Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/8FqA2ZF4hxliA1oSbnxrFuSzN9E.roa
File: 8FqA2ZF4hxliA1oSbnxrFuSzN9E.roa (raw, json)
Hash identifier: dy3uYfdWJITOpK1lPFOdwtBaqmyss+P6rreDBETaVWQ=
Subject key identifier: F0:5A:80:D9:91:78:87:19:62:03:5A:12:6E:7C:6B:16:E4:B3:37:D1
Certificate issuer: /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial: 019E447BAE96B3C41B9B43D853FBBF7B107F
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/8FqA2ZF4hxliA1oSbnxrFuSzN9E.roa
Signing time: Wed 20 May 2026 08:23:36 +0000
ROA not before: Wed 20 May 2026 08:23:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 8311
IP address blocks: 194.143.192.0/24 maxlen: 24
194.143.193.0/24 maxlen: 24
194.143.194.0/24 maxlen: 24
194.143.195.0/24 maxlen: 24
194.143.196.0/24 maxlen: 24
194.143.197.0/24 maxlen: 24
194.143.198.0/24 maxlen: 24
194.143.199.0/24 maxlen: 24
194.143.200.0/24 maxlen: 24
194.143.201.0/24 maxlen: 24
194.143.202.0/24 maxlen: 24
194.143.204.0/24 maxlen: 24
194.143.208.0/24 maxlen: 24
194.143.211.0/24 maxlen: 24
194.143.212.0/23 maxlen: 23
194.143.214.0/24 maxlen: 24
194.143.216.0/24 maxlen: 24
194.143.219.0/24 maxlen: 24
194.143.220.0/24 maxlen: 24
213.220.1.0/24 maxlen: 24
213.220.10.0/24 maxlen: 24
213.220.12.0/24 maxlen: 24
213.220.15.0/24 maxlen: 24
213.220.17.0/24 maxlen: 24
213.220.19.0/24 maxlen: 24
213.220.20.0/24 maxlen: 24
213.220.21.0/24 maxlen: 24
213.220.22.0/23 maxlen: 23
213.220.24.0/21 maxlen: 24
213.220.32.0/22 maxlen: 22
213.220.36.0/23 maxlen: 23
213.220.38.0/24 maxlen: 24
213.220.40.0/24 maxlen: 24
213.220.43.0/24 maxlen: 24
213.220.44.0/22 maxlen: 22
213.220.48.0/23 maxlen: 23
213.220.52.0/23 maxlen: 23
213.220.55.0/24 maxlen: 24
213.220.56.0/23 maxlen: 23
213.220.59.0/24 maxlen: 24
213.220.60.0/23 maxlen: 24
213.220.63.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 05 Jun 2026 04:00:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:44:7b:ae:96:b3:c4:1b:9b:43:d8:53:fb:bf:7b:10:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Validity
Not Before: May 20 08:23:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f05a80d99178871962035a126e7c6b16e4b337d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:7d:94:70:db:ea:a7:e6:1e:19:c0:11:8b:3b:
a6:15:f2:cd:74:dc:c0:a9:b6:68:ee:dc:8d:70:76:
70:cd:37:44:2c:49:3c:af:0e:9a:a7:a3:90:18:cb:
57:20:e2:38:5c:85:87:88:00:8e:89:53:00:fe:a1:
43:70:00:cb:4c:6e:f8:8b:11:ff:10:3c:3d:f5:e7:
3b:05:1c:fb:19:c5:8b:0b:08:a6:b4:5e:03:37:10:
3b:81:de:47:8d:70:aa:bf:92:62:6f:5a:eb:98:ff:
9d:4b:d0:fd:51:d2:3e:6c:70:97:07:b3:b0:a0:14:
95:90:40:6a:74:99:3f:45:58:43:de:de:4b:d6:3d:
43:4e:09:08:65:82:41:a1:37:3d:b8:fe:14:f1:f8:
94:c3:35:4c:5a:9f:80:a4:e1:95:30:60:74:8a:ab:
61:b9:24:9c:17:00:67:6f:e7:1c:46:1c:9d:bc:bd:
8e:f4:44:ab:6f:0f:a7:38:c0:ad:59:43:94:e5:87:
32:fa:c8:81:54:b8:4e:c6:79:fe:99:13:e3:dd:0f:
42:d1:10:c7:66:f8:b3:0a:24:11:a2:60:8b:d7:ce:
fe:f6:89:ee:13:aa:f4:2c:d7:24:c7:23:bb:a4:6c:
d2:30:ab:1f:4c:f9:99:21:90:11:68:a1:63:23:92:
