Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/K8bI68ydbYD0aGoO_y4tC8a-6po.roa
File: K8bI68ydbYD0aGoO_y4tC8a-6po.roa (raw, json)
Hash identifier: 7jWrWjgMEBXHFnrwJxNxcZvd3n/YILw9cksevC2VciU=
Subject key identifier: 2B:C6:C8:EB:CC:9D:6D:80:F4:68:6A:0E:FF:2E:2D:0B:C6:BE:EA:9A
Certificate issuer: /CN=22a44566764ebb511683cb6228fa91997b559379
Certificate serial: 019CB514856637E3F002F46A3E0EB264C23B
Authority key identifier: 22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/K8bI68ydbYD0aGoO_y4tC8a-6po.roa
Signing time: Tue 03 Mar 2026 19:02:26 +0000
ROA not before: Tue 03 Mar 2026 19:02:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 215540
IP address blocks: 78.153.131.0/24 maxlen: 24
78.153.136.0/24 maxlen: 24
78.153.139.0/24 maxlen: 24
78.153.144.0/24 maxlen: 24
78.153.150.0/24 maxlen: 24
78.153.151.0/24 maxlen: 24
78.153.155.0/24 maxlen: 24
109.237.98.0/24 maxlen: 24
109.237.99.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.mft
rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 12 Mar 2026 15:04:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:b5:14:85:66:37:e3:f0:02:f4:6a:3e:0e:b2:64:c2:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22a44566764ebb511683cb6228fa91997b559379
Validity
Not Before: Mar 3 19:02:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2bc6c8ebcc9d6d80f4686a0eff2e2d0bc6beea9a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:02:e1:91:9a:1f:05:27:5f:75:36:3b:00:1b:
f4:33:7f:5e:cc:3e:42:9c:b5:4e:f8:37:2d:9e:81:
4b:4a:91:1d:aa:d1:ed:10:6c:72:ed:16:09:18:9f:
ab:fc:19:b0:85:bb:a2:cd:bb:dc:55:47:6e:b2:e8:
cf:cd:d6:4b:e6:18:0a:6d:59:d3:e4:a9:f7:85:84:
1f:b2:8d:51:aa:63:7b:d9:77:50:1e:c6:d6:16:3b:
7a:27:9d:fd:8d:51:04:9c:44:2c:df:2a:8f:51:1b:
5b:92:89:02:04:25:10:25:e2:2f:8b:5e:a0:b9:1b:
16:5c:33:38:d7:d0:ed:bd:4b:e5:71:2c:f5:ed:bb:
0d:78:f8:d0:94:e5:35:ab:98:9d:b2:39:8b:b0:a5:
7e:a8:2f:d7:2a:12:e6:7d:11:a0:68:05:55:47:1d:
c7:8e:0e:d0:14:93:90:9c:0e:8f:c0:a4:e9:bf:d1:
59:49:82:99:06:d1:94:34:0f:cc:14:14:44:d7:11:
29:af:29:52:7e:51:a0:25:b1:2b:54:85:85:2d:4f:
03:23:30:9b:94:47:30:68:8b:47:13:58:bb:d5:52:
34:49:3b:5a:b6:4e:14:34:ac:bd:0f:97:48:2b:50:
31:ec:77:89:eb:f9:d8:52:79:5a:14:a3:c1:ab:4e:
a2:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:C6:C8:EB:CC:9D:6D:80:F4:68:6A:0E:FF:2E:2D:0B:C6:BE:EA:9A
X509v3 Authority Key Identifier:
keyid:22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/K8bI68ydbYD0aGoO_y4tC8a-6po.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.153.131.0/24
