Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/t_VAikl6AuDV7KY1lJg71qWe6PI.roa
File: t_VAikl6AuDV7KY1lJg71qWe6PI.roa (raw, json)
Hash identifier: 5EWDR0oT5pCzdNuqq4gxPs1dK+scKpifLsg8E3R3q10=
Subject key identifier: B7:F5:40:8A:49:7A:02:E0:D5:EC:A6:35:94:98:3B:D6:A5:9E:E8:F2
Certificate issuer: /CN=23ba1ec4f035a72dfa39e930ad8ec54368eb7af4
Certificate serial: 019B7DCAFDE90BD8E6697716E61AE74E21B7
Authority key identifier: 23:BA:1E:C4:F0:35:A7:2D:FA:39:E9:30:AD:8E:C5:43:68:EB:7A:F4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/I7oexPA1py36OekwrY7FQ2jrevQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/t_VAikl6AuDV7KY1lJg71qWe6PI.roa
Signing time: Fri 02 Jan 2026 08:20:13 +0000
ROA not before: Fri 02 Jan 2026 08:20:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 29576
IP address blocks: 93.157.24.0/21 maxlen: 21
194.146.132.0/22 maxlen: 22
194.146.133.0/24 maxlen: 24
194.146.135.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/I7oexPA1py36OekwrY7FQ2jrevQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/I7oexPA1py36OekwrY7FQ2jrevQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/I7oexPA1py36OekwrY7FQ2jrevQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 14:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7d:ca:fd:e9:0b:d8:e6:69:77:16:e6:1a:e7:4e:21:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23ba1ec4f035a72dfa39e930ad8ec54368eb7af4
Validity
Not Before: Jan 2 08:20:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b7f5408a497a02e0d5eca63594983bd6a59ee8f2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:fc:e9:88:7c:95:77:b3:ad:8e:4a:1a:f1:34:
1a:87:fc:75:e2:e4:b5:0e:a0:d1:1c:93:34:d1:c7:
d7:c6:80:35:af:a6:39:8f:65:42:d9:71:2c:eb:d4:
70:2b:39:41:3b:f2:ce:0e:18:bf:ae:4a:07:b6:10:
7b:68:2d:87:e2:4e:73:e5:bc:28:af:42:d6:a4:4f:
f1:96:b7:d4:af:f8:7d:00:b4:c7:4b:a5:5d:70:aa:
c0:06:00:8c:91:20:a4:4e:9c:5d:2b:5c:92:36:33:
b6:7e:2d:9e:59:74:98:8f:dd:7f:be:30:16:df:a5:
b8:08:3b:a3:09:41:08:c3:35:ef:64:d0:d8:65:37:
c3:a0:34:21:8a:14:3d:9a:73:14:9a:e1:6c:1d:f1:
3d:ef:03:db:bb:51:88:c6:5e:ce:48:3a:59:df:06:
33:ba:b8:76:e5:d7:d5:9f:6b:8e:ab:bf:4b:32:08:
ad:8e:a5:4e:f5:68:53:ba:44:75:b7:fb:c2:1c:cd:
26:3b:6e:d0:1a:95:53:79:3e:fb:8e:2b:ca:8e:60:
1c:e8:cf:eb:81:1b:f0:1e:10:5d:3c:75:8b:7e:9f:
f8:88:19:03:6b:53:41:61:19:82:b1:dd:70:9f:b3:
0a:b6:f3:dc:e5:a8:1b:ec:4f:c1:31:a3:88:1a:5f:
1a:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:F5:40:8A:49:7A:02:E0:D5:EC:A6:35:94:98:3B:D6:A5:9E:E8:F2
X509v3 Authority Key Identifier:
keyid:23:BA:1E:C4:F0:35:A7:2D:FA:39:E9:30:AD:8E:C5:43:68:EB:7A:F4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I7oexPA1py36OekwrY7FQ2jrevQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/t_VAikl6AuDV7KY1lJg71qWe6PI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/I7oexPA1py36OekwrY7FQ2jrevQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.157.24.0/21
