Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/207876-80b7-4443-9f0c-55f06f062ce0/1/K7fqgzr4VaMwzxlQivTAcOb_S58.roa
File: K7fqgzr4VaMwzxlQivTAcOb_S58.roa (raw, json)
Hash identifier: y3NGcPxthNQN1k1rh0jeoOmPaNWELIzyDE/AvyrEZsE=
Subject key identifier: 2B:B7:EA:83:3A:F8:55:A3:30:CF:19:50:8A:F4:C0:70:E6:FF:4B:9F
Certificate issuer: /CN=cfae461188ffc1ef2f3a1474571a9439a55374ac
Certificate serial: 019D8C7AA1FDA025F089F049B41380795867
Authority key identifier: CF:AE:46:11:88:FF:C1:EF:2F:3A:14:74:57:1A:94:39:A5:53:74:AC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z65GEYj_we8vOhR0VxqUOaVTdKw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/207876-80b7-4443-9f0c-55f06f062ce0/1/K7fqgzr4VaMwzxlQivTAcOb_S58.roa
Signing time: Tue 14 Apr 2026 14:52:20 +0000
ROA not before: Tue 14 Apr 2026 14:52:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 51247
IP address blocks: 45.154.35.0/24 maxlen: 24
91.184.252.0/23 maxlen: 23
109.172.92.0/23 maxlen: 23
153.56.132.0/23 maxlen: 23
194.0.194.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5d/207876-80b7-4443-9f0c-55f06f062ce0/1/z65GEYj_we8vOhR0VxqUOaVTdKw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5d/207876-80b7-4443-9f0c-55f06f062ce0/1/z65GEYj_we8vOhR0VxqUOaVTdKw.mft
rsync://rpki.ripe.net/repository/DEFAULT/z65GEYj_we8vOhR0VxqUOaVTdKw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 14:00:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:8c:7a:a1:fd:a0:25:f0:89:f0:49:b4:13:80:79:58:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cfae461188ffc1ef2f3a1474571a9439a55374ac
Validity
Not Before: Apr 14 14:52:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2bb7ea833af855a330cf19508af4c070e6ff4b9f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:25:2e:73:a7:ef:5e:1f:d4:77:68:35:d9:2a:
3e:1b:01:f9:58:1b:64:e2:c5:b0:04:d0:ec:61:d1:
c5:1b:36:15:dd:f8:93:28:52:73:8b:1d:f4:34:3e:
d7:5f:0a:d6:8d:6e:3a:bb:12:72:df:2b:cc:08:c4:
37:e8:94:a5:6f:07:62:57:43:3d:5b:76:97:ae:44:
74:15:e8:4e:d7:9e:ab:4a:89:ab:1e:cb:bd:00:60:
2b:e6:0e:65:1a:85:d6:69:e7:49:45:da:fb:c5:8d:
8b:a1:e4:47:65:e6:67:b5:4f:0d:83:3a:55:d6:fc:
ef:38:d3:d7:7e:f5:b0:f9:c6:02:b5:7c:84:49:be:
b9:4d:04:0e:0f:d8:c6:60:1e:fd:ad:00:74:d5:b5:
e3:ff:1c:1b:1f:11:2b:33:90:00:60:40:4e:7a:18:
75:8d:e8:77:98:a3:d6:2b:f1:05:c1:d8:74:66:84:
54:70:c6:57:43:75:b8:10:a6:6e:e8:10:b5:f2:f1:
34:c6:49:5f:f0:55:9c:4f:a2:c8:fb:76:35:64:55:
93:71:6c:03:30:52:b2:88:b7:63:0c:db:d0:3c:10:
ea:36:6f:ec:0f:bc:7b:23:68:1d:34:f0:7c:f3:fd:
20:71:ef:47:43:cb:33:ba:4c:b2:13:fa:33:ae:2e:
eb:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:B7:EA:83:3A:F8:55:A3:30:CF:19:50:8A:F4:C0:70:E6:FF:4B:9F
X509v3 Authority Key Identifier:
keyid:CF:AE:46:11:88:FF:C1:EF:2F:3A:14:74:57:1A:94:39:A5:53:74:AC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z65GEYj_we8vOhR0VxqUOaVTdKw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/207876-80b7-4443-9f0c-55f06f062ce0/1/K7fqgzr4VaMwzxlQivTAcOb_S58.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/207876-80b7-4443-9f0c-55f06f062ce0/1/z65GEYj_we8vOhR0VxqUOaVTdKw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.154.35.0/24
91.184.252.0/23
109.172.92.0/23
153.56.132.0/23
194.0.194.0/24
Signature Algorithm: sha256WithRSAEncryption
4c:85:a0:7a:3a:a6:95:5d:78:74:c0:77:8a:e5:24:88:e6:ff:
d3:60:63:dd:48:22:81:ef:11:d3:13:3e:57:41:e9:83:c2:e4:
98:2c:14:5b:32:8e:c6:94:ac:a6:6b:6e:50:de:bc:6c:1c:ae:
b9:22:45:ee:9e:a6:4d:23:55:d1:9b:87:74:c3:15:c8:b5:7e:
54:d6:41:c9:25:0b:2e:91:80:17:e2:c9:3e:31:f1:a9:4e:6f:
a0:56:66:4f:60:23:fe:2e:90:e3:0f:66:6b:51:72:f2:ba:35:
1a:ac:52:0b:1f:5e:1a:f3:14:36:14:c6:ee:52:80:b5:03:fc:
2f:72:fd:54:a5:a8:05:2d:36:63:a7:5b:28:4c:34:61:4f:0a:
01:0c:61:27:d9:01:2f:68:a9:07:0b:90:06:1b:ca:7c:01:20:
3a:b3:13:85:9f:ee:03:7d:2e:64:e9:f0:2d:90:39:05:9f:a8:
3a:ba:70:83:5e:14:64:26:9b:f9:65:6e:9a:1e:7a:7d:58:39:
ab:5a:65:cd:2a:e9:ff:ce:2f:66:5d:8d:72:26:b5:4c:68:0e:
25:23:24:db:ca:1c:90:60:46:d0:43:f8:0e:c7:92:4d:ed:ee:
49:0c:bd:56:66:d9:9c:91:f8:50:f3:09:ee:f0:d3:0c:7b:5f:
25:ec:05:65
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZ2MeqH9oCXwifBJtBOAeVhnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYWU0NjExODhmZmMxZWYyZjNhMTQ3NDU3MWE5NDM5YTU1
Mzc0YWMwHhcNMjYwNDE0MTQ1MjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmI3ZWE4MzNhZjg1NWEzMzBjZjE5NTA4YWY0YzA3MGU2ZmY0YjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yUuc6fvXh/Ud2g12So+GwH5WBtk
4sWwBNDsYdHFGzYV3fiTKFJzix30ND7XXwrWjW46uxJy3yvMCMQ36JSlbwdiV0M9
W3aXrkR0FehO156rSomrHsu9AGAr5g5lGoXWaedJRdr7xY2LoeRHZeZntU8NgzpV
1vzvONPXfvWw+cYCtXyESb65TQQOD9jGYB79rQB01bXj/xwbHxErM5AAYEBOehh1
jeh3mKPWK/EFwdh0ZoRUcMZXQ3W4EKZu6BC18vE0xklf8FWcT6LI+3Y1ZFWTcWwD
MFKyiLdjDNvQPBDqNm/sD7x7I2gdNPB88/0gce9HQ8szukyyE/ozri7rrQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCu36oM6+FWjMM8ZUIr0wHDm/0ufMB8GA1UdIwQY
MBaAFM+uRhGI/8HvLzoUdFcalDmlU3SsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejY1R0VZal93ZTh2T2hSMFZ4cVVPYVZUZEt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8yMDc4NzYtODBiNy00NDQzLTlmMGMt
NTVmMDZmMDYyY2UwLzEvSzdmcWd6cjRWYU13enhsUWl2VEFjT2JfUzU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8yMDc4NzYtODBiNy00NDQzLTlmMGMtNTVmMDZmMDYyY2Uw
LzEvejY1R0VZal93ZTh2T2hSMFZ4cVVPYVZUZEt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQALZojAwQB
W7j8AwQBbaxcAwQBmTiEAwQAwgDCMA0GCSqGSIb3DQEBCwUAA4IBAQBMhaB6OqaV
XXh0wHeK5SSI5v/TYGPdSCKB7xHTEz5XQemDwuSYLBRbMo7GlKyma25Q3rxsHK65
IkXunqZNI1XRm4d0wxXItX5U1kHJJQsukYAX4sk+MfGpTm+gVmZPYCP+LpDjD2Zr
UXLyujUarFILH14a8xQ2FMbuUoC1A/wvcv1UpagFLTZjp1soTDRhTwoBDGEn2QEv
aKkHC5AGG8p8ASA6sxOFn+4DfS5k6fAtkDkFn6g6unCDXhRkJpv5ZW6aHnp9WDmr
WmXNKun/zi9mXY1yJrVMaA4lIyTbyhyQYEbQQ/gOx5JN7e5JDL1WZtmckfhQ8wnu
8NMMe18l7AVl
-----END CERTIFICATE-----
Generated at Fri Apr 17 21:20:15 2026 by rpki-client