Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/id2BlqzstTY2zcF89y0tqtXsAAg.roa
File: id2BlqzstTY2zcF89y0tqtXsAAg.roa (raw, json)
Hash identifier: YUgnEyxwSsXkOSDh0+NOmEVHAoUbYwAOfZybL6l7VVs=
Subject key identifier: 89:DD:81:96:AC:EC:B5:36:36:CD:C1:7C:F7:2D:2D:AA:D5:EC:00:08
Certificate issuer: /CN=c04db7623241d7e6678fc25751fa4e0b6665186b
Certificate serial: 019E6363ABB149C127E1F1FD741865A914FE
Authority key identifier: C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/id2BlqzstTY2zcF89y0tqtXsAAg.roa
Signing time: Tue 26 May 2026 08:25:36 +0000
ROA not before: Tue 26 May 2026 08:25:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 203053
IP address blocks: 91.197.247.0/24 maxlen: 24
193.104.121.0/24 maxlen: 24
193.105.239.0/24 maxlen: 24
194.107.112.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.mft
rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 20:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:63:63:ab:b1:49:c1:27:e1:f1:fd:74:18:65:a9:14:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c04db7623241d7e6678fc25751fa4e0b6665186b
Validity
Not Before: May 26 08:25:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=89dd8196acecb53636cdc17cf72d2daad5ec0008
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:50:2f:9c:0d:4a:d5:d2:81:c1:d6:f3:be:d1:
96:5d:12:cb:69:8b:b5:15:64:4c:ea:f4:c9:9b:e3:
05:4b:2d:6a:1a:04:24:31:2c:d3:d3:2e:1b:c4:b8:
d1:c6:ab:83:5c:d3:e4:fc:38:97:1b:25:a1:97:86:
de:8b:45:99:c9:b8:49:b5:7a:7a:e1:f2:9e:9f:86:
d2:e0:ee:f0:6c:60:b5:24:cf:22:00:6f:f0:10:c7:
21:c9:f4:55:57:01:88:d5:f9:66:ec:f5:8e:81:36:
75:3e:0c:61:65:db:6c:8d:b4:cf:1c:f2:e4:aa:f7:
96:d6:c8:aa:8b:00:09:a0:b0:18:89:7b:6d:6d:18:
b5:ef:ae:05:48:54:55:54:49:0a:9b:2a:28:8e:55:
bc:c9:d4:c4:ca:7f:dc:c3:4b:e2:04:db:62:cd:1c:
f2:db:47:7a:cd:89:4d:12:77:74:1a:1c:83:69:88:
2e:9e:c7:8c:f5:dc:55:93:4e:f7:2d:85:57:21:7c:
d8:46:79:bf:b9:2d:b7:46:26:e1:72:c2:59:3a:64:
44:47:50:5b:34:d2:83:83:f4:74:80:92:6c:80:9a:
be:e2:d5:2d:75:26:61:58:25:f4:a6:4e:09:4b:f4:
05:a6:10:aa:cd:e3:75:3b:33:ac:5f:ca:aa:81:27:
d0:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:DD:81:96:AC:EC:B5:36:36:CD:C1:7C:F7:2D:2D:AA:D5:EC:00:08
X509v3 Authority Key Identifier:
keyid:C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/id2BlqzstTY2zcF89y0tqtXsAAg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.197.247.0/24
193.104.121.0/24
193.105.239.0/24
