Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/rBaBGD3me64LECmMKa6dKRV8Yy0.roa
File: rBaBGD3me64LECmMKa6dKRV8Yy0.roa (raw, json)
Hash identifier: K+BptzFvZJeOeMKzMOMTcV3487VC0j+Wsdpi6o13OCY=
Subject key identifier: AC:16:81:18:3D:E6:7B:AE:0B:10:29:8C:29:AE:9D:29:15:7C:63:2D
Certificate issuer: /CN=b3dd35ccff6c2b86a1fad8f103bc20070d09e50d
Certificate serial: 019C8EA1109DB490651F981CC9444F641F39
Authority key identifier: B3:DD:35:CC:FF:6C:2B:86:A1:FA:D8:F1:03:BC:20:07:0D:09:E5:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s901zP9sK4ah-tjxA7wgBw0J5Q0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/rBaBGD3me64LECmMKa6dKRV8Yy0.roa
Signing time: Tue 24 Feb 2026 07:50:46 +0000
ROA not before: Tue 24 Feb 2026 07:50:46 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 31368
IP address blocks: 89.107.128.0/24 maxlen: 24
185.173.156.0/24 maxlen: 24
185.173.157.0/24 maxlen: 24
185.173.158.0/24 maxlen: 24
185.173.159.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/s901zP9sK4ah-tjxA7wgBw0J5Q0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/s901zP9sK4ah-tjxA7wgBw0J5Q0.mft
rsync://rpki.ripe.net/repository/DEFAULT/s901zP9sK4ah-tjxA7wgBw0J5Q0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:05:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:8e:a1:10:9d:b4:90:65:1f:98:1c:c9:44:4f:64:1f:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b3dd35ccff6c2b86a1fad8f103bc20070d09e50d
Validity
Not Before: Feb 24 07:50:46 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ac1681183de67bae0b10298c29ae9d29157c632d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:2c:24:77:8c:c8:d3:ab:e4:61:e9:d6:04:79:
7d:84:7a:42:c9:3a:73:22:71:03:3b:b0:37:f1:f1:
6d:23:ee:30:09:3f:f0:0a:37:23:0d:9d:57:ae:b7:
95:50:57:50:df:2d:b2:83:f8:50:47:7f:5a:b9:47:
4d:ed:a4:a4:fa:44:ac:21:c9:c2:6b:3c:db:b2:f6:
68:d3:39:cb:e6:17:35:5b:48:93:95:08:8b:d1:41:
6c:e7:db:86:03:64:22:3d:c9:2e:9e:ca:67:e8:74:
b7:21:da:a8:a1:11:89:c4:23:60:03:d9:12:4b:a8:
95:1f:4c:88:9a:41:5d:39:e4:93:fc:6a:01:27:f9:
6e:c9:3e:7e:c4:e8:57:79:df:96:4f:a4:a9:7e:49:
5c:1e:e1:d8:06:9f:30:b8:8d:3c:83:f2:da:d0:26:
22:a5:73:62:5f:bf:6a:e6:f3:cf:17:c2:da:6e:d1:
fe:64:16:46:f4:a8:e7:d5:50:22:1e:ac:45:90:de:
d6:8e:f2:6c:38:ca:0c:e9:4a:6f:ff:37:79:91:8b:
bb:2d:28:39:b4:f3:45:0d:42:bb:b2:8a:6f:cd:d9:
24:74:9b:a9:02:9c:64:51:4f:50:8c:a1:77:20:5b:
d4:fe:89:59:78:49:24:e3:7a:09:c0:5f:6e:d5:16:
eb:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:16:81:18:3D:E6:7B:AE:0B:10:29:8C:29:AE:9D:29:15:7C:63:2D
X509v3 Authority Key Identifier:
keyid:B3:DD:35:CC:FF:6C:2B:86:A1:FA:D8:F1:03:BC:20:07:0D:09:E5:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s901zP9sK4ah-tjxA7wgBw0J5Q0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/rBaBGD3me64LECmMKa6dKRV8Yy0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/s901zP9sK4ah-tjxA7wgBw0J5Q0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.107.128.0/24
