Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/9f459f-264d-46ce-87b0-cbb7d2bf6fa1/1/lXz_0HyPSbL-uOjVg4Ot7TStlxw.roa
File: lXz_0HyPSbL-uOjVg4Ot7TStlxw.roa (raw, json)
Hash identifier: UyzNEXVwdOfFnPKU5Gd+xkJiBk60PdbsHvretQnQOPI=
Subject key identifier: 95:7C:FF:D0:7C:8F:49:B2:FE:B8:E8:D5:83:83:AD:ED:34:AD:97:1C
Certificate issuer: /CN=f9356a96e74ea2d72b6545c87c79d212d72a7bde
Certificate serial: 019DA9F294FFFD1F5B7E42D9AFDFC2508D87
Authority key identifier: F9:35:6A:96:E7:4E:A2:D7:2B:65:45:C8:7C:79:D2:12:D7:2A:7B:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-TVqludOotcrZUXIfHnSEtcqe94.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/9f459f-264d-46ce-87b0-cbb7d2bf6fa1/1/lXz_0HyPSbL-uOjVg4Ot7TStlxw.roa
Signing time: Mon 20 Apr 2026 08:12:20 +0000
ROA not before: Mon 20 Apr 2026 08:12:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 15576
IP address blocks: 87.237.168.0/21 maxlen: 21
87.237.168.0/22 maxlen: 22
87.237.172.0/22 maxlen: 22
94.126.248.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e2/9f459f-264d-46ce-87b0-cbb7d2bf6fa1/1/1-TVqludOotcrZUXIfHnSEtcqe94.crl
rsync://rpki.ripe.net/repository/DEFAULT/e2/9f459f-264d-46ce-87b0-cbb7d2bf6fa1/1/1-TVqludOotcrZUXIfHnSEtcqe94.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-TVqludOotcrZUXIfHnSEtcqe94.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Apr 2026 11:01:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:a9:f2:94:ff:fd:1f:5b:7e:42:d9:af:df:c2:50:8d:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f9356a96e74ea2d72b6545c87c79d212d72a7bde
Validity
Not Before: Apr 20 08:12:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=957cffd07c8f49b2feb8e8d58383aded34ad971c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:18:db:74:77:8a:f8:fc:de:bd:d1:68:74:0d:
eb:a1:ff:d4:6c:da:b4:33:e1:02:d2:2a:15:17:f0:
b4:dd:e0:17:7e:73:32:25:27:b8:89:aa:59:91:0e:
da:17:fb:55:1e:25:67:80:81:3d:bb:dc:16:64:37:
a3:f4:dd:e7:9d:0f:a3:f0:75:f4:6d:5f:93:80:b5:
e5:41:9c:50:ad:3f:0b:b9:d8:2a:27:79:c6:d9:a0:
10:5b:0d:74:c1:74:3d:56:a3:59:71:a5:df:d1:7c:
e2:b5:40:9c:bf:bd:3b:ef:d9:1e:09:42:84:db:48:
07:3f:83:92:58:6b:c1:95:ac:ac:11:c4:28:b9:96:
bb:32:97:25:45:97:ef:19:3d:0f:2b:97:63:3a:f3:
5b:19:c7:af:16:90:16:dc:e3:26:67:48:13:e8:d4:
8f:1f:5f:bd:24:46:92:02:94:3a:c3:6e:d5:08:b6:
b2:99:39:14:e8:7a:45:72:4c:7f:2c:4f:21:c9:c3:
2d:c1:64:ba:b8:fd:24:6b:6b:25:d6:0d:1f:7a:90:
b9:26:94:16:53:5c:30:c5:e5:5c:23:50:6b:37:11:
e9:c8:a7:af:4c:c7:59:9a:1a:60:2a:5e:2a:6b:34:
09:8f:39:12:bd:28:50:a2:66:9f:d8:d7:fd:99:79:
0e:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:7C:FF:D0:7C:8F:49:B2:FE:B8:E8:D5:83:83:AD:ED:34:AD:97:1C
X509v3 Authority Key Identifier:
