Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/a6TUKLcrgKGMG2raYpkqJfa3RkY.roa
File: a6TUKLcrgKGMG2raYpkqJfa3RkY.roa (raw, json)
Hash identifier: BqBHRpbd+b4VyRTymepYE1rRKfu4yhE4JnFTaF1/sBQ=
Subject key identifier: 6B:A4:D4:28:B7:2B:80:A1:8C:1B:6A:DA:62:99:2A:25:F6:B7:46:46
Certificate issuer: /CN=22a44566764ebb511683cb6228fa91997b559379
Certificate serial: 019DAAF0477F04EB92632B2314248B2DC606
Authority key identifier: 22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/a6TUKLcrgKGMG2raYpkqJfa3RkY.roa
Signing time: Mon 20 Apr 2026 12:49:26 +0000
ROA not before: Mon 20 Apr 2026 12:49:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 215540
IP address blocks: 78.153.131.0/24 maxlen: 24
78.153.139.0/24 maxlen: 24
78.153.144.0/24 maxlen: 24
78.153.150.0/24 maxlen: 24
78.153.151.0/24 maxlen: 24
78.153.155.0/24 maxlen: 24
109.237.98.0/24 maxlen: 24
109.237.99.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.mft
rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Apr 2026 06:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:aa:f0:47:7f:04:eb:92:63:2b:23:14:24:8b:2d:c6:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22a44566764ebb511683cb6228fa91997b559379
Validity
Not Before: Apr 20 12:49:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6ba4d428b72b80a18c1b6ada62992a25f6b74646
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:9f:87:f3:1c:2c:01:35:38:bf:02:af:8d:43:
ee:0c:a0:5e:62:fe:13:91:ae:fe:13:1a:30:b3:ab:
9d:41:04:7a:a6:63:3e:8e:e4:8a:85:58:99:93:38:
f6:5e:f8:a4:cd:0a:c5:ad:84:76:5a:78:36:37:25:
15:4f:09:2d:c1:35:30:ef:7a:61:28:89:b4:fa:41:
08:31:f8:3e:cd:c7:60:66:c6:2b:75:e2:8d:96:0f:
a9:db:cf:34:db:2e:bc:fc:97:f9:3f:dd:1d:bf:7e:
8d:6d:7d:07:55:fc:bd:39:d2:d7:e5:66:f5:42:70:
f5:6d:66:49:9b:69:e1:ec:20:d4:5c:52:35:6e:f9:
c9:9d:41:e9:1f:b0:08:f3:34:e4:97:39:38:17:99:
22:f1:09:1a:18:fe:d7:62:ea:8c:b9:88:a1:2f:09:
40:fc:db:64:f6:84:5b:17:90:2e:6f:36:cc:42:0d:
bf:01:a5:db:41:80:49:2a:73:a2:da:30:25:bf:42:
3b:e4:c7:58:f4:51:69:7f:ba:38:d8:a5:a1:4e:af:
b3:e4:5a:4a:9a:1b:d7:12:21:a0:f2:f6:fa:8d:4f:
ba:be:c8:02:70:67:04:d3:6b:a3:fd:6b:35:f0:43:
30:ec:7f:f1:f1:0d:0c:0b:d0:a8:f2:4e:42:63:77:
a6:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:A4:D4:28:B7:2B:80:A1:8C:1B:6A:DA:62:99:2A:25:F6:B7:46:46
X509v3 Authority Key Identifier:
keyid:22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/a6TUKLcrgKGMG2raYpkqJfa3RkY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.153.131.0/24
