Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/cfDI6oYh92w46zBfFWDJVwKozGs.roa
File: cfDI6oYh92w46zBfFWDJVwKozGs.roa (raw, json)
Hash identifier: kudw7WcUK/GPMuPvNXAiGDQwqct6+COYmVLtzf2Ql4k=
Subject key identifier: 71:F0:C8:EA:86:21:F7:6C:38:EB:30:5F:15:60:C9:57:02:A8:CC:6B
Certificate issuer: /CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
Certificate serial: 019DACB0E413AE4D029EBD089A875242C30A
Authority key identifier: E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/cfDI6oYh92w46zBfFWDJVwKozGs.roa
Signing time: Mon 20 Apr 2026 20:59:26 +0000
ROA not before: Mon 20 Apr 2026 20:59:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43833
IP address blocks: 80.254.224.0/22 maxlen: 22
89.29.203.0/24 maxlen: 24
89.29.255.0/24 maxlen: 24
193.177.212.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl
rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.mft
rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Apr 2026 05:01:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:ac:b0:e4:13:ae:4d:02:9e:bd:08:9a:87:52:42:c3:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
Validity
Not Before: Apr 20 20:59:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=71f0c8ea8621f76c38eb305f1560c95702a8cc6b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:8b:24:ab:2a:13:e9:a1:b1:2b:9c:49:9b:51:
01:0c:df:ed:85:53:cc:97:45:e0:9c:97:6c:2d:b9:
bc:26:28:82:a3:6d:18:c3:d1:6d:0a:8e:1d:8a:67:
18:08:cc:68:8c:9f:62:1c:8c:bd:29:d8:21:d7:b5:
72:2f:c1:0b:18:75:46:09:63:9a:68:15:4e:67:9f:
12:d3:d9:ad:ea:72:99:b8:b9:16:b5:de:c6:c9:56:
16:60:76:de:1b:fb:0a:c2:45:8b:6a:72:d9:5a:86:
f5:f1:83:6e:f2:bc:b8:7e:4d:25:9d:5d:9c:ed:31:
20:44:43:0b:fc:74:8d:8b:2d:19:87:f4:38:9b:3d:
7c:9d:b6:35:63:9e:90:a4:a5:a2:a1:a9:44:b5:aa:
b7:ea:8d:03:0d:7d:7f:a9:02:8a:b0:c3:a0:ae:4a:
a0:1f:66:7e:2c:06:9b:51:81:bc:86:62:f3:f0:72:
f8:1f:d0:70:be:bb:41:9e:8e:97:d7:aa:31:4f:4b:
fd:f4:04:c1:65:b6:fe:3e:0a:a5:77:54:50:e1:24:
a5:88:1d:c0:78:29:f0:ab:c7:89:54:48:35:3a:b6:
05:3c:42:b5:37:5a:66:5d:e5:7a:12:85:a8:6e:a9:
20:c1:f5:56:f9:11:c8:79:b4:d8:a6:83:48:84:fc:
07:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:F0:C8:EA:86:21:F7:6C:38:EB:30:5F:15:60:C9:57:02:A8:CC:6B
X509v3 Authority Key Identifier:
keyid:E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/cfDI6oYh92w46zBfFWDJVwKozGs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.254.224.0/22
89.29.203.0/24
