Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/nRIsafAf78Gs7rWD8avvMiri3pc.roa
File: nRIsafAf78Gs7rWD8avvMiri3pc.roa (raw, json)
Hash identifier: bbrHnQr4yvaMpEsNaLQjRLRfE7DnAQFoP/N3kLyMl3I=
Subject key identifier: 9D:12:2C:69:F0:1F:EF:C1:AC:EE:B5:83:F1:AB:EF:32:2A:E2:DE:97
Certificate issuer: /CN=fba0ed92ec94321dcb219d37f38d907e183244bd
Certificate serial: 019DAB4AE9706CE2D2837953993056B7302A
Authority key identifier: FB:A0:ED:92:EC:94:32:1D:CB:21:9D:37:F3:8D:90:7E:18:32:44:BD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-6DtkuyUMh3LIZ03842QfhgyRL0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/nRIsafAf78Gs7rWD8avvMiri3pc.roa
Signing time: Mon 20 Apr 2026 14:28:26 +0000
ROA not before: Mon 20 Apr 2026 14:28:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 1299
IP address blocks: 2.255.192.0/18 maxlen: 18
2.255.248.0/21 maxlen: 21
62.115.0.0/16 maxlen: 16
62.115.128.0/22 maxlen: 22
80.91.240.0/20 maxlen: 20
80.91.248.0/21 maxlen: 21
80.239.128.0/19 maxlen: 19
80.239.160.0/19 maxlen: 19
80.239.192.0/19 maxlen: 19
80.239.224.0/19 maxlen: 19
89.126.0.0/17 maxlen: 17
195.12.224.0/19 maxlen: 19
195.12.248.0/23 maxlen: 23
195.12.248.0/24 maxlen: 24
195.12.249.0/24 maxlen: 24
213.155.128.0/19 maxlen: 19
213.248.64.0/18 maxlen: 18
2001:2030::/28 maxlen: 28
2001:2030:c004::/47 maxlen: 47
2001:2030:c004::/48 maxlen: 48
2001:2030:c005::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/1-6DtkuyUMh3LIZ03842QfhgyRL0.crl
rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/1-6DtkuyUMh3LIZ03842QfhgyRL0.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-6DtkuyUMh3LIZ03842QfhgyRL0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 22 Apr 2026 08:00:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:ab:4a:e9:70:6c:e2:d2:83:79:53:99:30:56:b7:30:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fba0ed92ec94321dcb219d37f38d907e183244bd
Validity
Not Before: Apr 20 14:28:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9d122c69f01fefc1aceeb583f1abef322ae2de97
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:bf:9c:a9:f2:b1:b5:db:14:77:c5:9f:05:68:
69:1d:8f:41:ce:09:ba:b2:27:26:d5:d8:b0:cd:74:
83:85:66:58:54:66:4b:70:e7:12:17:57:db:ee:fa:
2e:1b:1e:a3:aa:af:2a:49:e4:a7:00:0b:63:e6:60:
1b:30:fd:a1:b1:f2:06:40:2d:2c:92:e3:8a:e8:9c:
4b:13:1c:fe:2f:36:54:53:9e:13:23:d7:74:a3:fa:
8a:41:51:83:87:ef:48:a3:2f:d4:0a:7f:01:8f:ee:
b1:ad:5a:12:0f:0a:ac:22:68:c8:4c:86:64:5d:e5:
38:20:ef:43:d7:74:1f:e8:92:4b:07:f2:1b:15:72:
76:0c:7c:84:ec:2a:88:27:97:53:7e:55:f9:2c:08:
94:05:a5:00:cb:63:fb:d2:e9:34:a8:10:40:88:b0:
54:45:e8:8f:91:78:0c:7f:33:2a:62:eb:1a:cc:3a:
98:79:4a:ad:7e:c8:47:b2:b7:f1:8f:7d:d1:e6:d9:
d3:5c:fa:57:9f:b2:f9:98:97:57:39:d3:a5:25:2a:
97:0b:15:f7:61:50:39:4e:82:ba:44:b1:ed:c8:83:
45:b2:72:24:69:ad:17:86:54:cd:bf:e8:8b:6a:4d:
07:07:84:10:df:57:bf:f4:27:fd:a8:63:a0:27:57:
f7:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:12:2C:69:F0:1F:EF:C1:AC:EE:B5:83:F1:AB:EF:32:2A:E2:DE:97
X509v3 Authority Key Identifier:
keyid:FB:A0:ED:92:EC:94:32:1D:CB:21:9D:37:F3:8D:90:7E:18:32:44:BD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-6DtkuyUMh3LIZ03842QfhgyRL0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/nRIsafAf78Gs7rWD8avvMiri3pc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/1-6DtkuyUMh3LIZ03842QfhgyRL0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.255.192.0/18
62.115.0.0/16
80.91.240.0/20
80.239.128.0/17
89.126.0.0/17
195.12.224.0/19
213.155.128.0/19
213.248.64.0/18
IPv6:
2001:2030::/28
Signature Algorithm: sha256WithRSAEncryption
3e:77:b6:3f:1e:b4:a3:55:74:bd:73:8f:bc:f2:5a:31:d9:86:
8c:d0:38:83:e0:42:18:0f:9e:65:ae:62:33:4a:5f:e3:6d:5b:
47:8a:87:e8:ba:f8:68:03:17:d0:5c:14:9d:68:21:0d:f8:bc:
15:bd:9d:d8:31:8e:f3:88:5a:3b:c8:4b:e4:6f:3d:4d:b6:c7:
91:1d:4e:90:f1:53:27:9b:42:0f:a5:ad:31:6f:62:f7:9b:db:
63:a5:8a:2c:7e:7f:55:28:85:ab:22:1f:b8:b4:5e:f9:54:b7:
37:f5:2b:91:1c:2a:68:a6:8c:14:07:8f:bd:10:06:35:58:72:
a1:5d:29:c6:1b:2a:31:34:3b:63:67:56:7f:1f:89:fb:f3:59:
62:a4:21:14:0d:4a:1d:77:1e:3f:38:2c:89:0a:d3:62:0c:57:
71:fb:65:2b:e9:90:59:5c:09:ee:2a:f3:89:3a:22:c0:90:6d:
a0:88:34:ee:d0:23:e2:c3:8f:08:71:cb:9f:93:2d:90:7f:86:
59:af:f2:02:91:de:71:5b:14:91:a3:42:a4:69:9b:34:64:cd:
fe:4a:c5:8e:f7:55:ce:43:0f:94:0c:45:ae:86:e7:75:88:a0:
fb:d4:14:6c:77:39:64:54:80:03:34:6b:8c:45:69:9a:b5:b0:
83:3c:48:04
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZ2rSulwbOLSg3lTmTBWtzAqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYTBlZDkyZWM5NDMyMWRjYjIxOWQzN2YzOGQ5MDdlMTgz
MjQ0YmQwHhcNMjYwNDIwMTQyODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDEyMmM2OWYwMWZlZmMxYWNlZWI1ODNmMWFiZWYzMjJhZTJkZTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuL+cqfKxtdsUd8WfBWhpHY9Bzgm6
sicm1diwzXSDhWZYVGZLcOcSF1fb7vouGx6jqq8qSeSnAAtj5mAbMP2hsfIGQC0s
kuOK6JxLExz+LzZUU54TI9d0o/qKQVGDh+9Ioy/UCn8Bj+6xrVoSDwqsImjITIZk
XeU4IO9D13Qf6JJLB/IbFXJ2DHyE7CqIJ5dTflX5LAiUBaUAy2P70uk0qBBAiLBU
ReiPkXgMfzMqYusazDqYeUqtfshHsrfxj33R5tnTXPpXn7L5mJdXOdOlJSqXCxX3
YVA5ToK6RLHtyINFsnIkaa0XhlTNv+iLak0HB4QQ31e/9Cf9qGOgJ1f3LwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFJ0SLGnwH+/BrO61g/Gr7zIq4t6XMB8GA1UdIwQY
MBaAFPug7ZLslDIdyyGdN/ONkH4YMkS9MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS02RHRrdXlVTWgzTElaMDM4NDJRZmhneVJMMC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTQvNTkzNDgyLWQ3NjItNDQwOS1iODUw
LTIwYzQ0YTgxZjk3Ny8xL25SSXNhZkFmNzhHczdyV0Q4YXZ2TWlyaTNwYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTQvNTkzNDgyLWQ3NjItNDQwOS1iODUwLTIwYzQ0YTgxZjk3
Ny8xLzEtNkR0a3V5VU1oM0xJWjAzODQyUWZoZ3lSTDAuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwVwYIKwYBBQUHAQcBAf8ESDBGMDUEAgABMC8DBAYC/8AD
AwA+cwMEBFBb8AMEB1DvgAMEB1l+AAMEBcMM4AMEBdWbgAMEBtX4QDANBAIAAjAH
AwUEIAEgMDANBgkqhkiG9w0BAQsFAAOCAQEAPne2Px60o1V0vXOPvPJaMdmGjNA4
g+BCGA+eZa5iM0pf421bR4qH6Lr4aAMX0FwUnWghDfi8Fb2d2DGO84haO8hL5G89
TbbHkR1OkPFTJ5tCD6WtMW9i95vbY6WKLH5/VSiFqyIfuLRe+VS3N/UrkRwqaKaM
FAePvRAGNVhyoV0pxhsqMTQ7Y2dWfx+J+/NZYqQhFA1KHXcePzgsiQrTYgxXcftl
K+mQWVwJ7irziToiwJBtoIg07tAj4sOPCHHLn5MtkH+GWa/yApHecVsUkaNCpGmb
NGTN/krFjvdVzkMPlAxFrobndYig+9QUbHc5ZFSAAzRrjEVpmrWwgzxIBA==
-----END CERTIFICATE-----
Generated at Tue Apr 21 18:01:02 2026 by rpki-client