Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/df84a7-72c9-4a2f-8115-afbdbdad58a5/1/B9HNNW3Bz7oID9G3-lfUfNqxyrY.roa
File: B9HNNW3Bz7oID9G3-lfUfNqxyrY.roa (raw, json)
Hash identifier: tzCu3LyuSxup7J333i9m+mIRLj60qx1pJbahNRpyJGA=
Subject key identifier: 07:D1:CD:35:6D:C1:CF:BA:08:0F:D1:B7:FA:57:D4:7C:DA:B1:CA:B6
Certificate issuer: /CN=b194f0304eedd363c6622fd91c59b10871aa3044
Certificate serial: 019C95C6E94820D90B6EC1BDD5B1BB3CF9C9
Authority key identifier: B1:94:F0:30:4E:ED:D3:63:C6:62:2F:D9:1C:59:B1:08:71:AA:30:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sZTwME7t02PGYi_ZHFmxCHGqMEQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/df84a7-72c9-4a2f-8115-afbdbdad58a5/1/B9HNNW3Bz7oID9G3-lfUfNqxyrY.roa
Signing time: Wed 25 Feb 2026 17:09:26 +0000
ROA not before: Wed 25 Feb 2026 17:09:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 30870
IP address blocks: 87.101.8.0/21 maxlen: 24
171.25.179.0/24 maxlen: 24
185.40.56.0/22 maxlen: 24
185.108.116.0/22 maxlen: 24
194.30.160.0/24 maxlen: 24
2a01:4d60::/32 maxlen: 48
2a06:4a80::/29 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/49/df84a7-72c9-4a2f-8115-afbdbdad58a5/1/sZTwME7t02PGYi_ZHFmxCHGqMEQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/49/df84a7-72c9-4a2f-8115-afbdbdad58a5/1/sZTwME7t02PGYi_ZHFmxCHGqMEQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/sZTwME7t02PGYi_ZHFmxCHGqMEQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:95:c6:e9:48:20:d9:0b:6e:c1:bd:d5:b1:bb:3c:f9:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b194f0304eedd363c6622fd91c59b10871aa3044
Validity
Not Before: Feb 25 17:09:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=07d1cd356dc1cfba080fd1b7fa57d47cdab1cab6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:4c:32:d5:0f:fb:34:de:51:1b:db:20:aa:1f:
88:f6:e9:d9:01:6b:ff:97:1c:3e:18:a3:0c:b1:e2:
cf:b1:cf:2e:8c:1c:66:19:75:13:21:46:34:42:be:
de:16:ff:64:5c:e6:22:a3:d1:b3:c9:13:28:5f:69:
ed:94:98:b4:79:6c:26:5b:0c:64:b4:7d:53:2d:c8:
a6:b0:63:53:23:11:5f:61:d3:c0:5a:b5:f3:f3:73:
00:7b:aa:5c:ba:96:36:a0:25:ce:26:18:66:9f:9d:
d7:63:6f:7f:ec:cb:5b:67:10:69:86:c8:c1:37:6f:
3f:0e:f6:19:b3:40:56:bb:65:5e:6b:05:1c:8d:70:
ea:17:e5:da:31:0c:6e:41:98:5e:98:cc:d4:f7:70:
10:fc:0e:ff:93:70:80:fb:7d:6e:29:1b:12:92:55:
1f:ef:a4:9a:b5:45:83:19:cd:07:40:51:82:c7:89:
15:8b:d3:09:ed:67:3a:3a:80:29:fd:00:dc:5b:d9:
cd:9d:48:a0:61:7c:24:6a:4e:ad:43:1a:83:d1:b2:
4d:f2:06:e0:74:13:8b:5e:e5:6e:3f:0d:30:00:4e:
67:f9:b2:dd:3a:b5:86:45:4f:6b:fb:3c:a9:78:67:
7d:90:b4:c8:1a:ff:7f:8d:f0:1a:fc:7c:d0:33:32:
40:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:D1:CD:35:6D:C1:CF:BA:08:0F:D1:B7:FA:57:D4:7C:DA:B1:CA:B6
X509v3 Authority Key Identifier:
keyid:B1:94:F0:30:4E:ED:D3:63:C6:62:2F:D9:1C:59:B1:08:71:AA:30:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sZTwME7t02PGYi_ZHFmxCHGqMEQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/df84a7-72c9-4a2f-8115-afbdbdad58a5/1/B9HNNW3Bz7oID9G3-lfUfNqxyrY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/df84a7-72c9-4a2f-8115-afbdbdad58a5/1/sZTwME7t02PGYi_ZHFmxCHGqMEQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.101.8.0/21
