Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/BCTCosehzN-IVujDky1DFPEPdk8.roa
File: BCTCosehzN-IVujDky1DFPEPdk8.roa (raw, json)
Hash identifier: dD51Omff3fmTkuQoAW0zLyIe0HD79k7wegGUmnwdJ5U=
Subject key identifier: 04:24:C2:A2:C7:A1:CC:DF:88:56:E8:C3:93:2D:43:14:F1:0F:76:4F
Certificate issuer: /CN=19ffff289f2dad0fc08456b0bad54d7ba449a492
Certificate serial: 019CE75F9F693797028E9193CA971C7F0CAD
Authority key identifier: 19:FF:FF:28:9F:2D:AD:0F:C0:84:56:B0:BA:D5:4D:7B:A4:49:A4:92
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gf__KJ8trQ_AhFawutVNe6RJpJI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/BCTCosehzN-IVujDky1DFPEPdk8.roa
Signing time: Fri 13 Mar 2026 13:25:29 +0000
ROA not before: Fri 13 Mar 2026 13:25:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 13213
IP address blocks: 31.24.224.0/21 maxlen: 24
37.123.112.0/21 maxlen: 24
37.123.112.0/24 maxlen: 24
46.23.64.0/21 maxlen: 21
46.23.72.0/22 maxlen: 22
46.23.76.0/22 maxlen: 24
77.92.64.0/21 maxlen: 21
77.92.72.0/22 maxlen: 22
77.92.76.0/23 maxlen: 23
77.92.78.0/23 maxlen: 23
77.92.80.0/20 maxlen: 20
82.163.72.0/21 maxlen: 24
83.170.64.0/18 maxlen: 18
83.170.69.0/24 maxlen: 24
83.170.124.0/24 maxlen: 24
88.202.176.0/23 maxlen: 23
88.202.177.0/24 maxlen: 24
88.202.178.0/24 maxlen: 24
88.202.179.0/24 maxlen: 24
88.202.180.0/22 maxlen: 22
88.202.184.0/24 maxlen: 24
88.202.185.0/24 maxlen: 24
88.202.186.0/23 maxlen: 23
88.202.188.0/22 maxlen: 22
88.202.224.0/21 maxlen: 24
91.109.240.0/21 maxlen: 21
109.123.64.0/19 maxlen: 24
109.123.96.0/20 maxlen: 24
109.123.112.0/20 maxlen: 20
176.67.160.0/21 maxlen: 21
176.67.169.0/24 maxlen: 24
176.67.171.0/24 maxlen: 24
176.67.172.0/22 maxlen: 24
185.7.224.0/22 maxlen: 24
2a02:2498::/47 maxlen: 47
2a02:2498:4::/48 maxlen: 48
2a02:2498:5::/48 maxlen: 48
2a02:2498:16::/48 maxlen: 48
2a02:2498:257b::/48 maxlen: 48
2a02:2498:6d7b::/48 maxlen: 48
2a02:2498:8000::/36 maxlen: 36
2a02:2498:9000::/36 maxlen: 36
2a02:2498:b000::/36 maxlen: 36
2a02:2498:e000::/36 maxlen: 36
2a02:2498:f000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/Gf__KJ8trQ_AhFawutVNe6RJpJI.crl
rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/Gf__KJ8trQ_AhFawutVNe6RJpJI.mft
rsync://rpki.ripe.net/repository/DEFAULT/Gf__KJ8trQ_AhFawutVNe6RJpJI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 28 Mar 2026 10:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:e7:5f:9f:69:37:97:02:8e:91:93:ca:97:1c:7f:0c:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=19ffff289f2dad0fc08456b0bad54d7ba449a492
