Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/FiCFACbLFjfoITe9r0KE8q9S2bc.roa
File: FiCFACbLFjfoITe9r0KE8q9S2bc.roa (raw, json)
Hash identifier: O/ptyysLvK09RaCTCzJX066iYLfWNJCq3/D9xspCFUU=
Subject key identifier: 16:20:85:00:26:CB:16:37:E8:21:37:BD:AF:42:84:F2:AF:52:D9:B7
Certificate issuer: /CN=baaa64cd29c94ccde14448f61a172c763b1e4050
Certificate serial: 019E25172E94132D01F07617D9B2DA4D5D48
Authority key identifier: BA:AA:64:CD:29:C9:4C:CD:E1:44:48:F6:1A:17:2C:76:3B:1E:40:50
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uqpkzSnJTM3hREj2GhcsdjseQFA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/FiCFACbLFjfoITe9r0KE8q9S2bc.roa
Signing time: Thu 14 May 2026 06:05:36 +0000
ROA not before: Thu 14 May 2026 06:05:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 30815
IP address blocks: 88.209.128.0/22 maxlen: 22
88.209.128.0/24 maxlen: 24
88.209.129.0/24 maxlen: 24
88.209.130.0/24 maxlen: 24
88.209.132.0/22 maxlen: 22
88.209.132.0/24 maxlen: 24
88.209.133.0/24 maxlen: 24
88.209.135.0/24 maxlen: 24
88.209.136.0/24 maxlen: 24
88.209.137.0/24 maxlen: 24
88.209.138.0/24 maxlen: 24
88.209.139.0/24 maxlen: 24
88.209.140.0/23 maxlen: 23
88.209.140.0/24 maxlen: 24
88.209.142.0/23 maxlen: 23
88.209.142.0/24 maxlen: 24
88.209.160.0/21 maxlen: 21
88.209.160.0/22 maxlen: 22
88.209.160.0/24 maxlen: 24
88.209.161.0/24 maxlen: 24
88.209.162.0/24 maxlen: 24
88.209.163.0/24 maxlen: 24
88.209.164.0/22 maxlen: 22
88.209.164.0/23 maxlen: 23
88.209.164.0/24 maxlen: 24
88.209.165.0/24 maxlen: 24
88.209.166.0/24 maxlen: 24
88.209.167.0/24 maxlen: 24
88.209.190.0/24 maxlen: 24
88.209.191.0/24 maxlen: 24
93.189.96.0/21 maxlen: 21
93.189.96.0/23 maxlen: 23
93.189.96.0/24 maxlen: 24
93.189.97.0/24 maxlen: 24
93.189.98.0/23 maxlen: 23
93.189.98.0/24 maxlen: 24
93.189.99.0/24 maxlen: 24
93.189.100.0/23 maxlen: 23
93.189.100.0/24 maxlen: 24
93.189.101.0/24 maxlen: 24
93.189.102.0/23 maxlen: 23
93.189.102.0/24 maxlen: 24
93.189.103.0/24 maxlen: 24
185.63.232.0/22 maxlen: 22
185.63.232.0/23 maxlen: 23
185.63.232.0/24 maxlen: 24
185.63.233.0/24 maxlen: 24
185.63.234.0/24 maxlen: 24
185.63.235.0/24 maxlen: 24
2a03:11e0::/32 maxlen: 32
2a03:11e0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/uqpkzSnJTM3hREj2GhcsdjseQFA.crl
rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/uqpkzSnJTM3hREj2GhcsdjseQFA.mft
rsync://rpki.ripe.net/repository/DEFAULT/uqpkzSnJTM3hREj2GhcsdjseQFA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 17 May 2026 12:00:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:25:17:2e:94:13:2d:01:f0:76:17:d9:b2:da:4d:5d:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=baaa64cd29c94ccde14448f61a172c763b1e4050
Validity
Not Before: May 14 06:05:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1620850026cb1637e82137bdaf4284f2af52d9b7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:dc:f1:3b:dd:0d:cc:d6:22:2c:29:1d:8a:2d:
d1:cd:33:14:dd:c9:76:b8:55:63:f8:87:f6:15:21:
82:2e:3a:b5:2e:46:ef:6a:5d:0c:d7:58:06:3e:1d:
19:de:22:91:a9:00:e0:18:15:1e:c2:85:36:4c:2c:
0b:d0:86:6c:ad:0e:08:98:64:b6:fc:15:81:54:00:
53:5f:44:4b:78:d9:d5:a2:56:22:91:06:8f:8f:aa:
6c:5f:ef:96:e0:09:e0:0c:bf:24:c3:cc:ba:d7:a6:
a7:c3:50:82:dd:0f:3f:cf:5d:80:fd:7f:53:ec:16:
ce:5e:d4:71:36:d4:04:57:c2:7c:d2:05:82:9d:a1:
b8:50:ba:ba:03:ac:75:17:bf:51:d1:ca:93:8a:c5:
c7:88:ee:8e:2d:0b:84:e4:a6:4f:a7:25:bd:7d:28:
cc:42:02:fb:72:ab:25:aa:70:7a:28:5b:90:c1:52:
af:81:d7:0a:a6:7a:b0:04:0c:54:2d:90:fc:f5:fb:
cc:03:9b:ff:73:f1:0a:39:7c:30:48:17:3a:69:8c:
d6:db:4c:2b:7a:dc:0c:44:4a:ce:a0:ee:ce:63:3b:
a7:9a:5b:f7:c2:0c:d8:d9:59:ca:a3:fc:5f:b5:58:
f4:69:7f:99:9f:00:b1:7d:2b:07:68:fd:43:c2:35:
ac:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:20:85:00:26:CB:16:37:E8:21:37:BD:AF:42:84:F2:AF:52:D9:B7
X509v3 Authority Key Identifier:
keyid:BA:AA:64:CD:29:C9:4C:CD:E1:44:48:F6:1A:17:2C:76:3B:1E:40:50
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqpkzSnJTM3hREj2GhcsdjseQFA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/FiCFACbLFjfoITe9r0KE8q9S2bc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/uqpkzSnJTM3hREj2GhcsdjseQFA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.209.128.0/20
88.209.160.0/21
88.209.190.0/23
93.189.96.0/21
185.63.232.0/22
IPv6:
2a03:11e0::/32
Signature Algorithm: sha256WithRSAEncryption
2c:aa:fb:eb:cb:b9:44:80:7f:48:97:83:87:ee:76:ee:b2:a3:
d3:39:3f:bf:46:fc:fd:b4:dd:11:40:11:18:d1:8e:8d:40:03:
a7:26:10:56:41:21:74:dc:ae:3c:4d:7e:6f:f1:2d:15:e7:b4:
68:ec:df:b7:4a:d7:7e:47:c7:21:24:ba:5c:b6:00:76:59:44:
b8:71:f2:ab:d8:f9:c3:d7:e2:0d:2b:9a:32:b3:ed:62:6a:42:
c5:07:11:d1:a3:b3:4a:f8:5d:86:b2:80:7e:c8:d6:60:0a:77:
91:e2:75:a6:24:7d:bc:23:41:6b:73:24:b9:e1:c1:8c:a9:4a:
94:9b:a4:b1:49:08:70:4d:4d:e6:eb:17:fa:c7:95:ca:9b:d9:
0f:f8:7d:b4:5a:40:64:2a:e3:77:d3:3b:66:93:ed:4d:ea:d2:
d1:f9:a0:ee:64:78:a1:c1:03:57:04:7e:c1:61:2a:9b:63:ef:
33:c7:55:f3:d4:11:87:55:b2:8c:7a:f0:69:24:97:7e:c5:cc:
bc:98:aa:9c:82:9f:a4:e3:8f:7d:67:65:ea:b5:93:52:b1:41:
74:4d:f6:4f:c5:84:ba:23:4f:96:7b:1a:91:04:0d:6d:b7:d5:
e7:f9:06:37:8d:f1:40:5e:b8:5d:be:03:c4:78:a7:ca:29:26:
c8:5a:29:96
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZ4lFy6UEy0B8HYX2bLaTV1IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYWE2NGNkMjljOTRjY2RlMTQ0NDhmNjFhMTcyYzc2M2Ix
ZTQwNTAwHhcNMjYwNTE0MDYwNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjIwODUwMDI2Y2IxNjM3ZTgyMTM3YmRhZjQyODRmMmFmNTJkOWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3tzxO90NzNYiLCkdii3RzTMU3cl2
uFVj+If2FSGCLjq1Lkbval0M11gGPh0Z3iKRqQDgGBUewoU2TCwL0IZsrQ4ImGS2
/BWBVABTX0RLeNnVolYikQaPj6psX++W4AngDL8kw8y616anw1CC3Q8/z12A/X9T
7BbOXtRxNtQEV8J80gWCnaG4ULq6A6x1F79R0cqTisXHiO6OLQuE5KZPpyW9fSjM
QgL7cqslqnB6KFuQwVKvgdcKpnqwBAxULZD89fvMA5v/c/EKOXwwSBc6aYzW20wr
etwMRErOoO7OYzunmlv3wgzY2VnKo/xftVj0aX+ZnwCxfSsHaP1DwjWs/wIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFBYghQAmyxY36CE3va9ChPKvUtm3MB8GA1UdIwQY
MBaAFLqqZM0pyUzN4URI9hoXLHY7HkBQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFwa3pTbkpUTTNoUkVqMkdoY3NkanNlUUZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83MWY0MzktMmIxYi00ZWYwLWI2YTUt
OGZjYWE2OTM2YzZjLzEvRmlDRkFDYkxGamZvSVRlOXIwS0U4cTlTMmJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83MWY0MzktMmIxYi00ZWYwLWI2YTUtOGZjYWE2OTM2YzZj
LzEvdXFwa3pTbkpUTTNoUkVqMkdoY3NkanNlUUZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQEWNGAAwQD
WNGgAwQBWNG+AwQDXb1gAwQCuT/oMA0EAgACMAcDBQAqAxHgMA0GCSqGSIb3DQEB
CwUAA4IBAQAsqvvry7lEgH9Il4OH7nbusqPTOT+/Rvz9tN0RQBEY0Y6NQAOnJhBW
QSF03K48TX5v8S0V57Ro7N+3Std+R8chJLpctgB2WUS4cfKr2PnD1+INK5oys+1i
akLFBxHRo7NK+F2GsoB+yNZgCneR4nWmJH28I0FrcyS54cGMqUqUm6SxSQhwTU3m
6xf6x5XKm9kP+H20WkBkKuN30ztmk+1N6tLR+aDuZHihwQNXBH7BYSqbY+8zx1Xz
1BGHVbKMevBpJJd+xcy8mKqcgp+k4499Z2XqtZNSsUF0TfZPxYS6I0+WexqRBA1t
t9Xn+QY3jfFAXrhdvgPEeKfKKSbIWimW
-----END CERTIFICATE-----
Generated at Sat May 16 21:11:28 2026 by rpki-client