Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/aCdtB2nYu55hGLQQzrV3-u62JS4.roa
File: aCdtB2nYu55hGLQQzrV3-u62JS4.roa (raw, json)
Hash identifier: 0jBdXE3UE70+A74fzbLHoyPujmWBV5PBwxsIako4QUY=
Subject key identifier: 68:27:6D:07:69:D8:BB:9E:61:18:B4:10:CE:B5:77:FA:EE:B6:25:2E
Certificate issuer: /CN=0c05ca111c0093b56514215be467b515dda56c06
Certificate serial: 019ED647286091ADF1C6EF3C7BD8BA29BAD2
Authority key identifier: 0C:05:CA:11:1C:00:93:B5:65:14:21:5B:E4:67:B5:15:DD:A5:6C:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/aCdtB2nYu55hGLQQzrV3-u62JS4.roa
Signing time: Wed 17 Jun 2026 15:50:48 +0000
ROA not before: Wed 17 Jun 2026 15:50:48 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 215787
IP address blocks: 165.217.164.0/24 maxlen: 24
165.217.165.0/24 maxlen: 24
165.217.166.0/24 maxlen: 24
165.217.167.0/24 maxlen: 24
165.217.168.0/24 maxlen: 24
165.217.169.0/24 maxlen: 24
165.217.170.0/24 maxlen: 24
165.217.171.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.crl
rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.mft
rsync://rpki.ripe.net/repository/DEFAULT/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 29 Jun 2026 12:01:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:d6:47:28:60:91:ad:f1:c6:ef:3c:7b:d8:ba:29:ba:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0c05ca111c0093b56514215be467b515dda56c06
Validity
Not Before: Jun 17 15:50:48 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=68276d0769d8bb9e6118b410ceb577faeeb6252e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:da:00:5e:3d:dd:fd:dc:e4:3e:7c:a3:46:88:
3a:28:40:ff:d1:0c:af:b1:38:12:1d:be:8f:07:40:
3a:67:70:4d:81:28:52:8b:d9:f7:14:ba:30:d0:d0:
60:96:f4:13:7c:b8:fc:62:2d:19:15:21:49:51:f6:
c0:9d:43:c9:43:98:cc:a8:ea:7a:51:5b:bf:9b:d9:
21:ba:5b:ce:a0:12:71:21:d5:94:7d:49:b3:1c:67:
74:0f:b8:c4:d9:d1:e9:b0:ce:18:ac:78:1e:9e:7a:
58:23:ad:16:83:bb:00:61:c1:08:14:af:cb:6b:c3:
60:96:29:28:17:bf:33:be:9c:81:78:51:71:f4:0c:
c1:4f:ad:3a:92:0c:a4:88:ed:65:ec:6f:6c:fb:53:
1b:6d:ae:c6:88:a2:c6:0b:c1:f0:7b:d5:42:b9:19:
73:c2:03:aa:c7:e2:51:08:3a:65:eb:e4:f4:d9:89:
19:e1:c8:89:f9:09:d2:eb:a9:35:cc:ea:53:20:53:
fe:18:4e:72:f1:4d:9a:b6:c7:86:54:90:43:63:e5:
a1:00:69:5a:ea:4d:1b:3e:21:3b:c1:94:c0:29:9a:
20:d5:d5:97:6c:a8:e3:f5:f6:ef:71:0c:58:95:ea:
db:f7:a2:6f:3e:27:fe:fc:be:7c:12:7e:86:1a:03:
03:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:27:6D:07:69:D8:BB:9E:61:18:B4:10:CE:B5:77:FA:EE:B6:25:2E
X509v3 Authority Key Identifier:
keyid:0C:05:CA:11:1C:00:93:B5:65:14:21:5B:E4:67:B5:15:DD:A5:6C:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/aCdtB2nYu55hGLQQzrV3-u62JS4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
