Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/f04686-359b-4744-b930-1af279625fd0/1/AtB3A-GtrGG7ULQ6X8PKuFu-MDA.roa
File: AtB3A-GtrGG7ULQ6X8PKuFu-MDA.roa (raw, json)
Hash identifier: XelAFahqgXKc+akh+CQIFVNSjnh+4lCVUJF9Ga/50EI=
Subject key identifier: 02:D0:77:03:E1:AD:AC:61:BB:50:B4:3A:5F:C3:CA:B8:5B:BE:30:30
Certificate issuer: /CN=8520b77d035b912ffa406dfddf29e3a2963e6904
Certificate serial: 019B7DCA1571F2BF22FFAFC2557608FD0145
Authority key identifier: 85:20:B7:7D:03:5B:91:2F:FA:40:6D:FD:DF:29:E3:A2:96:3E:69:04
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hSC3fQNbkS_6QG393ynjopY-aQQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/56/f04686-359b-4744-b930-1af279625fd0/1/AtB3A-GtrGG7ULQ6X8PKuFu-MDA.roa
Signing time: Fri 02 Jan 2026 08:19:14 +0000
ROA not before: Fri 02 Jan 2026 08:19:14 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 29505
IP address blocks: 85.233.0.0/19 maxlen: 19
85.233.8.0/24 maxlen: 24
149.249.64.0/18 maxlen: 18
149.249.127.0/24 maxlen: 24
2a07:6c40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/56/f04686-359b-4744-b930-1af279625fd0/1/hSC3fQNbkS_6QG393ynjopY-aQQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/56/f04686-359b-4744-b930-1af279625fd0/1/hSC3fQNbkS_6QG393ynjopY-aQQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/hSC3fQNbkS_6QG393ynjopY-aQQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 05:00:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7d:ca:15:71:f2:bf:22:ff:af:c2:55:76:08:fd:01:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8520b77d035b912ffa406dfddf29e3a2963e6904
Validity
Not Before: Jan 2 08:19:14 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=02d07703e1adac61bb50b43a5fc3cab85bbe3030
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:80:ef:0d:d5:7a:54:68:d2:eb:58:28:39:59:
f7:22:4e:bb:aa:3f:b0:18:c0:ac:55:70:ee:b8:cb:
0e:c0:3d:95:2f:58:86:2c:a5:d7:76:a3:2a:8d:d1:
ba:1a:c9:89:cc:88:5b:f3:e4:05:15:df:51:b5:15:
73:d0:dc:64:6e:79:2d:62:97:e4:0f:42:e3:c4:c3:
4f:8f:37:67:a4:c8:1b:75:81:1f:4a:63:4d:1d:f7:
04:d3:49:ea:de:58:3e:af:42:cb:78:4b:ea:63:6a:
15:36:40:e2:85:fa:56:f1:c6:41:30:14:33:36:c5:
ae:ec:64:66:37:73:c3:70:83:ae:82:b9:e2:7d:b6:
dd:01:11:28:a9:eb:ac:0d:78:59:86:72:17:df:11:
5c:3b:9e:1d:13:26:a3:28:2c:f2:2c:cb:d3:ba:05:
48:16:3f:e9:03:bd:1e:22:aa:26:ec:7b:17:5a:71:
1c:4b:99:19:8e:f2:b9:85:ee:c3:ad:45:d6:af:07:
71:04:32:65:be:43:c9:58:2d:af:98:0e:e9:94:26:
c7:54:df:15:e1:13:23:09:1e:2b:63:2b:75:c7:a2:
e6:86:a7:a9:3b:8c:8a:84:dc:12:ec:f5:3f:9a:16:
80:0a:bd:63:23:c2:7e:7e:c1:6b:a3:3d:de:38:fd:
93:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:D0:77:03:E1:AD:AC:61:BB:50:B4:3A:5F:C3:CA:B8:5B:BE:30:30
X509v3 Authority Key Identifier:
keyid:85:20:B7:7D:03:5B:91:2F:FA:40:6D:FD:DF:29:E3:A2:96:3E:69:04
