Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/8b3822-6eaa-43a2-9a32-be308c12f7bc/1/lBqk0ZJjhRTU5WPqZKy0Q75ijLY.roa
File: lBqk0ZJjhRTU5WPqZKy0Q75ijLY.roa (raw, json)
Hash identifier: umtk9WvPU6HXcHOoGpqTOSwBwsTaIlBi9j5sLa9RX78=
Subject key identifier: 94:1A:A4:D1:92:63:85:14:D4:E5:63:EA:64:AC:B4:43:BE:62:8C:B6
Certificate issuer: /CN=36451a2ea40af1715e6313169468996aca71bb8a
Certificate serial: 019B7F1483C00077D73FBA3CAA13346574CE
Authority key identifier: 36:45:1A:2E:A4:0A:F1:71:5E:63:13:16:94:68:99:6A:CA:71:BB:8A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NkUaLqQK8XFeYxMWlGiZaspxu4o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6e/8b3822-6eaa-43a2-9a32-be308c12f7bc/1/lBqk0ZJjhRTU5WPqZKy0Q75ijLY.roa
Signing time: Fri 02 Jan 2026 14:20:09 +0000
ROA not before: Fri 02 Jan 2026 14:20:09 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 31383
IP address blocks: 78.41.72.0/21 maxlen: 21
78.41.72.0/24 maxlen: 24
78.41.73.0/24 maxlen: 24
78.41.74.0/24 maxlen: 24
78.41.75.0/24 maxlen: 24
78.41.76.0/24 maxlen: 24
78.41.77.0/24 maxlen: 24
78.41.78.0/24 maxlen: 24
78.41.79.0/24 maxlen: 24
83.137.16.0/21 maxlen: 21
83.137.16.0/24 maxlen: 24
83.137.17.0/24 maxlen: 24
83.137.18.0/24 maxlen: 24
83.137.19.0/24 maxlen: 24
83.137.20.0/24 maxlen: 24
83.137.21.0/24 maxlen: 24
83.137.22.0/24 maxlen: 24
83.137.23.0/24 maxlen: 24
2001:4038::/32 maxlen: 32
2001:4038::/33 maxlen: 33
2001:4038:8000::/33 maxlen: 33
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6e/8b3822-6eaa-43a2-9a32-be308c12f7bc/1/NkUaLqQK8XFeYxMWlGiZaspxu4o.crl
rsync://rpki.ripe.net/repository/DEFAULT/6e/8b3822-6eaa-43a2-9a32-be308c12f7bc/1/NkUaLqQK8XFeYxMWlGiZaspxu4o.mft
rsync://rpki.ripe.net/repository/DEFAULT/NkUaLqQK8XFeYxMWlGiZaspxu4o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:05:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7f:14:83:c0:00:77:d7:3f:ba:3c:aa:13:34:65:74:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36451a2ea40af1715e6313169468996aca71bb8a
Validity
Not Before: Jan 2 14:20:09 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=941aa4d192638514d4e563ea64acb443be628cb6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:32:19:fd:15:f5:60:38:c5:ef:b8:cc:58:97:
04:3e:48:49:ef:04:d8:8b:de:9c:f4:05:24:72:5a:
14:34:3c:72:1d:c3:37:93:ca:e4:43:6f:bb:e3:35:
1f:b4:e4:52:f1:08:82:2f:b1:6c:2e:7d:c0:cf:f4:
81:1e:eb:b2:30:d8:e1:43:8f:e6:ae:d3:5b:a9:ff:
2a:6d:94:d3:7f:2b:c0:ce:85:36:d9:35:53:94:b0:
0b:f4:20:14:02:f8:f1:6b:08:78:55:35:af:b3:34:
a0:06:80:65:87:17:81:99:0f:56:be:85:5f:e3:d7:
c2:7e:01:40:94:48:20:61:1b:12:e1:8a:38:47:e9:
47:af:7a:28:5a:67:bb:1a:4f:27:e9:e5:3c:bc:f6:
79:59:ab:2f:1a:e5:c0:93:68:87:59:64:4b:28:4c:
ec:05:f7:79:cc:1d:be:15:0b:ea:67:70:63:c4:d6:
69:27:35:b0:b3:7b:dd:ac:1b:44:43:f8:ca:a4:91:
c3:62:90:75:95:9a:77:9b:3c:b1:1b:b4:2d:b8:01:
db:1a:6a:b6:dd:45:17:65:6e:4b:4f:cb:15:2a:b5:
49:c3:4e:35:ae:e6:41:bd:d1:a3:7d:15:9f:07:f6:
c6:4b:d0:e5:e9:94:1d:7f:b5:c2:c8:9f:b5:52:b2:
52:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:1A:A4:D1:92:63:85:14:D4:E5:63:EA:64:AC:B4:43:BE:62:8C:B6
