Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/f04658-fad7-423c-bb42-82fa3d260869/1/mFOcu9448pkWaJxj0W6CJ5qV7oc.roa
File: mFOcu9448pkWaJxj0W6CJ5qV7oc.roa (raw, json)
Hash identifier: sfdgi4ysoZDcqPEECniZSAvoWWAcCc3gl1/AmNd3E4U=
Subject key identifier: 98:53:9C:BB:DE:38:F2:99:16:68:9C:63:D1:6E:82:27:9A:95:EE:87
Certificate issuer: /CN=220ab0d7ae01c7ba7da69d71a91472b390cd7091
Certificate serial: 019CB472C2C6FD475A382F71BB9F527E0AAC
Authority key identifier: 22:0A:B0:D7:AE:01:C7:BA:7D:A6:9D:71:A9:14:72:B3:90:CD:70:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Igqw164Bx7p9pp1xqRRys5DNcJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/f04658-fad7-423c-bb42-82fa3d260869/1/mFOcu9448pkWaJxj0W6CJ5qV7oc.roa
Signing time: Tue 03 Mar 2026 16:05:45 +0000
ROA not before: Tue 03 Mar 2026 16:05:45 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 209427
IP address blocks: 45.66.88.0/24 maxlen: 24
45.66.90.0/24 maxlen: 24
45.66.91.0/24 maxlen: 24
2a09:6644::/48 maxlen: 48
2a09:6644:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/f04658-fad7-423c-bb42-82fa3d260869/1/Igqw164Bx7p9pp1xqRRys5DNcJE.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/f04658-fad7-423c-bb42-82fa3d260869/1/Igqw164Bx7p9pp1xqRRys5DNcJE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Igqw164Bx7p9pp1xqRRys5DNcJE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 17 Mar 2026 09:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:b4:72:c2:c6:fd:47:5a:38:2f:71:bb:9f:52:7e:0a:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=220ab0d7ae01c7ba7da69d71a91472b390cd7091
Validity
Not Before: Mar 3 16:05:45 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=98539cbbde38f29916689c63d16e82279a95ee87
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:d4:f0:ad:9b:09:c3:c1:7d:6f:87:e8:90:85:
85:89:e5:af:5e:1f:98:86:7d:fc:a5:df:1e:82:ce:
10:68:9a:9e:4b:1c:96:78:e8:ce:fa:71:a6:36:b9:
ef:0d:e3:51:07:dc:ae:e7:df:37:d3:19:ad:a3:ea:
8d:13:f2:1a:26:20:6c:e2:a6:bd:c9:78:fa:40:94:
35:f0:64:f4:13:99:e9:e1:2f:65:af:0d:0e:c8:7b:
6c:71:c3:46:21:a0:c7:4f:4d:c1:71:93:93:89:55:
5c:67:4f:b1:4b:cf:d0:90:f3:8c:a1:87:53:66:95:
1d:d2:f7:79:9d:d1:8d:13:3b:07:e1:35:6f:69:ce:
55:c8:c4:6c:8c:cf:1a:8d:e3:ea:88:98:45:67:51:
be:ce:c6:60:16:6a:ed:5f:a4:f4:39:ba:a2:28:35:
6f:f3:5f:24:1a:b0:0b:c2:ed:0e:72:7d:44:de:9a:
00:10:9a:70:4a:08:8d:ae:7e:2d:b9:06:a4:89:60:
e0:b4:5c:89:b5:80:42:f3:71:a0:14:f0:5b:56:90:
95:12:69:c5:1d:5a:e5:43:5f:a4:a0:93:c1:00:22:
9a:93:de:80:e1:91:9d:28:17:07:e7:f4:e3:bd:30:
77:da:26:82:a5:51:cd:c0:31:c3:7a:3f:9a:f0:47:
32:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:53:9C:BB:DE:38:F2:99:16:68:9C:63:D1:6E:82:27:9A:95:EE:87
X509v3 Authority Key Identifier:
keyid:22:0A:B0:D7:AE:01:C7:BA:7D:A6:9D:71:A9:14:72:B3:90:CD:70:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Igqw164Bx7p9pp1xqRRys5DNcJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/f04658-fad7-423c-bb42-82fa3d260869/1/mFOcu9448pkWaJxj0W6CJ5qV7oc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/f04658-fad7-423c-bb42-82fa3d260869/1/Igqw164Bx7p9pp1xqRRys5DNcJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.88.0/24
45.66.90.0/23
IPv6:
2a09:6644::/47
Signature Algorithm: sha256WithRSAEncryption
7d:98:15:ac:d9:71:fb:11:e5:7c:02:ae:4f:43:7e:8a:b5:80:
52:0d:03:b5:32:3d:a3:93:fd:75:64:93:a5:e6:a1:4f:0a:2e:
e0:76:8b:a4:23:b7:de:dd:e6:f1:88:df:9a:1d:76:92:40:d0:
84:c9:26:c2:e0:2d:a6:49:6b:98:34:83:81:b4:dd:7b:ca:e3:
8e:47:ac:ac:c7:e6:a3:87:c5:76:d6:4a:14:78:5a:da:51:7c:
c3:ed:7f:42:12:3e:1d:62:e8:4d:ec:67:7e:70:c2:70:7b:43:
e0:7d:2a:69:eb:18:b8:8f:56:b1:91:1b:56:cd:d7:d0:33:33:
f5:d0:f2:1a:78:42:1e:e1:9d:8d:fb:4e:81:aa:9a:c4:c7:0d:
12:ed:ff:21:a3:7c:cf:41:27:46:1c:39:60:bb:0d:c0:9e:3a:
94:08:7f:6c:38:22:df:96:dd:e3:34:d2:86:cf:b0:70:2d:14:
ac:1b:85:33:25:46:d4:3b:c9:a9:eb:16:ca:dd:7d:11:73:99:
70:de:19:3c:c6:f7:13:78:ad:ca:ac:8c:f9:32:08:30:e4:ba:
5d:f0:2b:09:5c:6e:a2:a8:10:b5:c0:5e:b5:c7:9a:20:b9:54:
8e:8d:28:30:3c:f1:d9:d0:46:0e:5e:3d:8d:f2:53:2f:e7:92:
a3:45:87:04
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZy0csLG/UdaOC9xu59SfgqsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMGFiMGQ3YWUwMWM3YmE3ZGE2OWQ3MWE5MTQ3MmIzOTBj
ZDcwOTEwHhcNMjYwMzAzMTYwNTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODUzOWNiYmRlMzhmMjk5MTY2ODljNjNkMTZlODIyNzlhOTVlZTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNTwrZsJw8F9b4fokIWFieWvXh+Y
hn38pd8egs4QaJqeSxyWeOjO+nGmNrnvDeNRB9yu59830xmto+qNE/IaJiBs4qa9
yXj6QJQ18GT0E5np4S9lrw0OyHtsccNGIaDHT03BcZOTiVVcZ0+xS8/QkPOMoYdT
ZpUd0vd5ndGNEzsH4TVvac5VyMRsjM8ajePqiJhFZ1G+zsZgFmrtX6T0ObqiKDVv
818kGrALwu0Ocn1E3poAEJpwSgiNrn4tuQakiWDgtFyJtYBC83GgFPBbVpCVEmnF
HVrlQ1+koJPBACKak96A4ZGdKBcH5/TjvTB32iaCpVHNwDHDej+a8EcyxQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJhTnLveOPKZFmicY9Fugieale6HMB8GA1UdIwQY
MBaAFCIKsNeuAce6faadcakUcrOQzXCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWdxdzE2NEJ4N3A5cHAxeHFSUnlzNUROY0pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9mMDQ2NTgtZmFkNy00MjNjLWJiNDIt
ODJmYTNkMjYwODY5LzEvbUZPY3U5NDQ4cGtXYUp4ajBXNkNKNXFWN29jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9mMDQ2NTgtZmFkNy00MjNjLWJiNDItODJmYTNkMjYwODY5
LzEvSWdxdzE2NEJ4N3A5cHAxeHFSUnlzNUROY0pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQALUJYAwQB
LUJaMA8EAgACMAkDBwEqCWZEAAAwDQYJKoZIhvcNAQELBQADggEBAH2YFazZcfsR
5XwCrk9Dfoq1gFINA7UyPaOT/XVkk6XmoU8KLuB2i6Qjt97d5vGI35oddpJA0ITJ
JsLgLaZJa5g0g4G03XvK445HrKzH5qOHxXbWShR4WtpRfMPtf0ISPh1i6E3sZ35w
wnB7Q+B9KmnrGLiPVrGRG1bN19AzM/XQ8hp4Qh7hnY37ToGqmsTHDRLt/yGjfM9B
J0YcOWC7DcCeOpQIf2w4It+W3eM00obPsHAtFKwbhTMlRtQ7yanrFsrdfRFzmXDe
GTzG9xN4rcqsjPkyCDDkul3wKwlcbqKoELXAXrXHmiC5VI6NKDA88dnQRg5ePY3y
Uy/nkqNFhwQ=
-----END CERTIFICATE-----
Generated at Mon Mar 16 14:24:54 2026 by rpki-client