Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/ivMUWtvVB0AgeIKB0hYKYeRv21E.roa
File: ivMUWtvVB0AgeIKB0hYKYeRv21E.roa (raw, json)
Hash identifier: +LXVX3PQ7k7Tkti4BWcHEjKRqmx5x0FH22DWJF9cQFA=
Subject key identifier: 8A:F3:14:5A:DB:D5:07:40:20:78:82:81:D2:16:0A:61:E4:6F:DB:51
Certificate issuer: /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial: 019E8741589D4E4EB6C040BDE10BA9812EA9
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/ivMUWtvVB0AgeIKB0hYKYeRv21E.roa
Signing time: Tue 02 Jun 2026 07:34:27 +0000
ROA not before: Tue 02 Jun 2026 07:34:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 210423
IP address blocks: 84.232.35.0/24 maxlen: 24
84.232.36.0/23 maxlen: 23
84.232.36.0/24 maxlen: 24
84.232.37.0/24 maxlen: 24
84.236.234.0/23 maxlen: 23
95.178.112.0/22 maxlen: 22
95.178.112.0/23 maxlen: 23
95.178.114.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 07:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:87:41:58:9d:4e:4e:b6:c0:40:bd:e1:0b:a9:81:2e:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Validity
Not Before: Jun 2 07:34:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8af3145adbd5074020788281d2160a61e46fdb51
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:a1:80:c2:c4:c3:1b:4f:e2:4b:47:36:2c:c2:
84:07:f4:64:1c:45:36:d9:c9:40:68:b7:b1:77:35:
3a:1b:18:77:73:0f:e8:f1:d0:7c:b9:03:d7:74:22:
0d:55:e2:4e:e0:a8:7b:6f:a3:b3:99:cc:22:66:6a:
31:4f:33:5d:86:bb:29:07:97:7d:14:d5:70:52:e8:
b5:a0:52:c8:e9:7e:e9:a8:a9:19:89:e6:24:ed:04:
c2:dc:7c:51:61:e3:48:e1:42:4c:4e:9e:b2:e9:7b:
8b:b8:52:69:5f:25:94:27:44:fc:1a:1b:59:21:5c:
e3:e5:f6:90:6c:4a:a7:a7:d7:b2:8e:24:ed:8b:4d:
6a:60:41:4f:fe:4e:e3:16:23:ed:48:72:cf:60:63:
39:d7:31:15:ac:bc:cf:f9:a5:86:ac:4d:b3:81:b7:
35:9d:67:1b:5e:a3:a5:87:15:8a:88:46:cc:f7:b9:
8b:4a:3c:cb:f1:ed:07:e0:3b:66:d6:c2:8a:d9:90:
25:a0:de:c2:63:db:16:00:41:a8:ae:b6:c2:65:ef:
36:1f:82:61:61:70:9c:7f:50:fe:ed:92:af:4c:7d:
33:9a:82:0f:e6:52:42:94:f6:2c:9f:fe:cf:ec:a3:
97:ee:d7:5a:4f:cc:83:8b:e9:f3:35:f7:34:0e:6e:
5d:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:F3:14:5A:DB:D5:07:40:20:78:82:81:D2:16:0A:61:E4:6F:DB:51
X509v3 Authority Key Identifier:
keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/ivMUWtvVB0AgeIKB0hYKYeRv21E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.232.35.0-84.232.37.255
84.236.234.0/23
95.178.112.0/22
Signature Algorithm: sha256WithRSAEncryption
02:b2:4d:f9:38:c7:c5:a3:77:b7:dd:17:eb:82:a3:1b:eb:d9:
fc:6d:ac:58:c7:75:cb:7b:e1:42:ac:2a:e9:bf:79:9b:6b:07:
4c:2e:59:35:c2:18:92:e1:7c:c5:22:90:32:92:3c:54:08:ad:
35:17:83:de:d1:f4:9a:df:bb:fa:7f:7c:af:41:19:1c:a6:d4:
af:0b:80:a9:65:e3:6e:9b:4d:ec:57:04:12:90:bd:04:27:02:
58:e8:02:59:71:07:95:97:9d:8e:57:28:cf:fc:21:4a:ef:f5:
2f:8f:7b:da:71:94:1c:0f:e3:e3:34:57:4b:34:cf:be:45:11:
07:76:f2:6a:1f:7f:52:a8:53:75:f1:a2:e9:ee:f0:39:c3:7c:
cb:7c:a2:93:a8:ce:c1:59:20:b2:60:be:44:49:74:4d:ae:3d:
95:75:09:63:67:fb:e9:90:82:8d:6f:a4:2a:20:a9:3f:76:1c:
79:5d:89:8d:50:ec:2b:d0:e8:55:b3:5c:ef:c3:47:02:df:ea:
d3:5e:e1:eb:21:5b:2e:e4:68:37:3e:b5:22:ae:81:79:ec:48:
81:95:92:55:cf:f6:a5:40:d9:81:f4:1f:0f:ce:40:88:e0:cd:
12:87:be:50:5e:a9:1d:6d:60:3d:c1:29:0c:86:d7:9e:27:6c:
59:d2:27:9a
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZ6HQVidTk62wEC94QupgS6pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjYwNjAyMDczNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWYzMTQ1YWRiZDUwNzQwMjA3ODgyODFkMjE2MGE2MWU0NmZkYjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy6GAwsTDG0/iS0c2LMKEB/RkHEU2
2clAaLexdzU6Gxh3cw/o8dB8uQPXdCINVeJO4Kh7b6OzmcwiZmoxTzNdhrspB5d9
FNVwUui1oFLI6X7pqKkZieYk7QTC3HxRYeNI4UJMTp6y6XuLuFJpXyWUJ0T8GhtZ
IVzj5faQbEqnp9eyjiTti01qYEFP/k7jFiPtSHLPYGM51zEVrLzP+aWGrE2zgbc1
nWcbXqOlhxWKiEbM97mLSjzL8e0H4Dtm1sKK2ZAloN7CY9sWAEGorrbCZe82H4Jh
YXCcf1D+7ZKvTH0zmoIP5lJClPYsn/7P7KOX7tdaT8yDi+nzNfc0Dm5d7wIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFIrzFFrb1QdAIHiCgdIWCmHkb9tRMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvaXZNVVd0dlZCMEFnZUlLQjBoWUtZZVJ2MjFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBABU6CMD
BAFU6CQDBAFU7OoDBAJfsnAwDQYJKoZIhvcNAQELBQADggEBAAKyTfk4x8Wjd7fd
F+uCoxvr2fxtrFjHdct74UKsKum/eZtrB0wuWTXCGJLhfMUikDKSPFQIrTUXg97R
9Jrfu/p/fK9BGRym1K8LgKll426bTexXBBKQvQQnAljoAllxB5WXnY5XKM/8IUrv
9S+Pe9pxlBwP4+M0V0s0z75FEQd28moff1KoU3Xxounu8DnDfMt8opOozsFZILJg
vkRJdE2uPZV1CWNn++mQgo1vpCogqT92HHldiY1Q7CvQ6FWzXO/DRwLf6tNe4esh
Wy7kaDc+tSKugXnsSIGVklXP9qVA2YH0Hw/OQIjgzRKHvlBeqR1tYD3BKQyG154n
bFnSJ5o=
-----END CERTIFICATE-----
Generated at Thu Jun 11 14:17:36 2026 by rpki-client