78.153.136.0/24
78.153.139.0/24
78.153.144.0/24
78.153.150.0/23
78.153.155.0/24
109.237.98.0/23
Signature Algorithm: sha256WithRSAEncryption
67:6d:87:35:2d:05:18:7e:4b:aa:39:98:d2:fd:5b:a0:14:28:
68:1f:7c:44:db:a8:c0:84:f7:d7:4d:0d:e1:29:62:81:88:76:
c9:0b:24:20:a4:46:11:88:4c:15:6e:aa:5c:f9:ac:54:33:55:
e7:72:89:86:4d:10:7b:28:6d:6c:f9:24:3d:74:8c:74:b5:7d:
f6:f3:00:a4:65:e9:3e:81:92:2c:b5:7f:33:51:a9:f8:5e:d0:
ae:fa:a1:05:0f:a3:66:f8:c0:b6:4b:45:04:fe:d3:f8:97:d3:
7b:0d:6d:d8:75:d1:17:b4:fe:92:b9:73:12:6d:1d:50:c7:75:
41:6b:93:35:8e:4f:7c:3f:10:8f:49:ea:54:57:a6:34:0c:c4:
c8:ee:dc:1e:37:46:e8:cf:41:e1:e6:37:a9:73:f8:ab:1e:2f:
8b:72:1a:f3:f4:f7:4c:ea:73:fb:c5:d4:11:7e:b6:a9:ab:6f:
f8:56:c0:b3:d9:91:f6:76:a5:20:7c:26:ea:6a:3e:41:87:ea:
d2:0d:78:48:eb:7c:86:d5:b1:67:69:0b:f9:c1:7d:32:ad:cd:
58:cb:9a:8a:71:64:f5:9b:f5:34:09:13:4a:78:52:c5:ae:e4:
8c:00:73:dc:8f:e7:1c:88:8b:3d:fe:72:9d:86:e7:df:ef:78:
84:58:3f:78
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZy1FIVmN+PwAvRqPg6yZMI7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTQ0NTY2NzY0ZWJiNTExNjgzY2I2MjI4ZmE5MTk5N2I1
NTkzNzkwHhcNMjYwMzAzMTkwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmM2YzhlYmNjOWQ2ZDgwZjQ2ODZhMGVmZjJlMmQwYmM2YmVlYTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6QLhkZofBSdfdTY7ABv0M39ezD5C
nLVO+DctnoFLSpEdqtHtEGxy7RYJGJ+r/BmwhbuizbvcVUdusujPzdZL5hgKbVnT
5Kn3hYQfso1RqmN72XdQHsbWFjt6J539jVEEnEQs3yqPURtbkokCBCUQJeIvi16g
uRsWXDM419DtvUvlcSz17bsNePjQlOU1q5idsjmLsKV+qC/XKhLmfRGgaAVVRx3H
jg7QFJOQnA6PwKTpv9FZSYKZBtGUNA/MFBRE1xEprylSflGgJbErVIWFLU8DIzCb
lEcwaItHE1i71VI0STtatk4UNKy9D5dIK1Ax7HeJ6/nYUnlaFKPBq06iyQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFCvGyOvMnW2A9GhqDv8uLQvGvuqaMB8GA1UdIwQY
MBaAFCKkRWZ2TrtRFoPLYij6kZl7VZN5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMt
MTZiODBhYTI4ZGQ2LzEvSzhiSTY4eWRiWUQwYUdvT195NHRDOGEtNnBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMtMTZiODBhYTI4ZGQ2
LzEvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQATpmDAwQA
TpmIAwQATpmLAwQATpmQAwQBTpmWAwQATpmbAwQBbe1iMA0GCSqGSIb3DQEBCwUA
A4IBAQBnbYc1LQUYfkuqOZjS/VugFChoH3xE26jAhPfXTQ3hKWKBiHbJCyQgpEYR
iEwVbqpc+axUM1XncomGTRB7KG1s+SQ9dIx0tX328wCkZek+gZIstX8zUan4XtCu
+qEFD6Nm+MC2S0UE/tP4l9N7DW3YddEXtP6SuXMSbR1Qx3VBa5M1jk98PxCPSepU
V6Y0DMTI7tweN0boz0Hh5jepc/irHi+Lchrz9PdM6nP7xdQRfrapq2/4VsCz2ZH2
dqUgfCbqaj5Bh+rSDXhI63yG1bFnaQv5wX0yrc1Yy5qKcWT1m/U0CRNKeFLFruSM
AHPcj+cciIs9/nKdhuff73iEWD94
-----END CERTIFICATE-----
Generated at Wed Mar 11 22:18:10 2026 by rpki-client