Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/fd8074-223a-4b52-bedd-66bdffa8bdc1/1/UnXx8eLA56gttIkRcqf-NuS44F0.roa
File: UnXx8eLA56gttIkRcqf-NuS44F0.roa (raw, json)
Hash identifier: fx9HijuBg7jYLyp35kspfL+8ovCgu0OiCG91CbefvX8=
Subject key identifier: 52:75:F1:F1:E2:C0:E7:A8:2D:B4:89:11:72:A7:FE:36:E4:B8:E0:5D
Certificate issuer: /CN=f94df2f8f5a13c645368914e3dbe42a24a36da5d
Certificate serial: 019B7F13A55ABF75034B47698B9CF795F2FF
Authority key identifier: F9:4D:F2:F8:F5:A1:3C:64:53:68:91:4E:3D:BE:42:A2:4A:36:DA:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-U3y-PWhPGRTaJFOPb5Coko22l0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/fd8074-223a-4b52-bedd-66bdffa8bdc1/1/UnXx8eLA56gttIkRcqf-NuS44F0.roa
Signing time: Fri 02 Jan 2026 14:19:12 +0000
ROA not before: Fri 02 Jan 2026 14:19:12 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 34225
IP address blocks: 91.184.32.0/20 maxlen: 20
185.48.92.0/22 maxlen: 22
193.138.164.0/22 maxlen: 22
2001:67c:20e0::/48 maxlen: 48
2a01:198::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/fd8074-223a-4b52-bedd-66bdffa8bdc1/1/1-U3y-PWhPGRTaJFOPb5Coko22l0.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/fd8074-223a-4b52-bedd-66bdffa8bdc1/1/1-U3y-PWhPGRTaJFOPb5Coko22l0.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-U3y-PWhPGRTaJFOPb5Coko22l0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7f:13:a5:5a:bf:75:03:4b:47:69:8b:9c:f7:95:f2:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f94df2f8f5a13c645368914e3dbe42a24a36da5d
Validity
Not Before: Jan 2 14:19:12 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5275f1f1e2c0e7a82db4891172a7fe36e4b8e05d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:3c:e5:e2:fa:f3:63:a5:66:f7:62:53:af:e2:
da:ac:fc:d3:37:a0:42:74:89:07:9c:a3:90:a5:b9:
07:cf:05:31:35:b5:6a:57:15:ba:35:57:42:d9:20:
9d:8a:75:76:b6:c9:1d:c3:27:40:eb:5b:b6:b2:75:
0f:ad:e7:de:d9:e2:e0:df:1a:03:45:07:a8:46:f4:
a4:76:34:fb:f3:2c:fc:f0:2a:a5:66:55:b8:1c:c7:
9e:c7:4f:01:e8:06:00:88:96:15:8f:1f:c7:3c:40:
93:73:2a:bd:06:6e:04:3a:1f:f1:82:a8:53:a4:30:
1c:10:27:3e:ac:f8:37:7a:3d:9d:25:ae:07:e4:12:
6b:58:5b:65:ed:8b:08:a4:94:f4:5e:a8:91:9c:10:
d0:28:bc:c5:72:a3:5d:48:cc:52:d0:90:d6:f7:21:
fd:a5:5b:fd:db:d9:ba:3d:d1:4c:58:80:19:99:40:
34:90:fb:0b:1a:84:19:cd:a0:da:a3:02:0b:08:fd:
f1:a4:53:45:2a:35:3f:67:37:11:04:8d:b9:fc:49:
d4:c8:f8:10:cb:3e:24:1c:65:df:4a:cc:6d:9b:75:
ff:a1:c0:cd:3f:96:85:26:ea:0b:79:10:f2:0b:08:
74:e5:11:30:df:56:2a:74:a0:7b:03:7d:06:33:2e:
95:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:75:F1:F1:E2:C0:E7:A8:2D:B4:89:11:72:A7:FE:36:E4:B8:E0:5D
X509v3 Authority Key Identifier:
keyid:F9:4D:F2:F8:F5:A1:3C:64:53:68:91:4E:3D:BE:42:A2:4A:36:DA:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-U3y-PWhPGRTaJFOPb5Coko22l0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/fd8074-223a-4b52-bedd-66bdffa8bdc1/1/UnXx8eLA56gttIkRcqf-NuS44F0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/fd8074-223a-4b52-bedd-66bdffa8bdc1/1/1-U3y-PWhPGRTaJFOPb5Coko22l0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.184.32.0/20
