Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/bPoEfZam0GZUvE1xltgIVPM2UVA.roa
File: bPoEfZam0GZUvE1xltgIVPM2UVA.roa (raw, json)
Hash identifier: oJcgAX3KB1YWr1arABvCqWuGMGK5eGcGXJDWs9BTX6I=
Subject key identifier: 6C:FA:04:7D:96:A6:D0:66:54:BC:4D:71:96:D8:08:54:F3:36:51:50
Certificate issuer: /CN=d7880ed1021d0ecac71205673b004813b39dfc99
Certificate serial: 019B7C123A298B28F7856E92714E152A0721
Authority key identifier: D7:88:0E:D1:02:1D:0E:CA:C7:12:05:67:3B:00:48:13:B3:9D:FC:99
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/14gO0QIdDsrHEgVnOwBIE7Od_Jk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/bPoEfZam0GZUvE1xltgIVPM2UVA.roa
Signing time: Fri 02 Jan 2026 00:18:47 +0000
ROA not before: Fri 02 Jan 2026 00:18:47 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 29680
IP address blocks: 151.252.112.0/21 maxlen: 21
176.28.88.0/21 maxlen: 23
178.23.208.0/21 maxlen: 24
193.22.119.0/24 maxlen: 24
193.238.52.0/22 maxlen: 22
217.18.224.0/21 maxlen: 21
217.18.232.0/22 maxlen: 22
217.18.236.0/24 maxlen: 24
217.18.237.0/24 maxlen: 24
217.18.239.0/24 maxlen: 24
2a00:d60::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/14gO0QIdDsrHEgVnOwBIE7Od_Jk.crl
rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/14gO0QIdDsrHEgVnOwBIE7Od_Jk.mft
rsync://rpki.ripe.net/repository/DEFAULT/14gO0QIdDsrHEgVnOwBIE7Od_Jk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 06:00:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:12:3a:29:8b:28:f7:85:6e:92:71:4e:15:2a:07:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d7880ed1021d0ecac71205673b004813b39dfc99
Validity
Not Before: Jan 2 00:18:47 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6cfa047d96a6d06654bc4d7196d80854f3365150
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:e8:36:81:39:3b:f9:c8:15:f1:9d:87:bb:e2:
04:a7:80:33:a8:9d:76:0b:74:fb:5b:e2:dd:45:d2:
56:7e:7d:b2:57:25:4e:f5:21:35:16:4f:ff:db:5a:
b7:6d:60:c0:4a:5d:df:f2:c1:61:19:a7:71:b4:6e:
3c:17:2e:4e:31:64:07:ee:00:df:5d:bf:9d:15:6b:
cb:75:eb:dc:55:96:34:74:d0:b4:62:5f:8a:1b:38:
8f:e4:10:c1:54:15:7a:ca:87:10:f5:63:55:1e:b2:
43:75:e6:39:6f:44:71:79:d2:4e:9a:07:90:9a:03:
cf:eb:42:9c:3a:dc:2b:28:33:67:19:b7:ed:76:0a:
3d:7c:51:de:bb:49:aa:63:79:b9:e8:15:c5:35:f2:
ee:cf:43:c5:c8:08:2e:78:ba:18:b4:1b:98:e0:d6:
b9:01:8a:9f:5a:b0:2d:4a:05:c7:79:1a:25:97:a8:
f4:61:d6:e9:4d:a5:3a:e1:3e:ec:31:19:5b:9c:53:
cc:96:73:75:ef:2f:97:a3:e2:e6:11:c8:aa:13:4c:
0e:c8:f7:e1:81:1b:f0:ca:7c:be:de:82:4e:e5:cc:
80:5c:6b:ed:f3:5f:19:31:fe:be:80:41:c8:14:6d:
77:95:9f:b8:06:d0:e1:e7:17:a1:94:a2:27:71:ac:
36:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:FA:04:7D:96:A6:D0:66:54:BC:4D:71:96:D8:08:54:F3:36:51:50
X509v3 Authority Key Identifier:
keyid:D7:88:0E:D1:02:1D:0E:CA:C7:12:05:67:3B:00:48:13:B3:9D:FC:99
