Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/f6b173-912c-4151-bac5-4c8883327a2a/1/1ci4NPebCgeMNcywiGWuM9-74b0.roa
File: 1ci4NPebCgeMNcywiGWuM9-74b0.roa (raw, json)
Hash identifier: NY5avTfHcZ7Ff+XOjRJKVaDYbSIYWepikXVoA2de9Ps=
Subject key identifier: D5:C8:B8:34:F7:9B:0A:07:8C:35:CC:B0:88:65:AE:33:DF:BB:E1:BD
Certificate issuer: /CN=07e5c4e4be3b8cbde0eae9460a11032d6a64ab71
Certificate serial: 019DB0027E37DD473A4A0DE0D97A37206265
Authority key identifier: 07:E5:C4:E4:BE:3B:8C:BD:E0:EA:E9:46:0A:11:03:2D:6A:64:AB:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/B-XE5L47jL3g6ulGChEDLWpkq3E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fc/f6b173-912c-4151-bac5-4c8883327a2a/1/1ci4NPebCgeMNcywiGWuM9-74b0.roa
Signing time: Tue 21 Apr 2026 12:27:26 +0000
ROA not before: Tue 21 Apr 2026 12:27:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202425
IP address blocks: 80.82.64.0/24 maxlen: 24
80.82.65.0/24 maxlen: 24
80.82.66.0/24 maxlen: 24
80.82.67.0/24 maxlen: 24
80.82.68.0/24 maxlen: 24
80.82.69.0/24 maxlen: 24
80.82.70.0/24 maxlen: 24
80.82.76.0/24 maxlen: 24
80.82.77.0/24 maxlen: 24
80.82.78.0/24 maxlen: 24
80.82.79.0/24 maxlen: 24
89.248.160.0/24 maxlen: 24
89.248.161.0/24 maxlen: 24
89.248.162.0/24 maxlen: 24
89.248.163.0/24 maxlen: 24
89.248.164.0/24 maxlen: 24
89.248.165.0/24 maxlen: 24
89.248.166.0/24 maxlen: 24
89.248.167.0/24 maxlen: 24
89.248.168.0/24 maxlen: 24
89.248.169.0/24 maxlen: 24
89.248.170.0/24 maxlen: 24
89.248.171.0/24 maxlen: 24
89.248.172.0/24 maxlen: 24
89.248.173.0/24 maxlen: 24
89.248.174.0/24 maxlen: 24
93.174.88.0/24 maxlen: 24
93.174.89.0/24 maxlen: 24
93.174.90.0/24 maxlen: 24
93.174.91.0/24 maxlen: 24
93.174.92.0/24 maxlen: 24
93.174.93.0/24 maxlen: 24
93.174.94.0/24 maxlen: 24
93.174.95.0/24 maxlen: 24
94.102.48.0/24 maxlen: 24
94.102.49.0/24 maxlen: 24
94.102.50.0/24 maxlen: 24
94.102.51.0/24 maxlen: 24
94.102.52.0/24 maxlen: 24
94.102.53.0/24 maxlen: 24
94.102.54.0/24 maxlen: 24
94.102.55.0/24 maxlen: 24
94.102.56.0/24 maxlen: 24
94.102.57.0/24 maxlen: 24
94.102.58.0/24 maxlen: 24
94.102.59.0/24 maxlen: 24
94.102.60.0/24 maxlen: 24
94.102.61.0/24 maxlen: 24
94.102.62.0/24 maxlen: 24
94.102.63.0/24 maxlen: 24
2a02:6c8:8000::/33 maxlen: 33
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fc/f6b173-912c-4151-bac5-4c8883327a2a/1/B-XE5L47jL3g6ulGChEDLWpkq3E.crl
