Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/fbKtEO1o9WK3qQiKrJ-OgfZoILg.roa
File: fbKtEO1o9WK3qQiKrJ-OgfZoILg.roa (raw, json)
Hash identifier: FmJLyGG3V40wHUTkkiUntff2Oq09kD1nlYwceExfU68=
Subject key identifier: 7D:B2:AD:10:ED:68:F5:62:B7:A9:08:8A:AC:9F:8E:81:F6:68:20:B8
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 019C0515B4B5B6D5A8C41263131327E2C67C
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/fbKtEO1o9WK3qQiKrJ-OgfZoILg.roa
Signing time: Wed 28 Jan 2026 14:50:34 +0000
ROA not before: Wed 28 Jan 2026 14:50:34 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 48678
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.51.0/24 maxlen: 24
160.20.111.0/24 maxlen: 24
185.85.236.0/24 maxlen: 24
185.254.28.0/24 maxlen: 24
185.254.29.0/24 maxlen: 24
193.35.152.0/24 maxlen: 24
193.35.155.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 07:01:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:05:15:b4:b5:b6:d5:a8:c4:12:63:13:13:27:e2:c6:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Jan 28 14:50:34 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=7db2ad10ed68f562b7a9088aac9f8e81f66820b8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:6e:3e:f2:07:9b:4c:1c:7b:3c:e4:71:6c:ca:
96:c2:f6:a8:b8:a8:ed:21:96:a4:d6:61:0a:59:eb:
01:14:a6:42:11:1c:5a:89:7b:03:9c:f6:53:fe:25:
86:27:2a:83:7b:b9:e7:c3:0b:c9:59:40:62:1a:2e:
df:e4:54:d4:6c:98:a0:69:c7:58:b0:74:9f:9e:e9:
27:cb:25:87:81:e7:87:95:c9:67:f6:42:48:60:30:
31:e0:68:73:84:f4:57:17:8e:7d:4b:8e:4a:60:b0:
fb:aa:17:ed:8d:e5:3d:d8:92:02:93:72:f1:92:eb:
73:69:54:72:a8:d6:c4:eb:1e:7c:e8:6f:a8:a2:30:
94:2d:52:a3:de:09:db:db:24:fd:d0:9f:b7:70:a7:
41:85:3a:e3:07:a0:35:d5:c0:3e:85:84:c5:be:94:
7b:5d:95:56:1c:df:e8:f6:dd:31:9b:15:af:19:da:
d5:f0:87:d4:9c:94:0e:ac:a6:f9:f1:85:52:8a:48:
26:fb:bb:fa:a2:f5:4a:d8:46:a4:fd:32:4f:c0:9b:
b2:12:86:ef:9b:af:da:e9:6c:39:80:c1:30:f8:fb:
ee:49:59:88:7c:7b:79:5b:7c:fe:ca:3f:0d:78:e6:
f9:26:84:35:ff:3c:5a:08:89:ef:26:14:f8:9b:aa:
e6:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:B2:AD:10:ED:68:F5:62:B7:A9:08:8A:AC:9F:8E:81:F6:68:20:B8
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/fbKtEO1o9WK3qQiKrJ-OgfZoILg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0/24
109.236.51.0/24
160.20.111.0/24
185.85.236.0/24
185.254.28.0/23
193.35.152.0/24
193.35.155.0/24
Signature Algorithm: sha256WithRSAEncryption
9e:16:86:12:cd:c3:f8:d0:31:f2:5e:c4:6b:b2:b5:e2:0a:9b:
b0:6d:5c:ed:af:65:55:2c:cd:aa:9f:37:2a:b3:7f:cd:3a:52:
26:1b:db:c7:82:a4:0d:59:1a:45:71:83:ed:34:86:96:31:bc:
78:eb:4d:a5:b3:2e:f5:fb:ec:64:dc:6c:c5:2a:4b:a7:5e:cc:
57:5a:d9:b5:4e:d3:c0:05:63:95:d9:ed:35:cf:22:02:c8:85:
0b:e6:30:ee:63:48:ee:c2:f6:c7:04:0c:4f:77:4c:a5:ef:43:
f5:99:cc:2c:43:88:7d:c3:0c:ba:90:64:dc:20:8d:a7:df:ea:
8e:93:3e:3e:a3:c4:22:c6:b6:79:f7:66:f2:27:70:bd:6b:28:
6f:55:c5:6a:8b:6a:f0:10:2a:dc:5f:a9:12:0b:5b:14:af:03:
42:6b:14:7d:c8:cc:94:76:17:88:e4:4a:cd:ee:4c:de:13:d0:
8f:34:f1:b2:f1:fd:a1:11:f5:28:5c:47:34:87:18:0c:69:63:
6d:28:55:83:08:5c:98:ce:f5:1a:61:06:ba:21:e6:92:82:9b:
da:d3:8a:67:10:72:28:1c:1f:3c:a0:f9:57:50:6e:42:c0:92:
f5:73:93:10:7d:f3:20:04:04:b1:95:ff:aa:42:7c:d3:35:16:
9a:82:eb:31
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZwFFbS1ttWoxBJjExMn4sZ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwMTI4MTQ1MDM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGIyYWQxMGVkNjhmNTYyYjdhOTA4OGFhYzlmOGU4MWY2NjgyMGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzW4+8gebTBx7PORxbMqWwvaouKjt
IZak1mEKWesBFKZCERxaiXsDnPZT/iWGJyqDe7nnwwvJWUBiGi7f5FTUbJigacdY
sHSfnuknyyWHgeeHlcln9kJIYDAx4GhzhPRXF459S45KYLD7qhftjeU92JICk3Lx
kutzaVRyqNbE6x586G+oojCULVKj3gnb2yT90J+3cKdBhTrjB6A11cA+hYTFvpR7
XZVWHN/o9t0xmxWvGdrV8IfUnJQOrKb58YVSikgm+7v6ovVK2Eak/TJPwJuyEobv
m6/a6Ww5gMEw+PvuSVmIfHt5W3z+yj8NeOb5JoQ1/zxaCInvJhT4m6rmUwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFH2yrRDtaPVit6kIiqyfjoH2aCC4MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvZmJLdEVPMW85V0szcVFpS3JKLU9nZlpvSUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAbewxAwQA
bewzAwQAoBRvAwQAuVXsAwQBuf4cAwQAwSOYAwQAwSObMA0GCSqGSIb3DQEBCwUA
A4IBAQCeFoYSzcP40DHyXsRrsrXiCpuwbVztr2VVLM2qnzcqs3/NOlImG9vHgqQN
WRpFcYPtNIaWMbx4602lsy71++xk3GzFKkunXsxXWtm1TtPABWOV2e01zyICyIUL
5jDuY0juwvbHBAxPd0yl70P1mcwsQ4h9wwy6kGTcII2n3+qOkz4+o8QixrZ592by
J3C9ayhvVcVqi2rwECrcX6kSC1sUrwNCaxR9yMyUdheI5ErN7kzeE9CPNPGy8f2h
EfUoXEc0hxgMaWNtKFWDCFyYzvUaYQa6IeaSgpva04pnEHIoHB88oPlXUG5CwJL1
c5MQffMgBASxlf+qQnzTNRaagusx
-----END CERTIFICATE-----
Generated at Mon Mar 2 15:06:29 2026 by rpki-client