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hSC3fQNbkS_6QG393ynjopY-aQQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f04686-359b-4744-b930-1af279625fd0/1/AtB3A-GtrGG7ULQ6X8PKuFu-MDA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f04686-359b-4744-b930-1af279625fd0/1/hSC3fQNbkS_6QG393ynjopY-aQQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.233.0.0/19
149.249.64.0/18
IPv6:
2a07:6c40::/29
Signature Algorithm: sha256WithRSAEncryption
94:57:02:37:e5:c0:79:89:b8:7d:51:9e:7a:9a:03:f2:a9:c0:
ca:96:1b:ac:b8:99:b5:77:0b:90:95:e4:d4:18:21:8b:1f:56:
1d:44:d6:a7:8c:22:03:bc:2d:6d:6e:e0:f7:41:29:8b:04:a7:
27:8a:49:aa:05:ab:f1:a8:62:ec:99:83:3a:bf:bc:c9:e2:c7:
d9:1a:d4:ac:cb:93:48:1c:a9:de:34:c1:ea:47:c7:f5:92:03:
74:c2:d9:fb:c2:7d:57:84:1a:db:b4:33:17:b9:60:01:a6:92:
23:58:58:72:18:b6:e3:8b:e9:32:8e:99:4f:27:60:51:99:3d:
61:95:ba:57:3c:52:96:ea:4e:8f:97:ef:b1:a2:29:08:bd:06:
af:12:1c:e2:cb:3c:21:6c:56:f5:7c:ec:aa:a6:4e:26:bd:85:
2b:cd:f4:14:51:4f:5f:89:9a:84:eb:46:57:fe:29:d6:47:f7:
8b:75:31:9a:e4:c4:88:63:09:5c:93:de:70:5e:7d:89:dc:93:
b1:45:e9:5d:43:29:78:c0:5e:4c:cc:37:92:10:6b:c1:1e:38:
c0:17:0a:59:3a:d5:07:43:17:5f:d6:cf:4d:1d:54:62:d2:70:
85:86:c0:17:97:7f:b5:e0:0a:52:31:2c:a5:79:91:5a:32:c9:
65:d2:ab:e7
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt9yhVx8r8i/6/CVXYI/QFFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MjBiNzdkMDM1YjkxMmZmYTQwNmRmZGRmMjllM2EyOTYz
ZTY5MDQwHhcNMjYwMTAyMDgxOTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmQwNzcwM2UxYWRhYzYxYmI1MGI0M2E1ZmMzY2FiODViYmUzMDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIDvDdV6VGjS61goOVn3Ik67qj+w
GMCsVXDuuMsOwD2VL1iGLKXXdqMqjdG6GsmJzIhb8+QFFd9RtRVz0NxkbnktYpfk
D0LjxMNPjzdnpMgbdYEfSmNNHfcE00nq3lg+r0LLeEvqY2oVNkDihfpW8cZBMBQz
NsWu7GRmN3PDcIOugrnifbbdAREoqeusDXhZhnIX3xFcO54dEyajKCzyLMvTugVI
Fj/pA70eIqom7HsXWnEcS5kZjvK5he7DrUXWrwdxBDJlvkPJWC2vmA7plCbHVN8V
4RMjCR4rYyt1x6LmhqepO4yKhNwS7PU/mhaACr1jI8J+fsFroz3eOP2TFQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFALQdwPhraxhu1C0Ol/DyrhbvjAwMB8GA1UdIwQY
MBaAFIUgt30DW5Ev+kBt/d8p46KWPmkEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFNDM2ZRTmJrU182UUczOTN5bmpvcFktYVFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9mMDQ2ODYtMzU5Yi00NzQ0LWI5MzAt
MWFmMjc5NjI1ZmQwLzEvQXRCM0EtR3RyR0c3VUxRNlg4UEt1RnUtTURBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9mMDQ2ODYtMzU5Yi00NzQ0LWI5MzAtMWFmMjc5NjI1ZmQw
LzEvaFNDM2ZRTmJrU182UUczOTN5bmpvcFktYVFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFVekAAwQG
lflAMA0EAgACMAcDBQMqB2xAMA0GCSqGSIb3DQEBCwUAA4IBAQCUVwI35cB5ibh9
UZ56mgPyqcDKlhusuJm1dwuQleTUGCGLH1YdRNanjCIDvC1tbuD3QSmLBKcnikmq
BavxqGLsmYM6v7zJ4sfZGtSsy5NIHKneNMHqR8f1kgN0wtn7wn1XhBrbtDMXuWAB
ppIjWFhyGLbji+kyjplPJ2BRmT1hlbpXPFKW6k6Pl++xoikIvQavEhziyzwhbFb1
fOyqpk4mvYUrzfQUUU9fiZqE60ZX/inWR/eLdTGa5MSIYwlck95wXn2J3JOxReld
Qyl4wF5MzDeSEGvBHjjAFwpZOtUHQxdf1s9NHVRi0nCFhsAXl3+14ApSMSyleZFa
Msll0qvn
-----END CERTIFICATE-----
Generated at Mon Mar 2 12:54:54 2026 by rpki-client