Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/69b08d-7c97-432f-b4bf-51e821d23141/1/olXqqQrFh2xVArtOsvn2MBA_a1Y.roa
File: olXqqQrFh2xVArtOsvn2MBA_a1Y.roa (raw, json)
Hash identifier: aPxQM0pZgD7GeT16zbXpiKlMDfDXjek/Ix/Gf5xSSjU=
Subject key identifier: A2:55:EA:A9:0A:C5:87:6C:55:02:BB:4E:B2:F9:F6:30:10:3F:6B:56
Certificate issuer: /CN=311445353a0823edaef12a3a3356fa8098e15eac
Certificate serial: 019B79110FA900F822506C243F8AA7F19B96
Authority key identifier: 31:14:45:35:3A:08:23:ED:AE:F1:2A:3A:33:56:FA:80:98:E1:5E:AC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MRRFNToII-2u8So6M1b6gJjhXqw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/69b08d-7c97-432f-b4bf-51e821d23141/1/olXqqQrFh2xVArtOsvn2MBA_a1Y.roa
Signing time: Thu 01 Jan 2026 10:18:39 +0000
ROA not before: Thu 01 Jan 2026 10:18:39 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 205037
IP address blocks: 161.51.255.0/24 maxlen: 24
193.23.163.0/24 maxlen: 24
2001:67c:1820::/48 maxlen: 48
2001:67c:2c6c::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/69b08d-7c97-432f-b4bf-51e821d23141/1/MRRFNToII-2u8So6M1b6gJjhXqw.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/69b08d-7c97-432f-b4bf-51e821d23141/1/MRRFNToII-2u8So6M1b6gJjhXqw.mft
rsync://rpki.ripe.net/repository/DEFAULT/MRRFNToII-2u8So6M1b6gJjhXqw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:79:11:0f:a9:00:f8:22:50:6c:24:3f:8a:a7:f1:9b:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=311445353a0823edaef12a3a3356fa8098e15eac
Validity
Not Before: Jan 1 10:18:39 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a255eaa90ac5876c5502bb4eb2f9f630103f6b56
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:1b:fb:76:d0:38:e7:ff:b1:ed:20:72:85:eb:
e7:d4:08:78:8a:63:ee:22:c3:c7:fe:e8:10:6b:f0:
8b:08:f8:7a:11:7a:40:1f:6f:18:57:12:da:a7:f2:
e0:42:11:1c:7c:8c:53:8c:2b:44:f4:2a:4c:86:1c:
79:a5:83:6b:da:d7:9c:05:6a:41:38:76:6b:2a:f4:
6c:e0:7e:44:c3:93:d0:b8:bd:a3:6d:71:31:0f:a1:
e2:6c:40:54:a8:48:5d:6f:03:b4:d8:06:81:4b:6b:
2a:30:f2:c1:98:4f:e4:83:36:cd:45:29:3e:59:c0:
d5:a9:78:cc:88:99:6f:69:a8:09:26:21:97:da:9e:
0c:91:d4:09:8c:f5:dc:a7:61:8d:e8:31:25:10:54:
44:6e:87:ee:a8:8f:25:6b:45:99:ef:df:30:6c:85:
28:ed:3e:92:d3:da:03:c1:4a:49:21:15:a2:4e:df:
64:af:b5:fb:d4:17:b0:73:36:9d:47:1c:a4:5e:90:
e7:85:6e:31:e6:d2:36:42:42:ce:11:ef:55:4f:af:
93:ad:74:e5:ac:06:43:73:f0:c9:32:61:de:84:28:
e3:83:80:fc:d8:b1:19:c6:7f:93:3f:2b:11:58:41:
fd:6f:a6:ae:e3:3c:09:94:dd:c2:7e:55:4f:f0:dd:
8c:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:55:EA:A9:0A:C5:87:6C:55:02:BB:4E:B2:F9:F6:30:10:3F:6B:56
X509v3 Authority Key Identifier:
keyid:31:14:45:35:3A:08:23:ED:AE:F1:2A:3A:33:56:FA:80:98:E1:5E:AC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MRRFNToII-2u8So6M1b6gJjhXqw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/69b08d-7c97-432f-b4bf-51e821d23141/1/olXqqQrFh2xVArtOsvn2MBA_a1Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/69b08d-7c97-432f-b4bf-51e821d23141/1/MRRFNToII-2u8So6M1b6gJjhXqw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
