Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/9d0245-7855-4031-9648-54628dfcba4c/1/DrqSAiQsORehrryYAD7Rq8PmrJA.roa
File: DrqSAiQsORehrryYAD7Rq8PmrJA.roa (raw, json)
Hash identifier: AaXq/+2gsLHCIuS3xSicfRQKvAMxMmXLzBhDFnvyVKw=
Subject key identifier: 0E:BA:92:02:24:2C:39:17:A1:AE:BC:98:00:3E:D1:AB:C3:E6:AC:90
Certificate issuer: /CN=0a84e473aa564eb51a7e7eb8b18f14ac0cbc2c9c
Certificate serial: 019C9D0D17BB118A1D023B9CF59BC2979F35
Authority key identifier: 0A:84:E4:73:AA:56:4E:B5:1A:7E:7E:B8:B1:8F:14:AC:0C:BC:2C:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CoTkc6pWTrUafn64sY8UrAy8LJw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0c/9d0245-7855-4031-9648-54628dfcba4c/1/DrqSAiQsORehrryYAD7Rq8PmrJA.roa
Signing time: Fri 27 Feb 2026 03:03:26 +0000
ROA not before: Fri 27 Feb 2026 03:03:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 200000
IP address blocks: 91.206.200.0/23 maxlen: 23
91.222.136.0/22 maxlen: 22
194.247.12.0/23 maxlen: 23
195.64.184.0/23 maxlen: 23
2001:67c:2070::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0c/9d0245-7855-4031-9648-54628dfcba4c/1/CoTkc6pWTrUafn64sY8UrAy8LJw.crl
rsync://rpki.ripe.net/repository/DEFAULT/0c/9d0245-7855-4031-9648-54628dfcba4c/1/CoTkc6pWTrUafn64sY8UrAy8LJw.mft
rsync://rpki.ripe.net/repository/DEFAULT/CoTkc6pWTrUafn64sY8UrAy8LJw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 12:00:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:9d:0d:17:bb:11:8a:1d:02:3b:9c:f5:9b:c2:97:9f:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a84e473aa564eb51a7e7eb8b18f14ac0cbc2c9c
Validity
Not Before: Feb 27 03:03:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0eba9202242c3917a1aebc98003ed1abc3e6ac90
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:ee:fe:83:51:7f:7d:1a:8e:16:6c:02:26:d5:
4d:cb:16:7c:32:62:ee:f0:f1:7b:71:17:fd:4e:18:
6d:d8:1d:b6:02:64:5a:3f:19:af:15:a2:2c:f5:d3:
44:de:ab:63:1b:99:b7:f9:35:89:10:de:a4:6e:72:
b7:93:57:c6:18:ec:da:96:9b:f2:f0:c0:4d:0b:f2:
73:1b:ba:5b:51:01:34:fb:75:cf:c7:b0:5a:0a:6d:
26:c9:69:d5:3c:88:da:56:4e:60:ed:f1:09:98:20:
01:ed:c4:83:68:c6:89:73:c0:36:4c:b3:aa:aa:50:
85:1f:2e:06:3c:3c:99:51:df:a5:55:da:7c:bc:e6:
ac:9a:66:6a:5b:1d:f6:97:40:b3:68:b7:80:ad:d0:
46:e5:02:38:0e:f3:d6:5b:8c:23:1e:b8:71:d2:47:
d6:3d:48:16:59:9e:ea:49:3d:86:89:c0:bf:a7:12:
18:99:f1:7e:1c:5d:a2:55:b6:cc:86:9d:df:fe:0c:
f8:cc:ca:62:8c:db:77:a7:cb:42:f6:3e:6a:c8:3e:
48:2c:76:e5:04:a9:8a:ea:20:b9:5c:f0:4f:19:7d:
c4:9f:59:4b:e7:bf:59:b2:d8:67:a2:a3:7c:2f:64:
01:ad:93:34:71:22:4d:4a:fd:89:61:5a:9f:a8:bf:
2f:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:BA:92:02:24:2C:39:17:A1:AE:BC:98:00:3E:D1:AB:C3:E6:AC:90
X509v3 Authority Key Identifier:
keyid:0A:84:E4:73:AA:56:4E:B5:1A:7E:7E:B8:B1:8F:14:AC:0C:BC:2C:9C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CoTkc6pWTrUafn64sY8UrAy8LJw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/9d0245-7855-4031-9648-54628dfcba4c/1/DrqSAiQsORehrryYAD7Rq8PmrJA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/9d0245-7855-4031-9648-54628dfcba4c/1/CoTkc6pWTrUafn64sY8UrAy8LJw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.206.200.0/23
91.222.136.0/22
194.247.12.0/23
195.64.184.0/23
IPv6:
2001:67c:2070::/48
Signature Algorithm: sha256WithRSAEncryption
87:aa:8b:35:f5:07:80:4a:1e:d2:26:aa:da:ef:f9:d1:f4:5c:
a2:5b:bb:a6:f3:8f:e0:ef:9c:eb:33:07:db:2f:ea:e5:c2:aa:
3c:ef:3a:a7:48:00:7e:a8:f5:05:33:c7:26:2d:ee:c5:00:ef:
1b:16:7b:c5:83:54:27:cc:35:e1:47:86:0d:33:51:84:cc:22:
3d:f4:8a:14:99:cb:5a:73:c8:a5:e7:42:cc:f3:5d:05:6a:af:
8e:3c:fb:48:c1:2d:c3:4f:9e:af:9e:04:30:53:f9:93:c9:7e:
3c:e4:ec:a6:68:6f:bc:60:3e:87:f0:62:a5:4b:78:9c:aa:09:
c9:e7:2d:4a:47:26:5b:0d:65:27:4e:ae:26:9f:54:c5:ea:f1:
09:44:ce:36:6b:23:9c:f7:ff:37:0b:e7:5f:9a:14:36:40:50:
93:c2:d5:95:25:7a:66:c9:e5:a2:a7:0f:46:cc:11:f9:8a:36:
ba:53:53:6d:d4:17:38:42:8f:c0:90:da:26:f2:c9:d2:93:bf:
35:ca:f9:6b:0a:3f:c5:cc:bd:c8:78:64:9c:69:0e:8c:7e:01:
74:57:35:d0:d1:eb:e2:08:8a:71:03:50:20:82:58:a8:b4:55:
9d:2a:9d:79:5d:2a:29:b8:4e:15:8e:14:73:41:3d:0b:99:52:
2a:d8:f8:59
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAZydDRe7EYodAjuc9ZvCl581MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhODRlNDczYWE1NjRlYjUxYTdlN2ViOGIxOGYxNGFjMGNi
YzJjOWMwHhcNMjYwMjI3MDMwMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWJhOTIwMjI0MmMzOTE3YTFhZWJjOTgwMDNlZDFhYmMzZTZhYzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+7+g1F/fRqOFmwCJtVNyxZ8MmLu
8PF7cRf9Thht2B22AmRaPxmvFaIs9dNE3qtjG5m3+TWJEN6kbnK3k1fGGOzalpvy
8MBNC/JzG7pbUQE0+3XPx7BaCm0myWnVPIjaVk5g7fEJmCAB7cSDaMaJc8A2TLOq
qlCFHy4GPDyZUd+lVdp8vOasmmZqWx32l0CzaLeArdBG5QI4DvPWW4wjHrhx0kfW
PUgWWZ7qST2GicC/pxIYmfF+HF2iVbbMhp3f/gz4zMpijNt3p8tC9j5qyD5ILHbl
BKmK6iC5XPBPGX3En1lL579ZsthnoqN8L2QBrZM0cSJNSv2JYVqfqL8viQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFA66kgIkLDkXoa68mAA+0avD5qyQMB8GA1UdIwQY
MBaAFAqE5HOqVk61Gn5+uLGPFKwMvCycMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ29Ua2M2cFdUclVhZm42NHNZOFVyQXk4TEp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy85ZDAyNDUtNzg1NS00MDMxLTk2NDgt
NTQ2MjhkZmNiYTRjLzEvRHJxU0FpUXNPUmVocnJ5WUFEN1JxOFBtckpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy85ZDAyNDUtNzg1NS00MDMxLTk2NDgtNTQ2MjhkZmNiYTRj
LzEvQ29Ua2M2cFdUclVhZm42NHNZOFVyQXk4TEp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQBW87IAwQC
W96IAwQBwvcMAwQBw0C4MA8EAgACMAkDBwAgAQZ8IHAwDQYJKoZIhvcNAQELBQAD
ggEBAIeqizX1B4BKHtImqtrv+dH0XKJbu6bzj+DvnOszB9sv6uXCqjzvOqdIAH6o
9QUzxyYt7sUA7xsWe8WDVCfMNeFHhg0zUYTMIj30ihSZy1pzyKXnQszzXQVqr448
+0jBLcNPnq+eBDBT+ZPJfjzk7KZob7xgPofwYqVLeJyqCcnnLUpHJlsNZSdOriaf
VMXq8QlEzjZrI5z3/zcL51+aFDZAUJPC1ZUlembJ5aKnD0bMEfmKNrpTU23UFzhC
j8CQ2ibyydKTvzXK+WsKP8XMvch4ZJxpDox+AXRXNdDR6+IIinEDUCCCWKi0VZ0q
nXldKim4ThWOFHNBPQuZUirY+Fk=
-----END CERTIFICATE-----
Generated at Mon Mar 2 17:37:11 2026 by rpki-client