Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/1bda7c-9858-43f5-8659-69fc056b2625/1/h9Ez5VJGHgLgp09W_3gZe1Yk8LY.roa
File: h9Ez5VJGHgLgp09W_3gZe1Yk8LY.roa (raw, json)
Hash identifier: CP/8WBU1IT54jNR+qszhkfIQMh5/elXyL0h0IDRhoPI=
Subject key identifier: 87:D1:33:E5:52:46:1E:02:E0:A7:4F:56:FF:78:19:7B:56:24:F0:B6
Certificate issuer: /CN=2c94d70cfb7e69019a2e01c87d0a5d545a599b52
Certificate serial: 019DB636EE9B757C6202A21C24FE8DB28DEF
Authority key identifier: 2C:94:D7:0C:FB:7E:69:01:9A:2E:01:C8:7D:0A:5D:54:5A:59:9B:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LJTXDPt-aQGaLgHIfQpdVFpZm1I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/1bda7c-9858-43f5-8659-69fc056b2625/1/h9Ez5VJGHgLgp09W_3gZe1Yk8LY.roa
Signing time: Wed 22 Apr 2026 17:22:26 +0000
ROA not before: Wed 22 Apr 2026 17:22:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 206049
IP address blocks: 185.88.56.0/22 maxlen: 22
185.197.56.0/22 maxlen: 24
188.65.96.0/21 maxlen: 21
212.11.67.0/24 maxlen: 24
212.11.76.0/24 maxlen: 24
2a0a:7640::/29 maxlen: 30
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8f/1bda7c-9858-43f5-8659-69fc056b2625/1/LJTXDPt-aQGaLgHIfQpdVFpZm1I.crl
rsync://rpki.ripe.net/repository/DEFAULT/8f/1bda7c-9858-43f5-8659-69fc056b2625/1/LJTXDPt-aQGaLgHIfQpdVFpZm1I.mft
rsync://rpki.ripe.net/repository/DEFAULT/LJTXDPt-aQGaLgHIfQpdVFpZm1I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Apr 2026 14:01:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:b6:36:ee:9b:75:7c:62:02:a2:1c:24:fe:8d:b2:8d:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2c94d70cfb7e69019a2e01c87d0a5d545a599b52
Validity
Not Before: Apr 22 17:22:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=87d133e552461e02e0a74f56ff78197b5624f0b6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:4f:84:7c:6f:fe:33:45:23:fc:a7:c1:c7:57:
e2:ce:bf:b2:37:37:e1:01:25:87:2c:56:44:fa:9a:
49:4c:d8:c0:49:3f:4e:b9:f8:18:ff:0e:84:df:9c:
8b:d7:3b:2c:82:36:60:d5:88:1b:cb:76:37:53:ef:
d2:35:e7:76:2e:8c:51:34:6f:36:6b:1b:e8:b6:b9:
6c:78:a9:3c:54:78:b9:e8:9c:ec:9c:03:35:59:cb:
1c:a0:3b:47:8a:3c:72:cb:0a:e4:ed:bf:7f:8f:ab:
37:b1:f1:dc:4a:1a:8c:c5:56:80:f5:ad:cc:fe:83:
26:de:27:82:23:3d:9b:43:fa:1e:4c:18:05:e3:a8:
7e:44:95:fa:c3:a8:0e:c5:c6:22:38:8b:74:52:d8:
39:7b:70:d1:98:bb:e1:9b:79:e4:2b:8e:41:ea:06:
ab:58:c3:53:1f:1c:d8:2d:ac:b1:d8:9f:ca:e3:c3:
79:be:fb:b1:cf:cd:ac:51:a9:85:69:e4:81:79:c9:
d0:36:c8:5e:00:aa:f0:f5:ed:3c:7a:9b:93:24:05:
91:12:de:0b:b5:77:c4:0a:c3:1d:85:de:43:a0:c0:
1c:74:5b:c1:9d:5c:75:60:11:e1:84:88:d4:d4:83:
ca:81:af:5a:c9:7b:f6:60:f5:9a:7c:1c:a2:e9:31:
ef:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:D1:33:E5:52:46:1E:02:E0:A7:4F:56:FF:78:19:7B:56:24:F0:B6
X509v3 Authority Key Identifier:
keyid:2C:94:D7:0C:FB:7E:69:01:9A:2E:01:C8:7D:0A:5D:54:5A:59:9B:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LJTXDPt-aQGaLgHIfQpdVFpZm1I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/1bda7c-9858-43f5-8659-69fc056b2625/1/h9Ez5VJGHgLgp09W_3gZe1Yk8LY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/1bda7c-9858-43f5-8659-69fc056b2625/1/LJTXDPt-aQGaLgHIfQpdVFpZm1I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.88.56.0/22
185.197.56.0/22
188.65.96.0/21
212.11.67.0/24
212.11.76.0/24
IPv6:
2a0a:7640::/29
Signature Algorithm: sha256WithRSAEncryption
44:86:6c:94:8a:3e:fe:cf:34:42:db:0c:54:63:51:68:b8:b2:
ad:f5:0e:85:5f:5c:8c:b3:b4:4d:b1:3b:be:7e:cb:0a:2d:19:
fe:43:7d:02:b6:26:df:35:d6:5c:5b:17:b2:a9:96:63:40:08:
fe:f5:fd:4a:9b:c0:9e:07:65:2c:27:fa:d7:b5:8c:7a:57:b4:
d0:45:5e:63:ae:a4:1f:c1:61:42:48:25:a7:96:8b:e5:23:38:
0a:be:4d:24:04:88:23:1e:f0:8e:f8:3a:2a:2b:18:8e:f5:9c:
15:50:97:f9:c2:a2:66:eb:cb:b2:29:21:2c:99:93:ff:24:8f:
0d:2c:a0:42:4c:0d:19:e5:76:73:62:28:e9:c1:98:2f:0a:db:
fe:f6:f7:74:97:94:2b:ed:3d:c7:11:7b:81:26:d7:87:55:09:
f7:c5:d0:79:58:1f:fa:92:8e:8d:0b:cd:a8:bc:42:1c:ea:14:
2d:c4:bb:0f:d2:71:39:21:3f:29:67:cf:74:e5:a0:d6:63:0e:
0f:fb:13:f6:b5:67:4b:16:f0:60:05:f8:d9:47:06:36:60:62:
eb:32:65:61:24:31:f8:49:07:b2:c5:ad:de:7c:d8:fd:71:89:
95:74:02:50:e4:ff:03:67:08:44:75:f6:65:2f:f4:90:c6:4f:
79:a0:9c:22
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZ22Nu6bdXxiAqIcJP6Nso3vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjOTRkNzBjZmI3ZTY5MDE5YTJlMDFjODdkMGE1ZDU0NWE1
OTliNTIwHhcNMjYwNDIyMTcyMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2QxMzNlNTUyNDYxZTAyZTBhNzRmNTZmZjc4MTk3YjU2MjRmMGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwk+EfG/+M0Uj/KfBx1fizr+yNzfh
ASWHLFZE+ppJTNjAST9OufgY/w6E35yL1zssgjZg1Ygby3Y3U+/SNed2LoxRNG82
axvotrlseKk8VHi56JzsnAM1WcscoDtHijxyywrk7b9/j6s3sfHcShqMxVaA9a3M
/oMm3ieCIz2bQ/oeTBgF46h+RJX6w6gOxcYiOIt0Utg5e3DRmLvhm3nkK45B6gar
WMNTHxzYLayx2J/K48N5vvuxz82sUamFaeSBecnQNsheAKrw9e08epuTJAWREt4L
tXfECsMdhd5DoMAcdFvBnVx1YBHhhIjU1IPKga9ayXv2YPWafByi6THvhQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFIfRM+VSRh4C4KdPVv94GXtWJPC2MB8GA1UdIwQY
MBaAFCyU1wz7fmkBmi4ByH0KXVRaWZtSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEpUWERQdC1hUUdhTGdISWZRcGRWRnBabTFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8xYmRhN2MtOTg1OC00M2Y1LTg2NTkt
NjlmYzA1NmIyNjI1LzEvaDlFejVWSkdIZ0xncDA5V18zZ1plMVlrOExZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8xYmRhN2MtOTg1OC00M2Y1LTg2NTktNjlmYzA1NmIyNjI1
LzEvTEpUWERQdC1hUUdhTGdISWZRcGRWRnBabTFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCuVg4AwQC
ucU4AwQDvEFgAwQA1AtDAwQA1AtMMA0EAgACMAcDBQMqCnZAMA0GCSqGSIb3DQEB
CwUAA4IBAQBEhmyUij7+zzRC2wxUY1FouLKt9Q6FX1yMs7RNsTu+fssKLRn+Q30C
tibfNdZcWxeyqZZjQAj+9f1Km8CeB2UsJ/rXtYx6V7TQRV5jrqQfwWFCSCWnlovl
IzgKvk0kBIgjHvCO+DoqKxiO9ZwVUJf5wqJm68uyKSEsmZP/JI8NLKBCTA0Z5XZz
YijpwZgvCtv+9vd0l5Qr7T3HEXuBJteHVQn3xdB5WB/6ko6NC82ovEIc6hQtxLsP
0nE5IT8pZ8905aDWYw4P+xP2tWdLFvBgBfjZRwY2YGLrMmVhJDH4SQeyxa3efNj9
cYmVdAJQ5P8DZwhEdfZlL/SQxk95oJwi
-----END CERTIFICATE-----
Generated at Mon Apr 27 19:44:14 2026 by rpki-client