161.51.255.0/24
193.23.163.0/24
IPv6:
2001:67c:1820::/48
2001:67c:2c6c::/48
Signature Algorithm: sha256WithRSAEncryption
90:36:cc:7a:db:03:78:24:30:0f:9a:43:2c:91:c4:35:10:77:
52:b2:1d:32:ec:61:af:9b:66:66:0d:b6:77:d9:84:cb:59:fc:
c5:d8:4e:b7:14:8f:69:f0:a7:f0:65:9c:61:d8:67:2f:7b:95:
52:ac:04:39:4a:a7:d3:ad:2a:ef:bd:f1:5c:75:53:43:5a:59:
42:00:cb:fa:d1:fd:75:b3:ad:3a:52:a1:42:86:d5:cf:0e:0a:
db:79:16:0a:f7:1d:d8:ec:4e:db:a8:a2:b7:38:7b:c8:c0:4d:
d7:76:e0:63:57:1c:cb:29:4a:70:57:5c:af:c2:b8:2a:25:d5:
17:c7:d9:69:c2:65:48:2b:d2:b4:89:34:54:01:c9:f9:76:e7:
c9:11:01:1d:62:d4:df:42:59:e3:5c:c4:1b:49:33:3d:31:1b:
02:3b:c6:87:2a:96:60:fc:94:f7:01:a5:b1:c3:aa:4a:bb:6d:
14:da:a9:35:80:a8:f6:f8:e8:4d:1f:cf:da:f5:64:31:9e:89:
ff:ce:10:e0:2e:78:b6:87:fd:41:d0:e8:39:c2:b6:c8:42:d0:
b2:d2:3a:ab:7b:b9:21:2d:46:ac:18:31:1d:d0:52:6a:71:9f:
4b:2a:40:89:56:dc:f1:42:b0:f4:30:3d:83:58:61:76:cc:7f:
f1:f8:39:c1
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZt5EQ+pAPgiUGwkP4qn8ZuWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMTQ0NTM1M2EwODIzZWRhZWYxMmEzYTMzNTZmYTgwOThl
MTVlYWMwHhcNMjYwMTAxMTAxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjU1ZWFhOTBhYzU4NzZjNTUwMmJiNGViMmY5ZjYzMDEwM2Y2YjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBv7dtA45/+x7SByhevn1Ah4imPu
IsPH/ugQa/CLCPh6EXpAH28YVxLap/LgQhEcfIxTjCtE9CpMhhx5pYNr2tecBWpB
OHZrKvRs4H5Ew5PQuL2jbXExD6HibEBUqEhdbwO02AaBS2sqMPLBmE/kgzbNRSk+
WcDVqXjMiJlvaagJJiGX2p4MkdQJjPXcp2GN6DElEFREbofuqI8la0WZ798wbIUo
7T6S09oDwUpJIRWiTt9kr7X71BewczadRxykXpDnhW4x5tI2QkLOEe9VT6+TrXTl
rAZDc/DJMmHehCjjg4D82LEZxn+TPysRWEH9b6au4zwJlN3CflVP8N2MpwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFKJV6qkKxYdsVQK7TrL59jAQP2tWMB8GA1UdIwQY
MBaAFDEURTU6CCPtrvEqOjNW+oCY4V6sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVJSRk5Ub0lJLTJ1OFNvNk0xYjZnSmpoWHF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni82OWIwOGQtN2M5Ny00MzJmLWI0YmYt
NTFlODIxZDIzMTQxLzEvb2xYcXFRckZoMnhWQXJ0T3N2bjJNQkFfYTFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni82OWIwOGQtN2M5Ny00MzJmLWI0YmYtNTFlODIxZDIzMTQx
LzEvTVJSRk5Ub0lJLTJ1OFNvNk0xYjZnSmpoWHF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjASBAIAATAMAwQAoTP/AwQA
wRejMBgEAgACMBIDBwAgAQZ8GCADBwAgAQZ8LGwwDQYJKoZIhvcNAQELBQADggEB
AJA2zHrbA3gkMA+aQyyRxDUQd1KyHTLsYa+bZmYNtnfZhMtZ/MXYTrcUj2nwp/Bl
nGHYZy97lVKsBDlKp9OtKu+98Vx1U0NaWUIAy/rR/XWzrTpSoUKG1c8OCtt5Fgr3
HdjsTtuoorc4e8jATdd24GNXHMspSnBXXK/CuCol1RfH2WnCZUgr0rSJNFQByfl2
58kRAR1i1N9CWeNcxBtJMz0xGwI7xocqlmD8lPcBpbHDqkq7bRTaqTWAqPb46E0f
z9r1ZDGeif/OEOAueLaH/UHQ6DnCtshC0LLSOqt7uSEtRqwYMR3QUmpxn0sqQIlW
3PFCsPQwPYNYYXbMf/H4OcE=
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:43:37 2026 by rpki-client