Validity
Not Before: Mar 13 13:25:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0424c2a2c7a1ccdf8856e8c3932d4314f10f764f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:1d:dc:8b:39:05:1d:c6:6c:25:b0:b3:fc:ba:
bf:75:f7:f5:b8:f2:72:44:4c:1b:d5:15:1a:cb:54:
d4:fa:aa:8d:0e:ed:45:40:04:8e:95:21:a2:db:78:
97:e1:09:fd:77:17:96:d4:cc:7e:ae:a5:ee:db:b0:
a2:aa:17:fa:c2:e4:c8:1a:8a:32:d3:68:2b:36:bb:
0a:12:12:ba:95:20:c0:47:e7:17:0a:b6:cc:87:bb:
f7:6f:6e:5c:ae:01:4c:0d:24:17:ac:1e:67:3b:e6:
eb:b4:7d:3d:2e:6f:ee:a3:c2:d9:9e:ba:92:ac:6f:
ee:c3:46:73:f8:bd:a3:c7:65:c5:74:4e:64:f4:81:
64:27:6d:a6:b2:d3:e4:10:69:30:5c:51:18:9f:ae:
dd:fc:ac:16:7a:e1:eb:1a:e9:38:3a:a4:da:d6:83:
c0:32:a3:06:14:8b:41:82:b5:a1:35:ae:e8:21:dc:
fc:a0:f3:2b:f1:ed:82:26:a9:c5:47:dd:89:99:e1:
cf:75:6b:8d:11:82:3b:12:e8:cd:ad:4d:39:78:d3:
79:fc:99:44:09:04:d6:7b:59:33:f5:6e:24:40:44:
37:e0:e9:57:62:ab:54:b5:2b:7a:2c:88:ae:ba:48:
84:9d:84:9e:86:88:93:db:67:6a:31:59:f7:92:de:
31:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:24:C2:A2:C7:A1:CC:DF:88:56:E8:C3:93:2D:43:14:F1:0F:76:4F
X509v3 Authority Key Identifier:
keyid:19:FF:FF:28:9F:2D:AD:0F:C0:84:56:B0:BA:D5:4D:7B:A4:49:A4:92
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gf__KJ8trQ_AhFawutVNe6RJpJI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/BCTCosehzN-IVujDky1DFPEPdk8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/Gf__KJ8trQ_AhFawutVNe6RJpJI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.24.224.0/21
37.123.112.0/21
46.23.64.0/20
77.92.64.0/19
82.163.72.0/21
83.170.64.0/18
88.202.176.0/20
88.202.224.0/21
91.109.240.0/21
109.123.64.0/18
176.67.160.0/21
176.67.169.0/24
176.67.171.0-176.67.175.255
185.7.224.0/22
IPv6:
2a02:2498::/47
2a02:2498:4::/47
2a02:2498:16::/48
2a02:2498:257b::/48
2a02:2498:6d7b::/48
2a02:2498:8000::/35
2a02:2498:b000::/36
2a02:2498:e000::/35
Signature Algorithm: sha256WithRSAEncryption
82:91:59:0b:d2:96:82:66:32:20:ef:61:38:72:7c:f4:8b:f1:
ae:cb:23:48:af:27:9e:01:d7:b2:f9:15:8f:3d:d9:0f:2b:fc:
45:a6:c0:81:f2:0d:7d:7b:95:66:b3:d2:bf:02:42:b3:a3:3f:
da:e5:75:84:4d:b2:08:a9:6f:0c:6c:24:6f:b2:d7:05:91:ae:
89:6e:dd:ef:d8:cd:4e:26:17:4c:65:7f:ee:e8:12:2f:74:03:
29:85:46:2e:7c:21:d5:f5:cd:8f:e3:d5:24:23:ba:37:e8:3e:
bd:50:db:76:24:9e:c0:fe:3e:65:89:55:be:44:30:58:1f:41:
eb:41:75:6c:dc:79:81:8e:01:c7:cb:4c:66:e7:cf:69:ee:f1:
4a:f0:18:b8:6c:84:0c:b6:61:7e:12:9a:15:d9:e6:e4:cd:98:
ef:ba:ac:d7:3e:31:15:0d:65:8c:af:99:5d:c8:aa:e6:c0:92:
ea:8f:70:b7:94:55:16:0a:0b:93:31:95:0e:c0:56:ee:54:2c:
df:5c:f7:de:6c:46:4b:95:8e:f8:fd:20:09:3c:35:3c:9d:66:
25:74:31:27:a2:c6:65:30:79:ea:83:ad:21:c4:23:2e:b4:6f:
4f:11:e5:be:8f:0a:f3:52:fb:f2:b2:46:60:1a:57:36:4a:89:
60:1c:31:48
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZznX59pN5cCjpGTypccfwytMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZmZmZjI4OWYyZGFkMGZjMDg0NTZiMGJhZDU0ZDdiYTQ0
OWE0OTIwHhcNMjYwMzEzMTMyNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDI0YzJhMmM3YTFjY2RmODg1NmU4YzM5MzJkNDMxNGYxMGY3NjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuB3cizkFHcZsJbCz/Lq/dff1uPJy
REwb1RUay1TU+qqNDu1FQASOlSGi23iX4Qn9dxeW1Mx+rqXu27Ciqhf6wuTIGooy
02grNrsKEhK6lSDAR+cXCrbMh7v3b25crgFMDSQXrB5nO+brtH09Lm/uo8LZnrqS
rG/uw0Zz+L2jx2XFdE5k9IFkJ22mstPkEGkwXFEYn67d/KwWeuHrGuk4OqTa1oPA
MqMGFItBgrWhNa7oIdz8oPMr8e2CJqnFR92JmeHPdWuNEYI7EujNrU05eNN5/JlE
CQTWe1kz9W4kQEQ34OlXYqtUtSt6LIiuukiEnYSehoiT22dqMVn3kt4xBwIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFAQkwqLHoczfiFbow5MtQxTxD3ZPMB8GA1UdIwQY
MBaAFBn//yifLa0PwIRWsLrVTXukSaSSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2ZfX0tKOHRyUV9BaEZhd3V0Vk5lNlJKcEpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jMTFjODctZWZiYi00NWU4LTliMDMt
ZDUyNTcxOGFhNDRhLzEvQkNUQ29zZWh6Ti1JVnVqRGt5MURGUEVQZGs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jMTFjODctZWZiYi00NWU4LTliMDMtZDUyNTcxOGFhNDRh
LzEvR2ZfX0tKOHRyUV9BaEZhd3V0Vk5lNlJKcEpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHEBggrBgEFBQcBBwEB/wSBtDCBsTBiBAIAATBcAwQDHxjg
AwQDJXtwAwQELhdAAwQFTVxAAwQDUqNIAwQGU6pAAwQEWMqwAwQDWMrgAwQDW23w
AwQGbXtAAwQDsEOgAwQAsEOpMAwDBACwQ6sDBASwQ6ADBAK5B+AwSwQCAAIwRQMH
ASoCJJgAAAMHASoCJJgABAMHACoCJJgAFgMHACoCJJglewMHACoCJJhtewMGBSoC
JJiAAwYEKgIkmLADBgUqAiSY4DANBgkqhkiG9w0BAQsFAAOCAQEAgpFZC9KWgmYy
IO9hOHJ89IvxrssjSK8nngHXsvkVjz3ZDyv8RabAgfINfXuVZrPSvwJCs6M/2uV1
hE2yCKlvDGwkb7LXBZGuiW7d79jNTiYXTGV/7ugSL3QDKYVGLnwh1fXNj+PVJCO6
N+g+vVDbdiSewP4+ZYlVvkQwWB9B60F1bNx5gY4Bx8tMZufPae7xSvAYuGyEDLZh
fhKaFdnm5M2Y77qs1z4xFQ1ljK+ZXciq5sCS6o9wt5RVFgoLkzGVDsBW7lQs31z3
3mxGS5WO+P0gCTw1PJ1mJXQxJ6LGZTB56oOtIcQjLrRvTxHlvo8K81L78rJGYBpX
NkqJYBwxSA==
-----END CERTIFICATE-----
Generated at Fri Mar 27 14:57:39 2026 by rpki-client