Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/2CBMgJRsBjoFJ5O7d8FZgSn_JAE.roa
File: 2CBMgJRsBjoFJ5O7d8FZgSn_JAE.roa (raw, json)
Hash identifier: qth0+17LjDiBNTNX7Ej+ni3SWD803XVJg6CFhnCRWgQ=
Subject key identifier: D8:20:4C:80:94:6C:06:3A:05:27:93:BB:77:C1:59:81:29:FF:24:01
Certificate issuer: /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial: 019E3F4312BECB212851DB4EB55E0561E392
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/2CBMgJRsBjoFJ5O7d8FZgSn_JAE.roa
Signing time: Tue 19 May 2026 08:03:40 +0000
ROA not before: Tue 19 May 2026 08:03:40 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 41957
IP address blocks: 85.209.10.0/24 maxlen: 24
185.21.141.0/24 maxlen: 24
185.191.213.0/24 maxlen: 24
193.42.114.0/24 maxlen: 24
194.93.59.0/24 maxlen: 24
194.147.89.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 05 Jun 2026 04:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:3f:43:12:be:cb:21:28:51:db:4e:b5:5e:05:61:e3:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Validity
Not Before: May 19 08:03:40 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d8204c80946c063a052793bb77c1598129ff2401
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:4a:94:12:50:99:f2:22:c9:76:5b:84:dc:10:
7f:e7:ca:7a:1b:61:d6:42:fd:02:0a:b8:33:a4:4e:
9d:b0:d7:e4:ac:b3:b0:62:52:9a:96:b9:ff:72:10:
fc:bf:79:b4:a5:61:23:0d:c6:b2:70:2d:2e:68:6f:
6e:82:2b:3c:fe:7c:b9:71:be:e6:e4:e1:cd:97:13:
92:08:97:81:28:f8:52:b3:ea:3d:fa:a3:0b:35:4e:
3c:d3:47:e7:3f:24:6d:ce:fe:e3:a3:f9:3d:08:7a:
39:b6:1e:8f:dd:40:2b:bc:03:f2:be:3e:c3:27:10:
44:d8:40:94:24:c7:80:b8:5a:d4:0f:d2:6a:8f:c6:
02:d4:6f:13:6c:84:d6:81:29:b5:8c:62:46:6b:d9:
a5:e4:37:05:75:71:38:48:a6:04:18:cf:01:47:f4:
26:3f:65:67:91:7e:3e:8e:50:7e:95:0f:ad:1e:e1:
87:0f:8a:3a:e6:76:bd:7b:74:a9:fc:e4:21:b5:a5:
69:34:a7:e3:2e:19:49:66:62:73:1d:12:9e:56:3a:
cf:11:a7:f7:35:cc:45:66:7d:c3:d9:96:f5:96:45:
b1:5c:f9:bf:66:18:77:18:5f:21:dc:0a:2b:f3:20:
48:45:fd:82:34:1e:48:ca:96:23:45:76:dc:e3:26:
3f:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:20:4C:80:94:6C:06:3A:05:27:93:BB:77:C1:59:81:29:FF:24:01
X509v3 Authority Key Identifier:
keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/2CBMgJRsBjoFJ5O7d8FZgSn_JAE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.209.10.0/24
185.21.141.0/24
185.191.213.0/24
193.42.114.0/24
194.93.59.0/24
194.147.89.0/24
Signature Algorithm: sha256WithRSAEncryption
3c:59:fa:9c:93:22:dd:f3:57:bd:87:6e:7a:0c:37:97:4a:f9:
1a:99:4e:f8:ba:f2:83:64:b0:c2:68:a0:a3:1f:51:b0:9f:52:
28:89:e2:17:a9:0c:9a:06:ed:91:63:1e:82:01:bf:4d:f5:00:
cb:00:10:55:23:78:5d:ed:4d:82:9e:ed:cc:da:4a:d8:5c:f2:
c1:3f:10:4a:9e:bf:b8:33:40:8f:25:96:43:21:04:ce:bb:91:
a6:4d:02:a2:ca:cc:04:52:d4:a9:39:82:13:dd:02:55:05:74:
36:26:fb:b7:c5:97:9d:41:02:c8:b6:ae:0e:b9:17:bf:f2:6d:
56:1b:f1:d9:08:6b:ea:b0:ac:be:39:50:98:0b:a6:dd:ce:af:
98:1a:df:55:cd:0c:4f:02:0f:e1:dc:13:9c:7a:12:96:c6:0f:
71:90:22:82:f0:11:75:79:4a:fe:a6:1a:b7:f8:31:98:d6:67:
e3:1d:be:19:16:74:9f:82:40:be:d5:6c:0a:df:05:c7:10:4d:
9f:99:3c:94:c7:db:b7:90:b2:24:b6:47:10:47:4f:5d:57:49:
cd:2a:a5:c8:f9:c5:71:ba:3a:bd:7b:51:dd:12:0a:79:47:af:
43:da:f6:89:5e:15:f8:ea:bc:04:6a:8d:1e:29:9f:b2:d0:3a:
7e:ce:94:5d
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ4/QxK+yyEoUdtOtV4FYeOSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwNTE5MDgwMzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODIwNGM4MDk0NmMwNjNhMDUyNzkzYmI3N2MxNTk4MTI5ZmYyNDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEqUElCZ8iLJdluE3BB/58p6G2HW
Qv0CCrgzpE6dsNfkrLOwYlKalrn/chD8v3m0pWEjDcaycC0uaG9ugis8/ny5cb7m
5OHNlxOSCJeBKPhSs+o9+qMLNU4800fnPyRtzv7jo/k9CHo5th6P3UArvAPyvj7D
JxBE2ECUJMeAuFrUD9Jqj8YC1G8TbITWgSm1jGJGa9ml5DcFdXE4SKYEGM8BR/Qm
P2VnkX4+jlB+lQ+tHuGHD4o65na9e3Sp/OQhtaVpNKfjLhlJZmJzHRKeVjrPEaf3
NcxFZn3D2Zb1lkWxXPm/Zhh3GF8h3Aor8yBIRf2CNB5IypYjRXbc4yY/TwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNggTICUbAY6BSeTu3fBWYEp/yQBMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvMkNCTWdKUnNCam9GSjVPN2Q4RlpnU25fSkFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAVdEKAwQA
uRWNAwQAub/VAwQAwSpyAwQAwl07AwQAwpNZMA0GCSqGSIb3DQEBCwUAA4IBAQA8
WfqckyLd81e9h256DDeXSvkamU74uvKDZLDCaKCjH1Gwn1IoieIXqQyaBu2RYx6C
Ab9N9QDLABBVI3hd7U2Cnu3M2krYXPLBPxBKnr+4M0CPJZZDIQTOu5GmTQKiyswE
UtSpOYIT3QJVBXQ2Jvu3xZedQQLItq4OuRe/8m1WG/HZCGvqsKy+OVCYC6bdzq+Y
Gt9VzQxPAg/h3BOcehKWxg9xkCKC8BF1eUr+phq3+DGY1mfjHb4ZFnSfgkC+1WwK
3wXHEE2fmTyUx9u3kLIktkcQR09dV0nNKqXI+cVxujq9e1HdEgp5R69D2vaJXhX4
6rwEao0eKZ+y0Dp+zpRd
-----END CERTIFICATE-----
Generated at Thu Jun 4 10:00:06 2026 by rpki-client