194.146.132.0/22
Signature Algorithm: sha256WithRSAEncryption
3e:ec:e8:08:9e:49:0c:bd:b4:e8:4d:c7:37:08:c5:d6:7a:24:
96:00:cb:f8:f1:13:37:ea:48:f4:44:f9:4c:28:8c:7a:9d:a5:
4e:9c:a4:2d:77:8c:b6:a7:77:91:fb:a8:50:e2:6e:b0:48:7f:
5b:08:da:d1:7d:2a:c9:ed:1d:aa:bf:c1:64:a1:ab:e4:e1:b6:
04:c3:52:90:08:6f:56:c1:f1:01:5a:0b:e6:cd:46:b8:56:8a:
71:1d:39:40:3b:8f:c3:2e:54:6f:b1:3e:cc:ae:80:31:ad:65:
e5:b9:2a:a9:16:69:2c:39:cb:6f:5c:29:b6:d1:d1:55:02:7d:
4e:6d:fa:15:92:b4:e5:9d:2e:66:02:dd:57:b9:5e:fd:3a:98:
58:c6:b8:45:25:fa:07:1b:42:06:b7:9f:32:9c:d6:cf:13:87:
03:02:39:29:dd:27:3b:a4:9f:15:5c:1e:b4:d3:d1:a6:9d:3b:
85:0b:63:e0:5b:cc:28:72:0e:df:5f:95:ce:04:eb:36:0b:76:
0b:1e:97:0f:df:b6:3c:c0:6e:ce:ae:e8:a8:d6:91:99:5f:cc:
ed:79:9a:46:33:08:ff:49:5c:71:c6:38:9a:75:8b:f7:1f:fb:
0d:fa:07:e9:65:0c:c6:2b:23:bc:7b:19:d2:1b:6a:13:bc:dc:
0f:16:b1:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt9yv3pC9jmaXcW5hrnTiG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzYmExZWM0ZjAzNWE3MmRmYTM5ZTkzMGFkOGVjNTQzNjhl
YjdhZjQwHhcNMjYwMTAyMDgyMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2Y1NDA4YTQ5N2EwMmUwZDVlY2E2MzU5NDk4M2JkNmE1OWVlOGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPzpiHyVd7Otjkoa8TQah/x14uS1
DqDRHJM00cfXxoA1r6Y5j2VC2XEs69RwKzlBO/LODhi/rkoHthB7aC2H4k5z5bwo
r0LWpE/xlrfUr/h9ALTHS6VdcKrABgCMkSCkTpxdK1ySNjO2fi2eWXSYj91/vjAW
36W4CDujCUEIwzXvZNDYZTfDoDQhihQ9mnMUmuFsHfE97wPbu1GIxl7OSDpZ3wYz
urh25dfVn2uOq79LMgitjqVO9WhTukR1t/vCHM0mO27QGpVTeT77jivKjmAc6M/r
gRvwHhBdPHWLfp/4iBkDa1NBYRmCsd1wn7MKtvPc5agb7E/BMaOIGl8ajwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLf1QIpJegLg1eymNZSYO9alnujyMB8GA1UdIwQY
MBaAFCO6HsTwNact+jnpMK2OxUNo63r0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTdvZXhQQTFweTM2T2Vrd3JZN0ZRMmpyZXZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82MGVkMmQtMTZkNS00ZDBjLWE5NDct
YmRlNjQ0OGI3ODZjLzEvdF9WQWlrbDZBdURWN0tZMWxKZzcxcVdlNlBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82MGVkMmQtMTZkNS00ZDBjLWE5NDctYmRlNjQ0OGI3ODZj
LzEvSTdvZXhQQTFweTM2T2Vrd3JZN0ZRMmpyZXZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDXZ0YAwQC
wpKEMA0GCSqGSIb3DQEBCwUAA4IBAQA+7OgInkkMvbToTcc3CMXWeiSWAMv48RM3
6kj0RPlMKIx6naVOnKQtd4y2p3eR+6hQ4m6wSH9bCNrRfSrJ7R2qv8Fkoavk4bYE
w1KQCG9WwfEBWgvmzUa4VopxHTlAO4/DLlRvsT7MroAxrWXluSqpFmksOctvXCm2
0dFVAn1ObfoVkrTlnS5mAt1XuV79OphYxrhFJfoHG0IGt58ynNbPE4cDAjkp3Sc7
pJ8VXB6009GmnTuFC2PgW8wocg7fX5XOBOs2C3YLHpcP37Y8wG7Oruio1pGZX8zt
eZpGMwj/SVxxxjiadYv3H/sN+gfpZQzGKyO8exnSG2oTvNwPFrEh
-----END CERTIFICATE-----
Generated at Mon Mar 2 23:05:19 2026 by rpki-client