Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/bN9gGnvLKFsP3GfeJkTDcqqrXxQ.roa
File: bN9gGnvLKFsP3GfeJkTDcqqrXxQ.roa (raw, json)
Hash identifier: 5b1gob+gV5B+BRXWval+phI79LQvzPmQYxK97JzmRZ8=
Subject key identifier: 6C:DF:60:1A:7B:CB:28:5B:0F:DC:67:DE:26:44:C3:72:AA:AB:5F:14
Certificate issuer: /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial: 019CE2C2513FC12CA65539B3906B751DA68B
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/bN9gGnvLKFsP3GfeJkTDcqqrXxQ.roa
Signing time: Thu 12 Mar 2026 15:55:11 +0000
ROA not before: Thu 12 Mar 2026 15:55:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 20473
IP address blocks: 89.106.2.0/24 maxlen: 24
89.106.14.0/24 maxlen: 24
89.106.16.0/24 maxlen: 24
89.106.18.0/24 maxlen: 24
89.106.21.0/24 maxlen: 24
89.106.22.0/24 maxlen: 24
94.229.208.0/24 maxlen: 24
94.229.213.0/24 maxlen: 24
94.229.222.0/24 maxlen: 24
94.229.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 13 Mar 2026 21:05:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:e2:c2:51:3f:c1:2c:a6:55:39:b3:90:6b:75:1d:a6:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Validity
Not Before: Mar 12 15:55:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6cdf601a7bcb285b0fdc67de2644c372aaab5f14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:a1:4a:ae:08:7b:10:2b:77:fb:be:15:12:5a:
6d:0f:3b:28:7a:d2:77:ff:1e:dd:78:92:7d:c9:1a:
01:d3:c7:2b:7b:e5:7a:2f:a3:65:62:ee:dd:2d:ab:
c5:67:70:66:57:a4:e2:74:76:81:f7:86:4c:27:fb:
8e:28:bc:de:2d:cc:0e:b1:33:5d:33:fe:fb:5c:28:
3e:ea:06:88:72:5e:e6:aa:25:6d:f9:a7:38:bf:0a:
aa:6a:56:61:cc:cb:b4:73:d6:f2:48:7c:cd:a3:aa:
3b:bc:40:aa:ed:46:ac:8b:83:3d:f9:3a:6b:af:46:
f0:34:e6:e4:1a:ee:f9:8a:98:9d:10:11:a7:f0:0a:
c5:13:c6:c8:e7:8a:58:59:8c:c1:56:76:b8:80:15:
59:95:b8:f8:07:3e:c4:1e:d6:7b:4d:46:f5:5d:7d:
ea:16:04:31:ba:54:e1:78:2c:c6:a5:7a:63:74:41:
9c:74:c8:89:ed:c4:85:ef:e9:52:65:c5:d0:bd:1e:
a7:65:cb:01:24:42:af:0b:e9:06:1e:b6:56:54:8b:
07:da:12:bf:fe:47:32:5e:01:a4:aa:d1:c0:77:14:
6b:98:34:d2:0a:3c:62:87:33:f8:14:07:c5:35:ab:
78:7f:44:6a:58:b4:a0:26:0a:31:26:e4:b0:af:c8:
a3:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:DF:60:1A:7B:CB:28:5B:0F:DC:67:DE:26:44:C3:72:AA:AB:5F:14
X509v3 Authority Key Identifier:
keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/bN9gGnvLKFsP3GfeJkTDcqqrXxQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.106.2.0/24
