Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/dd15b4-3cdb-4a7a-92b1-d16895e0e18e/1/Gz70wja6JZyjI_mWX47Bb5tQSQc.roa
File: Gz70wja6JZyjI_mWX47Bb5tQSQc.roa (raw, json)
Hash identifier: iWsBF2Gi5zq+y0imf0T0eK6i4zGzIKtjjri3CGuQTR8=
Subject key identifier: 1B:3E:F4:C2:36:BA:25:9C:A3:23:F9:96:5F:8E:C1:6F:9B:50:49:07
Certificate issuer: /CN=8e8223edf0ae42560e8f0c2cb059e3c8f5ae4d1a
Certificate serial: 019B783438CF5009F86C2F21B659BF7FE505
Authority key identifier: 8E:82:23:ED:F0:AE:42:56:0E:8F:0C:2C:B0:59:E3:C8:F5:AE:4D:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/joIj7fCuQlYOjwwssFnjyPWuTRo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/dd15b4-3cdb-4a7a-92b1-d16895e0e18e/1/Gz70wja6JZyjI_mWX47Bb5tQSQc.roa
Signing time: Thu 01 Jan 2026 06:17:26 +0000
ROA not before: Thu 01 Jan 2026 06:17:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 57008
IP address blocks: 85.198.88.0/22 maxlen: 22
85.198.88.0/24 maxlen: 24
85.198.89.0/24 maxlen: 24
85.198.90.0/24 maxlen: 24
85.198.91.0/24 maxlen: 24
176.123.180.0/22 maxlen: 22
176.123.180.0/24 maxlen: 24
176.123.182.0/24 maxlen: 24
176.123.183.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/dd15b4-3cdb-4a7a-92b1-d16895e0e18e/1/joIj7fCuQlYOjwwssFnjyPWuTRo.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/dd15b4-3cdb-4a7a-92b1-d16895e0e18e/1/joIj7fCuQlYOjwwssFnjyPWuTRo.mft
rsync://rpki.ripe.net/repository/DEFAULT/joIj7fCuQlYOjwwssFnjyPWuTRo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 06:01:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:78:34:38:cf:50:09:f8:6c:2f:21:b6:59:bf:7f:e5:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8e8223edf0ae42560e8f0c2cb059e3c8f5ae4d1a
Validity
Not Before: Jan 1 06:17:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1b3ef4c236ba259ca323f9965f8ec16f9b504907
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:f2:b8:55:c2:8c:dc:3c:8a:09:0f:c0:9c:ac:
b1:6a:c3:2e:ab:c7:67:d7:3e:5b:88:1d:f9:9f:b2:
8a:84:00:8d:60:aa:cb:53:71:c7:e4:1c:69:85:50:
4a:5b:5e:39:17:b3:89:e8:d0:d8:4b:98:72:39:11:
ec:d4:3c:b8:12:fe:a5:12:25:80:9a:5f:1e:a4:67:
07:5b:ce:ef:cc:e0:b5:a1:2b:86:db:ca:7d:17:e2:
b4:8e:f2:c1:6f:ef:7e:80:e2:85:f2:46:03:b9:ec:
3c:6f:d2:b3:89:c4:7c:0e:76:50:d0:61:d0:3f:5b:
75:bc:f6:97:dc:5b:36:f0:82:e2:0f:02:d2:ab:64:
f4:a2:09:34:de:c9:a1:c9:4d:a0:10:9f:3d:3b:21:
ed:81:8f:b0:c5:d5:4b:05:18:45:3b:48:b1:15:9c:
28:0a:d4:14:f3:00:be:d7:51:06:0e:d5:ab:ca:01:
ee:0c:e5:4e:b7:ac:91:51:8e:16:5c:21:91:b7:d3:
5f:bc:6e:d8:1c:00:dd:ff:48:68:4f:d8:5c:bc:8a:
0f:f7:00:65:84:ef:b6:6d:b8:21:08:b8:f3:9b:77:
d2:a0:4e:3b:49:73:8a:e4:c0:c9:88:7c:a6:f0:a2:
86:cc:9b:b6:ce:4e:fa:8a:18:26:c5:30:ee:8c:3f:
8a:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:3E:F4:C2:36:BA:25:9C:A3:23:F9:96:5F:8E:C1:6F:9B:50:49:07
X509v3 Authority Key Identifier:
keyid:8E:82:23:ED:F0:AE:42:56:0E:8F:0C:2C:B0:59:E3:C8:F5:AE:4D:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/joIj7fCuQlYOjwwssFnjyPWuTRo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/dd15b4-3cdb-4a7a-92b1-d16895e0e18e/1/Gz70wja6JZyjI_mWX47Bb5tQSQc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/dd15b4-3cdb-4a7a-92b1-d16895e0e18e/1/joIj7fCuQlYOjwwssFnjyPWuTRo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.198.88.0/22
176.123.180.0/22
Signature Algorithm: sha256WithRSAEncryption
e0:aa:d2:45:f6:6c:89:04:d8:be:98:22:52:b6:c0:0a:ef:cc:
4d:ca:9e:a0:73:6f:78:07:df:3a:75:35:e2:f6:63:1a:a1:0a:
f0:ab:3b:23:2e:4d:3b:2a:a3:8f:25:e5:50:ae:3e:a1:23:4a:
d9:a3:7b:15:9e:b6:83:0c:ad:b9:f7:6d:57:a4:de:b4:e3:10:
7e:d0:a9:43:df:76:5e:01:05:ba:2b:3b:74:4b:e0:c0:10:cf:
ee:35:f1:65:e4:fc:c1:8d:91:62:ec:85:cf:71:70:37:c3:56:
8f:b0:82:dc:70:d0:d7:c5:0f:46:48:90:7c:b2:e8:b6:c1:96:
e9:8c:18:cf:07:fd:04:45:40:e8:bc:da:de:f7:64:3a:68:9d:
ea:41:ba:ca:f0:94:7b:d1:88:55:c4:6d:03:a7:3b:40:ef:39:
f1:64:48:90:74:8d:5a:c4:9a:94:a2:c4:8d:dd:3f:0f:5e:77:
86:10:0e:35:ad:bb:a4:42:a8:0c:15:8c:46:ec:f2:7d:e7:ed:
29:13:f7:70:c6:cf:4c:6f:96:0c:0b:34:e3:e5:b1:03:7c:67:
2a:d1:08:5b:a0:e7:da:9b:b1:27:0a:f5:28:d5:74:a4:74:62:
7b:04:d0:c0:a8:42:00:fb:fe:c4:0a:81:23:e1:60:7b:08:56:
bf:de:77:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt4NDjPUAn4bC8htlm/f+UFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlODIyM2VkZjBhZTQyNTYwZThmMGMyY2IwNTllM2M4ZjVh
ZTRkMWEwHhcNMjYwMTAxMDYxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjNlZjRjMjM2YmEyNTljYTMyM2Y5OTY1ZjhlYzE2ZjliNTA0OTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvK4VcKM3DyKCQ/AnKyxasMuq8dn
1z5biB35n7KKhACNYKrLU3HH5BxphVBKW145F7OJ6NDYS5hyORHs1Dy4Ev6lEiWA
ml8epGcHW87vzOC1oSuG28p9F+K0jvLBb+9+gOKF8kYDuew8b9KzicR8DnZQ0GHQ
P1t1vPaX3Fs28ILiDwLSq2T0ogk03smhyU2gEJ89OyHtgY+wxdVLBRhFO0ixFZwo
CtQU8wC+11EGDtWrygHuDOVOt6yRUY4WXCGRt9NfvG7YHADd/0hoT9hcvIoP9wBl
hO+2bbghCLjzm3fSoE47SXOK5MDJiHym8KKGzJu2zk76ihgmxTDujD+KYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBs+9MI2uiWcoyP5ll+OwW+bUEkHMB8GA1UdIwQY
MBaAFI6CI+3wrkJWDo8MLLBZ48j1rk0aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam9JajdmQ3VRbFlPand3c3NGbmp5UFd1VFJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9kZDE1YjQtM2NkYi00YTdhLTkyYjEt
ZDE2ODk1ZTBlMThlLzEvR3o3MHdqYTZKWnlqSV9tV1g0N0JiNXRRU1FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9kZDE1YjQtM2NkYi00YTdhLTkyYjEtZDE2ODk1ZTBlMThl
LzEvam9JajdmQ3VRbFlPand3c3NGbmp5UFd1VFJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVcZYAwQC
sHu0MA0GCSqGSIb3DQEBCwUAA4IBAQDgqtJF9myJBNi+mCJStsAK78xNyp6gc294
B986dTXi9mMaoQrwqzsjLk07KqOPJeVQrj6hI0rZo3sVnraDDK25921XpN604xB+
0KlD33ZeAQW6Kzt0S+DAEM/uNfFl5PzBjZFi7IXPcXA3w1aPsILccNDXxQ9GSJB8
sui2wZbpjBjPB/0ERUDovNre92Q6aJ3qQbrK8JR70YhVxG0DpztA7znxZEiQdI1a
xJqUosSN3T8PXneGEA41rbukQqgMFYxG7PJ95+0pE/dwxs9Mb5YMCzTj5bEDfGcq
0QhboOfam7EnCvUo1XSkdGJ7BNDAqEIA+/7ECoEj4WB7CFa/3nff
-----END CERTIFICATE-----
Generated at Mon Mar 2 12:30:44 2026 by rpki-client