
Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/3df6ee-2366-4b92-8394-91c50a09047a/1/2GYhbWHtfBWPF1UEk4OY2FR4BlE.roa
File: 2GYhbWHtfBWPF1UEk4OY2FR4BlE.roa (raw, json)
Hash identifier: w4kZnQsbsuOxKFHTlD0TVfi8ciQmtnzyEXnJDLUlaZo=
Subject key identifier: D8:66:21:6D:61:ED:7C:15:8F:17:55:04:93:83:98:D8:54:78:06:51
Certificate issuer: /CN=a4396ac14b77b1f033d9e459210c873b012e0a79
Certificate serial: 019ED4ADBDF931F313627647D5C06DA43AB0
Authority key identifier: A4:39:6A:C1:4B:77:B1:F0:33:D9:E4:59:21:0C:87:3B:01:2E:0A:79
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pDlqwUt3sfAz2eRZIQyHOwEuCnk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/3df6ee-2366-4b92-8394-91c50a09047a/1/2GYhbWHtfBWPF1UEk4OY2FR4BlE.roa
Signing time: Wed 17 Jun 2026 08:23:36 +0000
ROA not before: Wed 17 Jun 2026 08:23:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 29695
IP address blocks: 85.255.32.0/20 maxlen: 20
185.36.240.0/22 maxlen: 22
194.69.208.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/85/3df6ee-2366-4b92-8394-91c50a09047a/1/pDlqwUt3sfAz2eRZIQyHOwEuCnk.crl
rsync://rpki.ripe.net/repository/DEFAULT/85/3df6ee-2366-4b92-8394-91c50a09047a/1/pDlqwUt3sfAz2eRZIQyHOwEuCnk.mft
rsync://rpki.ripe.net/repository/DEFAULT/pDlqwUt3sfAz2eRZIQyHOwEuCnk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 01 Jul 2026 20:01:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:d4:ad:bd:f9:31:f3:13:62:76:47:d5:c0:6d:a4:3a:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a4396ac14b77b1f033d9e459210c873b012e0a79
Validity
Not Before: Jun 17 08:23:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d866216d61ed7c158f175504938398d854780651
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:bd:f4:cb:02:ef:82:d6:1a:88:6b:9f:88:3b:
90:92:42:d7:b4:52:0e:48:cf:1b:0e:d4:e4:03:67:
a7:62:fd:30:16:1a:f3:17:ad:9a:56:20:5e:23:9f:
0c:00:0d:b2:45:0d:67:62:34:86:30:92:e5:03:e8:
ea:da:31:b1:8b:a0:e1:87:07:85:ce:07:79:71:2f:
2b:07:14:dc:30:f6:29:35:9c:6e:fc:b5:5e:7a:5e:
8a:b9:b8:09:26:71:cc:ea:b9:55:a1:fd:92:d7:80:
14:e7:f5:c3:44:35:41:19:da:3d:cb:85:34:40:04:
5d:58:b4:b5:67:e5:79:cb:35:e6:b3:af:53:23:9b:
54:5f:c7:f6:fe:58:b4:4b:1b:73:83:ec:20:33:e6:
f0:78:b7:3d:d3:07:c4:90:e9:31:92:50:19:c1:99:
d9:39:0b:1e:fb:eb:28:9c:cb:5f:65:72:8b:7a:9c:
61:b1:3b:a7:c4:27:a8:06:dc:5e:62:4d:57:7a:e7:
32:26:ed:58:ae:89:66:91:af:fd:18:95:18:53:41:
63:6f:17:93:b5:a1:ad:5a:ed:85:7e:57:a2:5f:2a:
50:0b:9a:91:15:67:96:73:be:2b:4a:8d:28:1d:d0:
59:3d:2b:2a:f0:3f:5f:ba:fa:c8:87:a9:5b:3f:34:
71:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:66:21:6D:61:ED:7C:15:8F:17:55:04:93:83:98:D8:54:78:06:51
X509v3 Authority Key Identifier:
keyid:A4:39:6A:C1:4B:77:B1:F0:33:D9:E4:59:21:0C:87:3B:01:2E:0A:79
