Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/fvF8qPOW2FMiHiiV28vyY8gAvqU.roa
File: fvF8qPOW2FMiHiiV28vyY8gAvqU.roa (raw, json)
Hash identifier: 1bAmvOHe6cC2JUfIAlhbJd084l9wbwKCXogtXBs9oFA=
Subject key identifier: 7E:F1:7C:A8:F3:96:D8:53:22:1E:28:95:DB:CB:F2:63:C8:00:BE:A5
Certificate issuer: /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial: 019C2F364ADC90F5DBA5FBA132C0838C3B85
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/fvF8qPOW2FMiHiiV28vyY8gAvqU.roa
Signing time: Thu 05 Feb 2026 19:10:13 +0000
ROA not before: Thu 05 Feb 2026 19:10:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 46844
IP address blocks: 138.249.249.0/24 maxlen: 24
138.249.250.0/24 maxlen: 24
138.249.251.0/24 maxlen: 24
138.249.252.0/24 maxlen: 24
138.249.253.0/24 maxlen: 24
138.249.254.0/24 maxlen: 24
170.168.14.0/24 maxlen: 24
170.168.46.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:05:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:2f:36:4a:dc:90:f5:db:a5:fb:a1:32:c0:83:8c:3b:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Validity
Not Before: Feb 5 19:10:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=7ef17ca8f396d853221e2895dbcbf263c800bea5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:6a:b9:bc:97:73:0d:1b:dc:01:12:ef:0e:d6:
93:00:68:02:93:cd:6b:30:21:1e:16:d2:24:54:82:
c6:f1:91:c6:16:42:d5:c1:78:b6:ca:80:c9:73:a8:
47:d5:46:11:9e:7b:a4:c6:64:65:5b:68:1f:ec:b6:
38:19:af:53:08:c1:b8:71:22:e8:f5:11:af:62:07:
d4:ea:ee:72:22:d6:4f:06:89:4b:a5:5a:d3:20:06:
de:9f:42:f2:12:30:37:93:de:3a:3b:6d:14:36:78:
3e:f3:cd:21:b1:4e:fd:60:fd:b1:f7:28:5f:0d:aa:
96:a7:5a:96:86:55:aa:d4:e2:8a:d6:75:f2:1a:9b:
16:f9:a1:09:bc:8b:64:a0:7f:58:95:ff:98:66:e3:
1b:82:0d:d4:1a:c1:3a:69:47:66:f4:e5:04:58:aa:
57:f2:c0:be:36:aa:a8:09:88:e5:d1:8b:01:2a:b2:
b9:e4:9d:24:99:4e:3b:aa:35:6c:97:28:74:c5:04:
8b:7a:79:fa:a5:e4:e1:56:bc:7a:08:f1:7c:21:e0:
f4:a6:8d:ee:72:73:d9:ad:7e:2a:29:98:1f:00:f0:
73:ba:ed:19:39:c4:f8:d4:6c:a6:ee:41:3b:2b:c4:
a8:5c:80:d1:88:40:d6:82:15:9a:a3:47:a8:25:d1:
1d:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:F1:7C:A8:F3:96:D8:53:22:1E:28:95:DB:CB:F2:63:C8:00:BE:A5
X509v3 Authority Key Identifier:
keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/fvF8qPOW2FMiHiiV28vyY8gAvqU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.249.249.0-138.249.254.255
170.168.14.0/24
170.168.46.0/24
Signature Algorithm: sha256WithRSAEncryption
95:5d:be:0a:ba:e6:c1:da:ff:00:e3:92:06:39:e4:26:63:93:
9e:fd:9d:69:d8:4f:9c:14:fa:e2:57:82:3a:aa:87:63:14:59:
82:1e:93:26:0b:82:f1:d4:15:8c:41:88:c2:6b:93:a1:23:16:
02:15:ac:a7:1e:61:fc:c3:7e:f8:52:74:e7:7b:fd:75:a4:9f:
16:1e:ba:7d:ca:14:1c:43:f0:ec:92:e3:f6:ba:19:33:d1:63:
16:04:be:c4:b1:1a:bd:64:39:77:3d:13:0b:cd:20:b7:05:39:
12:cf:06:65:b7:c5:54:98:a8:65:38:7e:72:72:25:01:89:fd:
7d:05:02:6c:57:18:57:4a:b8:59:32:b2:0a:1a:03:96:a3:0f:
7e:55:98:78:6c:92:f2:91:01:16:78:6e:5e:cb:33:a5:c9:97:
89:e7:c8:24:48:e0:c6:2a:9d:fe:1a:f6:38:28:78:11:b3:45:
0e:e2:41:c9:ed:cd:fe:66:99:af:5b:82:24:cd:de:20:0b:1a:
70:33:8c:a9:14:a8:ac:74:d5:e3:61:37:64:22:7b:7e:f8:20:
c8:ea:8b:7a:aa:63:aa:20:a3:73:da:da:b5:0b:ff:65:a8:f0:
93:46:b4:2d:73:76:02:28:cd:e7:89:c1:b8:d6:9d:c1:37:4f:
19:b8:f6:d4
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZwvNkrckPXbpfuhMsCDjDuFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwMjA1MTkxMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWYxN2NhOGYzOTZkODUzMjIxZTI4OTVkYmNiZjI2M2M4MDBiZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmq5vJdzDRvcARLvDtaTAGgCk81r
MCEeFtIkVILG8ZHGFkLVwXi2yoDJc6hH1UYRnnukxmRlW2gf7LY4Ga9TCMG4cSLo
9RGvYgfU6u5yItZPBolLpVrTIAben0LyEjA3k946O20UNng+880hsU79YP2x9yhf
DaqWp1qWhlWq1OKK1nXyGpsW+aEJvItkoH9Ylf+YZuMbgg3UGsE6aUdm9OUEWKpX
8sC+NqqoCYjl0YsBKrK55J0kmU47qjVslyh0xQSLenn6peThVrx6CPF8IeD0po3u
cnPZrX4qKZgfAPBzuu0ZOcT41Gym7kE7K8SoXIDRiEDWghWao0eoJdEdHQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFH7xfKjzlthTIh4oldvL8mPIAL6lMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvZnZGOHFQT1cyRk1pSGlpVjI4dnlZOGdBdnFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBACK+fkD
BACK+f4DBACqqA4DBACqqC4wDQYJKoZIhvcNAQELBQADggEBAJVdvgq65sHa/wDj
kgY55CZjk579nWnYT5wU+uJXgjqqh2MUWYIekyYLgvHUFYxBiMJrk6EjFgIVrKce
YfzDfvhSdOd7/XWknxYeun3KFBxD8OyS4/a6GTPRYxYEvsSxGr1kOXc9EwvNILcF
ORLPBmW3xVSYqGU4fnJyJQGJ/X0FAmxXGFdKuFkysgoaA5ajD35VmHhskvKRARZ4
bl7LM6XJl4nnyCRI4MYqnf4a9jgoeBGzRQ7iQcntzf5mma9bgiTN3iALGnAzjKkU
qKx01eNhN2Qie374IMjqi3qqY6ogo3Pa2rUL/2Wo8JNGtC1zdgIozeeJwbjWncE3
Txm49tQ=
-----END CERTIFICATE-----
Generated at Mon Mar 2 23:19:48 2026 by rpki-client