185.48.92.0/22
193.138.164.0/22
IPv6:
2001:67c:20e0::/48
2a01:198::/32
Signature Algorithm: sha256WithRSAEncryption
4f:9e:65:65:7e:f8:06:a7:76:c6:bf:a4:c1:a7:b2:2b:3c:bf:
b8:a5:08:18:90:70:74:35:84:5c:df:c6:82:6e:ef:c6:47:7d:
2e:ae:48:82:13:77:81:5e:98:14:4b:c6:25:5c:f0:ea:f4:42:
86:06:1f:c2:ed:a5:19:0a:9d:3c:a3:77:9d:57:83:81:d7:9c:
66:49:e7:ed:f2:b6:1e:93:04:29:b0:87:59:34:2a:6a:7d:d6:
66:a6:38:d9:4b:f2:0f:c0:f9:cd:dc:7f:a0:6e:82:22:eb:89:
8b:26:95:53:65:10:b0:39:58:1a:83:2f:e9:45:70:ed:b3:21:
3e:7e:eb:b6:5a:72:49:e7:3e:6b:f2:b2:c6:ff:8d:ae:58:73:
05:ce:c6:d0:cf:ed:9c:5e:97:79:3d:87:c9:4a:34:b6:85:74:
20:90:32:91:72:bd:3e:3a:3a:c5:ed:b4:4b:0f:36:60:46:01:
aa:e0:56:91:f5:ae:8a:83:20:ba:7e:dd:da:31:8c:84:ed:e9:
69:6b:6f:5b:97:c0:9f:3a:26:2c:ba:23:17:d0:52:91:b8:61:
21:2d:2e:b7:21:1d:92:1b:f3:98:c6:bd:3c:59:c4:f2:be:f3:
44:bb:55:c5:28:bf:b4:58:0b:d6:db:51:55:39:36:a4:e6:f6:
71:5a:86:af
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZt/E6Vav3UDS0dpi5z3lfL/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NGRmMmY4ZjVhMTNjNjQ1MzY4OTE0ZTNkYmU0MmEyNGEz
NmRhNWQwHhcNMjYwMTAyMTQxOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjc1ZjFmMWUyYzBlN2E4MmRiNDg5MTE3MmE3ZmUzNmU0YjhlMDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Dzl4vrzY6Vm92JTr+LarPzTN6BC
dIkHnKOQpbkHzwUxNbVqVxW6NVdC2SCdinV2tskdwydA61u2snUPrefe2eLg3xoD
RQeoRvSkdjT78yz88CqlZlW4HMeex08B6AYAiJYVjx/HPECTcyq9Bm4EOh/xgqhT
pDAcECc+rPg3ej2dJa4H5BJrWFtl7YsIpJT0XqiRnBDQKLzFcqNdSMxS0JDW9yH9
pVv929m6PdFMWIAZmUA0kPsLGoQZzaDaowILCP3xpFNFKjU/ZzcRBI25/EnUyPgQ
yz4kHGXfSsxtm3X/ocDNP5aFJuoLeRDyCwh05REw31YqdKB7A30GMy6VXwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFFJ18fHiwOeoLbSJEXKn/jbkuOBdMB8GA1UdIwQY
MBaAFPlN8vj1oTxkU2iRTj2+QqJKNtpdMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1VM3ktUFdoUEdSVGFKRk9QYjVDb2tvMjJsMC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIvZmQ4MDc0LTIyM2EtNGI1Mi1iZWRk
LTY2YmRmZmE4YmRjMS8xL1VuWHg4ZUxBNTZndHRJa1JjcWYtTnVTNDRGMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmIvZmQ4MDc0LTIyM2EtNGI1Mi1iZWRkLTY2YmRmZmE4YmRj
MS8xLzEtVTN5LVBXaFBHUlRhSkZPUGI1Q29rbzIybDAuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwQwYIKwYBBQUHAQcBAf8ENDAyMBgEAgABMBIDBARbuCAD
BAK5MFwDBALBiqQwFgQCAAIwEAMHACABBnwg4AMFACoBAZgwDQYJKoZIhvcNAQEL
BQADggEBAE+eZWV++Aandsa/pMGnsis8v7ilCBiQcHQ1hFzfxoJu78ZHfS6uSIIT
d4FemBRLxiVc8Or0QoYGH8LtpRkKnTyjd51Xg4HXnGZJ5+3yth6TBCmwh1k0Kmp9
1mamONlL8g/A+c3cf6BugiLriYsmlVNlELA5WBqDL+lFcO2zIT5+67ZacknnPmvy
ssb/ja5YcwXOxtDP7Zxel3k9h8lKNLaFdCCQMpFyvT46OsXttEsPNmBGAargVpH1
roqDILp+3doxjITt6Wlrb1uXwJ86Jiy6IxfQUpG4YSEtLrchHZIb85jGvTxZxPK+
80S7VcUov7RYC9bbUVU5NqTm9nFahq8=
-----END CERTIFICATE-----
Generated at Mon Mar 2 07:24:14 2026 by rpki-client