Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/a765a3-ed94-4fe0-bf45-e0c7b96b57f2/1/v-pMKzPNfy5rtd72CjyjHSP_0fI.roa
File: v-pMKzPNfy5rtd72CjyjHSP_0fI.roa (raw, json)
Hash identifier: EF0zddsGgRS422TMKGAJaOiCyP7MY9L2A1NyAEExYsA=
Subject key identifier: BF:EA:4C:2B:33:CD:7F:2E:6B:B5:DE:F6:0A:3C:A3:1D:23:FF:D1:F2
Certificate issuer: /CN=cf8375c321def9265983e2194d40ba97afe7f1cc
Certificate serial: 019B7A5AA339774CC6BBE3D48497D203178B
Authority key identifier: CF:83:75:C3:21:DE:F9:26:59:83:E2:19:4D:40:BA:97:AF:E7:F1:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z4N1wyHe-SZZg-IZTUC6l6_n8cw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/a765a3-ed94-4fe0-bf45-e0c7b96b57f2/1/v-pMKzPNfy5rtd72CjyjHSP_0fI.roa
Signing time: Thu 01 Jan 2026 16:18:38 +0000
ROA not before: Thu 01 Jan 2026 16:18:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 51553
IP address blocks: 85.91.49.0/24 maxlen: 24
85.91.50.0/24 maxlen: 24
85.91.51.0/24 maxlen: 24
85.91.52.0/24 maxlen: 24
85.91.53.0/24 maxlen: 24
85.91.54.0/24 maxlen: 24
85.91.55.0/24 maxlen: 24
85.91.56.0/24 maxlen: 24
85.91.57.0/24 maxlen: 24
91.217.237.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2a/a765a3-ed94-4fe0-bf45-e0c7b96b57f2/1/z4N1wyHe-SZZg-IZTUC6l6_n8cw.crl
rsync://rpki.ripe.net/repository/DEFAULT/2a/a765a3-ed94-4fe0-bf45-e0c7b96b57f2/1/z4N1wyHe-SZZg-IZTUC6l6_n8cw.mft
rsync://rpki.ripe.net/repository/DEFAULT/z4N1wyHe-SZZg-IZTUC6l6_n8cw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7a:5a:a3:39:77:4c:c6:bb:e3:d4:84:97:d2:03:17:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cf8375c321def9265983e2194d40ba97afe7f1cc
Validity
Not Before: Jan 1 16:18:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=bfea4c2b33cd7f2e6bb5def60a3ca31d23ffd1f2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:a6:45:24:3b:18:3b:e6:04:38:38:b4:02:ff:
44:c8:80:ea:b6:0c:52:57:bd:a8:19:7c:23:69:82:
e6:67:a3:1d:16:2f:0e:45:d6:57:3e:f9:83:c6:61:
49:12:3b:11:f7:f3:a1:ec:af:c0:f6:dc:84:35:20:
37:3c:57:e2:38:fd:61:f1:82:9f:2d:bd:93:01:ef:
ca:73:8d:db:36:52:07:31:f7:e1:21:65:2d:cb:bc:
39:d2:f2:73:62:b4:d0:0e:2e:fd:37:43:e9:a2:a7:
df:10:22:4e:56:28:a2:b5:7e:41:79:46:82:e3:c0:
77:04:20:69:7e:7f:98:8c:5c:d5:64:a2:63:8b:2b:
34:a0:58:3a:6a:93:07:71:14:f1:b5:39:3c:bb:b7:
7d:54:57:5f:f2:1c:38:09:b7:59:39:56:91:79:c2:
83:1d:c3:14:09:75:90:71:24:c2:b4:13:e6:9c:46:
5c:81:9b:44:bc:1c:2a:45:38:75:a3:3a:84:ed:a5:
30:53:75:eb:95:6f:4c:a1:72:61:52:f8:d3:d2:90:
a3:5f:f6:70:f2:a4:35:bc:6b:c9:ac:89:04:cf:53:
3c:81:11:a1:40:8b:cb:92:36:3a:02:b4:aa:83:71:
e3:df:c7:6e:22:a4:1a:4e:94:cb:aa:0d:68:0b:03:
99:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:EA:4C:2B:33:CD:7F:2E:6B:B5:DE:F6:0A:3C:A3:1D:23:FF:D1:F2
X509v3 Authority Key Identifier:
keyid:CF:83:75:C3:21:DE:F9:26:59:83:E2:19:4D:40:BA:97:AF:E7:F1:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z4N1wyHe-SZZg-IZTUC6l6_n8cw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a765a3-ed94-4fe0-bf45-e0c7b96b57f2/1/v-pMKzPNfy5rtd72CjyjHSP_0fI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a765a3-ed94-4fe0-bf45-e0c7b96b57f2/1/z4N1wyHe-SZZg-IZTUC6l6_n8cw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.91.49.0-85.91.57.255
91.217.237.0/24
Signature Algorithm: sha256WithRSAEncryption
33:97:d3:cb:ed:0c:a0:79:46:32:f8:23:18:02:46:02:59:4a:
ef:3f:11:5c:b0:98:e0:53:15:03:d8:31:2c:4d:09:2e:6e:7c:
1d:d2:92:36:9d:45:ac:64:5c:48:c1:d8:cd:b3:68:b6:5f:98:
68:ba:7a:4c:d2:df:94:3e:e7:13:1f:78:59:22:6c:b8:ef:65:
33:77:10:f2:e7:c6:2c:c9:d0:23:28:c1:a0:39:dc:a4:5d:c4:
2d:72:87:f7:22:d9:2c:bf:8a:ac:a2:81:32:20:74:cd:f0:cb:
cd:56:a6:4c:39:f1:26:95:26:19:c8:cb:e5:79:7d:d4:19:3a:
c6:e3:37:68:fa:37:62:f6:69:33:cb:43:a9:4e:4b:2c:68:b6:
e2:e4:fb:5d:97:98:e9:c7:b2:f8:33:54:e0:e1:8b:fa:06:d6:
cd:db:66:10:d5:4d:ed:4a:d6:af:85:f0:dd:09:3d:4d:7b:54:
13:8c:8e:bb:65:5f:0b:f6:97:dc:29:10:12:7d:15:5c:03:14:
cf:51:21:4f:b2:9b:9d:2a:f6:a2:11:16:0e:ac:8d:eb:11:2c:
b0:e0:1a:06:3d:c0:da:3c:d7:aa:62:b9:cc:05:f8:67:db:79:
3e:86:50:c2:84:3f:c7:e4:28:19:dc:64:39:53:6d:97:d9:64:
e6:9e:fd:10
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZt6WqM5d0zGu+PUhJfSAxeLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmODM3NWMzMjFkZWY5MjY1OTgzZTIxOTRkNDBiYTk3YWZl
N2YxY2MwHhcNMjYwMTAxMTYxODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmVhNGMyYjMzY2Q3ZjJlNmJiNWRlZjYwYTNjYTMxZDIzZmZkMWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqZFJDsYO+YEODi0Av9EyIDqtgxS
V72oGXwjaYLmZ6MdFi8ORdZXPvmDxmFJEjsR9/Oh7K/A9tyENSA3PFfiOP1h8YKf
Lb2TAe/Kc43bNlIHMffhIWUty7w50vJzYrTQDi79N0PpoqffECJOViiitX5BeUaC
48B3BCBpfn+YjFzVZKJjiys0oFg6apMHcRTxtTk8u7d9VFdf8hw4CbdZOVaRecKD
HcMUCXWQcSTCtBPmnEZcgZtEvBwqRTh1ozqE7aUwU3XrlW9MoXJhUvjT0pCjX/Zw
8qQ1vGvJrIkEz1M8gRGhQIvLkjY6ArSqg3Hj38duIqQaTpTLqg1oCwOZuwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFL/qTCszzX8ua7Xe9go8ox0j/9HyMB8GA1UdIwQY
MBaAFM+DdcMh3vkmWYPiGU1Aupev5/HMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejROMXd5SGUtU1paZy1JWlRVQzZsNl9uOGN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9hNzY1YTMtZWQ5NC00ZmUwLWJmNDUt
ZTBjN2I5NmI1N2YyLzEvdi1wTUt6UE5meTVydGQ3MkNqeWpIU1BfMGZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9hNzY1YTMtZWQ5NC00ZmUwLWJmNDUtZTBjN2I5NmI1N2Yy
LzEvejROMXd5SGUtU1paZy1JWlRVQzZsNl9uOGN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABVWzED
BAFVWzgDBABb2e0wDQYJKoZIhvcNAQELBQADggEBADOX08vtDKB5RjL4IxgCRgJZ
Su8/EVywmOBTFQPYMSxNCS5ufB3SkjadRaxkXEjB2M2zaLZfmGi6ekzS35Q+5xMf
eFkibLjvZTN3EPLnxizJ0CMowaA53KRdxC1yh/ci2Sy/iqyigTIgdM3wy81Wpkw5
8SaVJhnIy+V5fdQZOsbjN2j6N2L2aTPLQ6lOSyxotuLk+12XmOnHsvgzVODhi/oG
1s3bZhDVTe1K1q+F8N0JPU17VBOMjrtlXwv2l9wpEBJ9FVwDFM9RIU+ym50q9qIR
Fg6sjesRLLDgGgY9wNo816piucwF+GfbeT6GUMKEP8fkKBncZDlTbZfZZOae/RA=
-----END CERTIFICATE-----
Generated at Mon Mar 2 10:44:32 2026 by rpki-client