rsync://rpki.ripe.net/repository/DEFAULT/fc/f6b173-912c-4151-bac5-4c8883327a2a/1/B-XE5L47jL3g6ulGChEDLWpkq3E.mft
rsync://rpki.ripe.net/repository/DEFAULT/B-XE5L47jL3g6ulGChEDLWpkq3E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Apr 2026 17:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:b0:02:7e:37:dd:47:3a:4a:0d:e0:d9:7a:37:20:62:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=07e5c4e4be3b8cbde0eae9460a11032d6a64ab71
Validity
Not Before: Apr 21 12:27:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d5c8b834f79b0a078c35ccb08865ae33dfbbe1bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:d1:30:ba:05:7a:51:88:38:5c:e5:53:e7:8d:
03:b7:2d:1e:6b:43:fc:70:86:7e:a8:2d:57:32:f1:
7f:1b:a1:5f:81:f4:1e:e0:d9:bf:49:08:f8:b5:18:
cd:58:c5:a6:1a:55:f7:10:d0:0b:ae:d0:84:24:b1:
07:c5:5e:f0:bf:93:23:1a:b7:fa:46:ba:58:38:ae:
17:75:61:bd:f0:32:b5:1b:c5:94:f4:50:9c:14:96:
ba:a1:37:d6:ff:5d:4a:ac:e8:77:26:47:ee:68:d9:
05:9d:f7:5b:6a:92:53:8c:c0:40:5f:88:37:04:d3:
2e:d2:e7:0c:d3:b1:6a:f1:af:1e:3c:08:ab:a3:a0:
56:8b:95:ed:10:0c:0a:f6:24:d2:0a:2c:5a:b0:16:
0b:46:3c:0f:7c:04:43:f2:e2:eb:4e:46:8a:08:cd:
47:5f:01:14:10:e6:e6:14:89:91:d9:6e:8e:be:71:
9f:38:b1:f3:19:27:c4:93:16:77:79:03:de:31:d1:
93:5f:81:5e:e8:9c:93:cc:85:e7:f1:22:00:f1:b7:
8d:a1:4c:0b:25:55:68:30:8c:ba:c5:bb:d5:f9:39:
5f:83:bc:9f:4f:79:fa:a7:94:60:1f:c6:4c:58:92:
cc:e4:d8:37:38:c3:b8:ef:1d:d0:73:49:fd:26:2b:
f6:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:C8:B8:34:F7:9B:0A:07:8C:35:CC:B0:88:65:AE:33:DF:BB:E1:BD
X509v3 Authority Key Identifier:
keyid:07:E5:C4:E4:BE:3B:8C:BD:E0:EA:E9:46:0A:11:03:2D:6A:64:AB:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B-XE5L47jL3g6ulGChEDLWpkq3E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/f6b173-912c-4151-bac5-4c8883327a2a/1/1ci4NPebCgeMNcywiGWuM9-74b0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/f6b173-912c-4151-bac5-4c8883327a2a/1/B-XE5L47jL3g6ulGChEDLWpkq3E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.82.64.0-80.82.70.255
80.82.76.0/22
89.248.160.0-89.248.174.255
93.174.88.0/21
94.102.48.0/20
IPv6:
2a02:6c8:8000::/33
Signature Algorithm: sha256WithRSAEncryption
5e:e0:cc:6d:af:d2:c0:86:d3:68:81:97:37:b4:2d:39:e8:62:
7c:fd:5c:9c:4d:87:e3:d1:ad:ae:66:61:2e:33:35:ad:d1:26:
da:b5:b2:c1:40:6c:2f:4f:3d:7d:a3:d6:2b:7d:f7:d3:dc:28:
20:6b:55:3d:f5:07:04:4e:94:b7:ef:12:65:63:59:23:6e:c5:
02:4b:bb:d4:d5:2e:d2:1d:3f:49:07:f1:7e:e0:ac:76:c7:33:
c5:77:8e:a7:e7:41:d0:d3:7f:f6:d3:bd:1c:e7:92:e0:29:95:
ef:fa:5d:fc:ab:db:f7:1a:e3:dc:9c:ec:94:ad:34:31:21:6f:
92:3f:67:fa:b2:09:58:e1:bc:e2:0c:72:65:5a:8d:0e:d0:07:
b9:7e:30:7c:c2:a3:d0:26:3a:dc:c6:be:b0:05:2e:f4:f5:e2:
84:53:8e:e7:c4:88:11:20:c2:c0:77:3e:b8:92:fe:0f:10:08:
d5:8c:a1:ed:39:92:21:13:e6:1d:7f:93:95:e1:78:ee:f7:a9:
7a:53:9e:67:ec:2e:77:e8:79:85:6f:ab:28:f7:38:9f:eb:8c:
a4:0a:f2:ef:bf:8d:72:53:46:de:7b:4e:df:18:17:59:fa:65:
57:c9:ec:b2:55:03:7b:a6:6a:66:91:4f:52:94:6c:28:1d:c0:
a4:e3:bb:16
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZ2wAn433Uc6Sg3g2Xo3IGJlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZTVjNGU0YmUzYjhjYmRlMGVhZTk0NjBhMTEwMzJkNmE2
NGFiNzEwHhcNMjYwNDIxMTIyNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWM4YjgzNGY3OWIwYTA3OGMzNWNjYjA4ODY1YWUzM2RmYmJlMWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodEwugV6UYg4XOVT540Dty0ea0P8
cIZ+qC1XMvF/G6FfgfQe4Nm/SQj4tRjNWMWmGlX3ENALrtCEJLEHxV7wv5MjGrf6
RrpYOK4XdWG98DK1G8WU9FCcFJa6oTfW/11KrOh3JkfuaNkFnfdbapJTjMBAX4g3
BNMu0ucM07Fq8a8ePAiro6BWi5XtEAwK9iTSCixasBYLRjwPfARD8uLrTkaKCM1H
XwEUEObmFImR2W6OvnGfOLHzGSfEkxZ3eQPeMdGTX4Fe6JyTzIXn8SIA8beNoUwL
JVVoMIy6xbvV+Tlfg7yfT3n6p5RgH8ZMWJLM5Ng3OMO47x3Qc0n9Jiv2fwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFNXIuDT3mwoHjDXMsIhlrjPfu+G9MB8GA1UdIwQY
MBaAFAflxOS+O4y94OrpRgoRAy1qZKtxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQi1YRTVMNDdqTDNnNnVsR0NoRURMV3BrcTNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9mNmIxNzMtOTEyYy00MTUxLWJhYzUt
NGM4ODgzMzI3YTJhLzEvMWNpNE5QZWJDZ2VNTmN5d2lHV3VNOS03NGIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9mNmIxNzMtOTEyYy00MTUxLWJhYzUtNGM4ODgzMzI3YTJh
LzEvQi1YRTVMNDdqTDNnNnVsR0NoRURMV3BrcTNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjA0BAIAATAuMAwDBAZQUkAD
BABQUkYDBAJQUkwwDAMEBVn4oAMEAFn4rgMEA12uWAMEBF5mMDAOBAIAAjAIAwYH
KgIGyIAwDQYJKoZIhvcNAQELBQADggEBAF7gzG2v0sCG02iBlze0LTnoYnz9XJxN
h+PRra5mYS4zNa3RJtq1ssFAbC9PPX2j1it999PcKCBrVT31BwROlLfvEmVjWSNu
xQJLu9TVLtIdP0kH8X7grHbHM8V3jqfnQdDTf/bTvRznkuAple/6Xfyr2/ca49yc
7JStNDEhb5I/Z/qyCVjhvOIMcmVajQ7QB7l+MHzCo9AmOtzGvrAFLvT14oRTjufE
iBEgwsB3PriS/g8QCNWMoe05kiET5h1/k5XheO73qXpTnmfsLnfoeYVvqyj3OJ/r
jKQK8u+/jXJTRt57Tt8YF1n6ZVfJ7LJVA3umamaRT1KUbCgdwKTjuxY=
-----END CERTIFICATE-----
Generated at Tue Apr 28 00:48:30 2026 by rpki-client