Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aqDY1R6TEBrirgCX4AbakkKC4B8.roa
File: aqDY1R6TEBrirgCX4AbakkKC4B8.roa (raw, json)
Hash identifier: cBwLm+Vo0oJJ4BOSWnPa3H7Ff/jslRilG9SdMzaz8NI=
Subject key identifier: 6A:A0:D8:D5:1E:93:10:1A:E2:AE:00:97:E0:06:DA:92:42:82:E0:1F
Certificate issuer: /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial: 019D077A52108E718C5E866D2DD1284DC5FB
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aqDY1R6TEBrirgCX4AbakkKC4B8.roa
Signing time: Thu 19 Mar 2026 19:02:30 +0000
ROA not before: Thu 19 Mar 2026 19:02:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 26548
IP address blocks: 91.198.230.0/24 maxlen: 24
91.199.3.0/24 maxlen: 24
193.33.66.0/24 maxlen: 24
193.37.133.0/24 maxlen: 24
193.109.221.0/24 maxlen: 24
193.135.13.0/24 maxlen: 24
193.176.237.0/24 maxlen: 24
193.193.164.0/24 maxlen: 24
194.56.255.0/24 maxlen: 24
194.107.125.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 23 Mar 2026 03:00:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:07:7a:52:10:8e:71:8c:5e:86:6d:2d:d1:28:4d:c5:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Validity
Not Before: Mar 19 19:02:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6aa0d8d51e93101ae2ae0097e006da924282e01f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:98:9c:00:b2:09:78:6b:7e:3a:72:80:a8:9f:
80:3b:9b:02:99:84:48:15:6c:6b:a6:82:85:f1:26:
a9:25:94:ba:4a:84:04:bf:99:bf:b4:4c:79:67:00:
cf:ab:fe:2e:14:af:fe:7a:c9:aa:18:12:af:17:11:
c1:8c:d5:1d:5b:f3:8c:2b:b3:5f:31:af:97:ec:7a:
18:ec:7f:46:a2:17:9f:d6:8e:f0:d0:cb:f9:7d:2d:
31:ec:63:6e:f0:74:0e:a6:6c:94:6f:fe:b1:66:73:
bf:40:a0:7c:63:db:04:b6:17:d0:6e:9c:81:68:fd:
f1:3d:9d:51:4b:66:84:19:62:ff:13:55:a7:48:da:
f0:d6:82:07:07:11:72:0a:84:d3:9a:52:20:7d:18:
70:8c:fe:1b:93:6c:92:8f:33:8b:5e:e7:57:e6:33:
7e:ea:af:51:fa:40:a9:a8:29:06:a4:cb:eb:39:48:
36:52:80:0d:96:cb:86:57:cd:ad:b1:50:8a:e5:7d:
1b:7a:ad:1a:a8:dc:db:cc:6e:d6:3a:a2:88:6d:20:
c0:41:d7:4c:68:99:31:17:9b:ab:2f:47:24:dd:50:
72:ca:bf:a9:61:22:f2:83:30:23:04:51:22:a7:2a:
ad:9d:53:51:cd:4d:ef:81:26:73:57:74:0e:ea:26:
8a:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:A0:D8:D5:1E:93:10:1A:E2:AE:00:97:E0:06:DA:92:42:82:E0:1F
X509v3 Authority Key Identifier:
keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aqDY1R6TEBrirgCX4AbakkKC4B8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.198.230.0/24
