Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/38006f-fbfc-48aa-85ef-065bc28c2a52/1/_212wJQlWeYcBkxbC19a1SlrDyo.roa
File: _212wJQlWeYcBkxbC19a1SlrDyo.roa (raw, json)
Hash identifier: h2roho0ZuXP4gmifiDr6Me5QQTfPCj8NZhRd1vhy6yA=
Subject key identifier: FF:6D:76:C0:94:25:59:E6:1C:06:4C:5B:0B:5F:5A:D5:29:6B:0F:2A
Certificate issuer: /CN=5847f1f4f6bcb2a4758ac8a997bc108000e418d1
Certificate serial: 019B7F84684F9E24BCDB297D2B612D7CB31E
Authority key identifier: 58:47:F1:F4:F6:BC:B2:A4:75:8A:C8:A9:97:BC:10:80:00:E4:18:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WEfx9Pa8sqR1isipl7wQgADkGNE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/38006f-fbfc-48aa-85ef-065bc28c2a52/1/_212wJQlWeYcBkxbC19a1SlrDyo.roa
Signing time: Fri 02 Jan 2026 16:22:22 +0000
ROA not before: Fri 02 Jan 2026 16:22:22 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 198346
IP address blocks: 91.222.52.0/24 maxlen: 24
91.222.53.0/24 maxlen: 24
91.222.54.0/24 maxlen: 24
91.222.55.0/24 maxlen: 24
2a13:e900::/32 maxlen: 32
2a13:e901::/32 maxlen: 32
2a13:e902::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4d/38006f-fbfc-48aa-85ef-065bc28c2a52/1/WEfx9Pa8sqR1isipl7wQgADkGNE.crl
rsync://rpki.ripe.net/repository/DEFAULT/4d/38006f-fbfc-48aa-85ef-065bc28c2a52/1/WEfx9Pa8sqR1isipl7wQgADkGNE.mft
rsync://rpki.ripe.net/repository/DEFAULT/WEfx9Pa8sqR1isipl7wQgADkGNE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 13:00:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7f:84:68:4f:9e:24:bc:db:29:7d:2b:61:2d:7c:b3:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5847f1f4f6bcb2a4758ac8a997bc108000e418d1
Validity
Not Before: Jan 2 16:22:22 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ff6d76c0942559e61c064c5b0b5f5ad5296b0f2a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:20:bc:e6:39:df:94:b9:06:fa:40:9b:db:99:
ad:58:17:b9:43:84:13:70:74:1c:e3:32:31:e2:10:
a8:58:95:b1:58:e5:db:c3:47:cd:a6:94:6b:75:27:
50:ac:85:7f:19:65:10:50:9d:88:40:40:fc:17:58:
8f:64:9f:ac:55:30:a4:b4:89:88:7b:5f:f2:a3:16:
01:1f:50:8e:87:3b:f0:bd:12:77:5e:e1:c5:18:06:
fb:13:43:2b:b4:49:aa:3c:bd:72:f0:a0:6d:7e:06:
09:d9:54:08:16:12:0b:be:13:8b:0c:55:69:bb:64:
99:d0:fa:13:99:a5:68:ba:c2:9b:10:b4:f5:67:08:
8d:ad:bb:5f:0b:d5:99:92:69:38:e7:03:8f:c2:06:
b7:3b:52:d7:8c:73:4e:55:00:5a:6a:ba:83:01:95:
a9:9d:f9:65:18:d6:aa:bb:0e:55:ce:9f:2c:da:2e:
ae:22:0b:39:e7:59:e2:23:46:c3:8f:fa:01:dd:0f:
dd:5c:f2:4a:e7:f6:2d:05:7c:66:af:0e:40:d2:84:
95:6b:98:e7:5b:2c:f0:b1:40:f4:1f:ee:fd:e2:4b:
6e:d9:7c:09:72:26:7d:7e:f0:96:84:59:f5:4b:1b:
8a:78:18:90:f1:f8:15:01:d7:c5:2e:b2:4f:a2:96:
b0:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:6D:76:C0:94:25:59:E6:1C:06:4C:5B:0B:5F:5A:D5:29:6B:0F:2A
X509v3 Authority Key Identifier:
