Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/8d1TSvhqd070e1gxYQ3MnczO_xc.roa
File: 8d1TSvhqd070e1gxYQ3MnczO_xc.roa (raw, json)
Hash identifier: /b+G6xqm7avkCzyKrxmL+NHi0UtXKICGZqK/1lGYRPA=
Subject key identifier: F1:DD:53:4A:F8:6A:77:4E:F4:7B:58:31:61:0D:CC:9D:CC:CE:FF:17
Certificate issuer: /CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
Certificate serial: 019CF6A6C3234439DBF1AF13F56CF43F4808
Authority key identifier: 0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/8d1TSvhqd070e1gxYQ3MnczO_xc.roa
Signing time: Mon 16 Mar 2026 12:37:29 +0000
ROA not before: Mon 16 Mar 2026 12:37:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 42109
IP address blocks: 31.7.160.0/21 maxlen: 21
31.7.160.0/24 maxlen: 24
31.7.161.0/24 maxlen: 24
31.7.163.0/24 maxlen: 24
31.7.164.0/24 maxlen: 24
31.7.165.0/24 maxlen: 24
77.95.188.0/22 maxlen: 22
77.95.189.0/24 maxlen: 24
91.103.24.0/21 maxlen: 21
91.103.24.0/24 maxlen: 24
91.103.25.0/24 maxlen: 24
91.103.26.0/24 maxlen: 24
91.103.27.0/24 maxlen: 24
91.103.28.0/24 maxlen: 24
91.103.29.0/24 maxlen: 24
91.103.30.0/24 maxlen: 24
91.103.56.0/24 maxlen: 24
91.103.57.0/24 maxlen: 24
91.103.59.0/24 maxlen: 24
91.103.60.0/24 maxlen: 24
91.103.61.0/24 maxlen: 24
91.103.62.0/24 maxlen: 24
91.103.63.0/24 maxlen: 24
93.94.216.0/21 maxlen: 21
93.94.217.0/24 maxlen: 24
93.94.219.0/24 maxlen: 24
93.94.221.0/24 maxlen: 24
95.140.192.0/20 maxlen: 20
95.140.192.0/24 maxlen: 24
95.140.194.0/24 maxlen: 24
95.140.195.0/24 maxlen: 24
95.140.196.0/24 maxlen: 24
95.140.197.0/24 maxlen: 24
95.140.198.0/23 maxlen: 23
95.140.200.0/24 maxlen: 24
95.140.201.0/24 maxlen: 24
95.140.202.0/24 maxlen: 24
95.140.203.0/24 maxlen: 24
95.140.204.0/22 maxlen: 22
185.79.0.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.crl
rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.mft
rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 25 Mar 2026 19:01:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:f6:a6:c3:23:44:39:db:f1:af:13:f5:6c:f4:3f:48:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
Validity
Not Before: Mar 16 12:37:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f1dd534af86a774ef47b5831610dcc9dccceff17
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:9c:f4:c2:62:4d:cf:cb:c8:e5:46:db:be:56:
42:75:06:ad:06:e2:f6:df:d6:b5:6a:79:dc:16:c2:
d0:c1:4e:4d:52:de:f7:e0:e0:e6:6c:f9:a6:ec:71:
35:ba:4c:17:a6:c5:db:c7:09:9a:54:75:94:18:2e:
88:f6:3c:e3:bc:b8:eb:c0:19:97:61:9d:92:31:35:
53:50:02:22:91:59:14:c9:14:8d:e1:96:95:17:79:
e1:ae:fe:d6:2a:de:29:c9:10:6e:48:00:cd:a3:aa:
53:1f:5d:c8:24:8f:48:b8:f6:12:e4:59:03:e8:c6:
98:f7:94:e5:32:75:40:33:c4:f2:18:39:cb:d7:ad:
79:79:21:85:d6:66:e4:ab:e4:3c:fb:d6:46:04:71:
cc:13:3d:b1:c5:2d:b3:d1:b5:a1:f6:bb:67:8e:49:
87:8b:71:f2:a5:1c:d6:3c:bf:e1:4b:be:4c:66:f3:
06:23:17:66:d3:f9:aa:72:b3:e0:62:2d:a5:50:0f:
88:cc:0d:b2:38:19:c1:b6:f1:ab:bc:40:57:b6:c9:
5a:a8:30:2e:7a:5f:29:eb:e9:1a:b7:e0:eb:5d:66:
1e:42:89:f8:b0:0e:d0:6d:60:93:9e:cd:23:96:bc:
cf:c7:28:4d:d5:7f:d1:cf:25:75:fe:05:5f:fe:29:
b5:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:DD:53:4A:F8:6A:77:4E:F4:7B:58:31:61:0D:CC:9D:CC:CE:FF:17
X509v3 Authority Key Identifier:
keyid:0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/8d1TSvhqd070e1gxYQ3MnczO_xc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.7.160.0/21
77.95.188.0/22
91.103.24.0/21
91.103.56.0/23
91.103.59.0-91.103.63.255
93.94.216.0/21
95.140.192.0/20
185.79.0.0/24
Signature Algorithm: sha256WithRSAEncryption
42:c3:6c:63:e0:0d:f3:4a:7b:01:43:bc:aa:1e:d1:92:33:98:
ea:f3:df:f5:4b:58:b2:d0:cb:7a:47:79:c1:01:e3:ca:e6:7d:
77:23:c6:94:2a:74:26:77:02:7e:fa:6a:69:f5:28:08:2b:50:
35:80:df:15:ae:91:97:0b:e2:c4:4a:13:b0:0f:a0:09:55:b9:
b0:b9:86:23:e5:5d:a7:2f:ac:de:ce:2f:38:d7:93:1a:fb:07:
3f:dd:62:6f:59:19:53:19:25:51:ec:05:45:52:49:fd:59:86:
9b:be:26:f5:cc:68:3b:41:55:37:04:f9:6b:62:35:a5:45:40:
28:c4:5c:50:2b:43:31:ea:9e:26:47:f0:a4:3c:5b:fa:59:8c:
1a:4a:f1:b9:af:b4:81:00:40:ec:dd:8f:89:00:b6:13:6c:46:
85:c6:d6:d2:6b:ef:52:80:83:3d:db:be:c2:17:67:72:e9:6f:
31:ed:82:0b:ae:48:31:64:37:f4:04:a4:62:9e:48:b3:0e:b8:
10:b4:4c:dc:a3:69:7b:a2:dc:53:e9:1d:3a:af:28:e0:66:04:
e7:4a:86:6a:81:f6:08:38:70:51:b6:64:44:b6:0f:a6:ca:68:
79:3a:5b:06:6b:0c:60:35:fd:78:f7:c1:87:be:eb:a3:a4:25:
a4:c6:7d:35
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZz2psMjRDnb8a8T9Wz0P0gIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNzVmYjRmNTJhODI5ZDEzNmUyOWE5YTAyNWM2MzZkMTlh
ZTMyOGUwHhcNMjYwMzE2MTIzNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWRkNTM0YWY4NmE3NzRlZjQ3YjU4MzE2MTBkY2M5ZGNjY2VmZjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpz0wmJNz8vI5UbbvlZCdQatBuL2
39a1anncFsLQwU5NUt734ODmbPmm7HE1ukwXpsXbxwmaVHWUGC6I9jzjvLjrwBmX
YZ2SMTVTUAIikVkUyRSN4ZaVF3nhrv7WKt4pyRBuSADNo6pTH13IJI9IuPYS5FkD
6MaY95TlMnVAM8TyGDnL1615eSGF1mbkq+Q8+9ZGBHHMEz2xxS2z0bWh9rtnjkmH
i3HypRzWPL/hS75MZvMGIxdm0/mqcrPgYi2lUA+IzA2yOBnBtvGrvEBXtslaqDAu
el8p6+kat+DrXWYeQon4sA7QbWCTns0jlrzPxyhN1X/RzyV1/gVf/im1EQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFPHdU0r4andO9HtYMWENzJ3Mzv8XMB8GA1UdIwQY
MBaAFA51+09SqCnRNuKamgJcY20ZrjKOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYt
MzViYTI2N2RlZDNiLzEvOGQxVFN2aHFkMDcwZTFneFlRM01uY3pPX3hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYtMzViYTI2N2RlZDNi
LzEvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQDHwegAwQC
TV+8AwQDW2cYAwQBW2c4MAwDBABbZzsDBAZbZwADBANdXtgDBARfjMADBAC5TwAw
DQYJKoZIhvcNAQELBQADggEBAELDbGPgDfNKewFDvKoe0ZIzmOrz3/VLWLLQy3pH
ecEB48rmfXcjxpQqdCZ3An76amn1KAgrUDWA3xWukZcL4sRKE7APoAlVubC5hiPl
XacvrN7OLzjXkxr7Bz/dYm9ZGVMZJVHsBUVSSf1Zhpu+JvXMaDtBVTcE+WtiNaVF
QCjEXFArQzHqniZH8KQ8W/pZjBpK8bmvtIEAQOzdj4kAthNsRoXG1tJr71KAgz3b
vsIXZ3LpbzHtgguuSDFkN/QEpGKeSLMOuBC0TNyjaXui3FPpHTqvKOBmBOdKhmqB
9gg4cFG2ZES2D6bKaHk6WwZrDGA1/Xj3wYe+66OkJaTGfTU=
-----END CERTIFICATE-----
Generated at Wed Mar 25 02:49:57 2026 by rpki-client