91.199.3.0/24
193.33.66.0/24
193.37.133.0/24
193.109.221.0/24
193.135.13.0/24
193.176.237.0/24
193.193.164.0/24
194.56.255.0/24
194.107.125.0/24
Signature Algorithm: sha256WithRSAEncryption
09:68:76:97:c2:7e:f6:63:9d:46:d3:ee:38:84:3b:5a:2d:92:
e1:1d:bb:68:23:61:a7:09:b9:ba:1a:67:0b:18:cc:cd:ac:5d:
a2:81:11:ea:5d:e7:76:97:25:13:82:5e:59:48:f8:bd:71:e2:
64:50:d3:6e:f4:d2:e5:e4:a2:b6:37:a5:86:cf:5a:bb:d7:c7:
49:d2:e7:a1:e9:87:a8:ff:b8:5b:d1:5d:2c:3c:f2:af:5b:84:
a0:7e:32:7d:4e:de:41:2f:5c:09:13:ad:2d:25:5d:d9:49:90:
93:90:61:7e:0f:ca:13:0e:93:0a:93:b0:75:a7:d3:cd:80:26:
1c:cf:4c:f9:90:ab:ca:31:95:5c:fa:86:48:f2:a1:fa:5f:b6:
75:48:f6:85:48:f4:57:f6:dc:84:6f:a7:e3:4e:e8:97:ec:e4:
fc:d7:d0:fb:72:af:ec:ad:cc:0c:85:66:b1:1d:8f:7c:e6:ae:
53:95:36:03:45:5c:e9:ff:af:1c:0f:bb:44:99:dc:2a:df:c8:
42:50:29:29:38:2d:30:89:a7:7f:05:f2:d3:81:f6:25:91:7c:
38:f5:82:7f:a6:46:da:8e:54:0b:dd:91:00:4a:94:23:2a:17:
99:29:90:8e:1a:aa:98:9d:48:ee:54:28:bb:62:74:cd:4b:75:
b4:b0:02:9b
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZ0HelIQjnGMXoZtLdEoTcX7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMzE5MTkwMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWEwZDhkNTFlOTMxMDFhZTJhZTAwOTdlMDA2ZGE5MjQyODJlMDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZicALIJeGt+OnKAqJ+AO5sCmYRI
FWxrpoKF8SapJZS6SoQEv5m/tEx5ZwDPq/4uFK/+esmqGBKvFxHBjNUdW/OMK7Nf
Ma+X7HoY7H9Gohef1o7w0Mv5fS0x7GNu8HQOpmyUb/6xZnO/QKB8Y9sEthfQbpyB
aP3xPZ1RS2aEGWL/E1WnSNrw1oIHBxFyCoTTmlIgfRhwjP4bk2ySjzOLXudX5jN+
6q9R+kCpqCkGpMvrOUg2UoANlsuGV82tsVCK5X0beq0aqNzbzG7WOqKIbSDAQddM
aJkxF5urL0ck3VByyr+pYSLygzAjBFEipyqtnVNRzU3vgSZzV3QO6iaKaQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFGqg2NUekxAa4q4Al+AG2pJCguAfMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvYXFEWTFSNlRFQnJpcmdDWDRBYmFra0tDNEI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAW8bmAwQA
W8cDAwQAwSFCAwQAwSWFAwQAwW3dAwQAwYcNAwQAwbDtAwQAwcGkAwQAwjj/AwQA
wmt9MA0GCSqGSIb3DQEBCwUAA4IBAQAJaHaXwn72Y51G0+44hDtaLZLhHbtoI2Gn
Cbm6GmcLGMzNrF2igRHqXed2lyUTgl5ZSPi9ceJkUNNu9NLl5KK2N6WGz1q718dJ
0ueh6Yeo/7hb0V0sPPKvW4SgfjJ9Tt5BL1wJE60tJV3ZSZCTkGF+D8oTDpMKk7B1
p9PNgCYcz0z5kKvKMZVc+oZI8qH6X7Z1SPaFSPRX9tyEb6fjTuiX7OT819D7cq/s
rcwMhWaxHY985q5TlTYDRVzp/68cD7tEmdwq38hCUCkpOC0wiad/BfLTgfYlkXw4
9YJ/pkbajlQL3ZEASpQjKheZKZCOGqqYnUjuVCi7YnTNS3W0sAKb
-----END CERTIFICATE-----
Generated at Sun Mar 22 11:17:28 2026 by rpki-client