165.217.164.0-165.217.171.255
Signature Algorithm: sha256WithRSAEncryption
62:67:88:7f:ba:af:3f:d7:2e:74:d5:f5:ad:59:4e:cb:31:e3:
7a:e1:ab:8c:cd:ec:87:1a:bb:fd:6e:aa:b1:2f:05:59:7a:d7:
be:77:42:a8:7c:fa:0b:a2:14:1f:76:16:89:28:d4:ce:7f:d6:
d1:ee:c0:f5:12:2a:75:d2:5a:38:e1:a8:88:67:0f:de:50:57:
86:6d:8f:26:50:8c:0b:0e:e9:c1:bc:9d:e1:26:47:a4:b8:51:
61:91:69:87:73:91:f4:61:36:3d:e9:30:75:11:df:e2:14:b1:
a4:97:5b:e7:e5:5b:8d:48:29:03:a4:53:0d:e2:83:91:ae:26:
7c:ce:84:a9:57:60:09:b0:bf:c2:5b:0e:6f:00:de:b7:8d:9a:
99:79:21:2c:92:05:ce:f8:f3:7f:b2:9d:e6:f7:1f:e5:29:e2:
9f:75:46:9d:33:68:97:63:3d:21:fa:30:03:09:0a:2e:d4:6d:
59:be:94:ab:39:f9:ff:a8:e6:a4:b7:3a:f0:31:37:9d:34:74:
59:d7:00:f9:07:21:1e:13:4b:94:3b:d9:58:41:27:7e:be:de:
00:e4:13:4e:a4:c8:65:b6:c4:b5:32:2e:5b:4a:68:99:f2:c2:
11:44:b7:fc:54:99:c7:9c:72:64:11:b3:69:6f:b3:a5:f9:4a:
83:f0:e1:dc
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ7WRyhgka3xxu88e9i6KbrSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMDVjYTExMWMwMDkzYjU2NTE0MjE1YmU0NjdiNTE1ZGRh
NTZjMDYwHhcNMjYwNjE3MTU1MDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODI3NmQwNzY5ZDhiYjllNjExOGI0MTBjZWI1NzdmYWVlYjYyNTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNoAXj3d/dzkPnyjRog6KED/0Qyv
sTgSHb6PB0A6Z3BNgShSi9n3FLow0NBglvQTfLj8Yi0ZFSFJUfbAnUPJQ5jMqOp6
UVu/m9khulvOoBJxIdWUfUmzHGd0D7jE2dHpsM4YrHgennpYI60Wg7sAYcEIFK/L
a8NglikoF78zvpyBeFFx9AzBT606kgykiO1l7G9s+1Mbba7GiKLGC8Hwe9VCuRlz
wgOqx+JRCDpl6+T02YkZ4ciJ+QnS66k1zOpTIFP+GE5y8U2atseGVJBDY+WhAGla
6k0bPiE7wZTAKZog1dWXbKjj9fbvcQxYlerb96JvPif+/L58En6GGgMDCQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGgnbQdp2LueYRi0EM61d/rutiUuMB8GA1UdIwQY
MBaAFAwFyhEcAJO1ZRQhW+RntRXdpWwGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREFYS0VSd0FrN1ZsRkNGYjVHZTFGZDJsYkFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wZmJmNDgtNWRiNy00OWZlLWJmNDQt
NmEzNjcwNWJiYTZmLzEvYUNkdEIybll1NTVoR0xRUXpyVjMtdTYySlM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wZmJmNDgtNWRiNy00OWZlLWJmNDQtNmEzNjcwNWJiYTZm
LzEvREFYS0VSd0FrN1ZsRkNGYjVHZTFGZDJsYkFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAKl2aQD
BAKl2agwDQYJKoZIhvcNAQELBQADggEBAGJniH+6rz/XLnTV9a1ZTssx43rhq4zN
7Icau/1uqrEvBVl61753Qqh8+guiFB92Foko1M5/1tHuwPUSKnXSWjjhqIhnD95Q
V4ZtjyZQjAsO6cG8neEmR6S4UWGRaYdzkfRhNj3pMHUR3+IUsaSXW+flW41IKQOk
Uw3ig5GuJnzOhKlXYAmwv8JbDm8A3reNmpl5ISySBc7483+yneb3H+Up4p91Rp0z
aJdjPSH6MAMJCi7UbVm+lKs5+f+o5qS3OvAxN500dFnXAPkHIR4TS5Q72VhBJ36+
3gDkE06kyGW2xLUyLltKaJnywhFEt/xUmceccmQRs2lvs6X5SoPw4dw=
-----END CERTIFICATE-----
Generated at Sun Jun 28 21:48:34 2026 by rpki-client