Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/f2111a-3f47-4ff0-a51d-b251377add86/1/_RoK8Uv5j0KU-PPbPnow3xV51HA.roa
File: _RoK8Uv5j0KU-PPbPnow3xV51HA.roa (raw, json)
Hash identifier: exZgeosVdMVRgUYSNzL9Esk75uIUxhCYpdu+vCksypA=
Subject key identifier: FD:1A:0A:F1:4B:F9:8F:42:94:F8:F3:DB:3E:7A:30:DF:15:79:D4:70
Certificate issuer: /CN=13d83b225dd33860c51dc44aa88db5f03dc15a74
Certificate serial: 019DF7468CB1CD23F18B17F267C32B4A45D8
Authority key identifier: 13:D8:3B:22:5D:D3:38:60:C5:1D:C4:4A:A8:8D:B5:F0:3D:C1:5A:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/E9g7Il3TOGDFHcRKqI218D3BWnQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/68/f2111a-3f47-4ff0-a51d-b251377add86/1/_RoK8Uv5j0KU-PPbPnow3xV51HA.roa
Signing time: Tue 05 May 2026 08:34:49 +0000
ROA not before: Tue 05 May 2026 08:34:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43858
IP address blocks: 79.108.144.0/21 maxlen: 21
91.198.199.0/24 maxlen: 24
91.244.246.0/24 maxlen: 24
146.255.168.0/21 maxlen: 21
185.11.160.0/22 maxlen: 22
185.80.176.0/22 maxlen: 22
2a03:39c0::/29 maxlen: 32
2a03:39c7::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/68/f2111a-3f47-4ff0-a51d-b251377add86/1/E9g7Il3TOGDFHcRKqI218D3BWnQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/68/f2111a-3f47-4ff0-a51d-b251377add86/1/E9g7Il3TOGDFHcRKqI218D3BWnQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/E9g7Il3TOGDFHcRKqI218D3BWnQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 17 May 2026 12:40:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:f7:46:8c:b1:cd:23:f1:8b:17:f2:67:c3:2b:4a:45:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=13d83b225dd33860c51dc44aa88db5f03dc15a74
Validity
Not Before: May 5 08:34:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fd1a0af14bf98f4294f8f3db3e7a30df1579d470
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:5b:2d:b6:fa:ff:46:d3:33:36:41:a1:8b:c3:
32:17:91:fc:18:e5:10:cc:f8:a0:86:c7:a0:3c:9e:
8d:5e:d5:87:1a:df:e2:ff:7c:dd:83:c0:bc:89:f9:
ce:3c:f2:c2:ff:6a:90:39:0f:69:7f:81:f7:02:c4:
b9:9f:99:f5:8b:fd:14:a8:70:08:55:d1:b8:81:a8:
e6:f3:18:c5:9d:97:2d:45:43:f1:e8:04:59:c8:98:
3a:e8:12:8a:cd:f1:cc:93:e1:71:a8:2c:28:60:5e:
8e:79:95:1c:1b:77:03:9a:f1:35:aa:c6:44:17:0b:
bb:09:4c:d9:52:82:3e:ca:43:a3:83:49:25:ff:06:
0c:ee:41:0b:7c:4f:8e:98:f2:3e:99:fb:54:8a:7a:
db:31:45:b0:65:7a:85:67:c2:d0:a5:07:a6:a5:35:
50:0c:66:de:7c:cf:d7:68:7b:f4:0a:48:70:dd:ad:
15:19:2b:9e:7c:b2:be:05:96:f7:45:12:05:8f:28:
35:6c:6d:ea:cc:a1:0c:1a:10:b0:9a:21:87:8c:86:
46:b7:d9:8c:20:01:11:ea:bd:f0:e7:2c:9e:db:3f:
f2:79:b5:71:81:a6:28:d2:f1:2d:0c:94:8e:44:32:
e3:55:eb:66:d2:da:41:be:84:63:9c:60:a6:a2:94:
65:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:1A:0A:F1:4B:F9:8F:42:94:F8:F3:DB:3E:7A:30:DF:15:79:D4:70
X509v3 Authority Key Identifier:
