Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/tKg8bmmm6waKS3dVDFR2D0N_Kp0.roa
File: tKg8bmmm6waKS3dVDFR2D0N_Kp0.roa (raw, json)
Hash identifier: NxiPLV70KM3UlDzotgKT8px4zwsMhil8u+4mX6+fcsM=
Subject key identifier: B4:A8:3C:6E:69:A6:EB:06:8A:4B:77:55:0C:54:76:0F:43:7F:2A:9D
Certificate issuer: /CN=29a9964e0cd35fb36757e5653ffa7626ac5deee8
Certificate serial: 019CE210B24188BE87C7B03EB6359E29D022
Authority key identifier: 29:A9:96:4E:0C:D3:5F:B3:67:57:E5:65:3F:FA:76:26:AC:5D:EE:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/tKg8bmmm6waKS3dVDFR2D0N_Kp0.roa
Signing time: Thu 12 Mar 2026 12:41:10 +0000
ROA not before: Thu 12 Mar 2026 12:41:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 21107
IP address blocks: 62.101.144.0/21 maxlen: 21
81.93.92.0/24 maxlen: 24
89.111.225.0/24 maxlen: 24
94.250.37.0/24 maxlen: 24
94.250.38.0/23 maxlen: 23
94.250.38.0/24 maxlen: 24
94.250.40.0/22 maxlen: 22
94.250.44.0/22 maxlen: 22
94.250.48.0/21 maxlen: 24
94.250.56.0/22 maxlen: 24
94.250.64.0/20 maxlen: 20
94.250.64.0/24 maxlen: 24
94.250.65.0/24 maxlen: 24
94.250.66.0/24 maxlen: 24
94.250.67.0/24 maxlen: 24
94.250.68.0/22 maxlen: 22
94.250.68.0/24 maxlen: 24
94.250.69.0/24 maxlen: 24
94.250.70.0/24 maxlen: 24
94.250.71.0/24 maxlen: 24
94.250.72.0/21 maxlen: 21
94.250.80.0/22 maxlen: 22
94.250.80.0/23 maxlen: 23
94.250.82.0/23 maxlen: 23
94.250.88.0/21 maxlen: 24
94.250.96.0/20 maxlen: 20
94.250.96.0/24 maxlen: 24
94.250.97.0/24 maxlen: 24
94.250.98.0/24 maxlen: 24
94.250.99.0/24 maxlen: 24
94.250.100.0/24 maxlen: 24
94.250.101.0/24 maxlen: 24
94.250.102.0/24 maxlen: 24
94.250.103.0/24 maxlen: 24
94.250.104.0/24 maxlen: 24
94.250.105.0/24 maxlen: 24
94.250.106.0/24 maxlen: 24
94.250.107.0/24 maxlen: 24
94.250.112.0/24 maxlen: 24
94.250.113.0/24 maxlen: 24
94.250.114.0/24 maxlen: 24
94.250.115.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.crl
rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.mft
rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 13 Mar 2026 12:41:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:e2:10:b2:41:88:be:87:c7:b0:3e:b6:35:9e:29:d0:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29a9964e0cd35fb36757e5653ffa7626ac5deee8
Validity
Not Before: Mar 12 12:41:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b4a83c6e69a6eb068a4b77550c54760f437f2a9d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:53:63:48:7c:28:8d:f6:6b:05:1c:47:f8:9c:
15:e2:d1:dc:07:3a:34:8d:30:27:0b:a1:b6:73:87:
d0:8a:e7:f1:1c:f2:2f:26:15:77:13:76:3c:c6:9d:
4c:1e:0e:de:be:d9:32:22:1e:51:e1:6b:a2:56:39:
dc:21:0d:bc:58:78:a4:43:a3:bf:4f:ad:63:c9:c3:
b8:13:6f:7c:64:72:94:1b:6f:60:38:aa:29:cc:1a:
a2:6f:76:50:b0:e6:73:d4:2e:2f:c2:b1:b8:70:3a:
98:c0:0f:11:9c:7c:e0:cd:e3:04:c4:89:bb:cb:93:
97:98:e3:e2:36:9b:de:a5:12:db:ba:ae:ae:21:01:
47:10:e3:60:bb:b0:4e:0f:46:6f:19:ab:dc:1e:33:
60:a7:13:0c:48:a9:f5:c5:e6:b1:eb:5e:a0:0a:cc:
4e:01:e3:6a:77:ed:30:d3:88:ef:2a:bd:aa:93:4d:
c5:69:01:11:8b:9b:a4:71:36:5e:43:f1:cd:98:8a:
9e:fb:87:80:76:ad:d1:47:0c:51:e7:a0:5f:7c:86:
90:6a:be:0c:55:7b:46:34:9a:6f:0e:0a:58:0b:97:
2d:65:41:af:bc:c9:63:02:47:22:db:8f:85:d8:66:
