Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-MYbAeiu8VqjuFR5QGKgLwv8XTI.roa
File: 1-MYbAeiu8VqjuFR5QGKgLwv8XTI.roa (raw, json)
Hash identifier: TIZCo3oIjs9v1Y794TotAKlbWma3oqtzxM4YYe0FWcU=
Subject key identifier: F8:C6:1B:01:E8:AE:F1:5A:A3:B8:54:79:40:62:A0:2F:0B:FC:5D:32
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019D6CFAACBE770190D47D206895DAE14D67
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-MYbAeiu8VqjuFR5QGKgLwv8XTI.roa
Signing time: Wed 08 Apr 2026 12:04:20 +0000
ROA not before: Wed 08 Apr 2026 12:04:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213607
IP address blocks: 81.168.8.0/24 maxlen: 24
81.168.16.0/24 maxlen: 24
81.168.85.0/24 maxlen: 24
82.153.236.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Apr 2026 20:11:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:6c:fa:ac:be:77:01:90:d4:7d:20:68:95:da:e1:4d:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Apr 8 12:04:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f8c61b01e8aef15aa3b854794062a02f0bfc5d32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:97:f3:e8:37:e6:89:ae:e1:88:5d:5f:3b:55:
ec:0f:a5:bf:61:a4:52:2a:78:04:e5:c6:cd:41:57:
9f:ab:09:23:a9:02:a1:d0:24:0a:68:9b:5b:24:65:
45:00:f4:ec:8a:6f:72:e3:31:2f:6c:ec:a6:7e:ac:
1c:66:de:6f:9b:f7:87:f3:a5:78:c7:0b:c2:3d:fe:
3e:d1:e1:b1:5e:09:d9:4c:de:52:68:01:52:2c:67:
75:db:29:82:c2:6f:d6:dc:35:b8:a7:89:8e:d8:29:
a1:49:43:ed:30:57:06:64:dc:4e:36:a2:9d:00:43:
23:df:0f:7d:fb:92:12:2d:7f:00:5d:28:2f:7a:7f:
ed:c0:1b:31:af:eb:63:a4:62:b6:5b:a9:d7:ad:42:
f5:f9:a0:7e:7b:e1:64:5b:60:20:f8:40:ba:a8:0e:
9c:9f:9b:b5:0a:01:46:e1:eb:99:72:fe:48:40:a1:
64:fd:5e:ef:fa:35:5b:c1:b2:67:35:28:85:c5:65:
02:cc:4a:d3:23:73:03:c8:65:32:55:67:c4:a7:e9:
fa:a6:84:2a:21:b8:65:40:80:33:01:58:4b:3b:e1:
91:ac:42:1a:23:35:c7:7b:c7:01:d6:17:be:44:c7:
f9:38:c7:d5:9a:b3:ca:8d:c0:a5:5d:67:a5:e3:e6:
52:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:C6:1B:01:E8:AE:F1:5A:A3:B8:54:79:40:62:A0:2F:0B:FC:5D:32
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-MYbAeiu8VqjuFR5QGKgLwv8XTI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.8.0/24
81.168.16.0/24
81.168.85.0/24
82.153.236.0/24
Signature Algorithm: sha256WithRSAEncryption
a5:ea:ec:a0:ad:14:be:1e:c7:bd:fb:94:de:a8:fa:43:1a:eb:
01:52:b2:53:b0:aa:86:c8:6c:a9:97:3c:1f:c6:9f:6f:f3:af:
1f:e4:c3:7a:42:d6:b1:f4:ff:01:cf:37:9d:98:05:0b:58:8f:
23:8d:a3:14:de:f2:4b:64:fb:88:45:84:4d:16:28:4d:f1:ad:
ef:52:9c:a1:04:fa:6b:18:92:dc:13:91:4b:02:0f:0f:0a:70:
23:01:33:c9:1c:55:02:d1:aa:c2:27:96:16:d7:fd:33:94:c1:
a0:de:9e:96:84:29:82:b8:15:98:08:43:bc:ac:52:01:a9:da:
20:08:c1:78:38:bb:73:57:b5:bb:6a:ac:1c:55:31:5c:f7:32:
0b:86:c8:a5:40:e5:3d:32:88:29:f9:fe:5e:79:88:dd:50:d3:
b9:0f:0c:d8:5b:54:ac:01:9a:32:43:b7:4d:c1:21:98:1a:57:
fe:43:6d:ef:c5:8a:c1:52:f7:0d:60:e7:9c:75:46:f7:32:0e:
9e:7a:de:5c:c4:b2:69:51:76:5b:b9:79:bb:3f:bb:b6:a6:c7:
2b:fb:2a:cf:4b:6e:df:a8:f5:d1:90:77:a6:42:05:0f:c9:cb:
68:f9:21:ee:ed:e3:20:d4:15:35:6d:35:c0:53:71:28:5e:73:
04:04:22:7b
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZ1s+qy+dwGQ1H0gaJXa4U1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDA4MTIwNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGM2MWIwMWU4YWVmMTVhYTNiODU0Nzk0MDYyYTAyZjBiZmM1ZDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5fz6Dfmia7hiF1fO1XsD6W/YaRS
KngE5cbNQVefqwkjqQKh0CQKaJtbJGVFAPTsim9y4zEvbOymfqwcZt5vm/eH86V4
xwvCPf4+0eGxXgnZTN5SaAFSLGd12ymCwm/W3DW4p4mO2CmhSUPtMFcGZNxONqKd
AEMj3w99+5ISLX8AXSgven/twBsxr+tjpGK2W6nXrUL1+aB+e+FkW2Ag+EC6qA6c
n5u1CgFG4euZcv5IQKFk/V7v+jVbwbJnNSiFxWUCzErTI3MDyGUyVWfEp+n6poQq
IbhlQIAzAVhLO+GRrEIaIzXHe8cB1he+RMf5OMfVmrPKjcClXWel4+ZSewIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFPjGGwHorvFao7hUeUBioC8L/F0yMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMS1NWWJBZWl1OFZxanVGUjVRR0tnTHd2OFhUSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGEvNDlkYzAwLTk3ZTItNDYyOC1hZTM5LTQxMjI4ZTM5ZmY3
Yy8xL1A5TU5pbjRTX0h2Mkxnd1NIbnpDSnQ2bE81cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAxBggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAFGoCAME
AFGoEAMEAFGoVQMEAFKZ7DANBgkqhkiG9w0BAQsFAAOCAQEApersoK0Uvh7HvfuU
3qj6QxrrAVKyU7CqhshsqZc8H8afb/OvH+TDekLWsfT/Ac83nZgFC1iPI42jFN7y
S2T7iEWETRYoTfGt71KcoQT6axiS3BORSwIPDwpwIwEzyRxVAtGqwieWFtf9M5TB
oN6eloQpgrgVmAhDvKxSAanaIAjBeDi7c1e1u2qsHFUxXPcyC4bIpUDlPTKIKfn+
XnmI3VDTuQ8M2FtUrAGaMkO3TcEhmBpX/kNt78WKwVL3DWDnnHVG9zIOnnreXMSy
aVF2W7l5uz+7tqbHK/sqz0tu36j10ZB3pkIFD8nLaPkh7u3jINQVNW01wFNxKF5z
BAQiew==
-----END CERTIFICATE-----
Generated at Thu Apr 9 05:18:53 2026 by rpki-client