Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/gr0cmRtDnRg8WRBE5wgHk-NVvyE.roa
File: gr0cmRtDnRg8WRBE5wgHk-NVvyE.roa (raw, json)
Hash identifier: DWSi/wfOMBMvBppFfmkuW+E4394pYqKUQ4bx3UceSho=
Subject key identifier: 82:BD:1C:99:1B:43:9D:18:3C:59:10:44:E7:08:07:93:E3:55:BF:21
Certificate issuer: /CN=06c1fac24e30d9258eb2ef72f31ed9bd608fe0de
Certificate serial: 019C9E82A0A7C13E0FC40E80C555C9F6CC0E
Authority key identifier: 06:C1:FA:C2:4E:30:D9:25:8E:B2:EF:72:F3:1E:D9:BD:60:8F:E0:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/gr0cmRtDnRg8WRBE5wgHk-NVvyE.roa
Signing time: Fri 27 Feb 2026 09:51:26 +0000
ROA not before: Fri 27 Feb 2026 09:51:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 61955
IP address blocks: 45.159.212.0/22 maxlen: 22
45.159.212.0/24 maxlen: 24
45.159.213.0/24 maxlen: 24
45.159.214.0/24 maxlen: 24
45.159.215.0/24 maxlen: 24
185.54.108.0/22 maxlen: 22
185.54.108.0/24 maxlen: 24
185.54.109.0/24 maxlen: 24
185.54.110.0/24 maxlen: 24
185.54.111.0/24 maxlen: 24
2a02:44a0::/48 maxlen: 48
2a02:44a0::/64 maxlen: 64
2a02:44a0:1::/48 maxlen: 48
2a02:44a0:2::/48 maxlen: 48
2a02:44a0:3::/48 maxlen: 48
2a02:44a0:4::/48 maxlen: 48
2a02:44a0:5::/48 maxlen: 48
2a02:44a0:6::/48 maxlen: 48
2a02:44a0:7::/48 maxlen: 48
2a02:44a0:8::/48 maxlen: 48
2a02:44a0:9::/48 maxlen: 48
2a02:44a0:a::/48 maxlen: 48
2a02:44a0:b::/48 maxlen: 48
2a02:44a0:c::/48 maxlen: 48
2a02:44a0:d::/48 maxlen: 48
2a02:44a0:e::/48 maxlen: 48
2a02:44a0:f::/48 maxlen: 48
2a02:44a0:10::/48 maxlen: 48
2a02:44a0:11::/48 maxlen: 48
2a02:44a0:12::/48 maxlen: 48
2a02:44a0:13::/48 maxlen: 48
2a02:44a0:14::/48 maxlen: 48
2a02:44a0:15::/48 maxlen: 48
2a02:44a0:16::/48 maxlen: 48
2a02:44a0:17::/48 maxlen: 48
2a02:44a0:18::/48 maxlen: 48
2a02:44a0:19::/48 maxlen: 48
2a02:44a0:1a::/48 maxlen: 48
2a02:44a0:1b::/48 maxlen: 48
2a02:44a0:1c::/48 maxlen: 48
2a02:44a0:1d::/48 maxlen: 48
2a02:44a0:1e::/48 maxlen: 48
2a02:44a0:1f::/48 maxlen: 48
2a02:44a0:ffff::/48 maxlen: 48
2a02:44a7:ff01::/48 maxlen: 48
2a02:44a7:ff02::/48 maxlen: 48
2a02:44a7:ff03::/48 maxlen: 48
2a02:44a7:ff04::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.crl
rsync://rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.mft
rsync://rpki.ripe.net/repository/DEFAULT/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:9e:82:a0:a7:c1:3e:0f:c4:0e:80:c5:55:c9:f6:cc:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=06c1fac24e30d9258eb2ef72f31ed9bd608fe0de
Validity
Not Before: Feb 27 09:51:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=82bd1c991b439d183c591044e7080793e355bf21
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:fc:fa:ed:b7:08:af:93:c1:bc:ba:a5:33:5c:
98:85:03:01:89:bf:75:ce:f9:03:ce:ef:72:10:cc:
aa:6c:81:d0:32:7d:6c:15:4e:4b:ad:7f:81:98:f0:
0a:52:16:89:b6:cd:55:f9:5b:54:60:5f:7f:18:dc:
54:ae:77:df:e6:4c:40:99:49:4e:d3:05:05:df:e1:
7c:42:0e:1f:be:02:a5:a7:d3:45:48:10:0a:41:64:
00:3a:dd:dd:2b:b2:fe:a6:40:f5:fd:a8:dd:89:61:
3c:85:83:0b:c2:bf:69:1f:3c:c5:78:f2:45:6e:ba:
7a:6d:19:51:d9:f4:eb:ed:1d:bb:ae:9d:dc:1c:2b:
89:5f:6f:34:a2:1f:7f:29:74:30:3f:58:71:94:b3:
36:60:3c:02:e9:38:6c:0a:e0:e2:c3:97:d9:dc:79:
9d:67:d1:94:60:3e:f2:02:eb:37:b3:f3:68:ba:9f:
e6:f8:d3:dd:e2:cf:fd:cc:d0:bb:43:a0:1f:ae:aa:
26:5b:ec:eb:c7:ad:46:4a:6a:fd:b9:f7:b7:85:ec:
75:1d:06:27:d7:1d:67:9d:dd:ea:e9:9d:c8:99:39:
