Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/936dd2-0c9a-48e9-aa71-d4519c539c9a/1/_BierKqkbKF0322RypaPacK7rIc.roa
File: _BierKqkbKF0322RypaPacK7rIc.roa (raw, json)
Hash identifier: ISjKL5qyY3D+UsNMMYXT9NMFhkS06ZSrlsMwCxHPEqg=
Subject key identifier: FC:18:9E:AC:AA:A4:6C:A1:74:DF:6D:91:CA:96:8F:69:C2:BB:AC:87
Certificate issuer: /CN=4a88f3ab94a07587220e3d716f7b717df1d9e6d6
Certificate serial: 019B79EC765115D69E43300F0B95E6F04E99
Authority key identifier: 4A:88:F3:AB:94:A0:75:87:22:0E:3D:71:6F:7B:71:7D:F1:D9:E6:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Sojzq5SgdYciDj1xb3txffHZ5tY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/936dd2-0c9a-48e9-aa71-d4519c539c9a/1/_BierKqkbKF0322RypaPacK7rIc.roa
Signing time: Thu 01 Jan 2026 14:18:18 +0000
ROA not before: Thu 01 Jan 2026 14:18:18 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 49567
IP address blocks: 31.217.240.0/21 maxlen: 21
45.154.100.0/22 maxlen: 22
45.155.24.0/22 maxlen: 22
84.252.108.0/22 maxlen: 22
94.198.120.0/21 maxlen: 21
185.76.224.0/22 maxlen: 22
185.213.132.0/22 maxlen: 22
2a03:7100::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4a/936dd2-0c9a-48e9-aa71-d4519c539c9a/1/Sojzq5SgdYciDj1xb3txffHZ5tY.crl
rsync://rpki.ripe.net/repository/DEFAULT/4a/936dd2-0c9a-48e9-aa71-d4519c539c9a/1/Sojzq5SgdYciDj1xb3txffHZ5tY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Sojzq5SgdYciDj1xb3txffHZ5tY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 14:00:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:79:ec:76:51:15:d6:9e:43:30:0f:0b:95:e6:f0:4e:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4a88f3ab94a07587220e3d716f7b717df1d9e6d6
Validity
Not Before: Jan 1 14:18:18 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fc189eacaaa46ca174df6d91ca968f69c2bbac87
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:82:13:a8:8a:59:7f:37:97:92:26:80:c9:bd:
e1:1c:90:6a:af:68:df:7c:00:26:d8:99:df:a0:bf:
bf:58:7e:c1:ee:56:c8:15:bd:0c:c1:89:fe:22:3b:
be:8d:e8:ce:89:fc:13:23:49:6f:0d:bd:a0:ff:cb:
a9:e2:ef:39:60:9e:0d:d1:54:73:39:70:b1:be:63:
94:46:8b:c5:8a:8e:32:a3:1e:52:58:ad:1f:2c:60:
d2:0e:5b:51:50:6f:21:04:03:c5:89:8e:11:35:d9:
59:0c:86:93:d6:d9:66:e5:71:68:15:eb:d3:72:98:
92:f9:8e:73:36:d2:a9:ce:2d:df:54:f1:73:b6:ce:
c1:f0:0a:0d:cd:d0:16:28:10:95:70:be:34:f1:dc:
a8:43:e0:4e:87:f1:a4:77:e2:4d:f3:c7:30:80:c5:
16:5b:c8:83:dc:87:53:25:8b:86:2d:c6:57:fe:30:
3d:f6:d6:00:23:75:91:5e:6d:b8:40:f7:7e:32:ac:
66:87:68:49:f4:1b:f9:ba:85:85:f9:fe:fd:38:6d:
71:ef:f7:11:f4:a7:45:dd:a6:17:72:5f:75:87:b7:
12:fd:c3:7c:b5:3d:54:df:b2:fa:16:bc:45:0a:2b:
34:43:da:92:29:3d:d9:d8:67:b6:c4:3d:f1:6a:b8:
31:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:18:9E:AC:AA:A4:6C:A1:74:DF:6D:91:CA:96:8F:69:C2:BB:AC:87
X509v3 Authority Key Identifier:
