2:4b:b4:b9:e3:dd:9c:8e:49:17:f3:de:d9:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0dd441c3ffae829842249e944b03851081f4d9e0
Validity
Not Before: Jun 1 10:10:31 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=11191af8eb3a39baaa66a8bd706b40eb2f770d47
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:0a:4f:8f:ec:59:9f:c9:4d:ba:a4:87:68:22:
1c:01:46:06:73:89:62:ca:41:34:56:77:a1:d1:52:
40:71:17:3e:1a:9d:2d:88:73:4f:1f:fc:97:2b:fd:
dc:14:16:1f:fb:3d:f9:f0:63:45:94:6b:06:2e:7f:
43:6c:54:50:0b:3a:60:4e:4e:57:11:5b:ae:37:14:
e0:3c:06:30:0b:69:74:36:ca:d4:6e:c7:b0:14:62:
68:a3:cc:16:a2:cb:9b:5a:02:cc:a7:f8:a7:a7:03:
a6:2b:38:67:da:00:f4:bf:74:61:96:cd:e6:5c:26:
95:dc:d6:d2:51:ea:cd:16:69:e0:10:cf:8e:aa:17:
46:cc:25:3a:26:62:1d:bb:dd:28:bf:fd:9b:d6:2f:
f4:b9:b3:60:a0:e9:d0:60:f6:3f:71:26:e1:fb:e8:
45:f9:56:95:94:d6:6f:f4:14:64:44:3b:da:af:6b:
52:20:8b:7f:81:97:03:60:3f:d6:88:12:8b:d5:05:
6d:bf:01:4e:c7:5b:f5:65:7d:06:f2:98:f7:62:16:
13:72:92:8c:e1:3c:b1:b5:c7:07:1c:1f:62:8c:6c:
22:de:0d:99:ee:c8:1d:d9:33:36:cb:6f:d7:00:2c:
e3:87:96:15:06:ed:cf:17:99:80:6f:58:f9:74:20:
16:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:19:1A:F8:EB:3A:39:BA:AA:66:A8:BD:70:6B:40:EB:2F:77:0D:47
X509v3 Authority Key Identifier:
keyid:0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/ERka-Os6ObqqZqi9cGtA6y93DUc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.235.168.0/24
IPv6:
2001:67c:2d78::/48
2a09:8400::/29
2a0f:75c0::/29
Signature Algorithm: sha256WithRSAEncryption
ab:48:ff:ae:8f:47:49:dd:17:f6:96:89:9b:f6:60:7d:83:d6:
b9:fd:e6:e0:40:aa:f4:40:c6:1d:a4:3d:32:34:75:a1:fe:cc:
f7:53:7b:b2:1a:99:bd:00:52:86:4e:88:6b:ba:7a:e4:6e:2d:
2b:b7:c3:c2:df:5e:6d:8e:86:0f:01:5c:47:57:f3:8a:78:fc:
1c:45:1e:bf:7f:a2:15:3c:8e:f4:6d:2c:93:bb:89:a8:c2:58:
f2:b3:b7:64:43:3e:f9:0b:bf:95:d8:eb:c8:da:1f:4f:66:f7:
00:cc:3a:73:54:a4:df:2f:8a:2b:9b:56:53:12:0b:88:c8:c0:
91:37:ce:2c:ef:f6:93:dd:f6:c4:66:7a:a3:a1:4c:be:7a:21:
61:26:86:78:0a:60:1e:e9:5e:41:da:40:70:d6:8f:d1:15:9c:
f3:f9:ef:d7:6e:56:1a:fb:14:9d:a3:35:33:ed:df:f8:94:49:
16:27:5d:3e:97:ca:77:f4:86:36:b6:95:b4:48:7e:45:dc:32:
38:41:55:7b:44:8c:ba:05:4a:23:35:eb:44:9c:45:df:fe:ac:
8c:63:0e:4c:a8:44:9f:24:a8:cc:6e:96:93:52:49:b2:41:10:
c8:32:02:06:7d:48:22:b7:e1:26:e5:7e:3c:11:45:af:93:8c:
a1:b4:bf:b9
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAZ6CqeJLtLnj3ZyOSRfz3tmgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkZDQ0MWMzZmZhZTgyOTg0MjI0OWU5NDRiMDM4NTEwODFm
NGQ5ZTAwHhcNMjYwNjAxMTAxMDMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTE5MWFmOGViM2EzOWJhYWE2NmE4YmQ3MDZiNDBlYjJmNzcwZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvApPj+xZn8lNuqSHaCIcAUYGc4li
ykE0Vneh0VJAcRc+Gp0tiHNPH/yXK/3cFBYf+z358GNFlGsGLn9DbFRQCzpgTk5X
EVuuNxTgPAYwC2l0NsrUbsewFGJoo8wWosubWgLMp/inpwOmKzhn2gD0v3Rhls3m
XCaV3NbSUerNFmngEM+OqhdGzCU6JmIdu90ov/2b1i/0ubNgoOnQYPY/cSbh++hF
+VaVlNZv9BRkRDvar2tSIIt/gZcDYD/WiBKL1QVtvwFOx1v1ZX0G8pj3YhYTcpKM
4TyxtccHHB9ijGwi3g2Z7sgd2TM2y2/XACzjh5YVBu3PF5mAb1j5dCAWMwIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFBEZGvjrOjm6qmaovXBrQOsvdw1HMB8GA1UdIwQY
MBaAFA3UQcP/roKYQiSelEsDhRCB9NngMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMt
ZTljOTEzMjgzNmZmLzEvRVJrYS1PczZPYnFxWnFpOWNHdEE2eTkzRFVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMtZTljOTEzMjgzNmZm
LzEvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTAMBAIAATAGAwQAW+uoMB0E
AgACMBcDBwAgAQZ8LXgDBQMqCYQAAwUDKg91wDANBgkqhkiG9w0BAQsFAAOCAQEA
q0j/ro9HSd0X9paJm/ZgfYPWuf3m4ECq9EDGHaQ9MjR1of7M91N7shqZvQBShk6I
a7p65G4tK7fDwt9ebY6GDwFcR1fzinj8HEUev3+iFTyO9G0sk7uJqMJY8rO3ZEM+
+Qu/ldjryNofT2b3AMw6c1Sk3y+KK5tWUxILiMjAkTfOLO/2k932xGZ6o6FMvnoh
YSaGeApgHuleQdpAcNaP0RWc8/nv125WGvsUnaM1M+3f+JRJFiddPpfKd/SGNraV
tEh+RdwyOEFVe0SMugVKIzXrRJxF3/6sjGMOTKhEnySozG6Wk1JJskEQyDICBn1I
IrfhJuV+PBFFr5OMobS/uQ==
-----END CERTIFICATE-----
Generated at Fri Jun 12 00:05:39 2026 by rpki-client