a8:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:5A:80:D9:91:78:87:19:62:03:5A:12:6E:7C:6B:16:E4:B3:37:D1
X509v3 Authority Key Identifier:
keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/8FqA2ZF4hxliA1oSbnxrFuSzN9E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.143.192.0-194.143.202.255
194.143.204.0/24
194.143.208.0/24
194.143.211.0-194.143.214.255
194.143.216.0/24
194.143.219.0-194.143.220.255
213.220.1.0/24
213.220.10.0/24
213.220.12.0/24
213.220.15.0/24
213.220.17.0/24
213.220.19.0-213.220.38.255
213.220.40.0/24
213.220.43.0-213.220.49.255
213.220.52.0/23
213.220.55.0-213.220.57.255
213.220.59.0-213.220.61.255
213.220.63.0/24
Signature Algorithm: sha256WithRSAEncryption
86:52:9e:b3:22:16:11:81:3c:78:ae:9b:49:c1:b6:1c:b1:30:
c6:05:65:ba:19:74:2d:0a:dd:12:30:c0:33:f2:67:37:cb:5b:
01:f4:07:ca:f5:7a:85:89:dc:4e:e7:a2:27:89:6f:2e:53:b7:
5a:c3:fe:93:f2:69:50:3f:8f:31:06:ae:0f:b7:24:3a:35:9c:
f7:59:2b:b6:85:90:a1:f9:29:fa:05:58:9e:04:75:5c:af:d4:
be:ef:7a:85:26:4c:59:0a:a4:af:ed:23:cd:c0:08:29:77:c1:
de:e8:b3:80:fc:47:3b:5f:38:47:5c:9c:67:57:ea:c8:38:db:
8d:11:1a:e0:15:be:cc:fa:28:c3:c9:d7:f5:13:a1:1f:52:f7:
b4:5e:66:6b:7b:a9:b4:06:d4:e0:47:79:93:42:7b:c9:f8:f6:
88:16:be:e7:07:9e:15:50:c1:6e:84:42:5b:c9:01:91:bb:9a:
0c:03:24:5f:aa:70:f5:af:fd:c1:5f:df:7b:d1:55:ca:21:23:
6d:1c:b7:de:09:5f:97:42:32:b9:fb:24:4a:cf:2a:73:26:01:
65:3c:50:d7:ab:94:b3:e7:4d:e4:01:66:96:cf:ae:b9:9f:75:
46:fe:1f:5e:4a:25:7d:8f:25:44:cf:f1:8e:4f:05:6e:bf:2c:
6b:bf:d0:00
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAZ5Ee66Ws8Qbm0PYU/u/exB/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjYwNTIwMDgyMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDVhODBkOTkxNzg4NzE5NjIwMzVhMTI2ZTdjNmIxNmU0YjMzN2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv32UcNvqp+YeGcARizumFfLNdNzA
qbZo7tyNcHZwzTdELEk8rw6ap6OQGMtXIOI4XIWHiACOiVMA/qFDcADLTG74ixH/
EDw99ec7BRz7GcWLCwimtF4DNxA7gd5HjXCqv5Jib1rrmP+dS9D9UdI+bHCXB7Ow
oBSVkEBqdJk/RVhD3t5L1j1DTgkIZYJBoTc9uP4U8fiUwzVMWp+ApOGVMGB0iqth
uSScFwBnb+ccRhydvL2O9ESrbw+nOMCtWUOU5Ycy+siBVLhOxnn+mRPj3Q9C0RDH
ZvizCiQRomCL187+9onuE6r0LNckxyO7pGzSMKsfTPmZIZARaKFjI5KoVwIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFPBagNmReIcZYgNaEm58axbkszfRMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvOEZxQTJaRjRoeGxpQTFvU2JueHJGdVN6TjlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBqwQCAAEwgaQwDAME
BsKPwAMEAMKPygMEAMKPzAMEAMKP0DAMAwQAwo/TAwQAwo/WAwQAwo/YMAwDBADC
j9sDBADCj9wDBADV3AEDBADV3AoDBADV3AwDBADV3A8DBADV3BEwDAMEANXcEwME
ANXcJgMEANXcKDAMAwQA1dwrAwQB1dwwAwQB1dw0MAwDBADV3DcDBAHV3DgwDAME
ANXcOwMEAdXcPAMEANXcPzANBgkqhkiG9w0BAQsFAAOCAQEAhlKesyIWEYE8eK6b
ScG2HLEwxgVluhl0LQrdEjDAM/JnN8tbAfQHyvV6hYncTueiJ4lvLlO3WsP+k/Jp
UD+PMQauD7ckOjWc91krtoWQofkp+gVYngR1XK/Uvu96hSZMWQqkr+0jzcAIKXfB
3uizgPxHO184R1ycZ1fqyDjbjREa4BW+zPoow8nX9ROhH1L3tF5ma3uptAbU4Ed5
k0J7yfj2iBa+5weeFVDBboRCW8kBkbuaDAMkX6pw9a/9wV/fe9FVyiEjbRy33glf
l0IyufskSs8qcyYBZTxQ16uUs+dN5AFmls+uuZ91Rv4fXkolfY8lRM/xjk8Fbr8s
a7/QAA==
-----END CERTIFICATE-----
Generated at Thu Jun 4 10:00:09 2026 by rpki-client