Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/BDoL8rUpvbaK_16BWlbfMCNWUSU.roa
File: BDoL8rUpvbaK_16BWlbfMCNWUSU.roa (raw, json)
Hash identifier: GfKO3arzoWGyw+NdQY8Rv86I2fy83YtHFt/TTLJyJno=
Subject key identifier: 04:3A:0B:F2:B5:29:BD:B6:8A:FF:5E:81:5A:56:DF:30:23:56:51:25
Certificate issuer: /CN=ea846006cf8b9e388f31451358092502cecc1136
Certificate serial: 019CAA573151C482328D1FE59F155E9DE83E
Authority key identifier: EA:84:60:06:CF:8B:9E:38:8F:31:45:13:58:09:25:02:CE:CC:11:36
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6oRgBs-LnjiPMUUTWAklAs7METY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/BDoL8rUpvbaK_16BWlbfMCNWUSU.roa
Signing time: Sun 01 Mar 2026 16:59:26 +0000
ROA not before: Sun 01 Mar 2026 16:59:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 209857
IP address blocks: 91.197.55.0/24 maxlen: 24
2a06:8ac0::/44 maxlen: 44
2a06:8ac0:10::/48 maxlen: 48
2a06:8ac0:11::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/6oRgBs-LnjiPMUUTWAklAs7METY.crl
rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/6oRgBs-LnjiPMUUTWAklAs7METY.mft
rsync://rpki.ripe.net/repository/DEFAULT/6oRgBs-LnjiPMUUTWAklAs7METY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 13 Mar 2026 00:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:aa:57:31:51:c4:82:32:8d:1f:e5:9f:15:5e:9d:e8:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ea846006cf8b9e388f31451358092502cecc1136
Validity
Not Before: Mar 1 16:59:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=043a0bf2b529bdb68aff5e815a56df3023565125
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:e1:5c:24:48:08:39:a6:ff:bb:b3:11:bd:ae:
89:0c:66:87:3c:b5:c0:a0:60:62:3a:96:e5:26:fe:
28:c2:fe:9c:19:3d:fe:12:f6:fa:45:24:a2:b0:4b:
92:61:76:2b:1a:7a:a1:ba:f0:c8:c4:a3:da:da:13:
84:52:f1:e1:45:b8:e2:2d:b3:04:17:b6:23:3b:3c:
d6:c1:15:95:c5:d8:7c:4a:1a:03:ea:5b:e5:96:1f:
85:e0:c4:3d:20:d3:16:fa:51:8d:0e:ed:36:76:2a:
70:d0:fe:cb:af:d5:7c:e0:89:54:9c:e6:37:f2:b2:
e0:c0:21:36:89:10:59:bb:1f:06:64:0e:c4:be:fe:
7f:5a:79:47:b3:00:d6:17:44:eb:38:7d:8b:7f:bb:
9b:b1:d5:7c:cb:ec:d5:53:5d:17:74:59:07:00:a4:
b1:ba:77:2d:e3:2f:7c:c3:05:10:3c:85:1e:60:2e:
a0:14:d8:45:61:45:68:00:f3:f7:cd:3d:a9:8b:90:
29:7f:f8:96:5f:c8:93:1f:67:9d:fb:72:42:2a:1c:
d1:52:45:23:06:e9:5e:93:31:a8:63:7a:ec:09:51:
75:06:7b:a1:b2:e3:5e:a5:16:92:21:a1:60:83:bb:
dc:05:f1:6a:50:a0:ec:ed:80:d2:5e:9c:b1:e2:c5:
db:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:3A:0B:F2:B5:29:BD:B6:8A:FF:5E:81:5A:56:DF:30:23:56:51:25
X509v3 Authority Key Identifier:
keyid:EA:84:60:06:CF:8B:9E:38:8F:31:45:13:58:09:25:02:CE:CC:11:36
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6oRgBs-LnjiPMUUTWAklAs7METY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/BDoL8rUpvbaK_16BWlbfMCNWUSU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/6oRgBs-LnjiPMUUTWAklAs7METY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.197.55.0/24
