Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/2-nQD53TioEz5EaY1asi0J5b8fw.roa
File: 2-nQD53TioEz5EaY1asi0J5b8fw.roa (raw, json)
Hash identifier: LWulNGVWuehNs6Q6ArMecv6Qne0LQLv+tzqKnsqb2Y0=
Subject key identifier: DB:E9:D0:0F:9D:D3:8A:81:33:E4:46:98:D5:AB:22:D0:9E:5B:F1:FC
Certificate issuer: /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial: 019E4F6E1D1F9FF7DF8000390A81122EBCFA
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/2-nQD53TioEz5EaY1asi0J5b8fw.roa
Signing time: Fri 22 May 2026 11:24:36 +0000
ROA not before: Fri 22 May 2026 11:24:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9304
IP address blocks: 109.121.38.0/24 maxlen: 24
109.121.43.0/24 maxlen: 24
178.219.0.0/24 maxlen: 24
178.219.1.0/24 maxlen: 24
178.253.224.0/24 maxlen: 24
212.69.8.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 03 Jun 2026 12:27:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:4f:6e:1d:1f:9f:f7:df:80:00:39:0a:81:12:2e:bc:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Validity
Not Before: May 22 11:24:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=dbe9d00f9dd38a8133e44698d5ab22d09e5bf1fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:9b:bf:23:26:2b:ea:20:36:18:e6:84:2e:21:
6e:7e:21:32:92:75:88:a8:bb:05:2a:c5:b9:18:73:
08:d3:1c:bb:45:44:43:d0:b2:dd:b0:7a:47:e3:0a:
a3:16:dc:aa:17:5b:84:c2:ed:23:96:f7:ad:0f:ad:
fb:1f:c0:e1:18:03:29:10:b9:36:63:f9:d7:e1:7d:
2a:1c:6a:01:54:69:f7:f9:b5:97:81:a4:07:36:a4:
33:b4:33:e9:56:b6:12:83:cb:d8:c3:d7:9b:a2:95:
e5:a5:00:39:46:86:fb:a0:d1:aa:13:13:2d:77:01:
89:c7:2d:6a:f6:c6:4c:ca:99:3a:62:d7:70:ef:a4:
25:c9:2d:f3:b8:10:83:ad:80:b1:4e:11:8e:f2:b3:
17:ce:69:b0:9a:28:60:52:94:0b:c3:c5:14:eb:b8:
2e:d9:10:2d:d6:63:cf:63:73:be:45:f2:3a:25:ee:
0c:88:7c:a9:02:8c:cb:84:60:0e:98:8a:24:2c:8e:
19:a7:d3:6a:fd:ff:e4:da:f6:86:6f:5e:88:25:22:
bb:f9:1b:fa:e2:ab:d0:a6:c3:6c:bb:5a:50:30:4f:
0c:8f:e4:f5:3c:06:49:1f:67:a1:92:e9:38:e8:a8:
0a:85:e0:0a:46:b4:f1:ef:fa:4c:85:45:cd:7c:86:
dc:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:E9:D0:0F:9D:D3:8A:81:33:E4:46:98:D5:AB:22:D0:9E:5B:F1:FC
X509v3 Authority Key Identifier:
keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/2-nQD53TioEz5EaY1asi0J5b8fw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.121.38.0/24
109.121.43.0/24
178.219.0.0/23
178.253.224.0/24
212.69.8.0/24
Signature Algorithm: sha256WithRSAEncryption
06:de:1c:fe:87:1c:ce:fc:79:2f:fb:16:1c:7e:5d:7b:3a:e3:
0d:60:02:e3:57:c7:70:c2:17:dc:33:2e:7e:69:ef:c0:70:7d:
ef:ae:08:27:2c:99:c5:06:c0:8a:b5:f5:4f:0b:46:30:e0:e7:
f6:53:f9:ae:02:5d:07:1a:c9:8f:44:2b:ab:bd:2a:f8:c3:7e:
73:f8:cb:21:6d:0e:4a:33:3d:bb:b5:cc:ab:f4:eb:65:fa:f6:
2e:3b:65:9b:ea:d3:ed:98:70:3b:f0:c8:31:e0:93:9d:a3:f8:
66:f7:fc:18:2b:73:30:de:4a:5e:59:da:94:12:59:1e:98:c8:
10:7f:d2:79:f3:1d:47:19:04:a8:3a:9c:41:8e:b0:4c:29:6e:
33:fb:e8:71:1f:4e:d9:44:5e:e7:5c:7a:32:e4:ca:bd:3a:89:
88:86:a4:56:14:65:5c:c7:f4:e4:d1:18:5a:9f:f3:06:c1:c7:
3c:91:0b:33:0c:8a:31:fb:96:44:d5:12:22:6d:fc:a6:48:06:
bb:d6:9f:b0:d5:13:05:a2:d3:14:42:34:ba:51:ab:fa:86:b0:
39:a8:48:26:a2:af:b1:dd:b8:1e:68:ab:05:4e:95:0e:12:93:
9c:df:9b:c5:51:c1:d4:44:ac:a4:66:64:bb:7d:ce:5b:68:f6:
3a:c0:95:1a
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZ5Pbh0fn/ffgAA5CoESLrz6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTIyMTEyNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmU5ZDAwZjlkZDM4YTgxMzNlNDQ2OThkNWFiMjJkMDllNWJmMWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Ju/IyYr6iA2GOaELiFufiEyknWI
qLsFKsW5GHMI0xy7RURD0LLdsHpH4wqjFtyqF1uEwu0jlvetD637H8DhGAMpELk2
Y/nX4X0qHGoBVGn3+bWXgaQHNqQztDPpVrYSg8vYw9ebopXlpQA5Rob7oNGqExMt
dwGJxy1q9sZMypk6Ytdw76QlyS3zuBCDrYCxThGO8rMXzmmwmihgUpQLw8UU67gu
2RAt1mPPY3O+RfI6Je4MiHypAozLhGAOmIokLI4Zp9Nq/f/k2vaGb16IJSK7+Rv6
4qvQpsNsu1pQME8Mj+T1PAZJH2ehkuk46KgKheAKRrTx7/pMhUXNfIbcGQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNvp0A+d04qBM+RGmNWrItCeW/H8MB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvMi1uUUQ1M1Rpb0V6NUVhWTFhc2kwSjViOGZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAbXkmAwQA
bXkrAwQBstsAAwQAsv3gAwQA1EUIMA0GCSqGSIb3DQEBCwUAA4IBAQAG3hz+hxzO
/Hkv+xYcfl17OuMNYALjV8dwwhfcMy5+ae/AcH3vrggnLJnFBsCKtfVPC0Yw4Of2
U/muAl0HGsmPRCurvSr4w35z+MshbQ5KMz27tcyr9Otl+vYuO2Wb6tPtmHA78Mgx
4JOdo/hm9/wYK3Mw3kpeWdqUElkemMgQf9J58x1HGQSoOpxBjrBMKW4z++hxH07Z
RF7nXHoy5Mq9OomIhqRWFGVcx/Tk0Rhan/MGwcc8kQszDIox+5ZE1RIibfymSAa7
1p+w1RMFotMUQjS6Uav6hrA5qEgmoq+x3bgeaKsFTpUOEpOc35vFUcHURKykZmS7
fc5baPY6wJUa
-----END CERTIFICATE-----
Generated at Tue Jun 2 20:52:58 2026 by rpki-client