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pDlqwUt3sfAz2eRZIQyHOwEuCnk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/3df6ee-2366-4b92-8394-91c50a09047a/1/2GYhbWHtfBWPF1UEk4OY2FR4BlE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/3df6ee-2366-4b92-8394-91c50a09047a/1/pDlqwUt3sfAz2eRZIQyHOwEuCnk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.255.32.0/20
185.36.240.0/22
194.69.208.0/20
Signature Algorithm: sha256WithRSAEncryption
f0:5b:39:6d:d7:ce:aa:f8:3f:90:bd:23:f5:af:a8:8c:30:93:
40:a0:5c:e1:fe:62:da:14:26:c7:4e:d9:ec:8e:8e:18:e5:d4:
e9:49:1e:19:46:f9:8e:0a:08:4a:56:4a:1c:b8:0c:52:6a:cb:
f7:ef:1c:5b:3b:1e:13:62:4f:10:b0:ae:79:00:14:b2:4f:0a:
85:e2:35:46:82:3f:26:c4:1e:b0:82:b2:b5:05:bb:26:cf:9c:
98:8f:89:b3:99:d0:fe:6d:48:ae:fe:81:51:8d:78:32:09:0c:
ea:66:db:e8:44:46:03:99:aa:ea:f3:4a:6c:d6:02:a7:c7:19:
cd:ce:e5:4d:03:30:3a:da:db:84:f7:90:26:a7:10:62:00:de:
b8:ab:9c:ff:3c:31:4c:7e:01:58:e3:e7:5b:f2:ae:57:02:12:
11:49:f7:30:40:ba:52:a4:24:f1:e4:11:67:05:45:e8:b9:89:
62:9c:1f:33:45:4f:da:d7:14:61:ec:73:e3:c6:dd:2f:d1:ad:
34:6b:ef:cc:bd:91:96:27:5f:9f:2e:c8:2a:0c:ee:88:46:ba:
fe:27:da:a5:a7:74:2c:74:ed:fd:dc:fb:0e:d7:90:76:e6:5f:
dc:81:05:b0:68:c0:db:a8:33:98:e8:9f:f7:d1:2c:f1:bb:b0:
49:dd:67:ef
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ7Urb35MfMTYnZH1cBtpDqwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Mzk2YWMxNGI3N2IxZjAzM2Q5ZTQ1OTIxMGM4NzNiMDEy
ZTBhNzkwHhcNMjYwNjE3MDgyMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODY2MjE2ZDYxZWQ3YzE1OGYxNzU1MDQ5MzgzOThkODU0NzgwNjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b30ywLvgtYaiGufiDuQkkLXtFIO
SM8bDtTkA2enYv0wFhrzF62aViBeI58MAA2yRQ1nYjSGMJLlA+jq2jGxi6DhhweF
zgd5cS8rBxTcMPYpNZxu/LVeel6KubgJJnHM6rlVof2S14AU5/XDRDVBGdo9y4U0
QARdWLS1Z+V5yzXms69TI5tUX8f2/li0Sxtzg+wgM+bweLc90wfEkOkxklAZwZnZ
OQse++sonMtfZXKLepxhsTunxCeoBtxeYk1XeucyJu1Yrolmka/9GJUYU0FjbxeT
taGtWu2FfleiXypQC5qRFWeWc74rSo0oHdBZPSsq8D9fuvrIh6lbPzRxqQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNhmIW1h7XwVjxdVBJODmNhUeAZRMB8GA1UdIwQY
MBaAFKQ5asFLd7HwM9nkWSEMhzsBLgp5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcERscXdVdDNzZkF6MmVSWklReUhPd0V1Q25rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS8zZGY2ZWUtMjM2Ni00YjkyLTgzOTQt
OTFjNTBhMDkwNDdhLzEvMkdZaGJXSHRmQldQRjFVRWs0T1kyRlI0QmxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS8zZGY2ZWUtMjM2Ni00YjkyLTgzOTQtOTFjNTBhMDkwNDdh
LzEvcERscXdVdDNzZkF6MmVSWklReUhPd0V1Q25rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEVf8gAwQC
uSTwAwQEwkXQMA0GCSqGSIb3DQEBCwUAA4IBAQDwWzlt186q+D+QvSP1r6iMMJNA
oFzh/mLaFCbHTtnsjo4Y5dTpSR4ZRvmOCghKVkocuAxSasv37xxbOx4TYk8QsK55
ABSyTwqF4jVGgj8mxB6wgrK1Bbsmz5yYj4mzmdD+bUiu/oFRjXgyCQzqZtvoREYD
marq80ps1gKnxxnNzuVNAzA62tuE95AmpxBiAN64q5z/PDFMfgFY4+db8q5XAhIR
SfcwQLpSpCTx5BFnBUXouYlinB8zRU/a1xRh7HPjxt0v0a00a+/MvZGWJ1+fLsgq
DO6IRrr+J9qlp3QsdO393PsO15B25l/cgQWwaMDbqDOY6J/30Szxu7BJ3Wfv
-----END CERTIFICATE-----
Generated at Wed Jul 1 01:34:33 2026 by rpki-client