Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/aa95e3-5082-4fa7-a7ab-94cf3a35bf8c/1/1-GRTqjXQkFHtHIjRYwLZi1KTRJc.roa
File: 1-GRTqjXQkFHtHIjRYwLZi1KTRJc.roa (raw, json)
Hash identifier: MSUgSHZW6Ea4DvJIbdr2FWIlr8/ozfs7TeeObXa1zoY=
Subject key identifier: F8:64:53:AA:35:D0:90:51:ED:1C:88:D1:63:02:D9:8B:52:93:44:97
Certificate issuer: /CN=08092d27478143c6ae3905c47f5847df9c02f413
Certificate serial: 019B79ED56686590458112F87085D1914277
Authority key identifier: 08:09:2D:27:47:81:43:C6:AE:39:05:C4:7F:58:47:DF:9C:02:F4:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CAktJ0eBQ8auOQXEf1hH35wC9BM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/aa95e3-5082-4fa7-a7ab-94cf3a35bf8c/1/1-GRTqjXQkFHtHIjRYwLZi1KTRJc.roa
Signing time: Thu 01 Jan 2026 14:19:15 +0000
ROA not before: Thu 01 Jan 2026 14:19:15 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 199235
IP address blocks: 37.143.72.0/22 maxlen: 22
89.147.124.0/22 maxlen: 22
185.83.224.0/22 maxlen: 22
2a02:6f40::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/aa95e3-5082-4fa7-a7ab-94cf3a35bf8c/1/CAktJ0eBQ8auOQXEf1hH35wC9BM.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/aa95e3-5082-4fa7-a7ab-94cf3a35bf8c/1/CAktJ0eBQ8auOQXEf1hH35wC9BM.mft
rsync://rpki.ripe.net/repository/DEFAULT/CAktJ0eBQ8auOQXEf1hH35wC9BM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:79:ed:56:68:65:90:45:81:12:f8:70:85:d1:91:42:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=08092d27478143c6ae3905c47f5847df9c02f413
Validity
Not Before: Jan 1 14:19:15 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f86453aa35d09051ed1c88d16302d98b52934497
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:f6:d1:2a:eb:16:a2:f9:47:fe:c3:b4:15:c4:
3f:68:4c:88:30:80:80:60:2e:b4:0d:46:61:7e:8f:
f8:50:bf:63:88:7c:29:2b:3a:88:f1:2b:33:83:08:
6b:ee:03:f8:b9:a0:e2:49:d5:7d:ef:26:c8:53:79:
80:e6:08:24:c0:6c:45:b5:6a:45:44:d9:10:33:6e:
45:e3:4f:48:14:55:57:f4:1d:9f:e1:eb:8c:a1:43:
7a:b5:ee:87:d8:7e:a3:46:06:76:34:01:67:48:42:
43:5d:b4:82:ab:10:db:f9:36:6c:82:f7:b9:a1:73:
9c:4b:8e:6e:6c:9d:a2:9b:fc:93:65:35:c6:ce:4b:
a8:b5:a9:9b:d3:17:b9:19:98:2d:0d:8d:5c:00:8b:
bd:ee:75:0e:5d:71:86:24:0e:bf:be:96:fa:dd:eb:
29:68:3a:bb:03:bc:af:0e:0d:12:fd:e4:00:84:7d:
04:35:da:a3:00:e1:6a:72:5d:51:4c:20:ed:bc:d3:
0d:7f:5b:b2:08:5e:2c:d8:85:1d:26:76:e7:88:c1:
c8:4a:ef:7f:4f:a3:b1:b3:3b:99:04:1b:eb:37:87:
83:88:4c:32:41:7f:e8:85:8b:89:86:7a:bc:20:81:
69:fc:67:89:dd:13:ae:c0:29:3f:03:f5:5e:48:85:
93:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:64:53:AA:35:D0:90:51:ED:1C:88:D1:63:02:D9:8B:52:93:44:97
X509v3 Authority Key Identifier:
keyid:08:09:2D:27:47:81:43:C6:AE:39:05:C4:7F:58:47:DF:9C:02:F4:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAktJ0eBQ8auOQXEf1hH35wC9BM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/aa95e3-5082-4fa7-a7ab-94cf3a35bf8c/1/1-GRTqjXQkFHtHIjRYwLZi1KTRJc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/aa95e3-5082-4fa7-a7ab-94cf3a35bf8c/1/CAktJ0eBQ8auOQXEf1hH35wC9BM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.143.72.0/22