89.29.255.0/24
193.177.212.0/22
Signature Algorithm: sha256WithRSAEncryption
8c:2a:92:26:45:a4:7e:56:7d:ab:95:6a:b0:6a:a6:21:57:95:
82:ac:78:8d:4a:ce:7c:09:59:8d:6c:4e:f1:86:30:e6:13:a0:
97:b6:e6:00:31:08:3a:e6:42:ce:ff:69:3c:02:25:ad:b9:e2:
20:0f:8e:dc:8b:7b:30:55:5c:9e:09:9d:be:4c:98:d3:96:1d:
46:2f:c8:84:41:27:6d:bc:bc:06:65:63:0c:de:5f:01:d9:62:
55:59:90:2c:67:9d:fb:1a:84:5d:8b:28:a5:da:f8:18:2c:a5:
39:5f:8c:a0:9d:d1:9e:b1:4f:d1:cd:10:89:ab:62:e3:dc:ed:
eb:22:4c:15:d3:d4:31:49:11:c8:95:1c:53:74:41:30:41:df:
44:39:05:a4:90:ef:3a:a8:f2:39:bf:0c:03:1a:cc:e7:a3:3f:
f7:ff:bd:c0:8a:ab:50:63:e2:d3:22:de:92:0c:d0:f9:1b:04:
b8:86:a6:f6:c8:ee:80:1e:8f:20:84:f8:5b:4b:a0:b4:a7:a4:
5b:76:ac:04:a1:5c:c5:b0:f5:47:1b:f6:79:a3:87:da:43:ab:
a7:ea:c2:18:c0:df:81:33:8f:85:8d:ba:8b:67:68:91:d0:56:
d6:1d:f2:09:94:f6:44:4a:70:5c:c5:1b:3f:f3:a6:ee:3b:6e:
68:a1:d1:df
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ2ssOQTrk0Cnr0ImodSQsMKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MmM0MTVkMTc3NWFlOTk5M2U5MDBhNzUzNmI0NmFiMTQ0
YTlhYTIwHhcNMjYwNDIwMjA1OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWYwYzhlYTg2MjFmNzZjMzhlYjMwNWYxNTYwYzk1NzAyYThjYzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2IskqyoT6aGxK5xJm1EBDN/thVPM
l0XgnJdsLbm8JiiCo20Yw9FtCo4dimcYCMxojJ9iHIy9Kdgh17VyL8ELGHVGCWOa
aBVOZ58S09mt6nKZuLkWtd7GyVYWYHbeG/sKwkWLanLZWob18YNu8ry4fk0lnV2c
7TEgREML/HSNiy0Zh/Q4mz18nbY1Y56QpKWioalEtaq36o0DDX1/qQKKsMOgrkqg
H2Z+LAabUYG8hmLz8HL4H9BwvrtBno6X16oxT0v99ATBZbb+Pgqld1RQ4SSliB3A
eCnwq8eJVEg1OrYFPEK1N1pmXeV6EoWobqkgwfVW+RHIebTYpoNIhPwHtQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHHwyOqGIfdsOOswXxVgyVcCqMxrMB8GA1UdIwQY
MBaAFOksQV0Xda6Zk+kAp1NrRqsUSpqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQt
MWQ5MzRhMDQ4NDc0LzEvY2ZESTZvWWg5Mnc0NnpCZkZXREpWd0tvekdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQtMWQ5MzRhMDQ4NDc0
LzEvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCUP7gAwQA
WR3LAwQAWR3/AwQCwbHUMA0GCSqGSIb3DQEBCwUAA4IBAQCMKpImRaR+Vn2rlWqw
aqYhV5WCrHiNSs58CVmNbE7xhjDmE6CXtuYAMQg65kLO/2k8AiWtueIgD47ci3sw
VVyeCZ2+TJjTlh1GL8iEQSdtvLwGZWMM3l8B2WJVWZAsZ537GoRdiyil2vgYLKU5
X4ygndGesU/RzRCJq2Lj3O3rIkwV09QxSRHIlRxTdEEwQd9EOQWkkO86qPI5vwwD
Gsznoz/3/73AiqtQY+LTIt6SDND5GwS4hqb2yO6AHo8ghPhbS6C0p6RbdqwEoVzF
sPVHG/Z5o4faQ6un6sIYwN+BM4+FjbqLZ2iR0FbWHfIJlPZESnBcxRs/86buO25o
odHf
-----END CERTIFICATE-----
Generated at Mon Apr 27 11:15:48 2026 by rpki-client