Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/af1f72-ce8e-42b1-be5a-a283c9048f0f/1/q0Y1p5XaMB9ViOtAFAUBAb62WEo.roa
File: q0Y1p5XaMB9ViOtAFAUBAb62WEo.roa (raw, json)
Hash identifier: Y0brd6EFMahPzlPl3xKPC6MzSQAtYq85BSXJQ3hFrzY=
Subject key identifier: AB:46:35:A7:95:DA:30:1F:55:88:EB:40:14:05:01:01:BE:B6:58:4A
Certificate issuer: /CN=b19549d68305e29dfb00069a52d3d4e1f2c5604c
Certificate serial: 019B7C7FF459B9FBCC5A5F96707E407E3012
Authority key identifier: B1:95:49:D6:83:05:E2:9D:FB:00:06:9A:52:D3:D4:E1:F2:C5:60:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sZVJ1oMF4p37AAaaUtPU4fLFYEw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/af1f72-ce8e-42b1-be5a-a283c9048f0f/1/q0Y1p5XaMB9ViOtAFAUBAb62WEo.roa
Signing time: Fri 02 Jan 2026 02:18:38 +0000
ROA not before: Fri 02 Jan 2026 02:18:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 28909
IP address blocks: 213.167.0.0/24 maxlen: 24
213.167.1.0/24 maxlen: 24
213.167.2.0/24 maxlen: 24
213.167.3.0/24 maxlen: 24
213.167.4.0/24 maxlen: 24
213.167.5.0/24 maxlen: 24
213.167.6.0/24 maxlen: 24
213.167.7.0/24 maxlen: 24
213.167.8.0/24 maxlen: 24
213.167.9.0/24 maxlen: 24
213.167.10.0/24 maxlen: 24
213.167.11.0/24 maxlen: 24
213.167.12.0/24 maxlen: 24
213.167.13.0/24 maxlen: 24
213.167.14.0/24 maxlen: 24
213.167.15.0/24 maxlen: 24
213.167.16.0/24 maxlen: 24
213.167.17.0/24 maxlen: 24
213.167.18.0/24 maxlen: 24
213.167.19.0/24 maxlen: 24
213.167.20.0/24 maxlen: 24
213.167.21.0/24 maxlen: 24
213.167.22.0/24 maxlen: 24
213.167.23.0/24 maxlen: 24
213.167.24.0/24 maxlen: 24
213.167.25.0/24 maxlen: 24
213.167.26.0/24 maxlen: 24
213.167.27.0/24 maxlen: 24
213.167.28.0/24 maxlen: 24
213.167.29.0/24 maxlen: 24
213.167.30.0/24 maxlen: 24
213.167.31.0/24 maxlen: 24
2a0a:6740::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/af1f72-ce8e-42b1-be5a-a283c9048f0f/1/sZVJ1oMF4p37AAaaUtPU4fLFYEw.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/af1f72-ce8e-42b1-be5a-a283c9048f0f/1/sZVJ1oMF4p37AAaaUtPU4fLFYEw.mft
rsync://rpki.ripe.net/repository/DEFAULT/sZVJ1oMF4p37AAaaUtPU4fLFYEw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:7f:f4:59:b9:fb:cc:5a:5f:96:70:7e:40:7e:30:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b19549d68305e29dfb00069a52d3d4e1f2c5604c
Validity
Not Before: Jan 2 02:18:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ab4635a795da301f5588eb4014050101beb6584a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:b3:77:26:e0:26:31:b6:c9:74:f3:86:47:c8:
1a:e1:74:b7:fa:91:ab:cc:bb:6e:f7:3f:3f:57:90:
ad:43:28:7c:f3:94:b9:a4:c0:ac:87:31:09:15:45:
8a:91:dd:63:3b:34:89:88:62:04:d7:05:34:1a:f7:
b1:1f:ed:db:a1:fd:bc:b2:ec:51:08:63:43:46:23:
12:e8:66:f8:8e:fd:66:d4:3a:f2:82:76:d4:fd:5c:
d5:4a:c2:f0:d6:ed:43:7b:41:9f:7d:93:cc:9e:ce:
4e:ac:da:c5:a1:d1:be:dd:d5:e2:29:6e:98:3a:90:
d9:27:5d:e3:e5:bb:74:a2:18:d7:10:0f:e9:24:5c:
c5:89:3b:73:df:dd:b0:ce:ab:72:b0:f8:43:56:f8:
4b:1f:a1:75:e8:23:f7:32:8f:a7:44:c4:4a:7a:f2:
7b:2e:93:77:b5:92:25:39:13:03:82:1c:95:4b:5a:
90:94:ca:23:d9:05:ac:ff:d6:6c:da:e7:04:ab:07:
bb:7d:53:7d:53:73:9f:18:e4:1f:b9:c3:6c:bd:83:
b7:bf:30:8a:d9:b7:7e:f0:02:1c:cd:61:de:2e:3e:
8d:2e:3a:2b:8b:ea:9c:d8:a4:56:09:d0:57:82:90:
12:89:c5:96:57:fa:a1:50:ec:24:93:73:a1:21:50:
79:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:46:35:A7:95:DA:30:1F:55:88:EB:40:14:05:01:01:BE:B6:58:4A
X509v3 Authority Key Identifier:
keyid:B1:95:49:D6:83:05:E2:9D:FB:00:06:9A:52:D3:D4:E1:F2:C5:60:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sZVJ1oMF4p37AAaaUtPU4fLFYEw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/af1f72-ce8e-42b1-be5a-a283c9048f0f/1/q0Y1p5XaMB9ViOtAFAUBAb62WEo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/af1f72-ce8e-42b1-be5a-a283c9048f0f/1/sZVJ1oMF4p37AAaaUtPU4fLFYEw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.167.0.0/19
IPv6:
2a0a:6740::/32
Signature Algorithm: sha256WithRSAEncryption
01:73:91:6b:c2:2b:23:e8:7f:0d:7d:ee:0b:cc:9e:32:cb:59:
e5:57:3d:e2:1b:6f:bc:79:60:d3:78:ef:f6:e4:96:44:27:c5:
19:da:6e:7a:e1:a1:05:70:9b:7c:24:cc:fd:0e:dd:05:4f:44:
da:52:dd:fd:4e:44:ed:18:65:22:65:f3:a5:4f:b2:c5:64:99:
1c:51:a5:63:36:77:e0:c1:50:9d:5e:04:0d:4c:93:7e:f7:34:
d1:06:2e:35:51:d1:2f:65:59:e0:06:da:56:4c:70:8a:74:24:
63:1e:29:56:ea:76:ab:df:17:a2:36:a3:d0:6a:e2:46:2c:06:
7b:37:be:34:08:38:d9:39:d6:58:b2:86:0e:68:d3:0b:f4:26:
02:c0:66:35:35:1f:07:40:4c:58:7b:94:06:5f:1e:f9:b2:4c:
80:8b:2f:9c:08:c3:01:ea:9e:ea:bb:9f:43:1b:de:9a:59:be:
16:a9:82:83:3c:79:bb:8d:44:19:33:04:4b:63:f9:b0:e4:70:
22:00:16:04:ab:ec:22:69:e1:a9:67:63:25:7f:12:94:9c:35:
10:cf:47:97:61:2b:d1:00:fe:93:3c:77:59:8e:27:42:ec:db:
63:83:ee:e9:07:9e:3b:eb:30:14:d1:a8:67:50:a3:b2:f1:71:
93:0f:25:79
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt8f/RZufvMWl+WcH5AfjASMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxOTU0OWQ2ODMwNWUyOWRmYjAwMDY5YTUyZDNkNGUxZjJj
NTYwNGMwHhcNMjYwMTAyMDIxODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjQ2MzVhNzk1ZGEzMDFmNTU4OGViNDAxNDA1MDEwMWJlYjY1ODRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrN3JuAmMbbJdPOGR8ga4XS3+pGr
zLtu9z8/V5CtQyh885S5pMCshzEJFUWKkd1jOzSJiGIE1wU0GvexH+3bof28suxR
CGNDRiMS6Gb4jv1m1DrygnbU/VzVSsLw1u1De0GffZPMns5OrNrFodG+3dXiKW6Y
OpDZJ13j5bt0ohjXEA/pJFzFiTtz392wzqtysPhDVvhLH6F16CP3Mo+nRMRKevJ7
LpN3tZIlORMDghyVS1qQlMoj2QWs/9Zs2ucEqwe7fVN9U3OfGOQfucNsvYO3vzCK
2bd+8AIczWHeLj6NLjori+qc2KRWCdBXgpASicWWV/qhUOwkk3OhIVB59wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKtGNaeV2jAfVYjrQBQFAQG+tlhKMB8GA1UdIwQY
MBaAFLGVSdaDBeKd+wAGmlLT1OHyxWBMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1pWSjFvTUY0cDM3QUFhYVV0UFU0ZkxGWUV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9hZjFmNzItY2U4ZS00MmIxLWJlNWEt
YTI4M2M5MDQ4ZjBmLzEvcTBZMXA1WGFNQjlWaU90QUZBVUJBYjYyV0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9hZjFmNzItY2U4ZS00MmIxLWJlNWEtYTI4M2M5MDQ4ZjBm
LzEvc1pWSjFvTUY0cDM3QUFhYVV0UFU0ZkxGWUV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1acAMA0E
AgACMAcDBQAqCmdAMA0GCSqGSIb3DQEBCwUAA4IBAQABc5Frwisj6H8Nfe4LzJ4y
y1nlVz3iG2+8eWDTeO/25JZEJ8UZ2m564aEFcJt8JMz9Dt0FT0TaUt39TkTtGGUi
ZfOlT7LFZJkcUaVjNnfgwVCdXgQNTJN+9zTRBi41UdEvZVngBtpWTHCKdCRjHilW
6nar3xeiNqPQauJGLAZ7N740CDjZOdZYsoYOaNML9CYCwGY1NR8HQExYe5QGXx75
skyAiy+cCMMB6p7qu59DG96aWb4WqYKDPHm7jUQZMwRLY/mw5HAiABYEq+wiaeGp
Z2MlfxKUnDUQz0eXYSvRAP6TPHdZjidC7Ntjg+7pB5476zAU0ahnUKOy8XGTDyV5
-----END CERTIFICATE-----
Generated at Mon Mar 2 03:37:12 2026 by rpki-client