Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/3c227c-4706-4787-9a07-90ea3729c574/1/DBxRlw6IhMH5NUq70pzr0bbq4w8.roa
File: DBxRlw6IhMH5NUq70pzr0bbq4w8.roa (raw, json)
Hash identifier: QenFQF90vxZckg2RZFWlAslYI5ZZf31kvjU2F0kLhfs=
Subject key identifier: 0C:1C:51:97:0E:88:84:C1:F9:35:4A:BB:D2:9C:EB:D1:B6:EA:E3:0F
Certificate issuer: /CN=c6f53c03d2f4e7f07a81ea903ecef01d68c68137
Certificate serial: 019CCE21CC3A6848F3F7156AEE3BCB7A9764
Authority key identifier: C6:F5:3C:03:D2:F4:E7:F0:7A:81:EA:90:3E:CE:F0:1D:68:C6:81:37
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xvU8A9L05_B6geqQPs7wHWjGgTc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bd/3c227c-4706-4787-9a07-90ea3729c574/1/DBxRlw6IhMH5NUq70pzr0bbq4w8.roa
Signing time: Sun 08 Mar 2026 15:47:27 +0000
ROA not before: Sun 08 Mar 2026 15:47:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 398549
IP address blocks: 176.10.89.0/24 maxlen: 24
2a13:d8c1::/32 maxlen: 32
2a13:d8c2::/32 maxlen: 48
2a13:d8c3::/32 maxlen: 32
2a13:d8c3:5::/48 maxlen: 48
2a13:d8c3:7::/48 maxlen: 48
2a13:d8c5::/32 maxlen: 32
2a13:d8c6::/32 maxlen: 32
2a13:d8c7::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bd/3c227c-4706-4787-9a07-90ea3729c574/1/xvU8A9L05_B6geqQPs7wHWjGgTc.crl
rsync://rpki.ripe.net/repository/DEFAULT/bd/3c227c-4706-4787-9a07-90ea3729c574/1/xvU8A9L05_B6geqQPs7wHWjGgTc.mft
rsync://rpki.ripe.net/repository/DEFAULT/xvU8A9L05_B6geqQPs7wHWjGgTc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 17 Mar 2026 21:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:ce:21:cc:3a:68:48:f3:f7:15:6a:ee:3b:cb:7a:97:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c6f53c03d2f4e7f07a81ea903ecef01d68c68137
Validity
Not Before: Mar 8 15:47:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0c1c51970e8884c1f9354abbd29cebd1b6eae30f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:c1:74:73:e5:63:b7:7e:78:a3:54:5b:70:67:
84:05:42:dc:96:18:d2:8c:d2:5b:05:2b:b0:9b:05:
65:8a:cd:e4:88:8d:1c:2a:dc:25:e4:97:50:ea:27:
e6:69:03:03:5b:8d:6e:3f:27:cc:11:88:e4:ed:e5:
51:43:53:f4:12:78:ef:5f:f9:9d:f3:4a:72:7b:d7:
d3:0f:7f:68:c7:d8:4d:8e:d0:de:f3:de:bd:b8:51:
f4:96:9a:51:c7:a4:55:e9:95:e8:f5:25:9f:f6:dd:
71:c7:de:9d:d5:26:d8:88:b0:fa:2c:66:e8:b1:5f:
7b:48:1b:a6:ab:5c:57:2e:fb:b8:8b:5a:de:13:9b:
98:9a:f5:3d:07:54:7b:a4:f5:75:93:cd:85:bb:05:
91:7c:70:ef:d2:01:14:32:16:dd:e5:c0:b4:20:bd:
67:5e:bd:82:6e:1d:b8:b2:24:fc:1f:2b:a8:64:37:
70:9e:be:ed:64:3c:e4:15:0d:7f:06:d0:38:29:35:
7b:89:9d:88:53:15:e7:a7:67:47:25:f4:7c:d2:00:
1d:5d:d8:df:f9:61:e5:65:ce:88:08:0d:37:9c:37:
bc:0b:93:3f:1b:28:f9:72:14:69:4b:f0:95:78:c6:
51:ce:3d:c0:a6:68:c3:b6:6a:18:00:d3:9d:68:94:
de:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:1C:51:97:0E:88:84:C1:F9:35:4A:BB:D2:9C:EB:D1:B6:EA:E3:0F
X509v3 Authority Key Identifier:
keyid:C6:F5:3C:03:D2:F4:E7:F0:7A:81:EA:90:3E:CE:F0:1D:68:C6:81:37
