Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/mBsIhxGKE9P1VcdBmaDVaq-y2yg.roa
File: mBsIhxGKE9P1VcdBmaDVaq-y2yg.roa (raw, json)
Hash identifier: FjrD6MxlebN9aOC6ecpbIK3eMGRCmF4PugIT8px8qes=
Subject key identifier: 98:1B:08:87:11:8A:13:D3:F5:55:C7:41:99:A0:D5:6A:AF:B2:DB:28
Certificate issuer: /CN=a04845af1dc0087b274cee52a4a9e0880335435d
Certificate serial: 019EACBA281C3C541C6F92AFEC333EEB9B6F
Authority key identifier: A0:48:45:AF:1D:C0:08:7B:27:4C:EE:52:A4:A9:E0:88:03:35:43:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oEhFrx3ACHsnTO5SpKngiAM1Q10.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/mBsIhxGKE9P1VcdBmaDVaq-y2yg.roa
Signing time: Tue 09 Jun 2026 14:12:21 +0000
ROA not before: Tue 09 Jun 2026 14:12:21 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9121
IP address blocks: 178.210.160.0/24 maxlen: 24
178.210.170.0/24 maxlen: 24
178.210.171.0/24 maxlen: 24
178.210.172.0/24 maxlen: 24
178.210.173.0/24 maxlen: 24
178.210.174.0/24 maxlen: 24
178.210.175.0/24 maxlen: 24
178.210.176.0/24 maxlen: 24
178.210.177.0/24 maxlen: 24
178.210.178.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/oEhFrx3ACHsnTO5SpKngiAM1Q10.crl
rsync://rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/oEhFrx3ACHsnTO5SpKngiAM1Q10.mft
rsync://rpki.ripe.net/repository/DEFAULT/oEhFrx3ACHsnTO5SpKngiAM1Q10.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 13:27:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:ac:ba:28:1c:3c:54:1c:6f:92:af:ec:33:3e:eb:9b:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a04845af1dc0087b274cee52a4a9e0880335435d
Validity
Not Before: Jun 9 14:12:21 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=981b0887118a13d3f555c74199a0d56aafb2db28
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:90:00:f5:d2:13:92:a9:38:f6:39:0e:2e:9b:
80:f0:a4:a9:fc:83:5d:49:91:86:2b:ad:83:08:80:
5e:b8:84:a4:f7:aa:24:40:c5:c2:73:c8:32:4e:e1:
c9:79:c3:8e:ca:08:95:89:5b:ff:ae:19:48:0e:bb:
38:c9:40:06:bf:62:b9:cb:66:1b:93:e3:e8:d9:87:
ad:f1:eb:d1:3b:9e:88:09:0c:cd:25:c3:54:c9:6e:
f8:ef:05:a9:b8:ff:48:86:82:08:3c:2f:48:cf:ec:
37:20:8e:85:14:83:9f:70:8d:c9:8f:8b:e7:7a:2e:
49:f2:73:91:b9:bb:93:38:fd:63:8b:17:4f:df:19:
01:c4:83:0b:61:fc:12:c9:45:3c:35:03:94:35:e8:
40:00:18:36:da:8a:00:54:73:16:9d:61:1c:47:78:
80:50:fa:76:bf:33:8f:31:c1:b3:f2:a7:35:b4:0b:
86:ec:64:ce:2e:7c:24:b6:b6:7b:f5:78:98:7e:6f:
93:fa:62:96:32:ec:c5:bf:e1:4c:b4:2c:4c:c3:f3:
55:bd:df:37:5d:59:94:b0:53:47:85:c7:b8:2a:72:
8c:99:4e:60:30:e9:ea:97:c5:0c:55:bf:d3:db:f2:
38:41:e7:da:26:d9:0a:b4:78:c6:74:67:de:b6:75:
15:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:1B:08:87:11:8A:13:D3:F5:55:C7:41:99:A0:D5:6A:AF:B2:DB:28
X509v3 Authority Key Identifier:
