Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0cM8D32UlPrZzA8WJZKNc65enAg.roa
File: 0cM8D32UlPrZzA8WJZKNc65enAg.roa (raw, json)
Hash identifier: xcnOe60qBJYiQyPaXVzbVL9D1HoiLBB5ddNBscyQXbo=
Subject key identifier: D1:C3:3C:0F:7D:94:94:FA:D9:CC:0F:16:25:92:8D:73:AE:5E:9C:08
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019CADA3571508D65C9F65A6FB8F5D0FDB59
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0cM8D32UlPrZzA8WJZKNc65enAg.roa
Signing time: Mon 02 Mar 2026 08:21:28 +0000
ROA not before: Mon 02 Mar 2026 08:21:28 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 63199
IP address blocks: 80.240.85.0/24 maxlen: 24
81.168.18.0/24 maxlen: 24
81.168.58.0/24 maxlen: 24
81.168.123.0/24 maxlen: 24
82.152.122.0/24 maxlen: 24
82.163.18.0/24 maxlen: 24
89.213.192.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 06 Mar 2026 16:05:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:ad:a3:57:15:08:d6:5c:9f:65:a6:fb:8f:5d:0f:db:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Mar 2 08:21:28 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d1c33c0f7d9494fad9cc0f1625928d73ae5e9c08
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:ef:53:b6:0f:f7:9e:af:af:1e:f8:97:c2:c7:
21:57:4f:1b:6c:d1:fb:10:68:52:56:b3:37:33:09:
b9:53:0f:b5:ff:d2:2a:85:cb:b0:ee:72:b0:a9:e7:
cb:32:96:12:f8:0c:63:35:7f:bc:13:1f:06:16:10:
8b:e8:eb:aa:90:dd:31:7e:34:fb:f2:be:60:8f:9c:
55:57:c4:9f:4b:08:48:31:aa:e7:8f:53:88:e9:66:
28:36:40:be:c2:80:ab:a0:11:8a:4d:87:5c:04:52:
bb:13:92:1c:e9:86:a7:a3:73:fe:8b:4a:ec:20:23:
18:91:2a:e2:ba:99:29:76:0b:34:55:79:e2:07:c8:
7e:51:33:06:a7:3f:93:9b:16:55:26:60:8c:0f:5f:
71:a2:25:73:12:b6:b0:09:28:fe:b9:40:52:6a:d8:
c3:2b:6b:33:38:de:df:34:7e:f3:7a:82:9e:04:8c:
3f:b4:b8:d0:8e:92:ff:68:ae:46:ec:6f:45:b3:46:
bb:1d:2a:36:56:c6:d0:84:33:e2:62:79:39:c8:5e:
fa:09:c5:9b:e7:95:61:1e:4c:41:5e:f6:cb:6c:19:
55:49:3d:82:19:bc:79:f8:65:00:86:b3:0d:24:8b:
f8:b5:62:8f:42:5e:0a:92:00:bd:87:41:eb:a3:72:
ab:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:C3:3C:0F:7D:94:94:FA:D9:CC:0F:16:25:92:8D:73:AE:5E:9C:08
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0cM8D32UlPrZzA8WJZKNc65enAg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.240.85.0/24
81.168.18.0/24
81.168.58.0/24
81.168.123.0/24
82.152.122.0/24
82.163.18.0/24
89.213.192.0/24
Signature Algorithm: sha256WithRSAEncryption
69:d8:02:ca:68:9f:cd:fa:59:ad:9f:62:92:27:de:59:42:ba:
d0:dc:59:42:05:c7:7c:23:59:b3:49:d4:37:80:04:c2:64:45:
26:98:06:bf:79:59:8c:1e:d8:6e:60:d4:6a:d2:bc:53:85:d5:
81:bf:f9:84:13:93:e4:ff:26:45:1d:71:e5:af:1a:2d:a2:46:
e1:28:a7:b3:eb:1a:86:a9:1e:d5:cc:31:1b:7e:08:48:99:4e:
f8:e1:76:cb:e2:77:02:80:36:e6:8a:1d:a2:cf:10:d3:d6:a5:
da:60:b0:f5:e0:77:48:15:0a:f6:29:cd:78:ba:50:c1:94:02:
ae:f6:24:fe:7c:08:d3:8c:1b:df:e1:77:09:df:ad:43:a2:06:
32:d8:ae:0f:6a:d2:7b:1e:dd:3f:c3:d6:e6:58:28:81:ad:5a:
fd:14:49:74:ef:7b:ef:8e:b4:1d:a9:24:e2:da:6e:45:6b:51:
18:84:17:f6:f8:bb:27:26:d7:69:ed:5b:2d:1b:a7:16:9b:df:
6b:76:9d:14:a5:fa:00:d7:4d:37:f8:8f:3c:c6:45:36:c6:5f:
15:76:d6:17:91:2a:fc:a2:bd:be:38:99:fa:14:f8:c0:c1:33:
5a:0c:d1:e1:15:f3:bc:1f:3e:ac:e2:6a:73:16:c4:a4:40:69:
3e:8a:77:7a
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZyto1cVCNZcn2Wm+49dD9tZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzAyMDgyMTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWMzM2MwZjdkOTQ5NGZhZDljYzBmMTYyNTkyOGQ3M2FlNWU5YzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8O9Ttg/3nq+vHviXwschV08bbNH7
EGhSVrM3Mwm5Uw+1/9Iqhcuw7nKwqefLMpYS+AxjNX+8Ex8GFhCL6OuqkN0xfjT7
8r5gj5xVV8SfSwhIMarnj1OI6WYoNkC+woCroBGKTYdcBFK7E5Ic6Yano3P+i0rs
ICMYkSriupkpdgs0VXniB8h+UTMGpz+TmxZVJmCMD19xoiVzErawCSj+uUBSatjD
K2szON7fNH7zeoKeBIw/tLjQjpL/aK5G7G9Fs0a7HSo2VsbQhDPiYnk5yF76CcWb
55VhHkxBXvbLbBlVST2CGbx5+GUAhrMNJIv4tWKPQl4KkgC9h0Hro3Kr6QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNHDPA99lJT62cwPFiWSjXOuXpwIMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMGNNOEQzMlVsUHJaekE4V0paS05jNjVlbkFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAUPBVAwQA
UagSAwQAUag6AwQAUah7AwQAUph6AwQAUqMSAwQAWdXAMA0GCSqGSIb3DQEBCwUA
A4IBAQBp2ALKaJ/N+lmtn2KSJ95ZQrrQ3FlCBcd8I1mzSdQ3gATCZEUmmAa/eVmM
HthuYNRq0rxThdWBv/mEE5Pk/yZFHXHlrxotokbhKKez6xqGqR7VzDEbfghImU74
4XbL4ncCgDbmih2izxDT1qXaYLD14HdIFQr2Kc14ulDBlAKu9iT+fAjTjBvf4XcJ
361DogYy2K4PatJ7Ht0/w9bmWCiBrVr9FEl073vvjrQdqSTi2m5Fa1EYhBf2+Lsn
Jtdp7VstG6cWm99rdp0UpfoA1003+I88xkU2xl8VdtYXkSr8or2+OJn6FPjAwTNa
DNHhFfO8Hz6s4mpzFsSkQGk+ind6
-----END CERTIFICATE-----
Generated at Thu Mar 5 20:41:29 2026 by rpki-client