Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/bccaea-68ce-4224-97a5-2b3b4c780419/1/txYriZmrTJ3bD1WGwvSJz3PN5-8.roa
File: txYriZmrTJ3bD1WGwvSJz3PN5-8.roa (raw, json)
Hash identifier: A2tg+Z/JBJAfJTZjVLLXsxPFu9O91MnbBF/Cx3C/GE8=
Subject key identifier: B7:16:2B:89:99:AB:4C:9D:DB:0F:55:86:C2:F4:89:CF:73:CD:E7:EF
Certificate issuer: /CN=3a41b155aab6d1229fd348eaa03d0f7903f1267a
Certificate serial: 019D67CB3D1F74812EA6133A01F8F3625CF9
Authority key identifier: 3A:41:B1:55:AA:B6:D1:22:9F:D3:48:EA:A0:3D:0F:79:03:F1:26:7A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OkGxVaq20SKf00jqoD0PeQPxJno.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/67/bccaea-68ce-4224-97a5-2b3b4c780419/1/txYriZmrTJ3bD1WGwvSJz3PN5-8.roa
Signing time: Tue 07 Apr 2026 11:54:25 +0000
ROA not before: Tue 07 Apr 2026 11:54:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 211783
IP address blocks: 185.197.136.0/22 maxlen: 22
185.197.136.0/24 maxlen: 24
185.197.137.0/24 maxlen: 24
185.197.138.0/24 maxlen: 24
185.197.139.0/24 maxlen: 24
2a0a:7a40::/29 maxlen: 29
2a0a:7a40::/32 maxlen: 32
2a0a:7a41::/32 maxlen: 32
2a0a:7a42::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/67/bccaea-68ce-4224-97a5-2b3b4c780419/1/OkGxVaq20SKf00jqoD0PeQPxJno.crl
rsync://rpki.ripe.net/repository/DEFAULT/67/bccaea-68ce-4224-97a5-2b3b4c780419/1/OkGxVaq20SKf00jqoD0PeQPxJno.mft
rsync://rpki.ripe.net/repository/DEFAULT/OkGxVaq20SKf00jqoD0PeQPxJno.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 21:23:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:67:cb:3d:1f:74:81:2e:a6:13:3a:01:f8:f3:62:5c:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3a41b155aab6d1229fd348eaa03d0f7903f1267a
Validity
Not Before: Apr 7 11:54:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b7162b8999ab4c9ddb0f5586c2f489cf73cde7ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:4d:00:14:be:a1:80:b1:d2:3a:3c:d5:99:ae:
33:5c:7d:51:58:58:a8:8d:66:5f:ab:57:2c:a7:01:
a1:e9:84:9c:7b:84:15:ac:93:01:be:60:d5:1c:77:
49:be:c8:31:ba:dc:e5:30:49:64:18:bb:d0:77:01:
90:19:e6:20:5d:55:c9:88:bd:30:b6:82:d2:e3:01:
08:06:e1:5f:aa:9c:d0:bd:bc:3a:ec:6e:3a:bb:42:
e9:c1:db:b7:19:45:34:24:ed:82:fe:d1:f0:fe:8b:
f9:f0:06:f2:3f:e4:f0:cf:d8:dd:12:8a:45:5e:b1:
ec:db:9b:93:b2:76:ec:49:8c:d7:76:a4:e8:12:a1:
c9:5e:9e:ea:bc:94:1c:c1:f4:47:90:69:12:31:b3:
25:78:d1:51:dd:41:d7:f5:bc:2e:af:77:3f:01:75:
ab:6e:8c:24:87:92:30:78:57:ab:41:6d:4a:67:33:
4b:46:0a:dd:c2:c0:b3:4f:7f:db:44:09:e3:65:89:
1e:7e:f0:9a:4e:f1:82:4c:23:3e:c0:db:7e:9f:6c:
69:21:68:2a:29:06:4d:93:ad:0c:ed:ec:02:2b:3a:
84:68:57:d4:00:eb:03:b0:72:ec:07:a4:8d:b2:6a:
d8:e8:20:ee:40:50:52:2b:6a:83:31:04:c2:be:05:
9c:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:16:2B:89:99:AB:4C:9D:DB:0F:55:86:C2:F4:89:CF:73:CD:E7:EF
X509v3 Authority Key Identifier:
keyid:3A:41:B1:55:AA:B6:D1:22:9F:D3:48:EA:A0:3D:0F:79:03:F1:26:7A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OkGxVaq20SKf00jqoD0PeQPxJno.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/bccaea-68ce-4224-97a5-2b3b4c780419/1/txYriZmrTJ3bD1WGwvSJz3PN5-8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/67/bccaea-68ce-4224-97a5-2b3b4c780419/1/OkGxVaq20SKf00jqoD0PeQPxJno.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.197.136.0/22
IPv6:
2a0a:7a40::/29
Signature Algorithm: sha256WithRSAEncryption
a3:d2:29:a0:e7:87:77:c3:cb:d9:af:71:35:b6:88:1e:6d:24:
3a:1b:b6:18:d8:f2:09:16:ee:1f:d8:63:7f:da:4a:a7:89:b6:
e3:7f:8c:a6:b0:37:9a:62:fc:33:31:3c:7d:88:c6:58:78:6b:
0e:91:53:7f:ee:fb:f8:58:27:67:61:9e:0f:df:58:4a:f9:04:
54:04:2c:c5:07:4b:30:f0:3b:3a:29:2f:2e:db:58:ac:72:16:
95:0c:21:b9:9e:0d:7b:af:5f:e5:a9:df:ca:e8:53:1b:6f:17:
47:9a:a8:c0:28:57:08:75:2a:61:25:7c:7b:94:9b:11:5f:71:
ea:4d:71:03:62:32:b9:26:ac:b8:f8:f3:80:fd:2f:92:4d:4c:
bc:5d:4c:cf:09:b1:9e:3e:fd:4c:69:4f:00:33:80:a1:0a:c4:
fc:b6:1c:76:00:b8:48:b5:4e:cb:72:28:20:d1:6c:a5:82:83:
79:9d:96:e4:2f:55:da:76:1d:2e:10:0f:80:6d:5e:1a:e5:d7:
9c:2a:9e:4a:40:9b:8d:f4:86:c0:25:f1:01:3f:4d:d7:fa:05:
ca:41:f3:ee:dc:a7:ea:4b:d1:b0:56:cd:cf:55:83:60:64:cc:
dd:f1:cd:0b:7b:c2:98:53:e7:02:a2:81:10:47:a5:16:5e:ee:
ff:48:59:45
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ1nyz0fdIEuphM6AfjzYlz5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNDFiMTU1YWFiNmQxMjI5ZmQzNDhlYWEwM2QwZjc5MDNm
MTI2N2EwHhcNMjYwNDA3MTE1NDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzE2MmI4OTk5YWI0YzlkZGIwZjU1ODZjMmY0ODljZjczY2RlN2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU0AFL6hgLHSOjzVma4zXH1RWFio
jWZfq1cspwGh6YSce4QVrJMBvmDVHHdJvsgxutzlMElkGLvQdwGQGeYgXVXJiL0w
toLS4wEIBuFfqpzQvbw67G46u0Lpwdu3GUU0JO2C/tHw/ov58AbyP+Twz9jdEopF
XrHs25uTsnbsSYzXdqToEqHJXp7qvJQcwfRHkGkSMbMleNFR3UHX9bwur3c/AXWr
bowkh5IweFerQW1KZzNLRgrdwsCzT3/bRAnjZYkefvCaTvGCTCM+wNt+n2xpIWgq
KQZNk60M7ewCKzqEaFfUAOsDsHLsB6SNsmrY6CDuQFBSK2qDMQTCvgWcGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLcWK4mZq0yd2w9VhsL0ic9zzefvMB8GA1UdIwQY
MBaAFDpBsVWqttEin9NI6qA9D3kD8SZ6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2tHeFZhcTIwU0tmMDBqcW9EMFBlUVB4Sm5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9iY2NhZWEtNjhjZS00MjI0LTk3YTUt
MmIzYjRjNzgwNDE5LzEvdHhZcmlabXJUSjNiRDFXR3d2U0p6M1BONS04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9iY2NhZWEtNjhjZS00MjI0LTk3YTUtMmIzYjRjNzgwNDE5
LzEvT2tHeFZhcTIwU0tmMDBqcW9EMFBlUVB4Sm5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucWIMA0E
AgACMAcDBQMqCnpAMA0GCSqGSIb3DQEBCwUAA4IBAQCj0img54d3w8vZr3E1toge
bSQ6G7YY2PIJFu4f2GN/2kqnibbjf4ymsDeaYvwzMTx9iMZYeGsOkVN/7vv4WCdn
YZ4P31hK+QRUBCzFB0sw8Ds6KS8u21ischaVDCG5ng17r1/lqd/K6FMbbxdHmqjA
KFcIdSphJXx7lJsRX3HqTXEDYjK5Jqy4+POA/S+STUy8XUzPCbGePv1MaU8AM4Ch
CsT8thx2ALhItU7Lcigg0WylgoN5nZbkL1Xadh0uEA+AbV4a5decKp5KQJuN9IbA
JfEBP03X+gXKQfPu3KfqS9GwVs3PVYNgZMzd8c0Le8KYU+cCooEQR6UWXu7/SFlF
-----END CERTIFICATE-----
Generated at Sat Apr 18 06:24:14 2026 by rpki-client