Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/2R-pdKvzP7mLt7VDNk21Zls2YAU.roa
File: 2R-pdKvzP7mLt7VDNk21Zls2YAU.roa (raw, json)
Hash identifier: ZLrdw7YBPAPPVzia5wkusNu7VIgcqFGqY76tfwOLNQY=
Subject key identifier: D9:1F:A9:74:AB:F3:3F:B9:8B:B7:B5:43:36:4D:B5:66:5B:36:60:05
Certificate issuer: /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial: 019E7D3250677DF3EDDDD9D63E5CDE050202
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/2R-pdKvzP7mLt7VDNk21Zls2YAU.roa
Signing time: Sun 31 May 2026 08:41:49 +0000
ROA not before: Sun 31 May 2026 08:41:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 13213
IP address blocks: 168.199.169.0/24 maxlen: 24
168.199.234.0/24 maxlen: 24
168.199.245.0/24 maxlen: 24
185.101.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Jun 2026 23:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:7d:32:50:67:7d:f3:ed:dd:d9:d6:3e:5c:de:05:02:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
Validity
Not Before: May 31 08:41:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d91fa974abf33fb98bb7b543364db5665b366005
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:01:7e:25:d3:d7:87:1e:31:03:0f:8f:a8:97:
c5:e5:a9:26:da:cc:be:d8:52:30:a5:4b:aa:f6:c0:
81:76:29:62:fb:2f:91:f2:2d:cb:80:ff:51:5b:a7:
5d:85:f1:c8:d9:9a:68:a8:35:45:02:1a:39:df:3d:
16:36:27:d0:5c:9b:46:35:1f:e0:47:49:99:0d:9c:
ba:e7:db:f9:d7:18:80:4d:bc:29:27:c3:1d:ae:b6:
12:32:ce:38:e8:c3:8d:36:b1:d4:06:19:4a:14:98:
81:64:aa:c8:1e:8e:5e:ed:04:05:95:83:80:43:4d:
f6:9e:ee:43:37:5b:97:c1:51:d1:96:40:dd:f9:67:
97:80:fe:7a:a2:bb:8f:c9:30:72:20:91:f0:dd:37:
db:d2:88:81:14:59:17:91:1a:6a:76:41:f4:cc:ef:
31:f8:a2:e3:ea:57:4b:45:8f:b6:d5:87:1c:f8:84:
88:01:27:1f:47:c0:92:26:32:e3:de:51:75:a3:4c:
53:45:62:03:68:66:83:29:92:71:56:9a:bd:d7:42:
80:ef:1e:a3:3c:66:08:01:16:37:99:6d:9f:c8:2a:
f6:65:bb:35:00:26:fc:54:90:39:62:4c:c6:ae:a5:
bc:6a:8f:54:68:4c:07:3a:e7:d3:de:21:5f:7c:5b:
97:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:1F:A9:74:AB:F3:3F:B9:8B:B7:B5:43:36:4D:B5:66:5B:36:60:05
X509v3 Authority Key Identifier:
keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/2R-pdKvzP7mLt7VDNk21Zls2YAU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
168.199.169.0/24
168.199.234.0/24
168.199.245.0/24
185.101.255.0/24
Signature Algorithm: sha256WithRSAEncryption
61:3a:e2:b2:eb:77:54:c5:08:8b:99:02:27:d2:c1:9d:0f:0c:
88:b3:f0:2f:5b:fe:d3:9c:9b:17:35:42:80:4f:3f:b1:de:85:
18:f7:c5:85:03:ed:b5:1d:3d:30:66:15:21:41:26:b7:4a:05:
9e:53:e2:04:eb:3d:f1:ab:73:cb:70:d1:cc:fe:03:96:0d:c3:
10:d9:96:92:eb:7b:ed:d9:8c:06:0f:c8:ed:cf:68:5a:ad:47:
86:26:e3:48:b3:80:de:a0:a0:f7:2b:74:94:18:49:c4:cf:28:
7a:78:3d:a2:32:f4:07:14:64:b3:29:e8:db:04:7c:87:a2:08:
5a:47:0d:82:c0:cf:3e:bc:70:07:70:fe:94:70:37:81:a1:46:
76:e9:3e:59:ca:00:37:da:2b:cf:50:3d:72:80:01:b0:57:a1:
aa:4d:e3:b1:c8:f2:c7:e8:e6:f1:1f:f9:47:32:89:8d:c8:ab:
b7:64:38:94:87:29:61:44:29:48:89:64:cc:96:1b:db:e5:ae:
e2:b4:a5:e3:19:82:51:ff:cd:da:ea:ca:1c:7a:82:f7:bb:21:
ec:e2:36:ff:1c:5a:cd:4b:a7:e9:69:9b:8b:f6:5b:31:fc:34:
95:4e:83:6e:99:0d:11:9b:79:10:fb:e8:be:59:27:42:07:ea:
2d:5f:78:37
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ59MlBnffPt3dnWPlzeBQICMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjYwNTMxMDg0MTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTFmYTk3NGFiZjMzZmI5OGJiN2I1NDMzNjRkYjU2NjViMzY2MDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgF+JdPXhx4xAw+PqJfF5akm2sy+
2FIwpUuq9sCBdili+y+R8i3LgP9RW6ddhfHI2ZpoqDVFAho53z0WNifQXJtGNR/g
R0mZDZy659v51xiATbwpJ8MdrrYSMs446MONNrHUBhlKFJiBZKrIHo5e7QQFlYOA
Q032nu5DN1uXwVHRlkDd+WeXgP56oruPyTByIJHw3Tfb0oiBFFkXkRpqdkH0zO8x
+KLj6ldLRY+21Ycc+ISIAScfR8CSJjLj3lF1o0xTRWIDaGaDKZJxVpq910KA7x6j
PGYIARY3mW2fyCr2Zbs1ACb8VJA5YkzGrqW8ao9UaEwHOufT3iFffFuXuQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNkfqXSr8z+5i7e1QzZNtWZbNmAFMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvMlItcGRLdnpQN21MdDdWRE5rMjFabHMyWUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAqMepAwQA
qMfqAwQAqMf1AwQAuWX/MA0GCSqGSIb3DQEBCwUAA4IBAQBhOuKy63dUxQiLmQIn
0sGdDwyIs/AvW/7TnJsXNUKATz+x3oUY98WFA+21HT0wZhUhQSa3SgWeU+IE6z3x
q3PLcNHM/gOWDcMQ2ZaS63vt2YwGD8jtz2harUeGJuNIs4DeoKD3K3SUGEnEzyh6
eD2iMvQHFGSzKejbBHyHoghaRw2CwM8+vHAHcP6UcDeBoUZ26T5ZygA32ivPUD1y
gAGwV6GqTeOxyPLH6ObxH/lHMomNyKu3ZDiUhylhRClIiWTMlhvb5a7itKXjGYJR
/83a6soceoL3uyHs4jb/HFrNS6fpaZuL9lsx/DSVToNumQ0Rm3kQ++i+WSdCB+ot
X3g3
-----END CERTIFICATE-----
Generated at Thu Jun 11 09:10:22 2026 by rpki-client