X509v3 Authority Key Identifier:
keyid:36:45:1A:2E:A4:0A:F1:71:5E:63:13:16:94:68:99:6A:CA:71:BB:8A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NkUaLqQK8XFeYxMWlGiZaspxu4o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/8b3822-6eaa-43a2-9a32-be308c12f7bc/1/lBqk0ZJjhRTU5WPqZKy0Q75ijLY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/8b3822-6eaa-43a2-9a32-be308c12f7bc/1/NkUaLqQK8XFeYxMWlGiZaspxu4o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.41.72.0/21
83.137.16.0/21
IPv6:
2001:4038::/32
Signature Algorithm: sha256WithRSAEncryption
2e:84:61:41:e8:b0:78:71:1a:22:95:d0:ca:72:8d:84:c1:17:
76:28:43:3e:b0:17:25:a2:3c:15:54:72:7b:9d:dc:95:a6:43:
1a:ec:04:ff:4d:a1:fb:8a:38:ce:8c:2c:29:aa:6b:94:03:1f:
0b:74:ea:3b:8a:23:da:79:b7:f9:2d:1d:c9:74:72:64:3a:ae:
70:ac:e4:b7:9f:55:30:54:50:d9:a8:3e:52:6d:0f:e9:d8:a0:
bf:12:0c:3e:cc:e4:ee:3e:d2:84:60:ef:eb:01:5f:ff:cc:82:
c2:8c:d4:48:6c:94:36:d7:f1:8a:17:61:f2:0c:3d:2d:7b:98:
dc:f4:91:e2:cc:fb:13:f6:ea:e1:b7:a7:41:fb:31:38:38:dd:
8f:89:a6:05:ea:90:ac:5b:21:e0:59:76:2c:1b:65:33:73:6b:
94:be:ab:26:65:4f:1e:22:61:1a:04:b6:e0:b1:94:07:5c:84:
81:84:8f:08:ba:4a:c2:18:3b:84:a4:76:b2:24:f8:c4:09:9d:
70:de:45:61:e9:c4:36:d3:a1:3e:74:68:54:f2:97:12:df:67:
27:ac:d9:1d:5f:73:1b:0f:75:e4:48:37:3a:dd:da:34:ad:c4:
e9:a3:cc:72:57:4d:f5:09:02:9d:8b:bd:dc:f2:1f:34:1b:39:
d7:75:55:37
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt/FIPAAHfXP7o8qhM0ZXTOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NDUxYTJlYTQwYWYxNzE1ZTYzMTMxNjk0Njg5OTZhY2E3
MWJiOGEwHhcNMjYwMTAyMTQyMDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDFhYTRkMTkyNjM4NTE0ZDRlNTYzZWE2NGFjYjQ0M2JlNjI4Y2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszIZ/RX1YDjF77jMWJcEPkhJ7wTY
i96c9AUkcloUNDxyHcM3k8rkQ2+74zUftORS8QiCL7FsLn3Az/SBHuuyMNjhQ4/m
rtNbqf8qbZTTfyvAzoU22TVTlLAL9CAUAvjxawh4VTWvszSgBoBlhxeBmQ9WvoVf
49fCfgFAlEggYRsS4Yo4R+lHr3ooWme7Gk8n6eU8vPZ5WasvGuXAk2iHWWRLKEzs
Bfd5zB2+FQvqZ3BjxNZpJzWws3vdrBtEQ/jKpJHDYpB1lZp3mzyxG7QtuAHbGmq2
3UUXZW5LT8sVKrVJw041ruZBvdGjfRWfB/bGS9Dl6ZQdf7XCyJ+1UrJSFwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJQapNGSY4UU1OVj6mSstEO+Yoy2MB8GA1UdIwQY
MBaAFDZFGi6kCvFxXmMTFpRomWrKcbuKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmtVYUxxUUs4WEZlWXhNV2xHaVphc3B4dTRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS84YjM4MjItNmVhYS00M2EyLTlhMzIt
YmUzMDhjMTJmN2JjLzEvbEJxazBaSmpoUlRVNVdQcVpLeTBRNzVpakxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS84YjM4MjItNmVhYS00M2EyLTlhMzItYmUzMDhjMTJmN2Jj
LzEvTmtVYUxxUUs4WEZlWXhNV2xHaVphc3B4dTRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDTilIAwQD
U4kQMA0EAgACMAcDBQAgAUA4MA0GCSqGSIb3DQEBCwUAA4IBAQAuhGFB6LB4cRoi
ldDKco2EwRd2KEM+sBclojwVVHJ7ndyVpkMa7AT/TaH7ijjOjCwpqmuUAx8LdOo7
iiPaebf5LR3JdHJkOq5wrOS3n1UwVFDZqD5SbQ/p2KC/Egw+zOTuPtKEYO/rAV//
zILCjNRIbJQ21/GKF2HyDD0te5jc9JHizPsT9urht6dB+zE4ON2PiaYF6pCsWyHg
WXYsG2Uzc2uUvqsmZU8eImEaBLbgsZQHXISBhI8IukrCGDuEpHayJPjECZ1w3kVh
6cQ206E+dGhU8pcS32cnrNkdX3MbD3XkSDc63do0rcTpo8xyV031CQKdi73c8h80
GznXdVU3
-----END CERTIFICATE-----
Generated at Mon Mar 2 23:04:53 2026 by rpki-client