Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/_MGK1j6QTA1nK8AQnjzkVNmr-pw.roa
File: _MGK1j6QTA1nK8AQnjzkVNmr-pw.roa (raw, json)
Hash identifier: en9VelGkS9vpx/T5Lf+ohydsIGWl37avTxjPQhTyLi0=
Subject key identifier: FC:C1:8A:D6:3E:90:4C:0D:67:2B:C0:10:9E:3C:E4:54:D9:AB:FA:9C
Certificate issuer: /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial: 019DADD7B050FCD4B0458C86C06376930CE6
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/_MGK1j6QTA1nK8AQnjzkVNmr-pw.roa
Signing time: Tue 21 Apr 2026 02:21:26 +0000
ROA not before: Tue 21 Apr 2026 02:21:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 210705
IP address blocks: 212.23.214.0/24 maxlen: 24
2a05:9080:3::/48 maxlen: 48
2a05:9080:11::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 22 Apr 2026 20:00:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:ad:d7:b0:50:fc:d4:b0:45:8c:86:c0:63:76:93:0c:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Validity
Not Before: Apr 21 02:21:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fcc18ad63e904c0d672bc0109e3ce454d9abfa9c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:81:6e:86:41:cf:04:80:b2:76:44:fa:9b:6c:
f0:a2:6d:51:b3:1d:81:ea:61:87:94:c1:97:1c:70:
69:3e:e7:a7:be:a5:3a:bd:1d:fe:9c:9f:b2:58:7f:
a1:49:6e:2e:5b:08:6d:84:42:80:43:18:34:57:70:
80:9a:e4:5e:ef:81:68:d6:cf:28:20:dc:1c:8d:fc:
82:14:9f:23:c2:87:18:e1:01:0a:2d:bf:47:55:cc:
ad:16:45:8a:18:59:c8:69:cf:67:d0:77:4a:72:8c:
7f:82:49:d7:95:e4:4e:ac:df:50:00:81:29:7b:47:
5f:40:7a:ea:36:d3:0e:21:6d:b7:7b:ad:e6:dd:f3:
96:5d:10:f8:a9:98:34:da:f0:ae:0c:6e:01:3d:99:
fd:54:14:4d:e9:c5:d8:c9:d5:c4:31:3b:3b:8e:83:
66:44:08:48:a9:02:dd:a6:b1:0d:8a:c6:b1:de:24:
22:19:67:82:2d:f1:82:f7:cb:64:fc:8e:a4:27:9f:
1d:c4:5e:27:2c:bb:69:99:ee:f0:2f:af:07:8d:64:
9f:2d:3a:4a:b5:17:d0:50:90:9c:da:af:27:2d:1a:
f4:f6:d0:ee:c9:85:45:ff:90:df:8d:89:17:7d:c6:
49:93:5c:84:f2:51:3f:9e:37:26:d5:b1:db:77:30:
31:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:C1:8A:D6:3E:90:4C:0D:67:2B:C0:10:9E:3C:E4:54:D9:AB:FA:9C
X509v3 Authority Key Identifier:
keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/_MGK1j6QTA1nK8AQnjzkVNmr-pw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.23.214.0/24
IPv6:
2a05:9080:3::/48
2a05:9080:11::/48
Signature Algorithm: sha256WithRSAEncryption
98:d6:4f:01:62:33:d5:d1:de:5f:c6:df:8b:be:37:61:1f:2b:
7f:8b:c4:12:85:28:9a:b0:e5:b6:17:06:95:00:81:f0:0b:5a:
c5:78:15:6d:89:f7:f6:a3:32:9c:0f:77:12:99:aa:0a:16:a2:
15:d7:9c:5f:b9:dd:e1:88:15:10:61:b8:8e:f8:65:3b:e0:77:
3d:bd:4a:6b:dc:dc:0f:91:eb:70:6f:32:2d:be:06:ce:ce:0d:
59:30:a3:c8:72:ec:75:c2:c0:93:90:34:24:b4:c5:f4:3b:17:
8e:e9:5b:1e:10:27:fb:22:7c:9d:75:0b:31:09:17:19:5b:28:
18:66:07:a5:61:70:d0:9b:fe:d7:d6:50:80:a1:2d:cc:eb:89:
ed:a2:a6:c2:cf:e0:5f:02:d3:32:5a:f6:b2:25:23:54:45:c4:
4d:13:0e:08:66:cc:9e:73:d8:ec:56:ae:a7:14:e5:5b:5b:96:
61:6c:5a:b6:e5:15:bb:f0:c3:19:33:03:12:78:bf:77:76:08:
e5:df:cc:e0:78:23:b5:94:a1:9d:f1:bf:e9:81:6d:65:a6:bd:
a7:c9:20:f7:5a:2f:f4:28:73:38:69:b1:a0:b4:c9:1f:ce:7b:
de:e7:18:26:90:61:d9:44:ea:f2:58:fc:37:f5:a5:ec:87:33:
21:cd:4b:de
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ2t17BQ/NSwRYyGwGN2kwzmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjYwNDIxMDIyMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2MxOGFkNjNlOTA0YzBkNjcyYmMwMTA5ZTNjZTQ1NGQ5YWJmYTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIFuhkHPBICydkT6m2zwom1Rsx2B
6mGHlMGXHHBpPuenvqU6vR3+nJ+yWH+hSW4uWwhthEKAQxg0V3CAmuRe74Fo1s8o
INwcjfyCFJ8jwocY4QEKLb9HVcytFkWKGFnIac9n0HdKcox/gknXleROrN9QAIEp
e0dfQHrqNtMOIW23e63m3fOWXRD4qZg02vCuDG4BPZn9VBRN6cXYydXEMTs7joNm
RAhIqQLdprENisax3iQiGWeCLfGC98tk/I6kJ58dxF4nLLtpme7wL68HjWSfLTpK
tRfQUJCc2q8nLRr09tDuyYVF/5DfjYkXfcZJk1yE8lE/njcm1bHbdzAxqQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFPzBitY+kEwNZyvAEJ485FTZq/qcMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvX01HSzFqNlFUQTFuSzhBUW5qemtWTm1yLXB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQA1BfWMBgE
AgACMBIDBwAqBZCAAAMDBwAqBZCAABEwDQYJKoZIhvcNAQELBQADggEBAJjWTwFi
M9XR3l/G34u+N2EfK3+LxBKFKJqw5bYXBpUAgfALWsV4FW2J9/ajMpwPdxKZqgoW
ohXXnF+53eGIFRBhuI74ZTvgdz29Smvc3A+R63BvMi2+Bs7ODVkwo8hy7HXCwJOQ
NCS0xfQ7F47pWx4QJ/sifJ11CzEJFxlbKBhmB6VhcNCb/tfWUIChLczrie2ipsLP
4F8C0zJa9rIlI1RFxE0TDghmzJ5z2OxWrqcU5VtblmFsWrblFbvwwxkzAxJ4v3d2
COXfzOB4I7WUoZ3xv+mBbWWmvafJIPdaL/QoczhpsaC0yR/Oe97nGCaQYdlE6vJY
/Df1peyHMyHNS94=
-----END CERTIFICATE-----
Generated at Wed Apr 22 00:45:02 2026 by rpki-client