171.25.179.0/24
185.40.56.0/22
185.108.116.0/22
194.30.160.0/24
IPv6:
2a01:4d60::/32
2a06:4a80::/29
Signature Algorithm: sha256WithRSAEncryption
7d:45:6c:ef:da:d8:1f:f1:6c:95:0b:99:3e:c2:62:d1:71:67:
ef:2a:4b:c7:7c:5f:ac:69:fa:56:4c:0a:58:e9:8c:f8:04:27:
77:36:cd:bf:d7:10:23:62:e3:e1:25:56:c0:88:cb:27:e3:a2:
66:ef:57:c3:e3:ca:6a:0f:69:6b:30:d7:e7:b8:50:43:78:6f:
48:0b:bb:89:ec:f8:bd:56:98:b6:26:37:49:0e:38:db:b8:c2:
21:21:c9:1d:dd:c1:31:8a:9d:4f:e7:45:29:dd:e5:64:29:e8:
38:21:7c:92:69:97:9a:24:ba:36:9c:34:92:dd:1c:d9:ec:6e:
56:0a:7f:65:ef:81:0a:e7:fe:58:0f:33:84:08:8d:f8:75:57:
d5:71:36:ef:bc:eb:57:c8:10:54:ab:57:ac:b0:70:71:b0:fb:
f2:8e:6a:d5:39:a6:00:9d:05:51:35:5e:db:8d:7c:5b:3c:b0:
31:27:43:60:e1:8b:2a:9f:cc:ba:bd:fa:d5:e1:e8:c9:8f:ce:
1b:bf:38:17:2d:c5:89:c2:a0:02:99:d2:4a:49:6e:5f:a6:30:
93:4c:6e:4c:91:96:f8:c4:55:55:3d:b3:14:6f:31:32:d2:aa:
ef:7e:c0:14:ff:6b:03:e6:7b:70:fb:f8:b7:f7:ec:88:bb:57:
ac:f8:85:93
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZyVxulIINkLbsG91bG7PPnJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxOTRmMDMwNGVlZGQzNjNjNjYyMmZkOTFjNTliMTA4NzFh
YTMwNDQwHhcNMjYwMjI1MTcwOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2QxY2QzNTZkYzFjZmJhMDgwZmQxYjdmYTU3ZDQ3Y2RhYjFjYWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Uwy1Q/7NN5RG9sgqh+I9unZAWv/
lxw+GKMMseLPsc8ujBxmGXUTIUY0Qr7eFv9kXOYio9GzyRMoX2ntlJi0eWwmWwxk
tH1TLcimsGNTIxFfYdPAWrXz83MAe6pcupY2oCXOJhhmn53XY29/7MtbZxBphsjB
N28/DvYZs0BWu2VeawUcjXDqF+XaMQxuQZhemMzU93AQ/A7/k3CA+31uKRsSklUf
76SatUWDGc0HQFGCx4kVi9MJ7Wc6OoAp/QDcW9nNnUigYXwkak6tQxqD0bJN8gbg
dBOLXuVuPw0wAE5n+bLdOrWGRU9r+zypeGd9kLTIGv9/jfAa/HzQMzJAnwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFAfRzTVtwc+6CA/Rt/pX1Hzascq2MB8GA1UdIwQY
MBaAFLGU8DBO7dNjxmIv2RxZsQhxqjBEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1pUd01FN3QwMlBHWWlfWkhGbXhDSEdxTUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9kZjg0YTctNzJjOS00YTJmLTgxMTUt
YWZiZGJkYWQ1OGE1LzEvQjlITk5XM0J6N29JRDlHMy1sZlVmTnF4eXJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9kZjg0YTctNzJjOS00YTJmLTgxMTUtYWZiZGJkYWQ1OGE1
LzEvc1pUd01FN3QwMlBHWWlfWkhGbXhDSEdxTUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAkBAIAATAeAwQDV2UIAwQA
qxmzAwQCuSg4AwQCuWx0AwQAwh6gMBQEAgACMA4DBQAqAU1gAwUDKgZKgDANBgkq
hkiG9w0BAQsFAAOCAQEAfUVs79rYH/FslQuZPsJi0XFn7ypLx3xfrGn6VkwKWOmM
+AQndzbNv9cQI2Lj4SVWwIjLJ+OiZu9Xw+PKag9pazDX57hQQ3hvSAu7iez4vVaY
tiY3SQ4427jCISHJHd3BMYqdT+dFKd3lZCnoOCF8kmmXmiS6Npw0kt0c2exuVgp/
Ze+BCuf+WA8zhAiN+HVX1XE277zrV8gQVKtXrLBwcbD78o5q1TmmAJ0FUTVe2418
WzywMSdDYOGLKp/Mur361eHoyY/OG784Fy3FicKgApnSSkluX6Ywk0xuTJGW+MRV
VT2zFG8xMtKq737AFP9rA+Z7cPv4t/fsiLtXrPiFkw==
-----END CERTIFICATE-----
Generated at Mon Mar 2 07:36:12 2026 by rpki-client