Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/DJ7Ayor8o3pUQDV-2ja1FE81ZB0.roa
File: DJ7Ayor8o3pUQDV-2ja1FE81ZB0.roa (raw, json)
Hash identifier: awm1IAJeVQRt8YpdAUt8wPfs+E3Bs0+C1IMHSjWPCo4=
Subject key identifier: 0C:9E:C0:CA:8A:FC:A3:7A:54:40:35:7E:DA:36:B5:14:4F:35:64:1D
Certificate issuer: /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial: 019C4D228391C98ABD8D75DD81E2D0E701AC
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/DJ7Ayor8o3pUQDV-2ja1FE81ZB0.roa
Signing time: Wed 11 Feb 2026 14:37:13 +0000
ROA not before: Wed 11 Feb 2026 14:37:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 29802
IP address blocks: 45.139.30.0/24 maxlen: 24
45.141.185.0/24 maxlen: 24
45.141.196.0/24 maxlen: 24
85.209.105.0/24 maxlen: 24
85.209.106.0/24 maxlen: 24
85.209.107.0/24 maxlen: 24
109.196.175.0/24 maxlen: 24
195.2.248.0/24 maxlen: 24
213.139.228.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 13:00:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:4d:22:83:91:c9:8a:bd:8d:75:dd:81:e2:d0:e7:01:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Validity
Not Before: Feb 11 14:37:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0c9ec0ca8afca37a5440357eda36b5144f35641d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:f8:61:7a:3e:8e:e9:18:19:f7:ea:31:1c:6e:
db:3e:43:49:8b:1f:c8:94:2d:04:40:8a:82:6a:4e:
d3:02:2e:68:98:21:67:76:22:9f:8a:27:58:59:3d:
4e:23:41:d7:4f:19:9e:98:e2:07:b5:4c:56:dc:31:
e3:42:63:b5:d2:92:15:9b:2c:8b:98:c9:16:9e:fd:
f5:c4:14:8d:b6:9f:d3:1f:f1:12:1d:e6:ad:8d:0b:
05:9a:94:de:0b:ae:de:51:04:e4:61:10:e3:c8:cf:
1f:c7:fb:0b:70:70:df:ec:da:ee:7b:a8:16:52:93:
9b:88:76:0a:93:7c:c1:0a:fe:bd:9a:5c:cd:9f:db:
96:f7:f5:6c:0e:af:d2:a8:2b:dd:25:d3:4c:51:10:
ef:cf:0b:96:3f:7d:76:15:3f:1c:1e:3c:1c:35:c4:
eb:69:da:0a:92:8d:96:75:eb:5f:78:f5:a9:a8:f7:
0b:99:70:fd:ac:e9:c0:18:b0:11:c7:04:98:6f:e3:
55:8b:c9:92:4f:20:da:ca:8c:c1:66:51:6b:86:fd:
47:76:3c:b0:75:0b:df:cb:fa:00:05:ae:2d:d9:f6:
0f:18:ad:36:e7:2f:c3:31:e3:c1:fa:d7:70:db:b3:
8d:a3:b6:a2:64:e0:08:5d:c8:6e:92:31:2c:a0:48:
ff:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:9E:C0:CA:8A:FC:A3:7A:54:40:35:7E:DA:36:B5:14:4F:35:64:1D
X509v3 Authority Key Identifier:
keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/DJ7Ayor8o3pUQDV-2ja1FE81ZB0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.139.30.0/24
45.141.185.0/24
45.141.196.0/24
85.209.105.0-85.209.107.255
109.196.175.0/24
195.2.248.0/24
213.139.228.0/24
Signature Algorithm: sha256WithRSAEncryption
18:aa:4a:22:0c:53:75:70:ab:e2:8d:fd:34:5e:a0:f7:ec:f8:
d6:59:55:8a:8e:65:8f:21:44:6f:6f:dc:e4:23:72:95:a8:22:
4f:c0:2b:a2:c5:2e:99:4a:b5:16:21:48:b5:50:c1:58:9e:aa:
cb:d4:3a:b7:39:ff:12:ef:b2:29:63:d6:70:d6:be:e8:d1:1e:
eb:c6:06:3d:41:69:38:a5:65:51:51:5e:bf:55:71:1e:60:2c:
62:14:74:1e:44:13:67:64:76:10:80:bd:0a:d3:ee:ac:b8:37:
04:1a:91:12:de:96:48:c7:e1:b3:07:e3:ed:1d:29:5c:b1:17:
39:a3:59:a6:68:14:ec:ec:2f:0e:2a:f8:ce:93:78:65:9b:9a:
34:04:45:8b:29:5f:97:37:ad:54:4c:f1:c3:16:9f:be:3e:0e:
b4:fd:1b:82:d5:b8:2f:08:b6:3c:12:f1:9e:09:4d:c6:df:7f:
b6:ca:4d:48:75:ba:84:0d:a7:1c:10:77:09:fb:be:e6:89:05:
92:2f:1a:61:3a:9a:f9:27:3a:19:ba:be:bf:e9:92:bc:d1:af:
e0:2e:f7:bd:99:2e:f6:ab:32:77:27:4c:25:de:7a:00:16:2c:
e5:ca:0e:71:f7:1f:f9:67:7c:f7:af:83:c6:83:32:98:5e:da:
f2:fe:aa:5b
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZxNIoORyYq9jXXdgeLQ5wGsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwMjExMTQzNzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzllYzBjYThhZmNhMzdhNTQ0MDM1N2VkYTM2YjUxNDRmMzU2NDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfhhej6O6RgZ9+oxHG7bPkNJix/I
lC0EQIqCak7TAi5omCFndiKfiidYWT1OI0HXTxmemOIHtUxW3DHjQmO10pIVmyyL
mMkWnv31xBSNtp/TH/ESHeatjQsFmpTeC67eUQTkYRDjyM8fx/sLcHDf7Nrue6gW
UpObiHYKk3zBCv69mlzNn9uW9/VsDq/SqCvdJdNMURDvzwuWP312FT8cHjwcNcTr
adoKko2WdetfePWpqPcLmXD9rOnAGLARxwSYb+NVi8mSTyDayozBZlFrhv1Hdjyw
dQvfy/oABa4t2fYPGK025y/DMePB+tdw27ONo7aiZOAIXchukjEsoEj/IwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFAyewMqK/KN6VEA1fto2tRRPNWQdMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvREo3QXlvcjhvM3BVUURWLTJqYTFGRTgxWkIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQALYseAwQA
LY25AwQALY3EMAwDBABV0WkDBAJV0WgDBABtxK8DBADDAvgDBADVi+QwDQYJKoZI
hvcNAQELBQADggEBABiqSiIMU3Vwq+KN/TReoPfs+NZZVYqOZY8hRG9v3OQjcpWo
Ik/AK6LFLplKtRYhSLVQwVieqsvUOrc5/xLvsilj1nDWvujRHuvGBj1BaTilZVFR
Xr9VcR5gLGIUdB5EE2dkdhCAvQrT7qy4NwQakRLelkjH4bMH4+0dKVyxFzmjWaZo
FOzsLw4q+M6TeGWbmjQERYspX5c3rVRM8cMWn74+DrT9G4LVuC8ItjwS8Z4JTcbf
f7bKTUh1uoQNpxwQdwn7vuaJBZIvGmE6mvknOhm6vr/pkrzRr+Au972ZLvarMncn
TCXeegAWLOXKDnH3H/lnfPevg8aDMphe2vL+qls=
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:19:15 2026 by rpki-client