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/14gO0QIdDsrHEgVnOwBIE7Od_Jk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/bPoEfZam0GZUvE1xltgIVPM2UVA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/14gO0QIdDsrHEgVnOwBIE7Od_Jk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.252.112.0/21
176.28.88.0/21
178.23.208.0/21
193.22.119.0/24
193.238.52.0/22
217.18.224.0-217.18.237.255
217.18.239.0/24
IPv6:
2a00:d60::/32
Signature Algorithm: sha256WithRSAEncryption
56:bd:6f:6c:46:a5:e5:aa:dc:2b:12:5f:b1:52:f1:c3:8f:13:
50:2f:ff:ff:e7:00:c9:36:3b:b0:ab:dc:a7:a0:7f:98:33:7e:
d0:7d:12:50:d7:55:07:15:be:66:05:ee:e2:1e:a6:0a:f2:e2:
b0:ad:03:d4:9c:73:77:2d:5a:7d:05:10:2b:29:ce:1a:d4:db:
ed:32:1f:6a:8f:a3:9c:be:94:ef:36:60:10:88:2d:d5:00:d6:
67:89:f4:4a:15:05:68:7b:b3:11:19:37:14:1d:1c:1a:88:f8:
0d:6a:85:99:92:47:c7:07:cb:b1:1b:74:1c:b1:8c:f8:3d:34:
ce:90:20:f5:64:e5:1a:c4:77:45:0e:ee:61:29:bf:23:aa:23:
cb:4a:05:d4:b8:fb:84:d7:16:22:0f:cd:ff:6a:39:6f:01:07:
d4:a0:b9:eb:46:7b:ab:d3:11:d0:52:68:81:31:20:5f:3f:b0:
04:01:bd:23:f4:02:85:ef:d7:c2:c2:f9:23:48:65:57:97:73:
33:63:ef:b3:7c:f4:66:43:a2:b8:e9:f1:63:cf:da:af:5c:61:
ee:73:c8:b4:e8:b5:70:f9:dc:48:7b:01:af:68:60:a0:0e:36:
13:98:af:a8:ea:90:d3:01:ee:d5:ac:f1:2f:93:11:2a:c6:83:
2c:7d:0a:e0
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZt8Ejopiyj3hW6ScU4VKgchMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3ODgwZWQxMDIxZDBlY2FjNzEyMDU2NzNiMDA0ODEzYjM5
ZGZjOTkwHhcNMjYwMTAyMDAxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2ZhMDQ3ZDk2YTZkMDY2NTRiYzRkNzE5NmQ4MDg1NGYzMzY1MTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Og2gTk7+cgV8Z2Hu+IEp4AzqJ12
C3T7W+LdRdJWfn2yVyVO9SE1Fk//21q3bWDASl3f8sFhGadxtG48Fy5OMWQH7gDf
Xb+dFWvLdevcVZY0dNC0Yl+KGziP5BDBVBV6yocQ9WNVHrJDdeY5b0RxedJOmgeQ
mgPP60KcOtwrKDNnGbftdgo9fFHeu0mqY3m56BXFNfLuz0PFyAgueLoYtBuY4Na5
AYqfWrAtSgXHeRoll6j0YdbpTaU64T7sMRlbnFPMlnN17y+Xo+LmEciqE0wOyPfh
gRvwyny+3oJO5cyAXGvt818ZMf6+gEHIFG13lZ+4BtDh5xehlKIncaw2KQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFGz6BH2WptBmVLxNcZbYCFTzNlFQMB8GA1UdIwQY
MBaAFNeIDtECHQ7KxxIFZzsASBOznfyZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTRnTzBRSWREc3JIRWdWbk93QklFN09kX0prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC83NTY1MDUtMjA2Mi00OWU3LTk0ZmUt
MDQ3NzdjMTk4ZWYxLzEvYlBvRWZaYW0wR1pVdkUxeGx0Z0lWUE0yVVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC83NTY1MDUtMjA2Mi00OWU3LTk0ZmUtMDQ3NzdjMTk4ZWYx
LzEvMTRnTzBRSWREc3JIRWdWbk93QklFN09kX0prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQDl/xwAwQD
sBxYAwQDshfQAwQAwRZ3AwQCwe40MAwDBAXZEuADBAHZEuwDBADZEu8wDQQCAAIw
BwMFACoADWAwDQYJKoZIhvcNAQELBQADggEBAFa9b2xGpeWq3CsSX7FS8cOPE1Av
///nAMk2O7Cr3Kegf5gzftB9ElDXVQcVvmYF7uIepgry4rCtA9Scc3ctWn0FECsp
zhrU2+0yH2qPo5y+lO82YBCILdUA1meJ9EoVBWh7sxEZNxQdHBqI+A1qhZmSR8cH
y7EbdByxjPg9NM6QIPVk5RrEd0UO7mEpvyOqI8tKBdS4+4TXFiIPzf9qOW8BB9Sg
uetGe6vTEdBSaIExIF8/sAQBvSP0AoXv18LC+SNIZVeXczNj77N89GZDorjp8WPP
2q9cYe5zyLTotXD53Eh7Aa9oYKAONhOYr6jqkNMB7tWs8S+TESrGgyx9CuA=
-----END CERTIFICATE-----
Generated at Mon Mar 2 15:05:19 2026 by rpki-client