Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/IajAPDXFrm4cByKhe7ThnZfhW3I.roa
File: IajAPDXFrm4cByKhe7ThnZfhW3I.roa (raw, json)
Hash identifier: vevJj6ucu/ojjyycSHmCWDRHZV5C3N0NfeV2mJqpgMs=
Subject key identifier: 21:A8:C0:3C:35:C5:AE:6E:1C:07:22:A1:7B:B4:E1:9D:97:E1:5B:72
Certificate issuer: /CN=169f4ed6620c8960521fbb81ff72e837dc0038af
Certificate serial: 019B7B3637CE5676313A9829F78F864DBFBD
Authority key identifier: 16:9F:4E:D6:62:0C:89:60:52:1F:BB:81:FF:72:E8:37:DC:00:38:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/IajAPDXFrm4cByKhe7ThnZfhW3I.roa
Signing time: Thu 01 Jan 2026 20:18:29 +0000
ROA not before: Thu 01 Jan 2026 20:18:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 25482
IP address blocks: 193.151.240.0/22 maxlen: 22
193.151.240.0/23 maxlen: 23
193.151.240.0/24 maxlen: 24
193.151.241.0/24 maxlen: 24
193.151.242.0/23 maxlen: 23
193.151.242.0/24 maxlen: 24
193.151.243.0/24 maxlen: 24
2001:678:2d0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.crl
rsync://rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.mft
rsync://rpki.ripe.net/repository/DEFAULT/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7b:36:37:ce:56:76:31:3a:98:29:f7:8f:86:4d:bf:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=169f4ed6620c8960521fbb81ff72e837dc0038af
Validity
Not Before: Jan 1 20:18:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=21a8c03c35c5ae6e1c0722a17bb4e19d97e15b72
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:83:7c:f9:7e:f5:b8:36:5c:fd:dd:44:85:d7:
12:56:11:00:5f:d8:94:9a:71:e7:52:63:6b:64:5c:
d7:08:59:d3:fe:f0:f1:d8:02:9b:52:a1:f8:45:8e:
83:74:80:c0:3b:c9:b1:62:86:bc:db:b2:2b:58:90:
1c:b8:aa:db:fb:2d:ea:3f:e5:c8:db:d0:9b:8e:ac:
e2:e8:37:5a:00:05:1b:d4:06:33:20:38:be:06:54:
75:d9:65:fd:c2:30:26:75:4e:d0:cb:87:da:8b:2c:
c1:a4:8c:e5:5d:f4:ac:31:19:6d:eb:74:2f:3a:71:
3c:fb:79:f8:fb:89:94:5c:7a:6b:7a:12:a1:5d:cf:
d2:dc:56:a5:13:55:7a:2b:5a:44:9c:36:57:17:56:
a1:3c:ca:85:fd:32:27:64:0d:76:7e:a1:2f:ac:07:
6b:80:d6:3c:58:88:bf:f6:5a:43:d7:d6:cc:18:6e:
2a:5e:a5:e0:df:5d:6c:86:43:9a:55:23:ce:7e:3b:
ee:12:78:43:83:07:a6:c9:e2:0b:67:6f:ab:bd:6f:
56:ed:bb:ad:2a:1b:c1:58:12:d6:df:81:ff:5e:53:
b6:92:13:2c:2d:df:a0:f0:a8:e8:79:da:e9:a6:41:
2d:4a:e2:97:e4:97:cf:c1:be:12:97:04:9d:10:02:
4c:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:A8:C0:3C:35:C5:AE:6E:1C:07:22:A1:7B:B4:E1:9D:97:E1:5B:72
X509v3 Authority Key Identifier:
keyid:16:9F:4E:D6:62:0C:89:60:52:1F:BB:81:FF:72:E8:37:DC:00:38:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/IajAPDXFrm4cByKhe7ThnZfhW3I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/13/bc6d1e-0146-4a35-8e9b-cf5fb042566a/1/Fp9O1mIMiWBSH7uB_3LoN9wAOK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.151.240.0/22