a2:ac:21:08:b7:a6:5f:60:27:20:2d:11:ac:c9:d8:
58:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:A8:3C:6E:69:A6:EB:06:8A:4B:77:55:0C:54:76:0F:43:7F:2A:9D
X509v3 Authority Key Identifier:
keyid:29:A9:96:4E:0C:D3:5F:B3:67:57:E5:65:3F:FA:76:26:AC:5D:EE:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/tKg8bmmm6waKS3dVDFR2D0N_Kp0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.101.144.0/21
81.93.92.0/24
89.111.225.0/24
94.250.37.0-94.250.59.255
94.250.64.0-94.250.83.255
94.250.88.0-94.250.115.255
Signature Algorithm: sha256WithRSAEncryption
02:f3:36:b1:3a:f6:29:c2:d9:1c:28:cc:89:11:86:d7:eb:16:
54:a8:cb:e6:d9:9b:18:8e:df:08:05:ab:8e:c7:3c:46:ba:43:
88:a6:1d:97:d8:39:65:d1:6a:7c:7d:b7:9f:78:29:b6:18:00:
12:9d:aa:2e:d2:ad:31:84:c6:42:08:95:2d:98:68:d3:5c:67:
41:57:21:0d:bb:94:65:58:8a:ef:c4:f8:32:47:cb:a0:7a:9a:
4a:98:fc:03:9f:9a:59:91:68:fb:5e:33:a3:75:ce:57:9a:b3:
6b:d9:4a:55:2f:a8:ab:75:f5:15:d8:2e:39:14:6f:2b:e0:ca:
6f:e5:69:d9:a2:2d:d4:c2:c1:60:f1:0c:ff:63:47:bd:1a:8c:
de:88:2c:3c:58:3f:59:76:a4:ba:9c:73:02:04:2d:81:ff:e5:
39:05:fd:f0:61:67:6c:26:10:76:28:f2:d0:8a:cb:ef:34:ef:
e0:5a:5c:15:01:cd:4e:18:b9:70:69:af:76:55:d9:23:b8:ae:
d6:45:59:1f:47:d5:3f:89:e5:4f:80:dc:bf:79:13:f4:81:56:
4a:e4:62:96:85:61:ca:c2:7b:c6:67:dc:ff:33:b0:30:82:c8:
d7:4d:84:d5:3a:a1:10:cd:8e:e8:9c:74:30:e8:37:c2:83:28:
88:3f:4b:55
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZziELJBiL6Hx7A+tjWeKdAiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YTk5NjRlMGNkMzVmYjM2NzU3ZTU2NTNmZmE3NjI2YWM1
ZGVlZTgwHhcNMjYwMzEyMTI0MTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGE4M2M2ZTY5YTZlYjA2OGE0Yjc3NTUwYzU0NzYwZjQzN2YyYTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFNjSHwojfZrBRxH+JwV4tHcBzo0
jTAnC6G2c4fQiufxHPIvJhV3E3Y8xp1MHg7evtkyIh5R4WuiVjncIQ28WHikQ6O/
T61jycO4E298ZHKUG29gOKopzBqib3ZQsOZz1C4vwrG4cDqYwA8RnHzgzeMExIm7
y5OXmOPiNpvepRLbuq6uIQFHEONgu7BOD0ZvGavcHjNgpxMMSKn1xeax616gCsxO
AeNqd+0w04jvKr2qk03FaQERi5ukcTZeQ/HNmIqe+4eAdq3RRwxR56BffIaQar4M
VXtGNJpvDgpYC5ctZUGvvMljAkci24+F2GairCEIt6ZfYCcgLRGsydhY6wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFLSoPG5ppusGikt3VQxUdg9DfyqdMB8GA1UdIwQY
MBaAFCmplk4M01+zZ1flZT/6diasXe7oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2FtV1RnelRYN05uVi1WbFBfcDJKcXhkN3VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8yMTQwNjMtZjg4Zi00OTU4LWFlNTIt
ZDliNTMzZjdmYmMzLzEvdEtnOGJtbW02d2FLUzNkVkRGUjJEME5fS3AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8yMTQwNjMtZjg4Zi00OTU4LWFlNTItZDliNTMzZjdmYmMz
LzEvS2FtV1RnelRYN05uVi1WbFBfcDJKcXhkN3VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQDPmWQAwQA
UV1cAwQAWW/hMAwDBABe+iUDBAJe+jgwDAMEBl76QAMEAl76UDAMAwQDXvpYAwQC
XvpwMA0GCSqGSIb3DQEBCwUAA4IBAQAC8zaxOvYpwtkcKMyJEYbX6xZUqMvm2ZsY
jt8IBauOxzxGukOIph2X2Dll0Wp8fbefeCm2GAASnaou0q0xhMZCCJUtmGjTXGdB
VyENu5RlWIrvxPgyR8ugeppKmPwDn5pZkWj7XjOjdc5XmrNr2UpVL6irdfUV2C45
FG8r4Mpv5WnZoi3UwsFg8Qz/Y0e9GozeiCw8WD9ZdqS6nHMCBC2B/+U5Bf3wYWds
JhB2KPLQisvvNO/gWlwVAc1OGLlwaa92VdkjuK7WRVkfR9U/ieVPgNy/eRP0gVZK
5GKWhWHKwnvGZ9z/M7AwgsjXTYTVOqEQzY7onHQw6DfCgyiIP0tV
-----END CERTIFICATE-----
Generated at Thu Mar 12 21:36:40 2026 by rpki-client