Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/df1512-3fa4-40fc-8dca-6437acd8a3cf/1/tO9v7iTX50tlfuqxxssYC-eagA8.roa
File: tO9v7iTX50tlfuqxxssYC-eagA8.roa (raw, json)
Hash identifier: 3ktQe8bKd+z2Ww8PO33mte778OAShNwmN0Svd4eJMUA=
Subject key identifier: B4:EF:6F:EE:24:D7:E7:4B:65:7E:EA:B1:C6:CB:18:0B:E7:9A:80:0F
Certificate issuer: /CN=607c0e942bf80a7d57490cc7bb04285b02aeff7a
Certificate serial: 019B7E383342CA3928CE637DFFFFBE3A6876
Authority key identifier: 60:7C:0E:94:2B:F8:0A:7D:57:49:0C:C7:BB:04:28:5B:02:AE:FF:7A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YHwOlCv4Cn1XSQzHuwQoWwKu_3o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/45/df1512-3fa4-40fc-8dca-6437acd8a3cf/1/tO9v7iTX50tlfuqxxssYC-eagA8.roa
Signing time: Fri 02 Jan 2026 10:19:30 +0000
ROA not before: Fri 02 Jan 2026 10:19:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 198761
IP address blocks: 91.242.223.0/24 maxlen: 24
91.243.64.0/23 maxlen: 24
185.25.228.0/22 maxlen: 24
185.222.100.0/22 maxlen: 24
213.5.236.0/23 maxlen: 24
2a04:3380::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/45/df1512-3fa4-40fc-8dca-6437acd8a3cf/1/YHwOlCv4Cn1XSQzHuwQoWwKu_3o.crl
rsync://rpki.ripe.net/repository/DEFAULT/45/df1512-3fa4-40fc-8dca-6437acd8a3cf/1/YHwOlCv4Cn1XSQzHuwQoWwKu_3o.mft
rsync://rpki.ripe.net/repository/DEFAULT/YHwOlCv4Cn1XSQzHuwQoWwKu_3o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7e:38:33:42:ca:39:28:ce:63:7d:ff:ff:be:3a:68:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=607c0e942bf80a7d57490cc7bb04285b02aeff7a
Validity
Not Before: Jan 2 10:19:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b4ef6fee24d7e74b657eeab1c6cb180be79a800f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:4e:38:08:34:6e:ee:13:59:28:9f:5e:80:82:
43:1e:0a:e6:7e:14:dc:e7:39:bd:c3:df:16:9e:be:
a5:95:aa:c1:d6:d7:d8:50:d4:2e:d8:13:73:ac:5d:
54:d2:d0:82:92:53:b2:be:da:fc:fd:81:d8:9c:07:
fe:ae:2e:4f:26:c8:89:b3:4c:4f:2e:9c:21:dd:0f:
16:86:85:09:2a:6e:9a:53:09:70:8a:06:da:a6:6b:
38:bf:ee:20:a8:52:3d:81:5f:6f:3f:e9:b7:72:19:
33:23:42:93:67:ac:9c:e3:8d:42:ee:42:16:97:e8:
61:47:6c:9a:a3:c1:14:3b:bb:87:e1:91:41:a2:68:
97:81:eb:35:95:0f:a1:66:ec:04:6e:63:9d:3d:bd:
2d:b1:b2:ec:d3:c3:08:6b:4c:e8:41:0c:9f:df:06:
e5:72:c4:2c:9d:57:42:65:f8:16:dc:fd:97:bf:ba:
3c:fd:c0:a9:63:72:c9:3e:e2:e4:90:81:83:96:3d:
24:c1:56:5b:0f:49:bc:0f:4c:6c:ac:de:fc:76:79:
f9:0a:99:79:58:8e:44:62:2a:4b:2a:d1:2d:1e:01:
70:fb:13:f1:6e:03:b6:77:3d:d8:81:70:09:36:c3:
e4:a8:27:f7:7b:2f:c1:82:94:c7:50:40:c2:74:0b:
46:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:EF:6F:EE:24:D7:E7:4B:65:7E:EA:B1:C6:CB:18:0B:E7:9A:80:0F
X509v3 Authority Key Identifier:
keyid:60:7C:0E:94:2B:F8:0A:7D:57:49:0C:C7:BB:04:28:5B:02:AE:FF:7A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YHwOlCv4Cn1XSQzHuwQoWwKu_3o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/df1512-3fa4-40fc-8dca-6437acd8a3cf/1/tO9v7iTX50tlfuqxxssYC-eagA8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/45/df1512-3fa4-40fc-8dca-6437acd8a3cf/1/YHwOlCv4Cn1XSQzHuwQoWwKu_3o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.242.223.0/24