IPv6:
2001:678:2d0::/48
Signature Algorithm: sha256WithRSAEncryption
ba:d3:7c:f4:3d:87:56:bf:67:de:09:a3:ce:a5:ee:74:12:59:
c3:7c:20:06:75:db:9f:31:f2:78:85:d7:57:3c:f7:3a:29:aa:
d6:e8:88:35:35:22:e8:5e:9c:58:c2:1c:0c:b0:43:f5:46:c1:
57:14:0d:1f:9f:5c:02:e3:66:dc:5e:16:e7:aa:76:38:d7:cb:
2b:42:c5:6c:4a:a9:79:25:a9:09:a2:40:e6:1d:1b:43:37:26:
cc:ee:2e:b3:23:cb:ab:bd:1a:8c:c1:9e:66:14:f8:0f:91:3a:
7e:92:1c:8c:be:9f:eb:f9:0a:de:29:05:9f:3b:be:69:72:e8:
29:ea:fe:f4:57:d4:0d:52:ff:8b:a0:07:25:4e:95:31:cc:da:
e8:6f:b6:70:fa:8e:5f:85:23:6a:e2:fd:b5:72:1b:4e:c9:c7:
00:0e:f2:e0:10:0c:b6:b8:19:3a:2f:62:25:b1:d1:78:9e:ac:
09:9c:1e:56:eb:b1:6a:01:99:15:cf:30:dd:a3:f6:0f:0b:fc:
05:8f:26:2f:03:41:a2:b6:15:8d:99:9b:a3:31:dc:0e:fb:8d:
48:63:85:30:39:74:b4:1a:52:a9:63:7b:5a:0f:7d:1f:78:73:
67:84:b1:d7:71:35:c5:28:67:c5:09:f3:20:62:39:27:30:90:
69:c1:ec:da
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt7NjfOVnYxOpgp94+GTb+9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2OWY0ZWQ2NjIwYzg5NjA1MjFmYmI4MWZmNzJlODM3ZGMw
MDM4YWYwHhcNMjYwMTAxMjAxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWE4YzAzYzM1YzVhZTZlMWMwNzIyYTE3YmI0ZTE5ZDk3ZTE1YjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoN8+X71uDZc/d1EhdcSVhEAX9iU
mnHnUmNrZFzXCFnT/vDx2AKbUqH4RY6DdIDAO8mxYoa827IrWJAcuKrb+y3qP+XI
29Cbjqzi6DdaAAUb1AYzIDi+BlR12WX9wjAmdU7Qy4faiyzBpIzlXfSsMRlt63Qv
OnE8+3n4+4mUXHprehKhXc/S3FalE1V6K1pEnDZXF1ahPMqF/TInZA12fqEvrAdr
gNY8WIi/9lpD19bMGG4qXqXg311shkOaVSPOfjvuEnhDgwemyeILZ2+rvW9W7but
KhvBWBLW34H/XlO2khMsLd+g8KjoedrppkEtSuKX5JfPwb4SlwSdEAJMaQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCGowDw1xa5uHAcioXu04Z2X4VtyMB8GA1UdIwQY
MBaAFBafTtZiDIlgUh+7gf9y6DfcADivMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnA5TzFtSU1pV0JTSDd1Ql8zTG9OOXdBT0s4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9iYzZkMWUtMDE0Ni00YTM1LThlOWIt
Y2Y1ZmIwNDI1NjZhLzEvSWFqQVBEWEZybTRjQnlLaGU3VGhuWmZoVzNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9iYzZkMWUtMDE0Ni00YTM1LThlOWItY2Y1ZmIwNDI1NjZh
LzEvRnA5TzFtSU1pV0JTSDd1Ql8zTG9OOXdBT0s4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwZfwMA8E
AgACMAkDBwAgAQZ4AtAwDQYJKoZIhvcNAQELBQADggEBALrTfPQ9h1a/Z94Jo86l
7nQSWcN8IAZ1258x8niF11c89zopqtboiDU1IuhenFjCHAywQ/VGwVcUDR+fXALj
ZtxeFueqdjjXyytCxWxKqXklqQmiQOYdG0M3JszuLrMjy6u9GozBnmYU+A+ROn6S
HIy+n+v5Ct4pBZ87vmly6Cnq/vRX1A1S/4ugByVOlTHM2uhvtnD6jl+FI2ri/bVy
G07JxwAO8uAQDLa4GTovYiWx0XierAmcHlbrsWoBmRXPMN2j9g8L/AWPJi8DQaK2
FY2Zm6Mx3A77jUhjhTA5dLQaUqlje1oPfR94c2eEsddxNcUoZ8UJ8yBiOScwkGnB
7No=
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:27:28 2026 by rpki-client