keyid:13:D8:3B:22:5D:D3:38:60:C5:1D:C4:4A:A8:8D:B5:F0:3D:C1:5A:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E9g7Il3TOGDFHcRKqI218D3BWnQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/f2111a-3f47-4ff0-a51d-b251377add86/1/_RoK8Uv5j0KU-PPbPnow3xV51HA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/68/f2111a-3f47-4ff0-a51d-b251377add86/1/E9g7Il3TOGDFHcRKqI218D3BWnQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.108.144.0/21
91.198.199.0/24
91.244.246.0/24
146.255.168.0/21
185.11.160.0/22
185.80.176.0/22
IPv6:
2a03:39c0::/29
Signature Algorithm: sha256WithRSAEncryption
84:8c:d1:e4:80:3b:91:12:5e:99:95:91:fd:8a:e7:d7:27:14:
c0:9e:61:17:c6:9e:30:fb:be:17:ef:a5:f5:8a:85:c1:16:60:
f4:2f:5a:95:90:98:c6:5f:3d:1c:29:0d:f2:14:d2:25:a4:67:
9f:d3:1a:af:af:ef:5a:20:63:09:de:ee:87:7d:99:8f:ea:79:
bf:ea:73:ef:ca:ab:b3:52:87:75:7f:a1:b4:bb:a4:31:c8:90:
a0:c1:30:0a:64:78:71:84:09:14:a7:94:97:eb:80:a5:84:80:
a0:a1:b1:2e:c9:4a:ff:ba:ef:32:2b:76:cd:93:35:30:2a:86:
8a:d8:b6:d7:b6:05:46:f8:04:f5:99:e0:78:70:6a:23:85:eb:
fb:fc:78:f6:74:ce:ce:f4:cc:91:7f:bc:b2:33:22:cd:e4:47:
60:6c:1c:e3:5a:6b:4b:fb:95:54:49:a3:89:b1:c0:d0:ec:d4:
32:02:5d:a4:5d:46:ec:c3:84:73:5d:ff:ad:57:58:c2:5f:a0:
b2:49:af:0c:72:ea:1b:62:2a:ac:42:83:34:1c:87:d9:1e:e2:
78:45:3a:dc:51:6b:eb:17:58:f7:f4:31:a8:60:25:7c:83:85:
6a:74:32:98:91:36:e1:3b:cc:b0:74:93:ec:14:b7:80:c5:34:
f8:57:84:d5
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZ33RoyxzSPxixfyZ8MrSkXYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZDgzYjIyNWRkMzM4NjBjNTFkYzQ0YWE4OGRiNWYwM2Rj
MTVhNzQwHhcNMjYwNTA1MDgzNDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDFhMGFmMTRiZjk4ZjQyOTRmOGYzZGIzZTdhMzBkZjE1NzlkNDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Fsttvr/RtMzNkGhi8MyF5H8GOUQ
zPighsegPJ6NXtWHGt/i/3zdg8C8ifnOPPLC/2qQOQ9pf4H3AsS5n5n1i/0UqHAI
VdG4gajm8xjFnZctRUPx6ARZyJg66BKKzfHMk+FxqCwoYF6OeZUcG3cDmvE1qsZE
Fwu7CUzZUoI+ykOjg0kl/wYM7kELfE+OmPI+mftUinrbMUWwZXqFZ8LQpQempTVQ
DGbefM/XaHv0Ckhw3a0VGSuefLK+BZb3RRIFjyg1bG3qzKEMGhCwmiGHjIZGt9mM
IAER6r3w5yye2z/yebVxgaYo0vEtDJSORDLjVetm0tpBvoRjnGCmopRlVwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFP0aCvFL+Y9ClPjz2z56MN8VedRwMB8GA1UdIwQY
MBaAFBPYOyJd0zhgxR3ESqiNtfA9wVp0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTlnN0lsM1RPR0RGSGNSS3FJMjE4RDNCV25RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC9mMjExMWEtM2Y0Ny00ZmYwLWE1MWQt
YjI1MTM3N2FkZDg2LzEvX1JvSzhVdjVqMEtVLVBQYlBub3czeFY1MUhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC9mMjExMWEtM2Y0Ny00ZmYwLWE1MWQtYjI1MTM3N2FkZDg2
LzEvRTlnN0lsM1RPR0RGSGNSS3FJMjE4RDNCV25RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDT2yQAwQA
W8bHAwQAW/T2AwQDkv+oAwQCuQugAwQCuVCwMA0EAgACMAcDBQMqAznAMA0GCSqG
SIb3DQEBCwUAA4IBAQCEjNHkgDuREl6ZlZH9iufXJxTAnmEXxp4w+74X76X1ioXB
FmD0L1qVkJjGXz0cKQ3yFNIlpGef0xqvr+9aIGMJ3u6HfZmP6nm/6nPvyquzUod1
f6G0u6QxyJCgwTAKZHhxhAkUp5SX64ClhICgobEuyUr/uu8yK3bNkzUwKoaK2LbX
tgVG+AT1meB4cGojhev7/Hj2dM7O9MyRf7yyMyLN5EdgbBzjWmtL+5VUSaOJscDQ
7NQyAl2kXUbsw4RzXf+tV1jCX6CySa8McuobYiqsQoM0HIfZHuJ4RTrcUWvrF1j3
9DGoYCV8g4VqdDKYkTbhO8ywdJPsFLeAxTT4V4TV
-----END CERTIFICATE-----
Generated at Sat May 16 17:53:04 2026 by rpki-client