keyid:F9:35:6A:96:E7:4E:A2:D7:2B:65:45:C8:7C:79:D2:12:D7:2A:7B:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-TVqludOotcrZUXIfHnSEtcqe94.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/9f459f-264d-46ce-87b0-cbb7d2bf6fa1/1/lXz_0HyPSbL-uOjVg4Ot7TStlxw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/9f459f-264d-46ce-87b0-cbb7d2bf6fa1/1/1-TVqludOotcrZUXIfHnSEtcqe94.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.237.168.0/21
94.126.248.0/21
Signature Algorithm: sha256WithRSAEncryption
4d:3c:66:c7:13:5f:d1:08:53:5e:db:56:40:7d:6c:42:5a:f3:
0e:59:2e:6e:9c:6b:45:29:fe:36:fd:fb:b1:31:7e:62:c4:2d:
76:b9:fb:2a:20:fa:fd:00:88:c3:e6:4f:69:57:06:1b:91:00:
a2:36:c9:4c:17:0b:df:e5:b7:0f:29:12:57:75:8f:25:8c:5d:
ee:bc:b9:b0:4b:55:d8:77:c6:ce:0e:87:f1:33:0d:38:0b:a3:
0a:5d:59:62:09:c1:cd:aa:20:bd:a4:e0:b9:a4:e8:ac:ac:56:
ef:3f:30:d0:47:1a:95:9a:dc:45:53:bb:15:ca:4c:40:dd:e8:
12:7b:45:86:de:ff:1d:6a:e9:db:bb:f4:1d:2f:d6:3c:cf:fe:
59:fd:f1:ae:8e:c3:9a:76:50:19:8e:ff:bb:87:41:48:82:3a:
75:e7:ad:d7:9d:b9:11:6b:dd:1e:dc:1c:1b:83:14:9d:44:5c:
c0:f4:98:91:3f:45:4d:60:df:ec:31:43:9f:f0:1d:2a:d9:f2:
c0:02:e7:81:d5:a4:06:37:75:1a:4d:60:da:ef:43:c6:64:92:
6e:76:0d:15:68:f2:46:de:e3:16:2a:05:2b:38:ce:63:d2:0e:
4e:c4:cc:e5:3c:f4:c7:1c:4d:6f:30:89:d5:4c:c9:68:3a:7c:
e5:16:21:4f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ2p8pT//R9bfkLZr9/CUI2HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5MzU2YTk2ZTc0ZWEyZDcyYjY1NDVjODdjNzlkMjEyZDcy
YTdiZGUwHhcNMjYwNDIwMDgxMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTdjZmZkMDdjOGY0OWIyZmViOGU4ZDU4MzgzYWRlZDM0YWQ5NzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihjbdHeK+PzevdFodA3rof/UbNq0
M+EC0ioVF/C03eAXfnMyJSe4iapZkQ7aF/tVHiVngIE9u9wWZDej9N3nnQ+j8HX0
bV+TgLXlQZxQrT8LudgqJ3nG2aAQWw10wXQ9VqNZcaXf0XzitUCcv70779keCUKE
20gHP4OSWGvBlaysEcQouZa7MpclRZfvGT0PK5djOvNbGcevFpAW3OMmZ0gT6NSP
H1+9JEaSApQ6w27VCLaymTkU6HpFckx/LE8hycMtwWS6uP0ka2sl1g0fepC5JpQW
U1wwxeVcI1BrNxHpyKevTMdZmhpgKl4qazQJjzkSvShQomaf2Nf9mXkO8QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJV8/9B8j0my/rjo1YODre00rZccMB8GA1UdIwQY
MBaAFPk1apbnTqLXK2VFyHx50hLXKnveMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1UVnFsdWRPb3RjclpVWElmSG5TRXRjcWU5NC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvOWY0NTlmLTI2NGQtNDZjZS04N2Iw
LWNiYjdkMmJmNmZhMS8xL2xYel8wSHlQU2JMLXVPalZnNE90N1RTdGx4dy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvOWY0NTlmLTI2NGQtNDZjZS04N2IwLWNiYjdkMmJmNmZh
MS8xLzEtVFZxbHVkT290Y3JaVVhJZkhuU0V0Y3FlOTQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBANX7agD
BANefvgwDQYJKoZIhvcNAQELBQADggEBAE08ZscTX9EIU17bVkB9bEJa8w5ZLm6c
a0Up/jb9+7ExfmLELXa5+yog+v0AiMPmT2lXBhuRAKI2yUwXC9/ltw8pEld1jyWM
Xe68ubBLVdh3xs4Oh/EzDTgLowpdWWIJwc2qIL2k4Lmk6KysVu8/MNBHGpWa3EVT
uxXKTEDd6BJ7RYbe/x1q6du79B0v1jzP/ln98a6Ow5p2UBmO/7uHQUiCOnXnrded
uRFr3R7cHBuDFJ1EXMD0mJE/RU1g3+wxQ5/wHSrZ8sAC54HVpAY3dRpNYNrvQ8Zk
km52DRVo8kbe4xYqBSs4zmPSDk7EzOU89MccTW8widVMyWg6fOUWIU8=
-----END CERTIFICATE-----
Generated at Mon Apr 27 19:39:36 2026 by rpki-client