Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/fgZ2gr9j8nkuTcXKTHLTyjKT7Rs.roa
File: fgZ2gr9j8nkuTcXKTHLTyjKT7Rs.roa (raw, json)
Hash identifier: /jAuQCxC5qXXEGyOBRWBeLTs2UBCn/Kok1gqE38op4w=
Subject key identifier: 7E:06:76:82:BF:63:F2:79:2E:4D:C5:CA:4C:72:D3:CA:32:93:ED:1B
Certificate issuer: /CN=53bbbbaa3ee24c7ad9b2c60432e14eda3849b5e2
Certificate serial: 019CBD86FF50FD3C58AAE7B41C15E2365BB7
Authority key identifier: 53:BB:BB:AA:3E:E2:4C:7A:D9:B2:C6:04:32:E1:4E:DA:38:49:B5:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U7u7qj7iTHrZssYEMuFO2jhJteI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/fgZ2gr9j8nkuTcXKTHLTyjKT7Rs.roa
Signing time: Thu 05 Mar 2026 10:24:26 +0000
ROA not before: Thu 05 Mar 2026 10:24:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 198022
IP address blocks: 185.211.220.0/23 maxlen: 23
185.211.222.0/24 maxlen: 24
185.211.223.0/24 maxlen: 24
212.79.200.0/21 maxlen: 21
212.79.208.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/U7u7qj7iTHrZssYEMuFO2jhJteI.crl
rsync://rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/U7u7qj7iTHrZssYEMuFO2jhJteI.mft
rsync://rpki.ripe.net/repository/DEFAULT/U7u7qj7iTHrZssYEMuFO2jhJteI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 12 Mar 2026 09:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:bd:86:ff:50:fd:3c:58:aa:e7:b4:1c:15:e2:36:5b:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=53bbbbaa3ee24c7ad9b2c60432e14eda3849b5e2
Validity
Not Before: Mar 5 10:24:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=7e067682bf63f2792e4dc5ca4c72d3ca3293ed1b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:d8:3e:5d:d8:72:09:53:b0:55:81:f7:84:a5:
d0:28:ba:2d:ea:50:f5:87:c7:a1:7e:9b:b5:b4:de:
02:18:c6:b0:1a:22:3e:9b:95:18:ce:5c:55:e4:2f:
9f:dc:e8:33:95:91:2c:be:ad:df:7f:4e:91:bb:11:
79:e0:bb:38:ef:e3:f3:c3:98:28:97:97:1a:a5:7f:
8c:02:65:58:90:b0:29:00:cc:5d:20:1a:bf:17:dc:
a3:f4:f9:f3:33:be:a3:24:db:e2:98:df:7b:ca:59:
5b:9c:f3:46:4b:de:a4:98:b8:70:99:67:7c:6f:7f:
1a:fd:5a:3c:2e:06:7f:e1:c5:02:cf:40:e1:b4:90:
df:44:67:0b:be:2a:44:06:e9:65:42:fa:f6:20:33:
5d:1b:44:10:16:a9:59:75:7e:5b:4f:e0:a0:bc:a8:
49:1d:c9:44:c6:98:16:a1:32:5d:d8:47:26:5b:e5:
6e:e1:31:b0:f9:88:72:46:45:e4:a6:d4:8a:aa:ea:
2a:31:17:16:6a:3c:44:65:50:05:75:dc:83:bf:a4:
27:c5:66:c8:53:f8:96:4f:40:2e:d6:52:1f:6f:6b:
9e:50:ff:01:eb:15:36:13:ba:ac:d2:89:1b:bb:5f:
94:e1:a3:34:d1:cf:b5:50:23:19:3f:82:e8:89:af:
d6:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:06:76:82:BF:63:F2:79:2E:4D:C5:CA:4C:72:D3:CA:32:93:ED:1B
X509v3 Authority Key Identifier:
keyid:53:BB:BB:AA:3E:E2:4C:7A:D9:B2:C6:04:32:E1:4E:DA:38:49:B5:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7u7qj7iTHrZssYEMuFO2jhJteI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/fgZ2gr9j8nkuTcXKTHLTyjKT7Rs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/U7u7qj7iTHrZssYEMuFO2jhJteI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.211.220.0/22