194.107.112.0/24
Signature Algorithm: sha256WithRSAEncryption
5b:95:31:70:39:5b:5a:05:b7:21:38:73:95:2e:57:e1:b2:19:
55:e5:53:8c:99:91:30:1f:91:e3:9e:ef:21:58:0e:c8:3e:d5:
7f:3e:a5:37:49:ab:d6:b7:ac:13:13:81:19:ec:9d:03:b3:86:
ef:e8:5d:af:1c:3b:b4:ad:64:ca:4b:0d:c9:16:82:1e:3a:97:
24:d7:ba:0e:53:ad:95:56:bf:5e:46:67:c5:d3:7b:ba:24:9c:
6f:16:2a:d6:fe:f2:a3:57:4b:eb:38:5f:50:f7:39:0d:e4:2e:
5c:80:e1:d0:1b:de:3d:a4:c6:6a:35:3b:b1:52:65:df:c8:0b:
35:01:a3:2a:e5:fc:82:ff:64:43:a3:26:e8:15:63:f7:78:09:
63:15:88:4e:93:c8:55:f3:fb:9d:0e:d8:38:e9:40:65:2f:6b:
70:6a:df:8c:61:1a:2b:f4:ee:e7:38:03:1a:37:a4:7e:4f:3a:
1e:a6:81:a4:d0:6a:7b:03:c0:93:3d:25:f0:de:bd:3b:a7:71:
12:e3:41:66:b0:0d:23:28:a2:63:e8:15:d4:20:80:87:0c:ad:
64:63:80:e7:3b:45:75:fd:30:49:33:75:60:4b:db:e3:65:84:
63:e8:6e:a5:ad:f7:3c:9b:20:13:1e:05:dc:b2:41:3f:40:64:
ac:ac:57:ed
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ5jY6uxScEn4fH9dBhlqRT+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNGRiNzYyMzI0MWQ3ZTY2NzhmYzI1NzUxZmE0ZTBiNjY2
NTE4NmIwHhcNMjYwNTI2MDgyNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWRkODE5NmFjZWNiNTM2MzZjZGMxN2NmNzJkMmRhYWQ1ZWMwMDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllAvnA1K1dKBwdbzvtGWXRLLaYu1
FWRM6vTJm+MFSy1qGgQkMSzT0y4bxLjRxquDXNPk/DiXGyWhl4bei0WZybhJtXp6
4fKen4bS4O7wbGC1JM8iAG/wEMchyfRVVwGI1flm7PWOgTZ1PgxhZdtsjbTPHPLk
qveW1siqiwAJoLAYiXttbRi1764FSFRVVEkKmyoojlW8ydTEyn/cw0viBNtizRzy
20d6zYlNEnd0GhyDaYgunseM9dxVk073LYVXIXzYRnm/uS23RibhcsJZOmRER1Bb
NNKDg/R0gJJsgJq+4tUtdSZhWCX0pk4JS/QFphCqzeN1OzOsX8qqgSfQSwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFIndgZas7LU2Ns3BfPctLarV7AAIMB8GA1UdIwQY
MBaAFMBNt2IyQdfmZ4/CV1H6TgtmZRhrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMt
MDQyM2YyNjNmMmNiLzEvaWQyQmxxenN0VFkyemNGODl5MHRxdFhzQUFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMtMDQyM2YyNjNmMmNi
LzEvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW8X3AwQA
wWh5AwQAwWnvAwQAwmtwMA0GCSqGSIb3DQEBCwUAA4IBAQBblTFwOVtaBbchOHOV
LlfhshlV5VOMmZEwH5Hjnu8hWA7IPtV/PqU3SavWt6wTE4EZ7J0Ds4bv6F2vHDu0
rWTKSw3JFoIeOpck17oOU62VVr9eRmfF03u6JJxvFirW/vKjV0vrOF9Q9zkN5C5c
gOHQG949pMZqNTuxUmXfyAs1AaMq5fyC/2RDoyboFWP3eAljFYhOk8hV8/udDtg4
6UBlL2twat+MYRor9O7nOAMaN6R+TzoepoGk0Gp7A8CTPSXw3r07p3ES40FmsA0j
KKJj6BXUIICHDK1kY4DnO0V1/TBJM3VgS9vjZYRj6G6lrfc8myATHgXcskE/QGSs
rFft
-----END CERTIFICATE-----
Generated at Fri Jun 12 02:40:46 2026 by rpki-client