Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/GJjSg-TAsPajbZ0O2iFlJF1-9NM.roa
File: GJjSg-TAsPajbZ0O2iFlJF1-9NM.roa (raw, json)
Hash identifier: 4d77kU0udM443QDKURdc74gIfsIDh07LZvgEAaWYDd0=
Subject key identifier: 18:98:D2:83:E4:C0:B0:F6:A3:6D:9D:0E:DA:21:65:24:5D:7E:F4:D3
Certificate issuer: /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial: 019C5774B94C78EB0E8AE4F35BE59C14F8B0
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/GJjSg-TAsPajbZ0O2iFlJF1-9NM.roa
Signing time: Fri 13 Feb 2026 14:43:13 +0000
ROA not before: Fri 13 Feb 2026 14:43:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 3949
IP address blocks: 91.123.68.0/22 maxlen: 22
91.123.72.0/22 maxlen: 22
217.24.64.0/22 maxlen: 22
217.24.68.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:57:74:b9:4c:78:eb:0e:8a:e4:f3:5b:e5:9c:14:f8:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Validity
Not Before: Feb 13 14:43:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1898d283e4c0b0f6a36d9d0eda2165245d7ef4d3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:cc:6b:84:e0:83:41:64:c0:d4:63:db:fb:de:
cb:03:ad:49:e1:68:e9:fe:57:ab:35:58:24:4a:31:
c5:4c:74:9a:49:a1:5f:98:35:92:c3:3c:8c:30:dd:
aa:b9:11:f8:82:cb:52:15:45:1d:42:cd:ab:df:0d:
62:65:35:82:e2:03:e0:60:94:fc:65:b8:d5:9a:da:
ff:92:1d:5f:c0:1d:a4:38:40:5d:d7:71:c4:0d:f0:
f8:c4:3e:f0:df:17:9e:a2:d9:64:23:92:ec:15:db:
c5:8a:e1:07:91:5e:e4:b3:a2:5b:0c:ea:64:36:13:
0b:0e:08:cb:d0:28:a5:68:3c:dc:ae:3a:0c:c4:53:
89:20:24:9c:0a:ce:53:54:48:c9:0a:21:b2:08:d7:
ac:31:68:08:a5:95:28:b5:59:10:43:e3:cd:d1:27:
55:f1:27:9a:3f:3e:9a:78:f1:ca:9d:18:36:45:53:
4b:ce:ef:56:9d:4c:0d:62:d5:a8:1d:3c:67:19:1e:
ad:76:09:7e:99:84:7b:dc:a0:bc:d4:0e:0f:63:c4:
e5:c4:e7:06:4b:e0:4d:5a:e8:ef:53:df:2d:8e:62:
c4:84:8d:ae:e7:3b:32:11:ad:e3:5c:7c:67:eb:c1:
43:46:1d:14:fb:54:b2:f5:2a:1a:4f:fd:1e:77:4b:
46:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:98:D2:83:E4:C0:B0:F6:A3:6D:9D:0E:DA:21:65:24:5D:7E:F4:D3
X509v3 Authority Key Identifier:
keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/GJjSg-TAsPajbZ0O2iFlJF1-9NM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.123.68.0-91.123.75.255
217.24.64.0/21
Signature Algorithm: sha256WithRSAEncryption
16:d1:9c:7f:0b:f6:07:3b:83:e5:f8:e3:06:db:51:4a:bf:ca:
5d:a4:21:bb:2c:34:19:22:1e:1a:aa:52:60:ed:86:36:4b:f0:
67:d9:e9:88:de:c8:36:63:60:02:39:be:22:e7:d4:62:cf:db:
82:d4:a0:65:00:e0:53:1e:19:09:1f:ab:71:f1:d9:8c:c3:eb:
f7:d9:bb:e7:6a:47:98:b1:3a:f2:8f:bb:54:f5:bf:bb:d6:23:
af:ae:0b:f5:0b:31:0a:67:a1:33:e4:50:78:4d:39:0a:dc:6a:
bf:66:5f:44:64:a9:ab:5b:c6:3b:3c:f6:ed:be:90:97:51:e7:
24:96:cb:4c:32:a8:4e:e2:dd:28:82:92:6c:38:f5:18:7a:b3:
01:76:b2:8a:1f:4e:3e:f5:b6:c7:8c:5d:eb:53:08:cf:42:c5:
14:0c:55:e4:ed:cb:83:9a:fe:e6:53:68:cf:10:a1:ec:d4:44:
14:b6:1d:b8:d9:4f:9a:97:07:97:2f:76:94:8b:ad:d5:2f:3b:
56:87:8d:10:69:09:ff:0f:dc:22:d8:17:87:88:e4:b3:a2:9c:
4b:86:0d:0a:f4:9f:11:66:dd:b2:7f:9d:a5:ed:ab:ea:dd:89:
bb:ef:b3:96:69:4d:c1:9a:16:ee:c4:06:f2:9e:99:1b:6f:c8:
b7:fb:a9:87
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZxXdLlMeOsOiuTzW+WcFPiwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjYwMjEzMTQ0MzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODk4ZDI4M2U0YzBiMGY2YTM2ZDlkMGVkYTIxNjUyNDVkN2VmNGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcxrhOCDQWTA1GPb+97LA61J4Wjp
/lerNVgkSjHFTHSaSaFfmDWSwzyMMN2quRH4gstSFUUdQs2r3w1iZTWC4gPgYJT8
ZbjVmtr/kh1fwB2kOEBd13HEDfD4xD7w3xeeotlkI5LsFdvFiuEHkV7ks6JbDOpk
NhMLDgjL0CilaDzcrjoMxFOJICScCs5TVEjJCiGyCNesMWgIpZUotVkQQ+PN0SdV
8SeaPz6aePHKnRg2RVNLzu9WnUwNYtWoHTxnGR6tdgl+mYR73KC81A4PY8TlxOcG
S+BNWujvU98tjmLEhI2u5zsyEa3jXHxn68FDRh0U+1Sy9SoaT/0ed0tGRQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBiY0oPkwLD2o22dDtohZSRdfvTTMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvR0pqU2ctVEFzUGFqYlowTzJpRmxKRjEtOU5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAJbe0QD
BAJbe0gDBAPZGEAwDQYJKoZIhvcNAQELBQADggEBABbRnH8L9gc7g+X44wbbUUq/
yl2kIbssNBkiHhqqUmDthjZL8GfZ6YjeyDZjYAI5viLn1GLP24LUoGUA4FMeGQkf
q3Hx2YzD6/fZu+dqR5ixOvKPu1T1v7vWI6+uC/ULMQpnoTPkUHhNOQrcar9mX0Rk
qatbxjs89u2+kJdR5ySWy0wyqE7i3SiCkmw49Rh6swF2soofTj71tseMXetTCM9C
xRQMVeTty4Oa/uZTaM8QoezURBS2HbjZT5qXB5cvdpSLrdUvO1aHjRBpCf8P3CLY
F4eI5LOinEuGDQr0nxFm3bJ/naXtq+rdibvvs5ZpTcGaFu7EBvKemRtvyLf7qYc=
-----END CERTIFICATE-----
Generated at Mon Mar 2 09:48:58 2026 by rpki-client