keyid:A0:48:45:AF:1D:C0:08:7B:27:4C:EE:52:A4:A9:E0:88:03:35:43:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oEhFrx3ACHsnTO5SpKngiAM1Q10.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/mBsIhxGKE9P1VcdBmaDVaq-y2yg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/oEhFrx3ACHsnTO5SpKngiAM1Q10.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.210.160.0/24
178.210.170.0-178.210.178.255
Signature Algorithm: sha256WithRSAEncryption
a5:36:ff:a6:93:cc:b5:0f:11:ec:3b:ff:d2:3f:f2:5a:76:ab:
50:df:d5:fe:73:d1:96:fe:6b:7e:ea:d7:e2:ea:2a:2d:9f:f7:
b1:e2:4f:3d:39:6a:34:5d:78:c7:62:c6:a8:bc:24:02:db:0e:
e5:a7:ee:1f:a2:7d:89:51:61:af:02:23:4c:60:90:9d:87:d7:
a7:20:a3:e3:57:ca:ad:eb:e9:66:e7:84:70:38:0b:8f:12:4a:
82:f1:54:0c:27:73:ec:2e:0a:ca:18:56:59:21:79:8e:0f:39:
74:36:c2:8d:0f:7d:64:6c:06:c6:b5:f8:81:08:45:3d:93:64:
49:a1:f0:8d:8c:a1:b0:a1:60:cb:97:18:8c:7c:c7:b6:68:34:
6c:e6:97:fc:b2:4a:fb:a6:a2:b4:cd:57:22:00:33:4d:ba:6c:
0e:3d:5c:13:12:ee:df:72:80:a0:9b:c5:60:72:e9:03:21:88:
39:e0:56:6d:63:11:75:ba:b8:15:aa:23:f1:0d:41:61:9f:60:
d5:9c:db:f9:0f:54:df:e0:6e:30:12:cf:c5:6e:ed:59:c0:b3:
4e:8a:79:6d:b1:74:d3:03:fd:7e:3a:8d:ae:c9:5c:ca:8f:f8:
a0:21:79:8e:2f:f2:1e:a1:7b:2c:76:df:62:09:c7:5c:9d:9b:
e8:c2:b1:d1
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ6suigcPFQcb5Kv7DM+65tvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwNDg0NWFmMWRjMDA4N2IyNzRjZWU1MmE0YTllMDg4MDMz
NTQzNWQwHhcNMjYwNjA5MTQxMjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODFiMDg4NzExOGExM2QzZjU1NWM3NDE5OWEwZDU2YWFmYjJkYjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpAA9dITkqk49jkOLpuA8KSp/INd
SZGGK62DCIBeuISk96okQMXCc8gyTuHJecOOygiViVv/rhlIDrs4yUAGv2K5y2Yb
k+Po2Yet8evRO56ICQzNJcNUyW747wWpuP9IhoIIPC9Iz+w3II6FFIOfcI3Jj4vn
ei5J8nORubuTOP1jixdP3xkBxIMLYfwSyUU8NQOUNehAABg22ooAVHMWnWEcR3iA
UPp2vzOPMcGz8qc1tAuG7GTOLnwktrZ79XiYfm+T+mKWMuzFv+FMtCxMw/NVvd83
XVmUsFNHhce4KnKMmU5gMOnql8UMVb/T2/I4QefaJtkKtHjGdGfetnUVrQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJgbCIcRihPT9VXHQZmg1WqvstsoMB8GA1UdIwQY
MBaAFKBIRa8dwAh7J0zuUqSp4IgDNUNdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0VoRnJ4M0FDSHNuVE81U3BLbmdpQU0xUTEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9lNTVlMzAtOTdjNi00MGU2LTgxYjct
NTA3MDExNTcwZWU2LzEvbUJzSWh4R0tFOVAxVmNkQm1hRFZhcS15MnlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9lNTVlMzAtOTdjNi00MGU2LTgxYjctNTA3MDExNTcwZWU2
LzEvb0VoRnJ4M0FDSHNuVE81U3BLbmdpQU0xUTEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAstKgMAwD
BAGy0qoDBACy0rIwDQYJKoZIhvcNAQELBQADggEBAKU2/6aTzLUPEew7/9I/8lp2
q1Df1f5z0Zb+a37q1+LqKi2f97HiTz05ajRdeMdixqi8JALbDuWn7h+ifYlRYa8C
I0xgkJ2H16cgo+NXyq3r6WbnhHA4C48SSoLxVAwnc+wuCsoYVlkheY4POXQ2wo0P
fWRsBsa1+IEIRT2TZEmh8I2MobChYMuXGIx8x7ZoNGzml/yySvumorTNVyIAM026
bA49XBMS7t9ygKCbxWBy6QMhiDngVm1jEXW6uBWqI/ENQWGfYNWc2/kPVN/gbjAS
z8Vu7VnAs06KeW2xdNMD/X46ja7JXMqP+KAheY4v8h6heyx232IJx1ydm+jCsdE=
-----END CERTIFICATE-----
Generated at Thu Jun 11 21:49:42 2026 by rpki-client