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xvU8A9L05_B6geqQPs7wHWjGgTc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/3c227c-4706-4787-9a07-90ea3729c574/1/DBxRlw6IhMH5NUq70pzr0bbq4w8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/3c227c-4706-4787-9a07-90ea3729c574/1/xvU8A9L05_B6geqQPs7wHWjGgTc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.10.89.0/24
IPv6:
2a13:d8c1::-2a13:d8c3:ffff:ffff:ffff:ffff:ffff:ffff
2a13:d8c5::-2a13:d8c7:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
78:3f:4c:7c:d3:28:e9:53:ca:31:17:f5:dc:a1:3a:3a:07:5b:
ae:df:d6:5b:38:38:75:cf:01:aa:a1:a6:9f:85:ff:ca:6b:ff:
16:56:c8:29:27:1f:18:8c:f6:df:66:f3:ea:ac:68:49:18:a9:
06:24:29:79:5d:00:2e:e2:2b:2f:27:f8:e8:b8:dd:18:c9:5b:
83:4c:65:f8:75:e7:08:c3:56:18:70:83:f1:a5:fb:cd:4b:7f:
d5:bf:21:a6:98:81:c0:02:05:ba:57:6c:5d:13:92:f3:8d:40:
df:aa:a9:ba:3b:6a:30:73:ba:f7:be:3c:38:d9:37:14:9d:84:
1c:49:e5:42:e0:46:78:65:27:3f:b0:8a:89:d6:a3:0f:49:4f:
80:2e:1b:c6:fe:9c:b4:9d:27:ae:c5:7b:39:fe:c0:c5:f7:f9:
d3:f0:cd:3d:5e:23:2e:b3:92:94:5e:7a:fe:1c:d7:d4:fb:56:
12:ce:6c:6d:6b:86:93:c2:78:5f:2a:ac:c5:fc:7f:09:ed:07:
65:12:c8:8a:ea:b0:a7:5b:03:a7:7a:d4:0c:f9:6b:a2:53:91:
01:df:da:24:a8:81:1d:9f:03:e3:40:4e:b9:04:45:20:d4:6d:
99:a6:7b:5f:26:43:da:de:a7:9c:48:0f:fa:f8:b9:ab:45:24:
1e:fb:32:83
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZzOIcw6aEjz9xVq7jvLepdkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2ZjUzYzAzZDJmNGU3ZjA3YTgxZWE5MDNlY2VmMDFkNjhj
NjgxMzcwHhcNMjYwMzA4MTU0NzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzFjNTE5NzBlODg4NGMxZjkzNTRhYmJkMjljZWJkMWI2ZWFlMzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcF0c+Vjt354o1RbcGeEBULclhjS
jNJbBSuwmwVlis3kiI0cKtwl5JdQ6ifmaQMDW41uPyfMEYjk7eVRQ1P0EnjvX/md
80pye9fTD39ox9hNjtDe8969uFH0lppRx6RV6ZXo9SWf9t1xx96d1SbYiLD6LGbo
sV97SBumq1xXLvu4i1reE5uYmvU9B1R7pPV1k82FuwWRfHDv0gEUMhbd5cC0IL1n
Xr2Cbh24siT8HyuoZDdwnr7tZDzkFQ1/BtA4KTV7iZ2IUxXnp2dHJfR80gAdXdjf
+WHlZc6ICA03nDe8C5M/Gyj5chRpS/CVeMZRzj3ApmjDtmoYANOdaJTeBQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFAwcUZcOiITB+TVKu9Kc69G26uMPMB8GA1UdIwQY
MBaAFMb1PAPS9OfweoHqkD7O8B1oxoE3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHZVOEE5TDA1X0I2Z2VxUVBzN3dIV2pHZ1RjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8zYzIyN2MtNDcwNi00Nzg3LTlhMDct
OTBlYTM3MjljNTc0LzEvREJ4Umx3NkloTUg1TlVxNzBwenIwYmJxNHc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8zYzIyN2MtNDcwNi00Nzg3LTlhMDctOTBlYTM3MjljNTc0
LzEveHZVOEE5TDA1X0I2Z2VxUVBzN3dIV2pHZ1RjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAMBAIAATAGAwQAsApZMCYE
AgACMCAwDgMFACoT2MEDBQIqE9jAMA4DBQAqE9jFAwUDKhPYwDANBgkqhkiG9w0B
AQsFAAOCAQEAeD9MfNMo6VPKMRf13KE6Ogdbrt/WWzg4dc8BqqGmn4X/ymv/FlbI
KScfGIz232bz6qxoSRipBiQpeV0ALuIrLyf46LjdGMlbg0xl+HXnCMNWGHCD8aX7
zUt/1b8hppiBwAIFuldsXROS841A36qpujtqMHO69748ONk3FJ2EHEnlQuBGeGUn
P7CKidajD0lPgC4bxv6ctJ0nrsV7Of7Axff50/DNPV4jLrOSlF56/hzX1PtWEs5s
bWuGk8J4Xyqsxfx/Ce0HZRLIiuqwp1sDp3rUDPlrolORAd/aJKiBHZ8D40BOuQRF
INRtmaZ7XyZD2t6nnEgP+vi5q0UkHvsygw==
-----END CERTIFICATE-----
Generated at Tue Mar 17 06:45:25 2026 by rpki-client