Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/RB5RbNlzRrb86Q06Ud7SSxD--CQ.roa
File: RB5RbNlzRrb86Q06Ud7SSxD--CQ.roa (raw, json)
Hash identifier: QgnbMUj23g9e+onnvipNTDHyLiE4Irsi1X62S6yWUWU=
Subject key identifier: 44:1E:51:6C:D9:73:46:B6:FC:E9:0D:3A:51:DE:D2:4B:10:FE:F8:24
Certificate issuer: /CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
Certificate serial: 019DB40D09FF097A1FBEE70F965A502EF929
Authority key identifier: F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/RB5RbNlzRrb86Q06Ud7SSxD--CQ.roa
Signing time: Wed 22 Apr 2026 07:17:26 +0000
ROA not before: Wed 22 Apr 2026 07:17:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 211970
IP address blocks: 131.117.230.0/24 maxlen: 24
131.117.231.0/24 maxlen: 24
131.117.233.0/24 maxlen: 24
185.21.136.0/24 maxlen: 24
185.21.139.0/24 maxlen: 24
212.126.113.0/24 maxlen: 24
212.126.115.0/24 maxlen: 24
2a04:2dc0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.crl
rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 03 May 2026 17:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:b4:0d:09:ff:09:7a:1f:be:e7:0f:96:5a:50:2e:f9:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
Validity
Not Before: Apr 22 07:17:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=441e516cd97346b6fce90d3a51ded24b10fef824
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:04:8f:a6:01:8e:cb:db:23:57:0c:3a:03:57:
57:30:c3:ad:78:ef:7f:95:7d:b7:2c:cf:1a:9f:c6:
1d:82:0d:cc:de:8b:3d:4d:5d:fe:b9:d2:89:7e:32:
12:df:e2:8f:2d:65:7f:70:da:fa:22:88:81:0b:eb:
b2:0e:5b:7e:f8:fc:24:3a:a2:1d:d5:a4:93:b1:c6:
b7:d4:7f:15:68:cc:a1:7b:56:38:f3:c6:17:2e:25:
e1:a4:93:f4:4a:93:6e:f0:83:1f:b5:79:29:0f:73:
86:74:fe:97:e8:03:c7:45:c7:2d:e9:21:91:06:57:
8f:52:22:60:2c:d6:cb:58:2f:83:b9:ea:3e:dd:bf:
c4:51:00:61:b5:44:2e:f9:47:39:98:94:6f:5f:05:
d2:88:20:00:85:2f:18:06:dc:c4:bb:27:4a:01:01:
bf:b0:e5:9e:66:be:65:24:f3:8b:e0:d1:50:64:ee:
c6:ba:3e:27:aa:f5:00:af:67:78:18:31:2e:c4:f3:
14:cc:a1:87:a5:cb:f8:90:5c:ce:19:ca:7a:67:96:
68:6a:79:c0:38:6f:1b:89:74:3a:aa:13:1a:fd:a5:
53:30:62:7d:f1:fd:0c:68:a8:12:eb:26:c9:b7:8f:
9c:d5:97:eb:53:d6:f6:55:87:e5:8a:1b:a7:aa:ad:
8f:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:1E:51:6C:D9:73:46:B6:FC:E9:0D:3A:51:DE:D2:4B:10:FE:F8:24
X509v3 Authority Key Identifier:
keyid:F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/RB5RbNlzRrb86Q06Ud7SSxD--CQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
131.117.230.0/23
131.117.233.0/24
185.21.136.0/24
185.21.139.0/24
212.126.113.0/24
212.126.115.0/24
IPv6:
2a04:2dc0::/48
