Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/71ee7c-3c04-4a9c-9df7-0bf5905b35ef/1/t90Pf8i78ir-qZaXDxbGjf9fnfQ.roa
File: t90Pf8i78ir-qZaXDxbGjf9fnfQ.roa (raw, json)
Hash identifier: xVvLDALVTXA20CqaVC5YheWUUzGYCzjMpdYIhNnbISE=
Subject key identifier: B7:DD:0F:7F:C8:BB:F2:2A:FE:A9:96:97:0F:16:C6:8D:FF:5F:9D:F4
Certificate issuer: /CN=da34216b3bd921b6c66187a8c86a4a4bb0ee523f
Certificate serial: 019B7EA51BE6CB119B65F12121CA93B677D7
Authority key identifier: DA:34:21:6B:3B:D9:21:B6:C6:61:87:A8:C8:6A:4A:4B:B0:EE:52:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2jQhazvZIbbGYYeoyGpKS7DuUj8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/48/71ee7c-3c04-4a9c-9df7-0bf5905b35ef/1/t90Pf8i78ir-qZaXDxbGjf9fnfQ.roa
Signing time: Fri 02 Jan 2026 12:18:28 +0000
ROA not before: Fri 02 Jan 2026 12:18:28 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 50331
IP address blocks: 178.217.192.0/21 maxlen: 21
178.217.192.0/24 maxlen: 24
178.217.193.0/24 maxlen: 24
178.217.194.0/24 maxlen: 24
178.217.195.0/24 maxlen: 24
178.217.196.0/24 maxlen: 24
178.217.197.0/24 maxlen: 24
178.217.198.0/24 maxlen: 24
178.217.199.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/48/71ee7c-3c04-4a9c-9df7-0bf5905b35ef/1/2jQhazvZIbbGYYeoyGpKS7DuUj8.crl
rsync://rpki.ripe.net/repository/DEFAULT/48/71ee7c-3c04-4a9c-9df7-0bf5905b35ef/1/2jQhazvZIbbGYYeoyGpKS7DuUj8.mft
rsync://rpki.ripe.net/repository/DEFAULT/2jQhazvZIbbGYYeoyGpKS7DuUj8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7e:a5:1b:e6:cb:11:9b:65:f1:21:21:ca:93:b6:77:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da34216b3bd921b6c66187a8c86a4a4bb0ee523f
Validity
Not Before: Jan 2 12:18:28 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b7dd0f7fc8bbf22afea996970f16c68dff5f9df4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:1d:f5:96:3d:d8:43:9c:3f:c7:71:c3:66:b6:
41:4d:88:21:c3:ed:80:af:7a:44:e1:90:65:e0:d5:
2c:2c:f1:cd:42:2a:ce:fc:c9:9d:dd:48:a8:cd:9d:
29:8e:27:78:1f:c2:93:d4:18:4f:03:c2:ad:1e:49:
5f:29:ea:e5:f2:cf:fe:b7:f9:78:19:19:dc:bf:44:
04:65:64:18:8c:45:c6:64:f0:86:03:83:d7:15:5e:
c6:b8:04:f3:34:0d:c3:b7:24:84:ef:a5:e8:bc:83:
c3:11:84:a5:3e:8d:11:e3:18:fc:be:5a:0a:d1:1f:
21:f6:70:bc:f7:8e:26:0d:16:d5:2e:d2:f0:3d:32:
39:f0:9a:a1:95:91:72:4e:75:4f:86:ac:74:d7:e9:
b2:d2:88:bf:d6:09:b6:f2:52:80:cd:9c:40:8c:2e:
41:30:3d:77:f4:5c:dd:ac:b0:04:a9:2d:dc:26:ca:
05:76:cf:ec:a3:fe:53:32:ca:87:b8:9f:b7:0f:51:
8e:92:4d:37:a2:b8:c0:17:00:ee:fe:c3:f4:87:5c:
a3:98:9f:62:78:1a:b4:a6:55:b2:0a:f0:b3:e0:da:
8c:50:65:10:9e:c8:3e:3f:88:fa:30:d4:86:eb:88:
db:a9:82:8e:f1:e9:e8:25:49:c0:07:48:f5:f1:91:
07:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:DD:0F:7F:C8:BB:F2:2A:FE:A9:96:97:0F:16:C6:8D:FF:5F:9D:F4
X509v3 Authority Key Identifier:
keyid:DA:34:21:6B:3B:D9:21:B6:C6:61:87:A8:C8:6A:4A:4B:B0:EE:52:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2jQhazvZIbbGYYeoyGpKS7DuUj8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/71ee7c-3c04-4a9c-9df7-0bf5905b35ef/1/t90Pf8i78ir-qZaXDxbGjf9fnfQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/48/71ee7c-3c04-4a9c-9df7-0bf5905b35ef/1/2jQhazvZIbbGYYeoyGpKS7DuUj8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.217.192.0/21
Signature Algorithm: sha256WithRSAEncryption
95:52:42:af:fb:63:06:54:05:98:21:14:c0:50:f8:75:a1:8d:
a9:9e:07:04:96:c1:f1:2c:c9:46:b6:50:93:ba:49:24:13:f0:
60:39:e0:5f:c4:8d:73:27:12:73:2a:d6:e8:b5:86:0a:f6:80:
93:a1:5b:d5:5d:e9:27:04:f5:90:fe:8d:27:09:fc:db:27:87:
bd:16:bd:0c:9e:67:b2:ee:6f:3f:a0:8a:b2:8b:0b:e4:88:a6:
ca:28:43:9b:0d:37:5e:dc:73:2f:32:96:a9:e3:8b:34:41:e9:
2b:ef:94:05:63:80:77:0b:2a:e9:9e:10:c4:8e:9f:03:85:c6:
5c:87:45:c4:8f:0d:07:61:a6:c6:00:86:53:66:ef:bc:c7:32:
17:52:89:45:dc:c0:ce:92:da:e3:35:f6:ad:a2:dd:c5:e4:89:
9c:8e:9d:93:ec:52:10:87:97:07:ea:36:2b:e1:5f:2b:df:e5:
7c:ca:2d:d7:37:f8:ee:7a:9d:55:ec:95:54:64:b1:1b:ef:56:
3c:31:14:5a:8d:b1:62:15:5f:be:5b:e2:ad:5e:14:99:eb:91:
f1:a4:0e:74:11:f9:07:a1:81:64:b7:4f:08:d7:ad:60:40:11:
1f:fd:e9:51:ca:de:80:7b:29:61:16:ae:e2:d0:eb:4c:53:8e:
aa:9b:30:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pRvmyxGbZfEhIcqTtnfXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMzQyMTZiM2JkOTIxYjZjNjYxODdhOGM4NmE0YTRiYjBl
ZTUyM2YwHhcNMjYwMTAyMTIxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2RkMGY3ZmM4YmJmMjJhZmVhOTk2OTcwZjE2YzY4ZGZmNWY5ZGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0R31lj3YQ5w/x3HDZrZBTYghw+2A
r3pE4ZBl4NUsLPHNQirO/Mmd3UiozZ0pjid4H8KT1BhPA8KtHklfKerl8s/+t/l4
GRncv0QEZWQYjEXGZPCGA4PXFV7GuATzNA3DtySE76XovIPDEYSlPo0R4xj8vloK
0R8h9nC8944mDRbVLtLwPTI58JqhlZFyTnVPhqx01+my0oi/1gm28lKAzZxAjC5B
MD139FzdrLAEqS3cJsoFds/so/5TMsqHuJ+3D1GOkk03orjAFwDu/sP0h1yjmJ9i
eBq0plWyCvCz4NqMUGUQnsg+P4j6MNSG64jbqYKO8enoJUnAB0j18ZEHSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfdD3/Iu/Iq/qmWlw8Wxo3/X530MB8GA1UdIwQY
MBaAFNo0IWs72SG2xmGHqMhqSkuw7lI/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmpRaGF6dlpJYmJHWVllb3lHcEtTN0R1VWo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MWVlN2MtM2MwNC00YTljLTlkZjct
MGJmNTkwNWIzNWVmLzEvdDkwUGY4aTc4aXItcVphWER4YkdqZjlmbmZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MWVlN2MtM2MwNC00YTljLTlkZjctMGJmNTkwNWIzNWVm
LzEvMmpRaGF6dlpJYmJHWVllb3lHcEtTN0R1VWo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstnAMA0G
CSqGSIb3DQEBCwUAA4IBAQCVUkKv+2MGVAWYIRTAUPh1oY2pngcElsHxLMlGtlCT
ukkkE/BgOeBfxI1zJxJzKtbotYYK9oCToVvVXeknBPWQ/o0nCfzbJ4e9Fr0Mnmey
7m8/oIqyiwvkiKbKKEObDTde3HMvMpap44s0Qekr75QFY4B3CyrpnhDEjp8DhcZc
h0XEjw0HYabGAIZTZu+8xzIXUolF3MDOktrjNfatot3F5Imcjp2T7FIQh5cH6jYr
4V8r3+V8yi3XN/juep1V7JVUZLEb71Y8MRRajbFiFV++W+KtXhSZ65HxpA50EfkH
oYFkt08I161gQBEf/elRyt6AeylhFq7i0OtMU46qmzCC
-----END CERTIFICATE-----
Generated at Mon Mar 2 03:53:13 2026 by rpki-client