IPv6:
2a06:8ac0::-2a06:8ac0:11:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
db:0f:5d:b2:be:f3:a6:e9:e9:3f:46:e4:25:ba:76:60:58:c2:
d9:30:28:d9:f1:f9:49:ac:47:52:52:46:2f:dc:93:6f:ec:0f:
a6:40:e1:4f:49:1b:a0:4e:d0:f0:9d:29:00:55:90:ed:e7:17:
ea:21:48:09:eb:a0:5f:e4:d8:8f:df:e8:41:75:c8:9a:34:20:
9a:ac:a0:d5:d2:7b:76:cd:91:89:84:c2:63:23:71:d6:2f:e9:
b3:0c:53:f1:d0:e7:e3:03:ef:04:35:43:5d:6c:63:d0:1e:c8:
43:5b:7c:10:27:1a:5d:88:3f:f5:ca:34:3c:da:28:80:75:fb:
91:0f:d0:bc:c7:e5:be:af:8f:f5:45:0e:96:97:8a:60:cc:a1:
30:ba:a4:85:8e:79:8d:ac:76:a1:8a:5d:2a:e8:c4:b9:36:2a:
95:df:14:93:90:97:69:20:dc:b7:78:e4:3f:35:2a:61:ff:15:
f1:5c:80:12:b7:d8:45:c4:36:12:70:df:be:89:fb:1b:df:63:
3a:b2:9e:a8:db:2e:40:f2:02:f6:ec:2d:71:07:ce:9c:e9:2f:
a1:84:e8:ea:67:7e:40:7b:cc:d6:a9:00:f9:2e:4b:d6:20:96:
4a:c8:b7:37:f6:11:73:83:de:1f:ba:05:1c:6e:38:cb:d4:54:
eb:b0:55:23
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZyqVzFRxIIyjR/lnxVeneg+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhODQ2MDA2Y2Y4YjllMzg4ZjMxNDUxMzU4MDkyNTAyY2Vj
YzExMzYwHhcNMjYwMzAxMTY1OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDNhMGJmMmI1MjliZGI2OGFmZjVlODE1YTU2ZGYzMDIzNTY1MTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuFcJEgIOab/u7MRva6JDGaHPLXA
oGBiOpblJv4owv6cGT3+Evb6RSSisEuSYXYrGnqhuvDIxKPa2hOEUvHhRbjiLbME
F7YjOzzWwRWVxdh8ShoD6lvllh+F4MQ9INMW+lGNDu02dipw0P7Lr9V84IlUnOY3
8rLgwCE2iRBZux8GZA7Evv5/WnlHswDWF0TrOH2Lf7ubsdV8y+zVU10XdFkHAKSx
unct4y98wwUQPIUeYC6gFNhFYUVoAPP3zT2pi5Apf/iWX8iTH2ed+3JCKhzRUkUj
BulekzGoY3rsCVF1BnuhsuNepRaSIaFgg7vcBfFqUKDs7YDSXpyx4sXbOQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFAQ6C/K1Kb22iv9egVpW3zAjVlElMB8GA1UdIwQY
MBaAFOqEYAbPi544jzFFE1gJJQLOzBE2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNm9SZ0JzLUxuamlQTVVVVFdBa2xBczdNRVRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8yMWNkNzctMWVjYS00NmI5LTlhYmEt
Zjc0Y2NjYzRlMGExLzEvQkRvTDhyVXB2YmFLXzE2QldsYmZNQ05XVVNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8yMWNkNzctMWVjYS00NmI5LTlhYmEtZjc0Y2NjYzRlMGEx
LzEvNm9SZ0JzLUxuamlQTVVVVFdBa2xBczdNRVRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQAW8U3MBgE
AgACMBIwEAMFBioGisADBwEqBorAABAwDQYJKoZIhvcNAQELBQADggEBANsPXbK+
86bp6T9G5CW6dmBYwtkwKNnx+UmsR1JSRi/ck2/sD6ZA4U9JG6BO0PCdKQBVkO3n
F+ohSAnroF/k2I/f6EF1yJo0IJqsoNXSe3bNkYmEwmMjcdYv6bMMU/HQ5+MD7wQ1
Q11sY9AeyENbfBAnGl2IP/XKNDzaKIB1+5EP0LzH5b6vj/VFDpaXimDMoTC6pIWO
eY2sdqGKXSroxLk2KpXfFJOQl2kg3Ld45D81KmH/FfFcgBK32EXENhJw376J+xvf
YzqynqjbLkDyAvbsLXEHzpzpL6GE6OpnfkB7zNapAPkuS9YglkrItzf2EXOD3h+6
BRxuOMvUVOuwVSM=
-----END CERTIFICATE-----
Generated at Thu Mar 12 07:42:07 2026 by rpki-client