78.153.139.0/24
78.153.144.0/24
78.153.150.0/23
78.153.155.0/24
109.237.98.0/23
Signature Algorithm: sha256WithRSAEncryption
47:5a:5b:6c:e0:08:cb:9d:ba:e6:49:46:9f:28:97:f1:c4:83:
e2:84:29:63:39:9f:42:e6:cc:05:fa:87:cd:91:51:d5:fe:51:
d4:0d:5a:4d:73:73:ba:0a:6b:06:dd:e1:1e:d0:9e:7d:23:58:
31:40:4f:62:ca:bc:e0:9a:48:48:0f:7f:d8:10:aa:40:8e:62:
16:e0:0d:58:ff:5f:6b:aa:28:60:5a:a7:f0:88:04:5b:8b:29:
90:a2:34:6e:09:12:39:bc:99:2a:bf:3a:b5:b4:fc:75:0a:a4:
de:54:a1:e1:b6:9e:73:f3:95:05:a8:ae:0b:62:05:e8:81:8d:
5c:1f:18:a5:7b:be:a2:26:bd:25:29:62:46:96:8c:4c:57:e1:
19:62:1e:60:41:31:8c:52:65:48:03:bc:be:18:81:c0:19:57:
d1:9e:26:15:8b:11:06:e4:14:e9:79:0d:4d:d6:59:7b:8d:9e:
03:7d:67:c6:82:cd:4e:f3:3f:8f:d3:3d:62:99:9c:11:b1:3f:
33:d0:d7:df:08:30:b9:30:60:5c:02:11:ce:36:ec:bc:8a:c3:
da:54:68:74:e5:5d:19:31:5e:a4:73:ba:10:1b:b8:9e:22:c7:
1c:40:63:b6:a1:ea:d1:ee:c2:b8:cc:9c:dc:d4:25:64:b9:8b:
df:51:ff:cf
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ2q8Ed/BOuSYysjFCSLLcYGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTQ0NTY2NzY0ZWJiNTExNjgzY2I2MjI4ZmE5MTk5N2I1
NTkzNzkwHhcNMjYwNDIwMTI0OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmE0ZDQyOGI3MmI4MGExOGMxYjZhZGE2Mjk5MmEyNWY2Yjc0NjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5+H8xwsATU4vwKvjUPuDKBeYv4T
ka7+Exows6udQQR6pmM+juSKhViZkzj2XvikzQrFrYR2Wng2NyUVTwktwTUw73ph
KIm0+kEIMfg+zcdgZsYrdeKNlg+p28802y68/Jf5P90dv36NbX0HVfy9OdLX5Wb1
QnD1bWZJm2nh7CDUXFI1bvnJnUHpH7AI8zTklzk4F5ki8QkaGP7XYuqMuYihLwlA
/Ntk9oRbF5AubzbMQg2/AaXbQYBJKnOi2jAlv0I75MdY9FFpf7o42KWhTq+z5FpK
mhvXEiGg8vb6jU+6vsgCcGcE02uj/Ws18EMw7H/x8Q0MC9Co8k5CY3emmwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFGuk1Ci3K4ChjBtq2mKZKiX2t0ZGMB8GA1UdIwQY
MBaAFCKkRWZ2TrtRFoPLYij6kZl7VZN5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMt
MTZiODBhYTI4ZGQ2LzEvYTZUVUtMY3JnS0dNRzJyYVlwa3FKZmEzUmtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMtMTZiODBhYTI4ZGQ2
LzEvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQATpmDAwQA
TpmLAwQATpmQAwQBTpmWAwQATpmbAwQBbe1iMA0GCSqGSIb3DQEBCwUAA4IBAQBH
Wlts4AjLnbrmSUafKJfxxIPihCljOZ9C5swF+ofNkVHV/lHUDVpNc3O6CmsG3eEe
0J59I1gxQE9iyrzgmkhID3/YEKpAjmIW4A1Y/19rqihgWqfwiARbiymQojRuCRI5
vJkqvzq1tPx1CqTeVKHhtp5z85UFqK4LYgXogY1cHxile76iJr0lKWJGloxMV+EZ
Yh5gQTGMUmVIA7y+GIHAGVfRniYVixEG5BTpeQ1N1ll7jZ4DfWfGgs1O8z+P0z1i
mZwRsT8z0NffCDC5MGBcAhHONuy8isPaVGh05V0ZMV6kc7oQG7ieIsccQGO2oerR
7sK4zJzc1CVkuYvfUf/P
-----END CERTIFICATE-----
Generated at Mon Apr 27 13:58:30 2026 by rpki-client