Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/VgjeSm8qWdpR4w3OqE0b7yPHODE.roa
File: VgjeSm8qWdpR4w3OqE0b7yPHODE.roa (raw, json)
Hash identifier: +dZV+oz7se6lzlq0jc/hRLXGj0CkSAzcT19434Wle6Q=
Subject key identifier: 56:08:DE:4A:6F:2A:59:DA:51:E3:0D:CE:A8:4D:1B:EF:23:C7:38:31
Certificate issuer: /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial: 019D352656DCE7FD12EBBF1EEE526C4618F8
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/VgjeSm8qWdpR4w3OqE0b7yPHODE.roa
Signing time: Sat 28 Mar 2026 15:53:17 +0000
ROA not before: Sat 28 Mar 2026 15:53:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 211270
IP address blocks: 138.249.15.0/24 maxlen: 24
138.249.19.0/24 maxlen: 24
138.249.22.0/24 maxlen: 24
138.249.23.0/24 maxlen: 24
138.249.102.0/24 maxlen: 24
138.249.103.0/24 maxlen: 24
138.249.112.0/24 maxlen: 24
138.249.116.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 06:00:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:35:26:56:dc:e7:fd:12:eb:bf:1e:ee:52:6c:46:18:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Validity
Not Before: Mar 28 15:53:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5608de4a6f2a59da51e30dcea84d1bef23c73831
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:c7:92:63:9e:57:91:fe:f0:d9:22:5c:b0:0c:
35:84:de:7d:4b:9b:11:64:7f:0d:c2:b2:38:84:07:
ba:fb:46:fd:e7:69:67:9f:c8:8e:ad:f2:bc:c3:a1:
58:32:db:76:38:fb:df:f8:3d:09:dc:00:c6:bc:ee:
95:8e:53:82:83:a0:b8:ca:b1:19:ab:41:41:2d:32:
03:d5:a7:dd:33:dc:cc:ff:5b:da:c1:5a:cf:19:44:
7a:24:d5:49:c0:84:33:18:7b:9e:95:3f:82:b6:8e:
54:6a:ab:e4:7f:7e:e9:a1:6c:60:d4:77:48:13:f9:
a5:4e:d6:fb:b4:16:e4:7e:a0:6f:8f:5a:fe:e0:3a:
d2:b2:9f:b6:99:02:14:8f:0f:4a:db:9d:87:bf:b5:
48:44:28:df:46:cd:49:2d:60:2f:a6:c3:4b:3d:48:
06:66:a9:a9:1d:d9:fc:0f:22:ca:0c:1f:ea:15:1a:
de:a6:32:2b:82:a0:be:bb:95:be:6b:38:aa:a7:73:
36:2d:65:3c:fa:38:27:22:59:37:1c:4c:9d:bc:ca:
15:de:e1:a3:64:10:52:62:54:c0:3a:3c:d0:42:43:
6a:43:34:e2:04:37:7a:6f:2e:6f:f6:42:2f:5e:fd:
fd:e0:a8:ad:cc:02:b9:14:c3:f3:4e:a3:10:b9:b7:
37:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:08:DE:4A:6F:2A:59:DA:51:E3:0D:CE:A8:4D:1B:EF:23:C7:38:31
X509v3 Authority Key Identifier:
keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/VgjeSm8qWdpR4w3OqE0b7yPHODE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.249.15.0/24
138.249.19.0/24
138.249.22.0/23
138.249.102.0/23
138.249.112.0/24
138.249.116.0/24
Signature Algorithm: sha256WithRSAEncryption
0f:28:0a:e7:2c:90:90:f3:fc:3d:be:2b:73:ac:86:b6:d1:39:
c7:bb:a1:d6:5e:3d:42:24:f8:80:98:89:93:bc:14:d5:f0:6e:
a5:68:a7:21:75:72:22:15:d5:94:fc:dd:ff:3e:5b:6c:ef:4e:
59:ea:ae:a3:6a:16:71:6d:b0:29:24:3f:8e:d1:a9:6c:da:bd:
34:f8:c9:21:92:e5:83:d5:99:09:4b:0a:1f:b4:a7:18:00:10:
b6:68:06:c0:7e:e6:33:b1:d5:5b:c0:d6:3d:f9:74:38:bb:b8:
e2:c9:b4:b4:ae:3b:6c:68:d2:4e:ac:16:49:ab:88:05:cf:d8:
25:ca:c4:2b:e6:bc:53:92:81:4f:59:0d:d9:23:46:47:7b:fd:
24:48:e1:d7:aa:d7:77:34:f6:f6:fa:de:f2:50:e4:91:78:4d:
83:3e:a9:44:79:e7:3b:9d:5f:6a:79:ac:d5:2e:c4:12:08:b0:
2d:61:60:fa:38:38:64:cb:e4:0c:b3:b9:8f:0f:92:a7:e9:e7:
94:50:71:33:75:4d:45:00:3c:68:f5:51:ce:81:cd:fb:ee:25:
4c:5e:e5:df:9e:a1:ba:da:e7:8a:90:39:67:c0:f0:e1:1e:1e:
01:de:e4:ba:60:42:a4:b3:9a:f7:9a:68:f3:30:e0:5d:f6:88:
3d:79:45:c4
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ01Jlbc5/0S678e7lJsRhj4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwMzI4MTU1MzE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjA4ZGU0YTZmMmE1OWRhNTFlMzBkY2VhODRkMWJlZjIzYzczODMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8eSY55Xkf7w2SJcsAw1hN59S5sR
ZH8NwrI4hAe6+0b952lnn8iOrfK8w6FYMtt2OPvf+D0J3ADGvO6VjlOCg6C4yrEZ
q0FBLTID1afdM9zM/1vawVrPGUR6JNVJwIQzGHuelT+Cto5Uaqvkf37poWxg1HdI
E/mlTtb7tBbkfqBvj1r+4DrSsp+2mQIUjw9K252Hv7VIRCjfRs1JLWAvpsNLPUgG
ZqmpHdn8DyLKDB/qFRrepjIrgqC+u5W+aziqp3M2LWU8+jgnIlk3HEydvMoV3uGj
ZBBSYlTAOjzQQkNqQzTiBDd6by5v9kIvXv394KitzAK5FMPzTqMQubc3nQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFFYI3kpvKlnaUeMNzqhNG+8jxzgxMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvVmdqZVNtOHFXZHBSNHczT3FFMGI3eVBIT0RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAivkPAwQA
ivkTAwQBivkWAwQBivlmAwQAivlwAwQAivl0MA0GCSqGSIb3DQEBCwUAA4IBAQAP
KArnLJCQ8/w9vitzrIa20TnHu6HWXj1CJPiAmImTvBTV8G6laKchdXIiFdWU/N3/
Plts705Z6q6jahZxbbApJD+O0als2r00+MkhkuWD1ZkJSwoftKcYABC2aAbAfuYz
sdVbwNY9+XQ4u7jiybS0rjtsaNJOrBZJq4gFz9glysQr5rxTkoFPWQ3ZI0ZHe/0k
SOHXqtd3NPb2+t7yUOSReE2DPqlEeec7nV9qeazVLsQSCLAtYWD6ODhky+QMs7mP
D5Kn6eeUUHEzdU1FADxo9VHOgc377iVMXuXfnqG62ueKkDlnwPDhHh4B3uS6YEKk
s5r3mmjzMOBd9og9eUXE
-----END CERTIFICATE-----
Generated at Fri Apr 17 13:27:48 2026 by rpki-client