212.79.200.0-212.79.211.255
Signature Algorithm: sha256WithRSAEncryption
75:06:ea:41:ad:46:27:63:4d:e7:0c:b2:05:16:a6:d3:bd:02:
37:9e:dd:2c:34:17:52:1a:56:7a:a2:8f:86:28:69:f3:fb:f4:
0c:a6:05:67:5f:72:5a:20:37:69:33:52:af:71:0d:4a:9e:9a:
de:09:67:b3:81:b1:9f:54:9f:5b:bd:6d:38:d4:76:b9:c9:91:
8a:2e:c3:a6:03:07:f4:63:f3:2b:b6:de:8e:31:71:16:90:ff:
d8:6e:65:bc:82:3a:da:16:b8:51:e9:09:a3:73:e6:04:87:97:
9a:6d:0e:dc:b9:bd:dd:9a:8c:70:81:6c:37:74:82:47:e5:eb:
5a:a1:53:7e:7d:12:2c:75:6c:4e:93:70:8c:1d:e6:08:35:ec:
fb:6c:df:7e:db:84:ba:a6:9d:4a:4b:c0:0a:db:88:3a:95:f4:
f5:1b:24:d1:88:b1:b5:f2:5a:fe:53:c7:e1:dc:8f:a9:85:da:
dc:19:7a:ad:a3:e1:6f:67:09:66:b3:60:6b:61:22:12:e7:2b:
fb:f9:f2:2c:86:70:a7:3b:04:d0:41:71:b1:e8:7d:2d:02:57:
59:4a:96:d5:c5:fe:6d:9f:f7:40:d2:6b:29:de:04:e0:e4:c3:
ba:90:c0:f7:f6:57:50:83:71:d7:46:32:1a:b9:04:a0:90:b1:
ad:39:f2:50
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZy9hv9Q/TxYque0HBXiNlu3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYmJiYmFhM2VlMjRjN2FkOWIyYzYwNDMyZTE0ZWRhMzg0
OWI1ZTIwHhcNMjYwMzA1MTAyNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTA2NzY4MmJmNjNmMjc5MmU0ZGM1Y2E0YzcyZDNjYTMyOTNlZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntg+XdhyCVOwVYH3hKXQKLot6lD1
h8ehfpu1tN4CGMawGiI+m5UYzlxV5C+f3OgzlZEsvq3ff06RuxF54Ls47+Pzw5go
l5capX+MAmVYkLApAMxdIBq/F9yj9PnzM76jJNvimN97yllbnPNGS96kmLhwmWd8
b38a/Vo8LgZ/4cUCz0DhtJDfRGcLvipEBullQvr2IDNdG0QQFqlZdX5bT+CgvKhJ
HclExpgWoTJd2EcmW+Vu4TGw+YhyRkXkptSKquoqMRcWajxEZVAFddyDv6QnxWbI
U/iWT0Au1lIfb2ueUP8B6xU2E7qs0okbu1+U4aM00c+1UCMZP4Loia/W0QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFH4GdoK/Y/J5Lk3Fykxy08oyk+0bMB8GA1UdIwQY
MBaAFFO7u6o+4kx62bLGBDLhTto4SbXiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTd1N3FqN2lUSHJac3NZRU11Rk8yamhKdGVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8zMzk0YzAtNDU4Ny00NDRlLTlhMjUt
MDBlY2YwYzRkMGVmLzEvZmdaMmdyOWo4bmt1VGNYS1RITFR5aktUN1JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8zMzk0YzAtNDU4Ny00NDRlLTlhMjUtMDBlY2YwYzRkMGVm
LzEvVTd1N3FqN2lUSHJac3NZRU11Rk8yamhKdGVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCudPcMAwD
BAPUT8gDBALUT9AwDQYJKoZIhvcNAQELBQADggEBAHUG6kGtRidjTecMsgUWptO9
Ajee3Sw0F1IaVnqij4YoafP79AymBWdfclogN2kzUq9xDUqemt4JZ7OBsZ9Un1u9
bTjUdrnJkYouw6YDB/Rj8yu23o4xcRaQ/9huZbyCOtoWuFHpCaNz5gSHl5ptDty5
vd2ajHCBbDd0gkfl61qhU359Eix1bE6TcIwd5gg17Pts337bhLqmnUpLwArbiDqV
9PUbJNGIsbXyWv5Tx+Hcj6mF2twZeq2j4W9nCWazYGthIhLnK/v58iyGcKc7BNBB
cbHofS0CV1lKltXF/m2f90DSayneBODkw7qQwPf2V1CDcddGMhq5BKCQsa058lA=
-----END CERTIFICATE-----
Generated at Wed Mar 11 12:28:35 2026 by rpki-client