Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/RIiXWWLGbbBmHZzeH8j9c3ZKnfA.roa
File: RIiXWWLGbbBmHZzeH8j9c3ZKnfA.roa (raw, json)
Hash identifier: Roo37aoZ/4oTTiDXlqLl7d1uKa3fmRAJpCNeGHMSWvY=
Subject key identifier: 44:88:97:59:62:C6:6D:B0:66:1D:9C:DE:1F:C8:FD:73:76:4A:9D:F0
Certificate issuer: /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial: 019D9CFBCD84FE14FBD20A45063A04D78AD7
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/RIiXWWLGbbBmHZzeH8j9c3ZKnfA.roa
Signing time: Fri 17 Apr 2026 19:47:20 +0000
ROA not before: Fri 17 Apr 2026 19:47:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 63023
IP address blocks: 138.249.133.0/24 maxlen: 24
138.249.138.0/24 maxlen: 24
170.168.61.0/24 maxlen: 24
170.168.103.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 02:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:9c:fb:cd:84:fe:14:fb:d2:0a:45:06:3a:04:d7:8a:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Validity
Not Before: Apr 17 19:47:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4488975962c66db0661d9cde1fc8fd73764a9df0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:9d:e2:e1:75:99:0f:ff:2e:f9:50:49:50:3b:
5a:33:59:7a:fb:23:02:4f:90:67:05:8d:5d:67:7f:
54:e0:5b:73:88:22:52:e7:24:91:43:a8:ab:84:5f:
43:a4:ea:7c:7a:ec:46:f4:9d:b7:41:20:3f:e0:b9:
58:e2:01:94:b4:b9:43:33:e8:b9:a6:3a:39:27:fa:
72:33:1e:37:01:85:d7:73:c8:bb:a5:95:9d:9d:89:
68:c4:6f:e4:65:e7:0c:8d:86:ba:42:6a:57:33:9e:
96:5a:54:72:a6:1f:c4:3a:ce:af:3d:d1:5f:8d:bb:
80:70:67:74:ae:4e:05:35:52:15:79:29:8a:1d:7e:
0b:f2:29:1e:22:fd:2c:87:85:40:89:45:5b:4c:c4:
54:83:fc:f2:ca:4c:84:c8:08:b1:88:05:e1:74:e6:
51:ac:ed:f9:f5:f0:3d:96:a4:26:d6:ef:2a:ec:0f:
ac:8c:36:77:18:46:ca:f3:4f:cf:96:f2:3f:13:b4:
62:36:06:33:4d:01:52:e4:84:64:d7:ea:38:a0:19:
e0:9b:65:dc:85:d0:c6:41:47:fd:b0:7b:f5:13:30:
bc:27:09:80:61:78:7b:67:5d:ed:46:bf:ba:a0:a7:
6c:d4:a8:db:b3:59:be:13:de:49:e6:9d:ec:88:76:
8a:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:88:97:59:62:C6:6D:B0:66:1D:9C:DE:1F:C8:FD:73:76:4A:9D:F0
X509v3 Authority Key Identifier:
keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/RIiXWWLGbbBmHZzeH8j9c3ZKnfA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.249.133.0/24
138.249.138.0/24
170.168.61.0/24
170.168.103.0/24
Signature Algorithm: sha256WithRSAEncryption
30:d8:98:92:e2:c3:2b:89:83:1c:2a:e1:d9:f2:68:f6:a2:f7:
32:40:7e:02:14:e3:7d:ac:d1:53:aa:57:ba:43:91:0f:34:37:
19:e2:6f:38:95:18:5b:34:28:1c:87:e7:07:54:07:c7:89:c6:
17:91:a7:71:d4:07:2e:d3:5b:84:e2:9f:54:78:f4:cf:80:2b:
cd:d0:4d:bc:27:58:4a:e1:f2:d2:54:5b:de:c4:67:be:f0:0a:
05:82:a3:02:1e:f1:90:59:ef:8b:37:89:73:88:29:dc:18:5e:
f2:14:80:50:44:d1:9c:bb:5a:93:84:e2:53:15:48:a6:f6:09:
04:47:67:93:43:a9:32:d2:35:1a:a1:61:f0:64:80:02:90:44:
e3:8b:0d:51:84:1d:3c:c8:db:e7:b5:86:2c:f9:51:c7:37:6d:
48:95:80:05:7a:7e:ae:7d:ba:d9:8c:e1:7e:7f:64:99:1b:90:
46:54:83:3a:de:3d:2f:08:0d:81:a2:fc:29:d6:bb:ea:75:74:
ca:89:c2:68:a3:7a:4b:b0:cf:03:55:c4:9c:db:fc:41:1f:bf:
61:9e:45:56:ff:68:57:e1:b5:08:da:aa:bd:ea:68:34:2f:70:
be:b9:6b:5f:89:43:ce:ae:e2:64:e7:99:f3:c7:99:b9:7d:a3:
c0:57:f8:ba
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ2c+82E/hT70gpFBjoE14rXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwNDE3MTk0NzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDg4OTc1OTYyYzY2ZGIwNjYxZDljZGUxZmM4ZmQ3Mzc2NGE5ZGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr53i4XWZD/8u+VBJUDtaM1l6+yMC
T5BnBY1dZ39U4FtziCJS5ySRQ6irhF9DpOp8euxG9J23QSA/4LlY4gGUtLlDM+i5
pjo5J/pyMx43AYXXc8i7pZWdnYloxG/kZecMjYa6QmpXM56WWlRyph/EOs6vPdFf
jbuAcGd0rk4FNVIVeSmKHX4L8ikeIv0sh4VAiUVbTMRUg/zyykyEyAixiAXhdOZR
rO359fA9lqQm1u8q7A+sjDZ3GEbK80/PlvI/E7RiNgYzTQFS5IRk1+o4oBngm2Xc
hdDGQUf9sHv1EzC8JwmAYXh7Z13tRr+6oKds1Kjbs1m+E95J5p3siHaKmQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFESIl1lixm2wZh2c3h/I/XN2Sp3wMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvUklpWFdXTEdiYkJtSFp6ZUg4ajljM1pLbmZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAivmFAwQA
ivmKAwQAqqg9AwQAqqhnMA0GCSqGSIb3DQEBCwUAA4IBAQAw2JiS4sMriYMcKuHZ
8mj2ovcyQH4CFON9rNFTqle6Q5EPNDcZ4m84lRhbNCgch+cHVAfHicYXkadx1Acu
01uE4p9UePTPgCvN0E28J1hK4fLSVFvexGe+8AoFgqMCHvGQWe+LN4lziCncGF7y
FIBQRNGcu1qThOJTFUim9gkER2eTQ6ky0jUaoWHwZIACkETjiw1RhB08yNvntYYs
+VHHN21IlYAFen6ufbrZjOF+f2SZG5BGVIM63j0vCA2Bovwp1rvqdXTKicJoo3pL
sM8DVcSc2/xBH79hnkVW/2hX4bUI2qq96mg0L3C+uWtfiUPOruJk55nzx5m5faPA
V/i6
-----END CERTIFICATE-----
Generated at Sun Apr 19 11:12:28 2026 by rpki-client