Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/Aq_imZu0yp9RlqPLno-rHmiyVH8.roa
File: Aq_imZu0yp9RlqPLno-rHmiyVH8.roa (raw, json)
Hash identifier: PD7qhuO56gBSAbiYUO7yS4hmdfVYjfEA3/GqXk4p3bA=
Subject key identifier: 02:AF:E2:99:9B:B4:CA:9F:51:96:A3:CB:9E:8F:AB:1E:68:B2:54:7F
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 019EBAF4E444D181CE1CF4FF824A9A0AA31B
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/Aq_imZu0yp9RlqPLno-rHmiyVH8.roa
Signing time: Fri 12 Jun 2026 08:31:11 +0000
ROA not before: Fri 12 Jun 2026 08:31:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 209737
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.51.0/24 maxlen: 24
185.254.28.0/24 maxlen: 24
193.35.155.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 08:43:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:ba:f4:e4:44:d1:81:ce:1c:f4:ff:82:4a:9a:0a:a3:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Jun 12 08:31:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=02afe2999bb4ca9f5196a3cb9e8fab1e68b2547f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:79:77:92:af:a9:c8:6f:23:d5:dd:7a:49:ad:
9f:4a:30:83:fa:01:06:3f:a1:a6:31:56:90:1b:f4:
f5:4b:11:77:23:df:aa:b5:ff:56:4c:df:00:f3:1e:
af:82:8d:bd:34:e3:75:f1:4b:bb:27:48:61:3b:97:
4f:e1:89:81:a1:d1:2d:fe:5a:99:a8:75:d9:16:11:
4a:81:b4:3b:b7:e4:94:7d:c4:29:ac:02:1c:69:bf:
c4:05:99:93:e3:e6:e7:96:d6:40:cc:7f:4b:2d:76:
34:87:f8:6f:16:e4:99:89:0c:7f:70:4d:8d:12:79:
0c:1f:20:70:3b:45:d7:2c:c1:ed:92:f9:f9:ba:18:
cb:6e:e4:13:65:2d:b9:bd:22:75:03:8a:23:85:08:
d6:44:25:a7:18:ab:eb:40:a6:a8:ec:7c:48:89:55:
e8:6c:50:67:3b:aa:4c:ee:f2:2e:d7:ef:6a:8e:f6:
17:dc:0d:14:42:ae:27:07:c4:5c:06:5f:91:0d:e8:
9e:b0:47:39:09:cc:53:b2:19:d6:82:ad:65:75:c6:
f5:b1:42:7b:e8:78:c0:5f:8b:0d:48:0f:1c:51:5f:
c7:7e:b9:f8:cc:03:08:fa:ab:51:7b:b4:0b:a3:3e:
f0:1a:f6:f7:87:90:dc:39:e8:dc:85:fc:83:3e:6c:
ba:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:AF:E2:99:9B:B4:CA:9F:51:96:A3:CB:9E:8F:AB:1E:68:B2:54:7F
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/Aq_imZu0yp9RlqPLno-rHmiyVH8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0/24
109.236.51.0/24
185.254.28.0/24
193.35.155.0/24
Signature Algorithm: sha256WithRSAEncryption
18:04:7d:cd:ef:26:eb:c8:bd:0c:7d:91:57:10:2c:e7:c0:d9:
95:21:17:54:db:3e:aa:9e:25:66:8e:14:2d:49:2d:4d:d4:b5:
3c:67:98:91:8c:48:b1:89:cc:fd:d0:ca:4d:b4:27:c8:48:ca:
60:0c:d8:8b:1e:c7:f2:1a:09:6e:64:1c:72:8e:9d:67:e3:86:
31:83:f6:27:7e:b7:1f:f4:78:2f:96:26:c6:f2:d9:4c:99:ef:
f0:d0:7a:73:c0:8d:38:dd:c3:d0:6c:1a:63:45:d3:0d:93:db:
9a:6c:da:fb:52:84:af:b8:70:e5:3c:64:2a:9e:e6:d4:6b:3c:
7f:30:04:d4:45:2f:79:93:46:78:05:5d:32:a7:70:6f:17:38:
18:bd:3f:06:04:d9:4c:72:96:2a:30:38:e1:f7:bc:4a:ca:dd:
54:40:f1:a5:1c:3b:fa:70:f8:0a:1c:a0:85:56:00:a2:a7:a5:
e5:4d:86:eb:c0:31:a9:b9:39:11:f2:54:67:af:22:43:0b:37:
bd:e7:e4:bd:51:78:66:45:e3:df:aa:1b:7e:e1:a2:52:8f:b0:
ae:67:93:0f:9a:c4:b8:8a:ee:f6:c1:8f:9a:28:b3:39:95:e3:
98:f3:9b:c9:51:ed:d9:8b:41:ed:9e:84:65:91:0a:a5:4c:29:
e9:56:47:4f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ669ORE0YHOHPT/gkqaCqMbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwNjEyMDgzMTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmFmZTI5OTliYjRjYTlmNTE5NmEzY2I5ZThmYWIxZTY4YjI1NDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXl3kq+pyG8j1d16Sa2fSjCD+gEG
P6GmMVaQG/T1SxF3I9+qtf9WTN8A8x6vgo29NON18Uu7J0hhO5dP4YmBodEt/lqZ
qHXZFhFKgbQ7t+SUfcQprAIcab/EBZmT4+bnltZAzH9LLXY0h/hvFuSZiQx/cE2N
EnkMHyBwO0XXLMHtkvn5uhjLbuQTZS25vSJ1A4ojhQjWRCWnGKvrQKao7HxIiVXo
bFBnO6pM7vIu1+9qjvYX3A0UQq4nB8RcBl+RDeiesEc5CcxTshnWgq1ldcb1sUJ7
6HjAX4sNSA8cUV/Hfrn4zAMI+qtRe7QLoz7wGvb3h5DcOejchfyDPmy63wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFAKv4pmbtMqfUZajy56Pqx5oslR/MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvQXFfaW1adTB5cDlSbHFQTG5vLXJIbWl5Vkg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAbewxAwQA
bewzAwQAuf4cAwQAwSObMA0GCSqGSIb3DQEBCwUAA4IBAQAYBH3N7ybryL0MfZFX
ECznwNmVIRdU2z6qniVmjhQtSS1N1LU8Z5iRjEixicz90MpNtCfISMpgDNiLHsfy
GgluZBxyjp1n44Yxg/Ynfrcf9HgvlibG8tlMme/w0HpzwI043cPQbBpjRdMNk9ua
bNr7UoSvuHDlPGQqnubUazx/MATURS95k0Z4BV0yp3BvFzgYvT8GBNlMcpYqMDjh
97xKyt1UQPGlHDv6cPgKHKCFVgCip6XlTYbrwDGpuTkR8lRnryJDCze95+S9UXhm
RePfqht+4aJSj7CuZ5MPmsS4iu72wY+aKLM5leOY85vJUe3Zi0HtnoRlkQqlTCnp
VkdP
-----END CERTIFICATE-----
Generated at Sat Jun 13 16:25:25 2026 by rpki-client