Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/925ab9-21fe-4bbf-ac0e-6e7561535bbd/1/BcIjFBUMP6CBeWgUBi0kiP8mMD4.roa
File: BcIjFBUMP6CBeWgUBi0kiP8mMD4.roa (raw, json)
Hash identifier: AnrLYQrWg/R3TPt/tXnLy7bKSyCDh8qfOknLsoHKVr0=
Subject key identifier: 05:C2:23:14:15:0C:3F:A0:81:79:68:14:06:2D:24:88:FF:26:30:3E
Certificate issuer: /CN=cfdb3d904b34440546b6241d7894d93300bcbd28
Certificate serial: 019D6CAEADFEA8CA96F219BE04A8650C0C97
Authority key identifier: CF:DB:3D:90:4B:34:44:05:46:B6:24:1D:78:94:D9:33:00:BC:BD:28
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z9s9kEs0RAVGtiQdeJTZMwC8vSg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/925ab9-21fe-4bbf-ac0e-6e7561535bbd/1/BcIjFBUMP6CBeWgUBi0kiP8mMD4.roa
Signing time: Wed 08 Apr 2026 10:41:20 +0000
ROA not before: Wed 08 Apr 2026 10:41:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 12329
IP address blocks: 62.221.232.0/21 maxlen: 24
62.221.240.0/21 maxlen: 24
81.173.6.0/24 maxlen: 24
149.232.48.0/20 maxlen: 24
156.67.59.0/24 maxlen: 24
185.154.112.0/22 maxlen: 24
185.249.168.0/22 maxlen: 24
212.23.128.0/19 maxlen: 24
2001:7d8::/32 maxlen: 48
2a07:8c80::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5e/925ab9-21fe-4bbf-ac0e-6e7561535bbd/1/z9s9kEs0RAVGtiQdeJTZMwC8vSg.crl
rsync://rpki.ripe.net/repository/DEFAULT/5e/925ab9-21fe-4bbf-ac0e-6e7561535bbd/1/z9s9kEs0RAVGtiQdeJTZMwC8vSg.mft
rsync://rpki.ripe.net/repository/DEFAULT/z9s9kEs0RAVGtiQdeJTZMwC8vSg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:6c:ae:ad:fe:a8:ca:96:f2:19:be:04:a8:65:0c:0c:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cfdb3d904b34440546b6241d7894d93300bcbd28
Validity
Not Before: Apr 8 10:41:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=05c22314150c3fa081796814062d2488ff26303e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:b0:2c:c5:17:35:f4:dc:5d:0e:c1:3f:78:c3:
8e:e0:fa:e8:36:bf:42:cb:97:e5:99:39:0e:cb:19:
b1:ec:2d:3c:ae:10:d0:98:8c:3d:66:7c:00:64:8a:
e8:c5:49:85:0d:24:ab:da:16:54:eb:21:e0:fe:11:
75:8a:7c:26:5b:60:87:c0:8c:56:15:3d:c3:84:04:
ef:e0:1b:1d:3e:e6:12:6a:25:46:35:d7:11:64:1d:
77:e4:6f:6e:61:2a:36:84:5f:c2:08:06:63:41:dc:
87:ac:b0:52:d1:b6:18:ad:d5:e6:58:06:4f:a1:2a:
31:9c:f3:85:0c:d8:6d:cc:63:e0:43:f3:9d:0d:fa:
f6:e3:5c:49:01:0a:b7:e0:03:cb:a1:70:70:5a:71:
02:84:0d:4c:00:2a:39:92:69:8a:2d:8b:a0:b7:c6:
18:9f:86:02:40:cf:6b:2d:d4:79:bf:37:61:b3:f4:
eb:aa:c0:3c:26:04:5b:cf:66:d2:75:2d:7e:3d:ee:
a6:6c:a5:d6:10:01:bb:f0:0d:74:e2:35:aa:0a:d2:
4c:20:fb:96:4b:59:9d:9f:63:72:6b:6d:9a:11:c7:
66:ec:27:4a:9f:17:c7:57:97:7a:bd:7c:be:b8:04:
2f:32:ae:44:11:19:20:4a:06:e6:42:26:7b:fb:49:
da:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:C2:23:14:15:0C:3F:A0:81:79:68:14:06:2D:24:88:FF:26:30:3E
X509v3 Authority Key Identifier:
keyid:CF:DB:3D:90:4B:34:44:05:46:B6:24:1D:78:94:D9:33:00:BC:BD:28