185.173.156.0/22
Signature Algorithm: sha256WithRSAEncryption
17:95:f8:c5:87:b6:05:66:f0:8d:fa:a4:45:31:0c:e7:f1:ae:
48:23:47:a4:6a:1c:7a:0d:90:0b:8d:fc:1c:f1:3e:01:47:3e:
78:7f:79:87:84:45:94:02:26:6d:88:7c:85:ac:19:7e:5d:00:
d5:4d:f5:02:b1:6e:e5:02:35:09:f6:86:a5:c9:ad:58:6a:2e:
a2:29:01:bf:e7:cb:14:11:c2:60:19:86:4c:db:b1:dc:45:46:
3d:be:d2:31:3a:d4:61:b4:3a:44:5d:0b:d3:99:57:a3:a9:c4:
a0:51:ee:1b:3d:70:b4:ed:02:f3:dd:a7:17:29:dd:2d:63:69:
6b:71:e3:c4:f8:9f:8d:6f:15:1c:57:ef:01:b4:18:f4:8c:d4:
5c:9e:cb:89:87:e7:46:35:b6:cc:9e:eb:8b:33:0b:23:18:5d:
64:29:08:a1:4c:3e:9c:08:88:ad:27:bf:19:ea:22:cc:c9:eb:
38:fa:36:97:ab:92:cb:20:d1:85:47:af:f9:6f:5f:4a:5d:f8:
4c:58:71:e0:13:3e:f5:72:13:71:f2:9c:44:54:60:3a:b0:3b:
3b:8a:4f:6f:5d:c0:70:47:42:43:b7:3c:b2:b4:22:e4:e3:3b:
6f:a0:c1:7b:92:1d:7e:a0:b1:75:f2:27:22:7d:80:9b:a5:a6:
4e:f1:8c:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyOoRCdtJBlH5gcyURPZB85MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZGQzNWNjZmY2YzJiODZhMWZhZDhmMTAzYmMyMDA3MGQw
OWU1MGQwHhcNMjYwMjI0MDc1MDQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzE2ODExODNkZTY3YmFlMGIxMDI5OGMyOWFlOWQyOTE1N2M2MzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCwkd4zI06vkYenWBHl9hHpCyTpz
InEDO7A38fFtI+4wCT/wCjcjDZ1XrreVUFdQ3y2yg/hQR39auUdN7aSk+kSsIcnC
azzbsvZo0znL5hc1W0iTlQiL0UFs59uGA2QiPckunspn6HS3IdqooRGJxCNgA9kS
S6iVH0yImkFdOeST/GoBJ/luyT5+xOhXed+WT6SpfklcHuHYBp8wuI08g/La0CYi
pXNiX79q5vPPF8LabtH+ZBZG9Kjn1VAiHqxFkN7WjvJsOMoM6Upv/zd5kYu7LSg5
tPNFDUK7sopvzdkkdJupApxkUU9QjKF3IFvU/olZeEkk43oJwF9u1RbrtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKwWgRg95nuuCxApjCmunSkVfGMtMB8GA1UdIwQY
MBaAFLPdNcz/bCuGofrY8QO8IAcNCeUNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczkwMXpQOXNLNGFoLXRqeEE3d2dCdzBKNVEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80NGQ0YTMtN2E4NC00NDk5LThiNzEt
MmIxMDUwNTFiYTU5LzEvckJhQkdEM21lNjRMRUNtTUthNmRLUlY4WXkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80NGQ0YTMtN2E4NC00NDk5LThiNzEtMmIxMDUwNTFiYTU5
LzEvczkwMXpQOXNLNGFoLXRqeEE3d2dCdzBKNVEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWWuAAwQC
ua2cMA0GCSqGSIb3DQEBCwUAA4IBAQAXlfjFh7YFZvCN+qRFMQzn8a5II0ekahx6
DZALjfwc8T4BRz54f3mHhEWUAiZtiHyFrBl+XQDVTfUCsW7lAjUJ9oalya1Yai6i
KQG/58sUEcJgGYZM27HcRUY9vtIxOtRhtDpEXQvTmVejqcSgUe4bPXC07QLz3acX
Kd0tY2lrcePE+J+NbxUcV+8BtBj0jNRcnsuJh+dGNbbMnuuLMwsjGF1kKQihTD6c
CIitJ78Z6iLMyes4+jaXq5LLINGFR6/5b19KXfhMWHHgEz71chNx8pxEVGA6sDs7
ik9vXcBwR0JDtzyytCLk4ztvoMF7kh1+oLF18icifYCbpaZO8Yx/
-----END CERTIFICATE-----
Generated at Tue Mar 3 01:11:20 2026 by rpki-client