Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/LQ2MMiTg73YogggMlO3q0fwzTYs.roa
File: LQ2MMiTg73YogggMlO3q0fwzTYs.roa (raw, json)
Hash identifier: jiGxpN7PaAMkunNkUqVgtCVKMwjT12Y2+fuZm4c5duo=
Subject key identifier: 2D:0D:8C:32:24:E0:EF:76:28:82:08:0C:94:ED:EA:D1:FC:33:4D:8B
Certificate issuer: /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial: 019CFAB6CE0194BB1A5DD7E6E1DAD88E77AD
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/LQ2MMiTg73YogggMlO3q0fwzTYs.roa
Signing time: Tue 17 Mar 2026 07:33:30 +0000
ROA not before: Tue 17 Mar 2026 07:33:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 8881
IP address blocks: 109.229.219.0/24 maxlen: 24
109.229.222.0/24 maxlen: 24
176.106.102.0/23 maxlen: 24
213.110.68.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 23 Mar 2026 07:00:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:fa:b6:ce:01:94:bb:1a:5d:d7:e6:e1:da:d8:8e:77:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Validity
Not Before: Mar 17 07:33:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2d0d8c3224e0ef762882080c94edead1fc334d8b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:70:fd:61:fd:68:27:17:b2:d3:a2:cf:12:bd:
85:7c:23:ef:57:83:4f:89:81:22:f6:83:44:c7:ec:
07:bd:0e:b3:33:34:9f:0e:d2:8a:fc:27:df:02:7c:
06:0e:81:c4:3b:f5:7b:c3:6c:f5:56:08:1c:ef:71:
94:aa:fa:22:fa:db:c0:33:90:74:8b:c7:de:e2:64:
cf:41:c8:53:d3:91:60:81:cb:63:f5:de:2c:30:2d:
7a:ed:cb:13:74:e0:62:b3:d1:01:3d:0d:04:a7:58:
e8:69:f6:b6:2b:3a:b5:8c:e1:b1:70:0f:26:46:f7:
4e:de:fd:f0:e3:b1:df:0a:40:49:e0:0d:5e:b5:80:
27:d5:b1:5a:ac:3f:4c:e2:37:19:5f:69:8d:82:8c:
d9:ca:cc:9a:e3:78:fa:05:b8:fc:75:a3:d4:a8:82:
31:4c:71:62:ee:44:fd:36:d3:cf:79:c9:22:7e:e0:
1e:a1:84:b4:6c:ac:a5:8f:1d:50:f8:75:41:ea:32:
cf:e1:65:e5:08:95:f8:87:1b:74:ef:f6:b9:ca:18:
91:a4:0c:af:3e:0a:0c:5c:1c:40:37:cf:2e:f4:6b:
e1:0f:39:6d:01:a5:f3:b6:b1:cf:f2:89:ae:07:c8:
65:c0:18:70:e6:15:6d:a8:7b:d5:ee:39:bb:30:87:
f9:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:0D:8C:32:24:E0:EF:76:28:82:08:0C:94:ED:EA:D1:FC:33:4D:8B
X509v3 Authority Key Identifier:
keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/LQ2MMiTg73YogggMlO3q0fwzTYs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.229.219.0/24
109.229.222.0/24
176.106.102.0/23
213.110.68.0/23
Signature Algorithm: sha256WithRSAEncryption
81:c9:ce:7c:fa:06:39:15:df:d2:c1:cb:bf:03:93:37:10:db:
ad:e7:a6:b5:c3:98:3b:74:ab:f6:b5:47:eb:be:48:1a:03:27:
9e:17:d3:a4:d8:43:47:cc:e0:71:c6:bc:2c:ea:61:6d:e6:a6:
a5:8c:7a:df:92:c9:cd:3e:16:c6:e7:b0:9d:4f:fb:e6:ee:52:
aa:5c:3c:19:2f:e9:a0:ec:32:e6:5b:64:e6:55:34:08:9a:b2:
95:9a:61:7f:d7:9e:3d:93:54:da:9a:27:ff:13:8e:42:ea:33:
ba:c5:2c:69:44:a0:5a:29:9e:47:62:98:c3:d9:d8:ca:60:8d:
ee:54:2d:dd:c6:e0:20:4a:73:c7:5e:cb:a3:e6:2e:22:b9:25:
fc:fc:db:54:77:b1:d3:73:1d:fb:4a:b3:9a:89:c8:e6:da:ec:
e8:ab:14:2b:76:33:66:6d:60:4f:eb:03:e6:a3:9a:54:a9:12:
d1:d8:e5:35:09:19:63:8e:f9:9c:22:ac:06:a3:d4:ee:1e:04:
66:82:54:a4:45:4b:ea:6b:c6:3b:ff:72:f5:00:95:12:32:73:
28:09:e0:1a:a0:1f:57:62:70:e4:6d:3b:3e:64:94:5e:d0:3a:
2b:bf:02:16:42:6f:94:36:e7:68:8d:b1:69:e0:89:f7:ae:60:
1e:0f:90:0b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZz6ts4BlLsaXdfm4drYjnetMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwMzE3MDczMzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDBkOGMzMjI0ZTBlZjc2Mjg4MjA4MGM5NGVkZWFkMWZjMzM0ZDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXD9Yf1oJxey06LPEr2FfCPvV4NP
iYEi9oNEx+wHvQ6zMzSfDtKK/CffAnwGDoHEO/V7w2z1Vggc73GUqvoi+tvAM5B0
i8fe4mTPQchT05Fggctj9d4sMC167csTdOBis9EBPQ0Ep1joafa2Kzq1jOGxcA8m
RvdO3v3w47HfCkBJ4A1etYAn1bFarD9M4jcZX2mNgozZysya43j6Bbj8daPUqIIx
THFi7kT9NtPPeckifuAeoYS0bKyljx1Q+HVB6jLP4WXlCJX4hxt07/a5yhiRpAyv
PgoMXBxAN88u9GvhDzltAaXztrHP8omuB8hlwBhw5hVtqHvV7jm7MIf5AwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFC0NjDIk4O92KIIIDJTt6tH8M02LMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvTFEyTU1pVGc3M1lvZ2dnTWxPM3EwZnd6VFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAbeXbAwQA
beXeAwQBsGpmAwQB1W5EMA0GCSqGSIb3DQEBCwUAA4IBAQCByc58+gY5Fd/Swcu/
A5M3ENut56a1w5g7dKv2tUfrvkgaAyeeF9Ok2ENHzOBxxrws6mFt5qaljHrfksnN
PhbG57CdT/vm7lKqXDwZL+mg7DLmW2TmVTQImrKVmmF/1549k1Tamif/E45C6jO6
xSxpRKBaKZ5HYpjD2djKYI3uVC3dxuAgSnPHXsuj5i4iuSX8/NtUd7HTcx37SrOa
icjm2uzoqxQrdjNmbWBP6wPmo5pUqRLR2OU1CRljjvmcIqwGo9TuHgRmglSkRUvq
a8Y7/3L1AJUSMnMoCeAaoB9XYnDkbTs+ZJRe0DorvwIWQm+UNudojbFp4In3rmAe
D5AL
-----END CERTIFICATE-----
Generated at Sun Mar 22 14:52:33 2026 by rpki-client