89.147.124.0/22
185.83.224.0/22
IPv6:
2a02:6f40::/32
Signature Algorithm: sha256WithRSAEncryption
7d:db:65:90:bc:21:ca:32:cb:59:8b:5f:41:dc:25:52:b6:03:
5c:de:34:6d:69:8e:f8:e0:25:50:c7:1b:ed:05:62:67:4e:19:
41:00:2e:93:a6:a0:cc:b6:94:a5:01:c4:3d:2e:5e:95:15:e3:
e6:b6:2e:0a:42:29:a8:8e:44:86:fc:3f:2f:41:41:0f:56:f2:
52:de:15:5d:ad:6d:4c:0d:a0:ed:87:c5:b0:95:8f:e5:17:d2:
86:8c:d0:53:07:86:8d:41:13:9d:aa:32:63:46:05:0d:27:93:
79:b9:16:83:81:f7:30:28:6a:86:8b:57:62:3d:10:da:30:3a:
00:30:65:b5:b2:35:3d:fa:4a:79:df:ac:a1:a1:1f:5d:2c:b2:
0a:8d:4f:b8:39:12:9a:15:26:c5:d6:a1:30:40:f4:c0:6e:28:
91:ba:fc:93:ce:ef:45:2a:f1:75:fa:36:13:3f:37:14:34:8d:
e0:cb:ef:2c:71:aa:87:07:4e:c3:65:5b:ac:af:45:c6:39:df:
43:52:7c:7a:c2:76:02:39:e0:f5:42:58:a9:5d:ba:fa:3d:d0:
d5:91:11:7e:43:72:50:58:3d:e2:c6:54:22:07:1d:dc:ba:af:
38:4d:98:ba:5c:bf:21:f0:49:e7:2e:53:a4:ca:6b:a4:f6:cf:
48:21:ae:41
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZt57VZoZZBFgRL4cIXRkUJ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDkyZDI3NDc4MTQzYzZhZTM5MDVjNDdmNTg0N2RmOWMw
MmY0MTMwHhcNMjYwMTAxMTQxOTE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODY0NTNhYTM1ZDA5MDUxZWQxYzg4ZDE2MzAyZDk4YjUyOTM0NDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4/bRKusWovlH/sO0FcQ/aEyIMICA
YC60DUZhfo/4UL9jiHwpKzqI8Sszgwhr7gP4uaDiSdV97ybIU3mA5ggkwGxFtWpF
RNkQM25F409IFFVX9B2f4euMoUN6te6H2H6jRgZ2NAFnSEJDXbSCqxDb+TZsgve5
oXOcS45ubJ2im/yTZTXGzkuotamb0xe5GZgtDY1cAIu97nUOXXGGJA6/vpb63esp
aDq7A7yvDg0S/eQAhH0ENdqjAOFqcl1RTCDtvNMNf1uyCF4s2IUdJnbniMHISu9/
T6OxszuZBBvrN4eDiEwyQX/ohYuJhnq8IIFp/GeJ3ROuwCk/A/VeSIWTcwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFPhkU6o10JBR7RyI0WMC2YtSk0SXMB8GA1UdIwQY
MBaAFAgJLSdHgUPGrjkFxH9YR9+cAvQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FrdEowZUJROGF1T1FYRWYxaEgzNXdDOUJNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9hYTk1ZTMtNTA4Mi00ZmE3LWE3YWIt
OTRjZjNhMzViZjhjLzEvMS1HUlRxalhRa0ZIdEhJalJZd0xaaTFLVFJKYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWIvYWE5NWUzLTUwODItNGZhNy1hN2FiLTk0Y2YzYTM1YmY4
Yy8xL0NBa3RKMGVCUThhdU9RWEVmMWhIMzV3QzlCTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA6BggrBgEFBQcBBwEB/wQrMCkwGAQCAAEwEgMEAiWPSAME
AlmTfAMEArlT4DANBAIAAjAHAwUAKgJvQDANBgkqhkiG9w0BAQsFAAOCAQEAfdtl
kLwhyjLLWYtfQdwlUrYDXN40bWmO+OAlUMcb7QViZ04ZQQAuk6agzLaUpQHEPS5e
lRXj5rYuCkIpqI5Ehvw/L0FBD1byUt4VXa1tTA2g7YfFsJWP5RfShozQUweGjUET
naoyY0YFDSeTebkWg4H3MChqhotXYj0Q2jA6ADBltbI1PfpKed+soaEfXSyyCo1P
uDkSmhUmxdahMED0wG4okbr8k87vRSrxdfo2Ez83FDSN4MvvLHGqhwdOw2VbrK9F
xjnfQ1J8esJ2Ajng9UJYqV26+j3Q1ZERfkNyUFg94sZUIgcd3LqvOE2Yuly/IfBJ
5y5TpMprpPbPSCGuQQ==
-----END CERTIFICATE-----
Generated at Mon Mar 2 04:38:52 2026 by rpki-client