0c:dd:41:5d:16:d7:1f:f4:c4:24:c4:15:c2:66:f0:
b3:b8:39:bb:45:bf:09:2e:0c:2c:3b:81:79:88:26:
45:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:BD:1C:99:1B:43:9D:18:3C:59:10:44:E7:08:07:93:E3:55:BF:21
X509v3 Authority Key Identifier:
keyid:06:C1:FA:C2:4E:30:D9:25:8E:B2:EF:72:F3:1E:D9:BD:60:8F:E0:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/gr0cmRtDnRg8WRBE5wgHk-NVvyE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/df0e4b-8f67-4295-9e42-346a3cce5f09/1/BsH6wk4w2SWOsu9y8x7ZvWCP4N4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.212.0/22
185.54.108.0/22
IPv6:
2a02:44a0::/43
2a02:44a0:ffff::/48
2a02:44a7:ff01::-2a02:44a7:ff04:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
4e:f1:70:08:f6:56:89:e6:93:01:cb:8f:ea:2d:53:2b:fc:35:
cc:1a:0e:ec:b8:1e:4c:1f:2c:be:fc:5b:0f:ce:79:71:7d:3a:
eb:1e:19:6e:7a:2b:e6:eb:2c:fe:b9:b9:7f:1c:7e:8f:d1:dd:
9e:c5:d8:8c:73:f5:01:87:65:1e:fb:38:29:99:35:39:2f:a1:
8f:1b:1b:cc:0c:7e:3f:0a:a3:01:02:7c:20:3f:c0:cb:17:0c:
f8:c5:39:92:d5:cb:76:52:8d:f3:4b:a3:da:54:81:e8:5d:dd:
b0:61:d0:90:13:37:a0:8c:cf:1f:74:88:79:e8:33:36:7b:bb:
89:48:26:36:0c:58:32:d9:b6:b5:94:bb:5e:bf:e0:5c:99:29:
ce:f4:2d:fd:79:fe:b8:e8:34:73:e9:ba:39:85:69:39:d1:38:
6e:3f:71:e1:25:02:f9:2e:35:72:d5:1a:43:b9:32:36:3c:a8:
69:15:b5:65:db:d0:4b:71:57:28:9c:f7:45:90:05:e2:2d:90:
b4:9d:3a:33:9f:ea:dc:fd:08:98:5e:63:a3:52:45:13:8f:56:
49:64:6f:f2:39:09:43:77:51:b2:74:9d:35:dd:47:7b:40:42:
b5:f1:23:16:d1:9a:a5:ee:53:42:a0:64:34:82:7f:a1:aa:3b:
54:b9:8a:af
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZyegqCnwT4PxA6AxVXJ9swOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YzFmYWMyNGUzMGQ5MjU4ZWIyZWY3MmYzMWVkOWJkNjA4
ZmUwZGUwHhcNMjYwMjI3MDk1MTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmJkMWM5OTFiNDM5ZDE4M2M1OTEwNDRlNzA4MDc5M2UzNTViZjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPz67bcIr5PBvLqlM1yYhQMBib91
zvkDzu9yEMyqbIHQMn1sFU5LrX+BmPAKUhaJts1V+VtUYF9/GNxUrnff5kxAmUlO
0wUF3+F8Qg4fvgKlp9NFSBAKQWQAOt3dK7L+pkD1/ajdiWE8hYMLwr9pHzzFePJF
brp6bRlR2fTr7R27rp3cHCuJX280oh9/KXQwP1hxlLM2YDwC6ThsCuDiw5fZ3Hmd
Z9GUYD7yAus3s/Noup/m+NPd4s/9zNC7Q6AfrqomW+zrx61GSmr9ufe3hex1HQYn
1x1nnd3q6Z3ImTkM3UFdFtcf9MQkxBXCZvCzuDm7Rb8JLgwsO4F5iCZFTQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFIK9HJkbQ50YPFkQROcIB5PjVb8hMB8GA1UdIwQY
MBaAFAbB+sJOMNkljrLvcvMe2b1gj+DeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnNINndrNHcyU1dPc3U5eTh4N1p2V0NQNE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9kZjBlNGItOGY2Ny00Mjk1LTllNDIt
MzQ2YTNjY2U1ZjA5LzEvZ3IwY21SdERuUmc4V1JCRTV3Z0hrLU5WdnlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9kZjBlNGItOGY2Ny00Mjk1LTllNDItMzQ2YTNjY2U1ZjA5
LzEvQnNINndrNHcyU1dPc3U5eTh4N1p2V0NQNE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjASBAIAATAMAwQCLZ/UAwQC
uTZsMCwEAgACMCYDBwUqAkSgAAADBwAqAkSg//8wEgMHACoCRKf/AQMHACoCRKf/
BDANBgkqhkiG9w0BAQsFAAOCAQEATvFwCPZWieaTAcuP6i1TK/w1zBoO7LgeTB8s
vvxbD855cX066x4Zbnor5uss/rm5fxx+j9HdnsXYjHP1AYdlHvs4KZk1OS+hjxsb
zAx+PwqjAQJ8ID/AyxcM+MU5ktXLdlKN80uj2lSB6F3dsGHQkBM3oIzPH3SIeegz
Nnu7iUgmNgxYMtm2tZS7Xr/gXJkpzvQt/Xn+uOg0c+m6OYVpOdE4bj9x4SUC+S41
ctUaQ7kyNjyoaRW1ZdvQS3FXKJz3RZAF4i2QtJ06M5/q3P0ImF5jo1JFE49WSWRv
8jkJQ3dRsnSdNd1He0BCtfEjFtGape5TQqBkNIJ/oao7VLmKrw==
-----END CERTIFICATE-----
Generated at Mon Mar 2 05:54:21 2026 by rpki-client