89.106.14.0/24
89.106.16.0/24
89.106.18.0/24
89.106.21.0-89.106.22.255
94.229.208.0/24
94.229.213.0/24
94.229.222.0/23
Signature Algorithm: sha256WithRSAEncryption
c7:ed:f2:de:60:a6:4f:d4:59:27:e8:e4:08:da:18:a2:ed:8e:
01:3d:ee:00:fb:db:a2:d0:87:c1:87:ea:da:15:d9:8b:af:7f:
5a:17:d2:8b:f8:8c:60:fe:fa:45:fa:0d:39:cd:6b:19:76:ec:
46:31:53:c1:fa:6d:a3:ef:2c:42:ef:34:22:7b:d5:2c:73:41:
58:64:c2:0b:f2:cb:50:6a:67:02:76:53:b6:74:a0:3d:a1:0f:
ef:3e:d6:ef:de:bb:15:85:c7:fd:27:43:31:27:33:4d:31:29:
9e:52:dc:12:de:8a:39:ce:ce:47:0a:03:f4:86:6c:70:dc:25:
96:10:00:06:09:d2:0c:de:2d:2c:09:3f:70:b5:8f:39:fe:5e:
7d:89:73:3b:66:52:c8:9d:09:df:36:a8:2c:86:fa:8a:31:bf:
66:a2:fd:f9:1c:ea:e2:41:7c:66:cd:9e:43:31:c5:8c:74:77:
6c:00:9a:12:32:90:0d:10:3e:9e:7c:b2:99:93:c0:4f:90:40:
36:1d:f8:c8:b4:97:cb:1c:28:9f:f2:63:65:cc:f2:e6:c1:0f:
9f:dc:f2:2d:62:7d:3f:81:04:fd:32:a0:a2:bb:d3:8f:85:ea:
27:8d:b0:0d:02:e2:4a:18:ae:9a:57:0f:be:01:d4:ea:b3:f0:
55:ad:66:c3
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZziwlE/wSymVTmzkGt1HaaLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwMzEyMTU1NTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2RmNjAxYTdiY2IyODViMGZkYzY3ZGUyNjQ0YzM3MmFhYWI1ZjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqFKrgh7ECt3+74VElptDzsoetJ3
/x7deJJ9yRoB08cre+V6L6NlYu7dLavFZ3BmV6TidHaB94ZMJ/uOKLzeLcwOsTNd
M/77XCg+6gaIcl7mqiVt+ac4vwqqalZhzMu0c9bySHzNo6o7vECq7Uasi4M9+Tpr
r0bwNObkGu75ipidEBGn8ArFE8bI54pYWYzBVna4gBVZlbj4Bz7EHtZ7TUb1XX3q
FgQxulTheCzGpXpjdEGcdMiJ7cSF7+lSZcXQvR6nZcsBJEKvC+kGHrZWVIsH2hK/
/kcyXgGkqtHAdxRrmDTSCjxihzP4FAfFNat4f0RqWLSgJgoxJuSwr8ijswIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFGzfYBp7yyhbD9xn3iZEw3Kqq18UMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvYk45Z0dudkxLRnNQM0dmZUprVERjcXFyWHhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAWWoCAwQA
WWoOAwQAWWoQAwQAWWoSMAwDBABZahUDBABZahYDBABe5dADBABe5dUDBAFe5d4w
DQYJKoZIhvcNAQELBQADggEBAMft8t5gpk/UWSfo5AjaGKLtjgE97gD726LQh8GH
6toV2Yuvf1oX0ov4jGD++kX6DTnNaxl27EYxU8H6baPvLELvNCJ71SxzQVhkwgvy
y1BqZwJ2U7Z0oD2hD+8+1u/euxWFx/0nQzEnM00xKZ5S3BLeijnOzkcKA/SGbHDc
JZYQAAYJ0gzeLSwJP3C1jzn+Xn2JcztmUsidCd82qCyG+ooxv2ai/fkc6uJBfGbN
nkMxxYx0d2wAmhIykA0QPp58spmTwE+QQDYd+Mi0l8scKJ/yY2XM8ubBD5/c8i1i
fT+BBP0yoKK704+F6ieNsA0C4koYrppXD74B1Oqz8FWtZsM=
-----END CERTIFICATE-----
Generated at Fri Mar 13 02:17:53 2026 by rpki-client