Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f974e9-4743-46db-a348-1d1989f06618/1/_ywMYxiU8NbIN1CGjVxjq4SDazI.roa
File: _ywMYxiU8NbIN1CGjVxjq4SDazI.roa (raw, json)
Hash identifier: epZRiBRCbCpE9Pbvl3sOJJDu8ewPmMS8D3a+HxpVf0g=
Subject key identifier: FF:2C:0C:63:18:94:F0:D6:C8:37:50:86:8D:5C:63:AB:84:83:6B:32
Certificate issuer: /CN=9cbe9c43ee759896003919508734723346bf7016
Certificate serial: 019B76EB647B0CB8A88004AE654D5AB2EED5
Authority key identifier: 9C:BE:9C:43:EE:75:98:96:00:39:19:50:87:34:72:33:46:BF:70:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nL6cQ-51mJYAORlQhzRyM0a_cBY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/02/f974e9-4743-46db-a348-1d1989f06618/1/_ywMYxiU8NbIN1CGjVxjq4SDazI.roa
Signing time: Thu 01 Jan 2026 00:18:16 +0000
ROA not before: Thu 01 Jan 2026 00:18:16 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 39244
IP address blocks: 81.21.176.0/23 maxlen: 23
81.21.178.0/24 maxlen: 24
81.21.179.0/24 maxlen: 24
81.21.180.0/22 maxlen: 22
81.21.184.0/21 maxlen: 21
188.65.192.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/02/f974e9-4743-46db-a348-1d1989f06618/1/nL6cQ-51mJYAORlQhzRyM0a_cBY.crl
rsync://rpki.ripe.net/repository/DEFAULT/02/f974e9-4743-46db-a348-1d1989f06618/1/nL6cQ-51mJYAORlQhzRyM0a_cBY.mft
rsync://rpki.ripe.net/repository/DEFAULT/nL6cQ-51mJYAORlQhzRyM0a_cBY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 09:01:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:76:eb:64:7b:0c:b8:a8:80:04:ae:65:4d:5a:b2:ee:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9cbe9c43ee759896003919508734723346bf7016
Validity
Not Before: Jan 1 00:18:16 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ff2c0c631894f0d6c83750868d5c63ab84836b32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:5b:01:ca:94:a5:1b:96:28:c8:0f:a1:7d:fb:
20:56:7c:27:b6:46:ff:14:c5:8a:de:39:44:3f:ee:
be:eb:06:f2:69:20:4c:fb:7a:b5:e3:9c:72:a3:fc:
cc:9a:50:f2:29:b4:3d:6b:bd:a2:43:2a:ac:2e:0e:
dc:5d:a4:9b:ea:ec:91:fa:af:29:26:03:30:bd:c9:
59:f8:67:0b:e4:22:c5:a6:f2:5d:e6:a2:dc:12:aa:
c5:f6:a8:92:19:95:f0:4d:87:5c:d3:35:37:11:fb:
5f:18:08:dd:d3:0e:72:46:cb:2e:2a:3a:b7:f7:fd:
59:93:f4:ff:59:79:a8:7b:a0:ad:dd:3e:c3:69:87:
f3:8e:93:09:82:fe:50:67:e9:67:03:df:4c:54:bf:
db:cf:2c:f5:9a:bc:14:f4:88:41:6c:26:0d:4f:5d:
91:e7:3f:70:47:87:86:b3:c5:92:cc:7d:1e:3e:ec:
db:c0:de:2c:01:75:52:4f:33:65:bb:b7:aa:12:da:
24:68:ff:ad:72:e6:50:21:6e:fd:0f:9b:03:84:21:
dd:3c:bc:42:6c:c6:fc:f7:29:28:5c:f0:93:0c:ca:
ac:f3:f4:6b:24:b0:1e:9e:cb:fa:64:3c:db:d6:88:
c2:d7:27:b4:fa:43:1c:f2:0a:43:0f:90:58:48:2c:
40:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:2C:0C:63:18:94:F0:D6:C8:37:50:86:8D:5C:63:AB:84:83:6B:32
X509v3 Authority Key Identifier:
keyid:9C:BE:9C:43:EE:75:98:96:00:39:19:50:87:34:72:33:46:BF:70:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nL6cQ-51mJYAORlQhzRyM0a_cBY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f974e9-4743-46db-a348-1d1989f06618/1/_ywMYxiU8NbIN1CGjVxjq4SDazI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f974e9-4743-46db-a348-1d1989f06618/1/nL6cQ-51mJYAORlQhzRyM0a_cBY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.21.176.0/20
188.65.192.0/21
Signature Algorithm: sha256WithRSAEncryption
29:7f:09:be:0b:af:b4:86:ff:36:75:12:8e:df:22:c4:51:7c:
9d:6d:0b:54:d5:69:82:72:f6:75:a9:a0:ab:72:5f:6d:41:dc:
b3:3e:71:8a:7b:11:da:b4:21:3e:04:b5:7b:bb:e5:a6:9b:3a:
fb:4f:22:fb:c0:38:08:fc:d9:17:55:57:6b:ee:16:e9:05:fe:
c6:d4:ff:47:b9:85:2c:90:1f:c4:ec:07:e9:02:09:ec:cd:27:
c2:04:ea:06:ae:de:0b:37:73:f1:3f:de:35:70:14:dc:2c:8a:
dc:8c:b2:77:3a:7b:6e:fc:25:be:12:0b:a9:0a:c5:ac:52:5c:
98:f8:cc:eb:90:0e:f5:47:f3:9f:2b:51:9e:bd:ef:25:19:64:
7b:d9:0a:37:09:32:85:07:36:4e:f4:b7:06:07:f3:b8:12:d3:
b9:07:e8:24:49:e9:8d:8f:b1:c2:e2:96:76:39:d2:32:5d:c1:
c1:3a:d2:ec:e6:5b:56:4b:d5:5e:10:3d:e0:5c:93:9f:b5:81:
ad:cd:83:07:76:b6:28:ed:a0:7b:56:50:2f:fc:8c:5e:74:dd:
bd:37:7a:5e:70:83:34:35:81:65:b8:f2:81:86:1b:ff:e2:5e:
4c:e9:9c:24:b3:2b:04:68:a1:29:01:32:be:36:2d:5a:4b:cc:
25:32:cf:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt262R7DLiogASuZU1asu7VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYmU5YzQzZWU3NTk4OTYwMDM5MTk1MDg3MzQ3MjMzNDZi
ZjcwMTYwHhcNMjYwMTAxMDAxODE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjJjMGM2MzE4OTRmMGQ2YzgzNzUwODY4ZDVjNjNhYjg0ODM2YjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1sBypSlG5YoyA+hffsgVnwntkb/
FMWK3jlEP+6+6wbyaSBM+3q145xyo/zMmlDyKbQ9a72iQyqsLg7cXaSb6uyR+q8p
JgMwvclZ+GcL5CLFpvJd5qLcEqrF9qiSGZXwTYdc0zU3EftfGAjd0w5yRssuKjq3
9/1Zk/T/WXmoe6Ct3T7DaYfzjpMJgv5QZ+lnA99MVL/bzyz1mrwU9IhBbCYNT12R
5z9wR4eGs8WSzH0ePuzbwN4sAXVSTzNlu7eqEtokaP+tcuZQIW79D5sDhCHdPLxC
bMb89ykoXPCTDMqs8/RrJLAensv6ZDzb1ojC1ye0+kMc8gpDD5BYSCxAdQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP8sDGMYlPDWyDdQho1cY6uEg2syMB8GA1UdIwQY
MBaAFJy+nEPudZiWADkZUIc0cjNGv3AWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkw2Y1EtNTFtSllBT1JsUWh6UnlNMGFfY0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTc0ZTktNDc0My00NmRiLWEzNDgt
MWQxOTg5ZjA2NjE4LzEvX3l3TVl4aVU4TmJJTjFDR2pWeGpxNFNEYXpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTc0ZTktNDc0My00NmRiLWEzNDgtMWQxOTg5ZjA2NjE4
LzEvbkw2Y1EtNTFtSllBT1JsUWh6UnlNMGFfY0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEURWwAwQD
vEHAMA0GCSqGSIb3DQEBCwUAA4IBAQApfwm+C6+0hv82dRKO3yLEUXydbQtU1WmC
cvZ1qaCrcl9tQdyzPnGKexHatCE+BLV7u+Wmmzr7TyL7wDgI/NkXVVdr7hbpBf7G
1P9HuYUskB/E7AfpAgnszSfCBOoGrt4LN3PxP941cBTcLIrcjLJ3Ontu/CW+Egup
CsWsUlyY+MzrkA71R/OfK1Geve8lGWR72Qo3CTKFBzZO9LcGB/O4EtO5B+gkSemN
j7HC4pZ2OdIyXcHBOtLs5ltWS9VeED3gXJOftYGtzYMHdrYo7aB7VlAv/IxedN29
N3pecIM0NYFluPKBhhv/4l5M6ZwksysEaKEpATK+Ni1aS8wlMs+5
-----END CERTIFICATE-----
Generated at Mon Mar 2 16:35:59 2026 by rpki-client