Signature Algorithm: sha256WithRSAEncryption
b0:e9:1d:82:cd:8d:ab:7c:86:41:0f:59:97:ff:b5:dd:ee:d0:
39:45:ad:3c:01:87:9a:d8:4b:48:b8:cf:8e:aa:02:40:a7:3a:
65:af:57:1e:0d:22:76:de:10:5e:fa:c5:bf:af:1a:11:c2:96:
e8:76:01:79:62:88:0b:84:6e:03:de:ee:ae:23:05:ad:ad:e5:
ee:bf:e6:91:95:30:e5:eb:a3:8e:ce:0a:4f:3f:02:dc:8b:b1:
b6:71:d5:ad:e8:7c:b0:ad:bf:2f:70:bd:90:db:27:ee:18:6c:
2d:b4:da:99:e4:d1:d4:20:81:3e:2c:6b:51:48:4c:52:c8:b8:
50:10:c9:a0:02:e9:5b:ea:1a:ed:c9:77:7a:e9:8f:fa:9d:ff:
66:d2:fd:ae:cb:7a:92:25:e5:96:5b:37:eb:26:17:63:ea:cf:
5c:f2:5e:d6:bd:9e:91:b1:13:0d:d6:a4:46:f8:5f:47:f1:ab:
36:43:76:33:65:e8:cf:78:24:14:c6:dc:d9:07:1b:91:89:4d:
43:06:a4:42:5d:4a:ce:c1:6a:ff:d9:75:c2:39:f7:91:eb:1e:
a2:00:0e:94:44:c4:07:d2:ff:bc:08:40:82:d9:64:67:71:c7:
4c:11:e9:b7:79:df:cc:9a:83:65:7e:9b:84:2e:60:6f:c0:26:
83:ec:8f:a2
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAZ20DQn/CXofvucPllpQLvkpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5OGEwMmQyMGM2YjdkZTM1NzEyNWYzOGIxNzM1Y2ExYjkx
Zjg3YjMwHhcNMjYwNDIyMDcxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDFlNTE2Y2Q5NzM0NmI2ZmNlOTBkM2E1MWRlZDI0YjEwZmVmODI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvASPpgGOy9sjVww6A1dXMMOteO9/
lX23LM8an8Ydgg3M3os9TV3+udKJfjIS3+KPLWV/cNr6IoiBC+uyDlt++PwkOqId
1aSTsca31H8VaMyhe1Y488YXLiXhpJP0SpNu8IMftXkpD3OGdP6X6APHRcct6SGR
BlePUiJgLNbLWC+Dueo+3b/EUQBhtUQu+Uc5mJRvXwXSiCAAhS8YBtzEuydKAQG/
sOWeZr5lJPOL4NFQZO7Guj4nqvUAr2d4GDEuxPMUzKGHpcv4kFzOGcp6Z5ZoannA
OG8biXQ6qhMa/aVTMGJ98f0MaKgS6ybJt4+c1ZfrU9b2VYflihunqq2P2QIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFEQeUWzZc0a2/OkNOlHe0ksQ/vgkMB8GA1UdIwQY
MBaAFPmKAtIMa33jVxJfOLFzXKG5H4ezMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Zb0MwZ3hyZmVOWEVsODRzWE5jb2JrZmg3TS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMz
LWFjZTNkNjc1ZDNjZC8xL1JCNVJiTmx6UnJiODZRMDZVZDdTU3hELS1DUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMzLWFjZTNkNjc1ZDNj
ZC8xLzEtWW9DMGd4cmZlTlhFbDg0c1hOY29ia2ZoN00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwTgYIKwYBBQUHAQcBAf8EPzA9MCoEAgABMCQDBAGDdeYD
BACDdekDBAC5FYgDBAC5FYsDBADUfnEDBADUfnMwDwQCAAIwCQMHACoELcAAADAN
BgkqhkiG9w0BAQsFAAOCAQEAsOkdgs2Nq3yGQQ9Zl/+13e7QOUWtPAGHmthLSLjP
jqoCQKc6Za9XHg0idt4QXvrFv68aEcKW6HYBeWKIC4RuA97uriMFra3l7r/mkZUw
5eujjs4KTz8C3IuxtnHVreh8sK2/L3C9kNsn7hhsLbTameTR1CCBPixrUUhMUsi4
UBDJoALpW+oa7cl3eumP+p3/ZtL9rst6kiXllls36yYXY+rPXPJe1r2ekbETDdak
RvhfR/GrNkN2M2Xoz3gkFMbc2QcbkYlNQwakQl1KzsFq/9l1wjn3keseogAOlETE
B9L/vAhAgtlkZ3HHTBHpt3nfzJqDZX6bhC5gb8Amg+yPog==
-----END CERTIFICATE-----
Generated at Sun May 3 02:50:41 2026 by rpki-client