keyid:4A:88:F3:AB:94:A0:75:87:22:0E:3D:71:6F:7B:71:7D:F1:D9:E6:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sojzq5SgdYciDj1xb3txffHZ5tY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/936dd2-0c9a-48e9-aa71-d4519c539c9a/1/_BierKqkbKF0322RypaPacK7rIc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/936dd2-0c9a-48e9-aa71-d4519c539c9a/1/Sojzq5SgdYciDj1xb3txffHZ5tY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.217.240.0/21
45.154.100.0/22
45.155.24.0/22
84.252.108.0/22
94.198.120.0/21
185.76.224.0/22
185.213.132.0/22
IPv6:
2a03:7100::/29
Signature Algorithm: sha256WithRSAEncryption
1f:b0:21:e3:a0:d7:eb:63:7f:af:98:65:ff:9a:a9:77:4a:02:
a0:69:97:1b:35:bd:76:08:8a:4f:d0:a2:56:86:06:f5:c8:eb:
6b:ae:59:22:9b:08:5c:86:fc:45:69:7b:d8:2a:92:ec:1e:57:
dd:52:13:9c:43:f5:7c:2b:1e:af:63:59:4c:07:90:e8:e4:07:
4d:f8:bd:91:1e:16:aa:b2:a1:3b:64:77:5d:cd:ad:0c:ae:9d:
6c:3e:9e:90:04:1d:f3:27:5b:60:6d:5e:af:14:60:a7:e4:ca:
c4:69:14:13:20:5c:51:ff:53:7c:74:c5:8e:43:24:d5:f6:e9:
9b:f6:9d:42:08:bf:2b:e4:fb:12:c9:36:13:b7:df:82:bc:8d:
e8:be:7d:a1:32:17:8f:b7:93:c9:4f:5b:5b:04:9c:a4:3b:6b:
b6:cb:33:31:a6:b4:e8:8e:db:44:63:d0:61:b3:3d:d0:4b:5e:
4a:5d:88:1c:c6:a9:9a:d6:be:5e:db:1f:cf:f3:8c:7c:00:7c:
08:53:85:b4:a3:23:63:bd:f6:3e:27:11:34:9f:da:2a:af:56:
d3:d1:bd:8b:d8:6d:83:e5:4d:9d:b6:89:67:3e:58:75:89:b9:
97:77:7b:fd:c9:cf:cc:58:06:01:a4:08:a2:5b:ac:8d:b9:f8:
9e:93:70:92
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZt57HZRFdaeQzAPC5Xm8E6ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhODhmM2FiOTRhMDc1ODcyMjBlM2Q3MTZmN2I3MTdkZjFk
OWU2ZDYwHhcNMjYwMTAxMTQxODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzE4OWVhY2FhYTQ2Y2ExNzRkZjZkOTFjYTk2OGY2OWMyYmJhYzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA64ITqIpZfzeXkiaAyb3hHJBqr2jf
fAAm2JnfoL+/WH7B7lbIFb0MwYn+Iju+jejOifwTI0lvDb2g/8up4u85YJ4N0VRz
OXCxvmOURovFio4yox5SWK0fLGDSDltRUG8hBAPFiY4RNdlZDIaT1tlm5XFoFevT
cpiS+Y5zNtKpzi3fVPFzts7B8AoNzdAWKBCVcL408dyoQ+BOh/Gkd+JN88cwgMUW
W8iD3IdTJYuGLcZX/jA99tYAI3WRXm24QPd+Mqxmh2hJ9Bv5uoWF+f79OG1x7/cR
9KdF3aYXcl91h7cS/cN8tT1U37L6FrxFCis0Q9qSKT3Z2Ge2xD3xargx5wIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFPwYnqyqpGyhdN9tkcqWj2nCu6yHMB8GA1UdIwQY
MBaAFEqI86uUoHWHIg49cW97cX3x2ebWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU29qenE1U2dkWWNpRGoxeGIzdHhmZkhaNXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS85MzZkZDItMGM5YS00OGU5LWFhNzEt
ZDQ1MTljNTM5YzlhLzEvX0JpZXJLcWtiS0YwMzIyUnlwYVBhY0s3ckljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS85MzZkZDItMGM5YS00OGU5LWFhNzEtZDQ1MTljNTM5Yzlh
LzEvU29qenE1U2dkWWNpRGoxeGIzdHhmZkhaNXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDH9nwAwQC
LZpkAwQCLZsYAwQCVPxsAwQDXsZ4AwQCuUzgAwQCudWEMA0EAgACMAcDBQMqA3EA
MA0GCSqGSIb3DQEBCwUAA4IBAQAfsCHjoNfrY3+vmGX/mql3SgKgaZcbNb12CIpP
0KJWhgb1yOtrrlkimwhchvxFaXvYKpLsHlfdUhOcQ/V8Kx6vY1lMB5Do5AdN+L2R
HhaqsqE7ZHddza0Mrp1sPp6QBB3zJ1tgbV6vFGCn5MrEaRQTIFxR/1N8dMWOQyTV
9umb9p1CCL8r5PsSyTYTt9+CvI3ovn2hMhePt5PJT1tbBJykO2u2yzMxprTojttE
Y9Bhsz3QS15KXYgcxqma1r5e2x/P84x8AHwIU4W0oyNjvfY+JxE0n9oqr1bT0b2L
2G2D5U2dtolnPlh1ibmXd3v9yc/MWAYBpAiiW6yNufiek3CS
-----END CERTIFICATE-----
Generated at Mon Mar 2 18:03:50 2026 by rpki-client