Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/_XT64j01zWROH09NkPv4593FiP8.roa
File: _XT64j01zWROH09NkPv4593FiP8.roa (raw, json)
Hash identifier: oxJjTVUjM45ccLtDfR5Z4/WLBZW/py7h9lJaETFZdpc=
Subject key identifier: FD:74:FA:E2:3D:35:CD:64:4E:1F:4F:4D:90:FB:F8:E7:DD:C5:88:FF
Certificate issuer: /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial: 019C475B6B79AB005C3D417C16A089E08C43
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/_XT64j01zWROH09NkPv4593FiP8.roa
Signing time: Tue 10 Feb 2026 11:41:39 +0000
ROA not before: Tue 10 Feb 2026 11:41:39 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 13335
IP address blocks: 138.226.234.0/24 maxlen: 24
138.226.238.0/24 maxlen: 24
138.226.239.0/24 maxlen: 24
216.163.179.0/24 maxlen: 24
2a14:a087::/48 maxlen: 48
2a14:a087:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:47:5b:6b:79:ab:00:5c:3d:41:7c:16:a0:89:e0:8c:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Validity
Not Before: Feb 10 11:41:39 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fd74fae23d35cd644e1f4f4d90fbf8e7ddc588ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:e7:b3:a3:03:c0:6f:1e:9a:98:24:62:8b:91:
97:da:ae:7d:d7:cf:81:7a:9e:06:df:e2:55:76:1a:
80:bc:b0:3f:bc:ae:2c:d3:ef:93:9c:2c:83:d9:a8:
94:a5:13:d1:80:d8:56:0a:94:13:04:5a:8f:74:ff:
62:9e:54:73:5b:93:00:5f:82:95:ac:58:64:81:83:
14:2c:d0:04:d2:b7:ef:4c:92:94:5a:5d:e8:f2:ee:
af:cb:49:01:ae:44:65:88:9b:2a:a4:e6:55:bd:33:
5a:82:33:6d:2a:6c:85:31:f9:97:71:6a:76:d6:cc:
57:49:d1:57:c6:ac:f7:58:e6:b5:ad:35:cf:73:6e:
8d:b5:26:06:ef:4e:3d:64:b5:0d:0d:88:eb:3d:1a:
71:ea:dc:79:6d:72:6d:0f:25:f2:ba:3c:f8:99:0b:
17:e5:97:3b:f7:ea:89:22:fc:f4:7a:29:39:51:1e:
55:fb:0f:04:dc:c3:7a:fe:0a:18:1f:36:dc:08:1f:
7a:06:1e:41:7f:b1:c6:4c:28:0a:7b:79:a0:40:65:
48:19:70:6f:f1:d5:dd:55:ce:5c:62:c4:ef:16:51:
77:88:30:43:a4:c3:c9:a1:c8:43:e8:e2:be:76:31:
03:fa:c3:0a:3a:d5:5b:66:62:5a:3f:7d:06:3b:ec:
2e:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:74:FA:E2:3D:35:CD:64:4E:1F:4F:4D:90:FB:F8:E7:DD:C5:88:FF
X509v3 Authority Key Identifier:
keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/_XT64j01zWROH09NkPv4593FiP8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.226.234.0/24
138.226.238.0/23
216.163.179.0/24
IPv6:
2a14:a087::/47
Signature Algorithm: sha256WithRSAEncryption
38:fc:a7:e0:73:db:3e:f9:15:08:0f:7f:f0:ba:3f:67:6a:b5:
07:1d:cd:26:81:94:4d:db:da:0e:10:c1:a2:4c:1d:55:c2:d1:
93:8b:4d:9a:de:62:7d:fc:1f:a0:22:b3:06:bb:af:0f:2e:1b:
09:45:bf:45:60:c6:7a:44:20:13:81:cc:2e:b9:92:21:c3:46:
8f:df:45:03:f9:d2:e0:04:07:7e:3f:a2:c4:fe:1c:f5:eb:78:
83:75:a6:0e:93:15:5b:a3:fd:9d:2d:5b:d0:7f:18:ff:a2:d9:
40:a3:60:f9:83:29:15:f6:97:db:e8:8f:84:ee:93:fe:26:ae:
a2:8d:8c:fa:1f:bb:c3:32:b6:39:8e:8c:93:3b:72:36:79:07:
29:1a:1b:f1:f6:d3:38:d0:6b:08:08:b9:a7:27:a8:9a:af:89:
c4:2f:75:65:1a:f5:3d:a7:e7:c0:3e:9b:fc:aa:74:6e:32:4b:
98:51:ac:d5:13:40:13:f5:ce:c0:8f:ea:4a:ff:f9:4d:58:3d:
6d:1e:ed:c2:2a:09:65:bd:d7:24:be:8e:a4:c2:a5:53:22:9c:
3c:6f:a8:7f:39:71:97:41:e9:f0:e4:9d:9b:6d:fc:78:75:be:
7f:6f:64:f1:be:4c:a5:38:05:15:e3:33:ed:4b:fd:93:36:4a:
eb:fd:65:36
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZxHW2t5qwBcPUF8FqCJ4IxDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjYwMjEwMTE0MTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDc0ZmFlMjNkMzVjZDY0NGUxZjRmNGQ5MGZiZjhlN2RkYzU4OGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOezowPAbx6amCRii5GX2q5918+B
ep4G3+JVdhqAvLA/vK4s0++TnCyD2aiUpRPRgNhWCpQTBFqPdP9inlRzW5MAX4KV
rFhkgYMULNAE0rfvTJKUWl3o8u6vy0kBrkRliJsqpOZVvTNagjNtKmyFMfmXcWp2
1sxXSdFXxqz3WOa1rTXPc26NtSYG7049ZLUNDYjrPRpx6tx5bXJtDyXyujz4mQsX
5Zc79+qJIvz0eik5UR5V+w8E3MN6/goYHzbcCB96Bh5Bf7HGTCgKe3mgQGVIGXBv
8dXdVc5cYsTvFlF3iDBDpMPJochD6OK+djED+sMKOtVbZmJaP30GO+wuiQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFP10+uI9Nc1kTh9PTZD7+OfdxYj/MB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvX1hUNjRqMDF6V1JPSDA5TmtQdjQ1OTNGaVA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQAiuLqAwQB
iuLuAwQA2KOzMA8EAgACMAkDBwEqFKCHAAAwDQYJKoZIhvcNAQELBQADggEBADj8
p+Bz2z75FQgPf/C6P2dqtQcdzSaBlE3b2g4QwaJMHVXC0ZOLTZreYn38H6Aiswa7
rw8uGwlFv0VgxnpEIBOBzC65kiHDRo/fRQP50uAEB34/osT+HPXreIN1pg6TFVuj
/Z0tW9B/GP+i2UCjYPmDKRX2l9voj4Tuk/4mrqKNjPofu8MytjmOjJM7cjZ5Byka
G/H20zjQawgIuacnqJqvicQvdWUa9T2n58A+m/yqdG4yS5hRrNUTQBP1zsCP6kr/
+U1YPW0e7cIqCWW91yS+jqTCpVMinDxvqH85cZdB6fDknZtt/Hh1vn9vZPG+TKU4
BRXjM+1L/ZM2Suv9ZTY=
-----END CERTIFICATE-----
Generated at Mon Mar 2 00:19:32 2026 by rpki-client