91.243.64.0/23
185.25.228.0/22
185.222.100.0/22
213.5.236.0/23
IPv6:
2a04:3380::/29
Signature Algorithm: sha256WithRSAEncryption
71:32:f9:52:70:48:92:90:4a:7a:8c:23:5b:2a:7a:ce:4b:ed:
e7:3e:a2:db:04:69:45:e9:76:17:a2:d5:5d:6e:0f:e2:d7:2a:
09:ef:25:73:e8:3a:b8:ae:aa:3b:98:b8:25:31:9e:fe:90:3a:
17:cd:4c:fa:5b:97:21:b8:9c:16:ca:44:54:10:3a:bb:1b:c7:
17:bf:d1:bf:b3:36:6e:c2:1e:ae:56:ad:41:c1:45:0e:15:2b:
0a:95:b5:65:f5:25:cd:17:93:3c:56:fa:66:dc:79:bb:35:41:
ab:67:ad:fc:fb:3e:1d:c5:90:59:b1:95:63:c8:d8:b6:9a:bf:
53:ee:1d:82:23:6a:f8:bc:fc:df:42:60:33:eb:cf:c7:27:6b:
43:51:32:24:ee:39:5d:03:8a:31:bc:5c:0c:2d:58:c7:4e:aa:
30:bd:16:f0:94:ac:6d:d7:38:98:ed:64:ad:42:45:e9:a7:2b:
c8:06:db:94:ba:ff:cf:30:94:ae:60:1c:9d:b3:d2:44:c3:e4:
bc:33:50:1f:84:e1:71:2b:95:97:ba:f4:96:4f:5d:8f:fe:e7:
6b:74:1b:29:2d:a7:42:cb:e3:f6:94:bc:34:2a:1d:77:f8:0a:
73:c3:ea:18:14:85:2d:5d:0d:31:db:ff:23:23:69:8a:65:3a:
61:99:03:51
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZt+ODNCyjkozmN9//++Omh2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwN2MwZTk0MmJmODBhN2Q1NzQ5MGNjN2JiMDQyODViMDJh
ZWZmN2EwHhcNMjYwMTAyMTAxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGVmNmZlZTI0ZDdlNzRiNjU3ZWVhYjFjNmNiMTgwYmU3OWE4MDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4E44CDRu7hNZKJ9egIJDHgrmfhTc
5zm9w98Wnr6llarB1tfYUNQu2BNzrF1U0tCCklOyvtr8/YHYnAf+ri5PJsiJs0xP
Lpwh3Q8WhoUJKm6aUwlwigbapms4v+4gqFI9gV9vP+m3chkzI0KTZ6yc441C7kIW
l+hhR2yao8EUO7uH4ZFBomiXges1lQ+hZuwEbmOdPb0tsbLs08MIa0zoQQyf3wbl
csQsnVdCZfgW3P2Xv7o8/cCpY3LJPuLkkIGDlj0kwVZbD0m8D0xsrN78dnn5Cpl5
WI5EYipLKtEtHgFw+xPxbgO2dz3YgXAJNsPkqCf3ey/BgpTHUEDCdAtGyQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFLTvb+4k1+dLZX7qscbLGAvnmoAPMB8GA1UdIwQY
MBaAFGB8DpQr+Ap9V0kMx7sEKFsCrv96MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUh3T2xDdjRDbjFYU1F6SHV3UW9Xd0t1XzNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9kZjE1MTItM2ZhNC00MGZjLThkY2Et
NjQzN2FjZDhhM2NmLzEvdE85djdpVFg1MHRsZnVxeHhzc1lDLWVhZ0E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9kZjE1MTItM2ZhNC00MGZjLThkY2EtNjQzN2FjZDhhM2Nm
LzEvWUh3T2xDdjRDbjFYU1F6SHV3UW9Xd0t1XzNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQAW/LfAwQB
W/NAAwQCuRnkAwQCud5kAwQB1QXsMA0EAgACMAcDBQMqBDOAMA0GCSqGSIb3DQEB
CwUAA4IBAQBxMvlScEiSkEp6jCNbKnrOS+3nPqLbBGlF6XYXotVdbg/i1yoJ7yVz
6Dq4rqo7mLglMZ7+kDoXzUz6W5chuJwWykRUEDq7G8cXv9G/szZuwh6uVq1BwUUO
FSsKlbVl9SXNF5M8Vvpm3Hm7NUGrZ638+z4dxZBZsZVjyNi2mr9T7h2CI2r4vPzf
QmAz68/HJ2tDUTIk7jldA4oxvFwMLVjHTqowvRbwlKxt1ziY7WStQkXppyvIBtuU
uv/PMJSuYByds9JEw+S8M1AfhOFxK5WXuvSWT12P/udrdBspLadCy+P2lLw0Kh13
+Apzw+oYFIUtXQ0x2/8jI2mKZTphmQNR
-----END CERTIFICATE-----
Generated at Mon Mar 2 10:44:37 2026 by rpki-client