keyid:58:47:F1:F4:F6:BC:B2:A4:75:8A:C8:A9:97:BC:10:80:00:E4:18:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WEfx9Pa8sqR1isipl7wQgADkGNE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/38006f-fbfc-48aa-85ef-065bc28c2a52/1/_212wJQlWeYcBkxbC19a1SlrDyo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/38006f-fbfc-48aa-85ef-065bc28c2a52/1/WEfx9Pa8sqR1isipl7wQgADkGNE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.222.52.0/22
IPv6:
2a13:e900::-2a13:e902:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
95:41:46:4d:a5:b5:3f:52:06:ad:f4:3c:f9:df:a4:09:f3:fa:
93:29:a5:60:bd:6a:04:73:6e:97:97:65:f4:f1:c0:4d:bf:1f:
a3:da:7e:b0:6d:8f:bb:3d:22:a9:bf:21:1d:09:02:db:c0:d2:
ba:98:2e:7e:a7:a0:98:ec:1b:3b:db:cf:4f:82:35:c8:2b:17:
23:0f:64:1c:60:85:da:ee:fa:63:a0:28:3f:17:bd:8a:b3:ae:
76:65:f7:25:20:fc:ab:d2:7b:80:76:56:24:e4:f4:b8:e1:2c:
d9:99:13:24:de:01:31:1d:29:39:79:a3:7f:4d:3d:75:00:fc:
57:28:40:53:53:be:b5:17:66:a7:e4:27:5b:c2:0b:18:14:dd:
7b:15:d3:25:36:2a:c3:db:30:d7:f9:f2:bb:25:41:62:3b:85:
91:f2:74:52:ac:21:48:21:91:0d:3a:2c:9d:f6:1a:bb:c3:23:
e6:87:a7:da:2c:7d:ff:75:07:4c:20:6e:fb:e4:03:f2:b9:74:
11:d8:99:6d:b7:cd:39:b9:53:db:cc:ab:45:af:45:81:ec:4d:
3c:87:f2:08:65:9b:54:da:fb:4d:b2:1b:0a:a3:15:47:5d:24:
8f:bc:2e:89:35:0b:06:de:14:3d:6d:a9:b1:d4:9a:4f:d4:4b:
09:26:5d:3f
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZt/hGhPniS82yl9K2EtfLMeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NDdmMWY0ZjZiY2IyYTQ3NThhYzhhOTk3YmMxMDgwMDBl
NDE4ZDEwHhcNMjYwMTAyMTYyMjIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjZkNzZjMDk0MjU1OWU2MWMwNjRjNWIwYjVmNWFkNTI5NmIwZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSC85jnflLkG+kCb25mtWBe5Q4QT
cHQc4zIx4hCoWJWxWOXbw0fNppRrdSdQrIV/GWUQUJ2IQED8F1iPZJ+sVTCktImI
e1/yoxYBH1COhzvwvRJ3XuHFGAb7E0MrtEmqPL1y8KBtfgYJ2VQIFhILvhOLDFVp
u2SZ0PoTmaVousKbELT1ZwiNrbtfC9WZkmk45wOPwga3O1LXjHNOVQBaarqDAZWp
nfllGNaquw5Vzp8s2i6uIgs551niI0bDj/oB3Q/dXPJK5/YtBXxmrw5A0oSVa5jn
WyzwsUD0H+794ktu2XwJciZ9fvCWhFn1SxuKeBiQ8fgVAdfFLrJPopawmwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFP9tdsCUJVnmHAZMWwtfWtUpaw8qMB8GA1UdIwQY
MBaAFFhH8fT2vLKkdYrIqZe8EIAA5BjRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0VmeDlQYThzcVIxaXNpcGw3d1FnQURrR05FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8zODAwNmYtZmJmYy00OGFhLTg1ZWYt
MDY1YmMyOGMyYTUyLzEvXzIxMndKUWxXZVljQmt4YkMxOWExU2xyRHlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8zODAwNmYtZmJmYy00OGFhLTg1ZWYtMDY1YmMyOGMyYTUy
LzEvV0VmeDlQYThzcVIxaXNpcGw3d1FnQURrR05FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAMBAIAATAGAwQCW940MBUE
AgACMA8wDQMEACoT6QMFACoT6QIwDQYJKoZIhvcNAQELBQADggEBAJVBRk2ltT9S
Bq30PPnfpAnz+pMppWC9agRzbpeXZfTxwE2/H6PafrBtj7s9Iqm/IR0JAtvA0rqY
Ln6noJjsGzvbz0+CNcgrFyMPZBxghdru+mOgKD8XvYqzrnZl9yUg/KvSe4B2ViTk
9LjhLNmZEyTeATEdKTl5o39NPXUA/FcoQFNTvrUXZqfkJ1vCCxgU3XsV0yU2KsPb
MNf58rslQWI7hZHydFKsIUghkQ06LJ32GrvDI+aHp9osff91B0wgbvvkA/K5dBHY
mW23zTm5U9vMq0WvRYHsTTyH8ghlm1Ta+02yGwqjFUddJI+8Lok1CwbeFD1tqbHU
mk/USwkmXT8=
-----END CERTIFICATE-----
Generated at Mon Mar 2 17:17:50 2026 by rpki-client