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z9s9kEs0RAVGtiQdeJTZMwC8vSg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/925ab9-21fe-4bbf-ac0e-6e7561535bbd/1/BcIjFBUMP6CBeWgUBi0kiP8mMD4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/925ab9-21fe-4bbf-ac0e-6e7561535bbd/1/z9s9kEs0RAVGtiQdeJTZMwC8vSg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.221.232.0-62.221.247.255
81.173.6.0/24
149.232.48.0/20
156.67.59.0/24
185.154.112.0/22
185.249.168.0/22
212.23.128.0/19
IPv6:
2001:7d8::/32
2a07:8c80::/29
Signature Algorithm: sha256WithRSAEncryption
3a:92:aa:e2:b1:03:be:c1:c3:84:35:7f:5c:76:b2:ad:60:f9:
f8:e5:29:44:f3:f2:7f:11:18:21:bf:20:6c:af:90:1d:63:b2:
a7:93:54:1d:a0:e3:ec:ea:4e:e9:95:e6:24:b0:1b:c3:a2:a0:
b6:98:99:c5:02:78:35:26:78:ad:5b:15:7c:a6:79:a6:e9:6e:
79:27:4e:88:c6:2e:a4:44:df:8b:b9:a8:b7:a4:3c:e4:50:6b:
42:4b:7a:7d:9e:13:68:77:8c:d9:d5:e0:00:d8:3f:ef:11:58:
1a:19:9c:33:c3:d5:46:e9:c5:56:9a:2f:c7:74:77:74:14:60:
40:5c:39:e6:aa:cf:77:cb:7b:78:52:e7:b1:15:83:94:d7:75:
0b:1a:88:ed:1c:e5:c9:cc:be:6b:ab:70:9a:13:77:90:7d:ca:
f9:8a:c6:84:26:fe:87:2f:21:d8:91:ea:09:21:34:52:9d:2e:
fa:78:fe:a7:e2:be:54:ba:ee:59:bf:bb:ce:e7:d0:22:f0:b9:
1d:cf:b3:fb:3b:0b:b2:b8:4a:64:42:d6:8e:23:ef:84:92:7d:
d5:ec:63:f8:1b:57:3f:aa:49:22:02:0c:a3:4e:ae:2d:b9:69:
ab:b0:1c:18:01:e9:bb:2d:18:34:b1:99:16:00:99:25:87:84:
3e:d9:3d:e0
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZ1srq3+qMqW8hm+BKhlDAyXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZGIzZDkwNGIzNDQ0MDU0NmI2MjQxZDc4OTRkOTMzMDBi
Y2JkMjgwHhcNMjYwNDA4MTA0MTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWMyMjMxNDE1MGMzZmEwODE3OTY4MTQwNjJkMjQ4OGZmMjYzMDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4rAsxRc19NxdDsE/eMOO4ProNr9C
y5flmTkOyxmx7C08rhDQmIw9ZnwAZIroxUmFDSSr2hZU6yHg/hF1inwmW2CHwIxW
FT3DhATv4BsdPuYSaiVGNdcRZB135G9uYSo2hF/CCAZjQdyHrLBS0bYYrdXmWAZP
oSoxnPOFDNhtzGPgQ/OdDfr241xJAQq34APLoXBwWnEChA1MACo5kmmKLYugt8YY
n4YCQM9rLdR5vzdhs/TrqsA8JgRbz2bSdS1+Pe6mbKXWEAG78A104jWqCtJMIPuW
S1mdn2Nya22aEcdm7CdKnxfHV5d6vXy+uAQvMq5EERkgSgbmQiZ7+0nazQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFAXCIxQVDD+ggXloFAYtJIj/JjA+MB8GA1UdIwQY
MBaAFM/bPZBLNEQFRrYkHXiU2TMAvL0oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejlzOWtFczBSQVZHdGlRZGVKVFpNd0M4dlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS85MjVhYjktMjFmZS00YmJmLWFjMGUt
NmU3NTYxNTM1YmJkLzEvQmNJakZCVU1QNkNCZVdnVUJpMGtpUDhtTUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS85MjVhYjktMjFmZS00YmJmLWFjMGUtNmU3NTYxNTM1YmJk
LzEvejlzOWtFczBSQVZHdGlRZGVKVFpNd0M4dlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDA4BAIAATAyMAwDBAM+3egD
BAM+3fADBABRrQYDBASV6DADBACcQzsDBAK5mnADBAK5+agDBAXUF4AwFAQCAAIw
DgMFACABB9gDBQMqB4yAMA0GCSqGSIb3DQEBCwUAA4IBAQA6kqrisQO+wcOENX9c
drKtYPn45SlE8/J/ERghvyBsr5AdY7Knk1QdoOPs6k7pleYksBvDoqC2mJnFAng1
JnitWxV8pnmm6W55J06Ixi6kRN+Luai3pDzkUGtCS3p9nhNod4zZ1eAA2D/vEVga
GZwzw9VG6cVWmi/HdHd0FGBAXDnmqs93y3t4UuexFYOU13ULGojtHOXJzL5rq3Ca
E3eQfcr5isaEJv6HLyHYkeoJITRSnS76eP6n4r5Uuu5Zv7vO59Ai8Lkdz7P7Owuy
uEpkQtaOI++Ekn3V7GP4G1c/qkkiAgyjTq4tuWmrsBwYAem7LRg0sZkWAJklh4Q+
2T3g
-----END CERTIFICATE-----
Generated at Fri Apr 17 13:29:08 2026 by rpki-client