Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/1a1cbe-217d-434b-ada1-44e219a9e96e/1/JzEfcqOXBzPE9VLvnSe-8HuiCh4.roa
File: JzEfcqOXBzPE9VLvnSe-8HuiCh4.roa (raw, json)
Hash identifier: sI/J98nFKovdI7bpSvPi1fcJI8B6yEKz3UIJuM8sjUs=
Subject key identifier: 27:31:1F:72:A3:97:07:33:C4:F5:52:EF:9D:27:BE:F0:7B:A2:0A:1E
Certificate issuer: /CN=9a2ebbbcbe1bf6346ed476b83c7e13a784417acd
Certificate serial: 019D76D2321684E97BC5A2525E5F3585D6C7
Authority key identifier: 9A:2E:BB:BC:BE:1B:F6:34:6E:D4:76:B8:3C:7E:13:A7:84:41:7A:CD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mi67vL4b9jRu1Ha4PH4Tp4RBes0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/71/1a1cbe-217d-434b-ada1-44e219a9e96e/1/JzEfcqOXBzPE9VLvnSe-8HuiCh4.roa
Signing time: Fri 10 Apr 2026 09:56:20 +0000
ROA not before: Fri 10 Apr 2026 09:56:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 60087
IP address blocks: 46.252.144.0/20 maxlen: 24
81.28.8.0/22 maxlen: 24
86.107.96.0/22 maxlen: 24
89.40.172.0/22 maxlen: 24
95.133.128.0/22 maxlen: 22
185.19.208.0/22 maxlen: 24
185.19.208.0/24 maxlen: 24
185.19.209.0/24 maxlen: 24
185.19.210.0/24 maxlen: 24
185.19.211.0/24 maxlen: 24
185.31.64.0/22 maxlen: 24
2a03:a500::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/71/1a1cbe-217d-434b-ada1-44e219a9e96e/1/mi67vL4b9jRu1Ha4PH4Tp4RBes0.crl
rsync://rpki.ripe.net/repository/DEFAULT/71/1a1cbe-217d-434b-ada1-44e219a9e96e/1/mi67vL4b9jRu1Ha4PH4Tp4RBes0.mft
rsync://rpki.ripe.net/repository/DEFAULT/mi67vL4b9jRu1Ha4PH4Tp4RBes0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 16:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:76:d2:32:16:84:e9:7b:c5:a2:52:5e:5f:35:85:d6:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9a2ebbbcbe1bf6346ed476b83c7e13a784417acd
Validity
Not Before: Apr 10 09:56:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=27311f72a3970733c4f552ef9d27bef07ba20a1e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:62:bd:72:13:0a:62:1f:29:ca:74:4c:2e:ba:
bc:73:fe:d0:4a:bd:3d:c5:10:7f:cf:33:f4:8b:15:
d6:b7:43:99:34:92:f9:41:34:90:e9:e1:bc:40:9d:
20:b7:23:90:be:79:f4:59:6d:46:7e:56:6d:43:a1:
f5:ab:b4:2f:4b:ce:f4:89:0c:91:01:5e:e4:4c:86:
4c:5e:b6:09:9e:08:f9:da:f0:08:7d:79:d6:61:19:
f1:6a:a5:92:f4:ec:86:73:87:ec:5d:1c:48:53:c6:
90:8a:20:52:90:7a:d0:47:01:07:2f:45:dc:93:d3:
19:f8:a5:80:77:5b:a3:f4:76:81:f8:9f:89:31:bc:
36:bd:cc:f1:34:46:8f:1d:7f:db:c9:38:bc:ea:e2:
05:61:cd:b2:22:c8:b0:d5:b4:88:62:05:a9:05:81:
d2:40:f5:c0:04:e4:d4:02:cf:26:ca:ab:9c:e3:e9:
8e:91:8b:03:af:7c:ec:05:a2:99:12:55:48:2e:d3:
09:d1:3d:de:10:2e:9a:55:17:d4:9d:98:39:59:20:
38:f7:0d:f5:af:eb:b2:06:34:a3:68:c6:c2:4d:ee:
92:26:ef:02:8a:02:0a:c8:f7:bb:c2:49:46:d7:94:
c7:74:f6:f2:08:3b:97:34:e9:b7:63:a2:36:2f:35:
be:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:31:1F:72:A3:97:07:33:C4:F5:52:EF:9D:27:BE:F0:7B:A2:0A:1E
X509v3 Authority Key Identifier:
keyid:9A:2E:BB:BC:BE:1B:F6:34:6E:D4:76:B8:3C:7E:13:A7:84:41:7A:CD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mi67vL4b9jRu1Ha4PH4Tp4RBes0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/1a1cbe-217d-434b-ada1-44e219a9e96e/1/JzEfcqOXBzPE9VLvnSe-8HuiCh4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/71/1a1cbe-217d-434b-ada1-44e219a9e96e/1/mi67vL4b9jRu1Ha4PH4Tp4RBes0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.252.144.0/20
81.28.8.0/22
86.107.96.0/22
89.40.172.0/22
95.133.128.0/22
185.19.208.0/22
185.31.64.0/22
IPv6:
2a03:a500::/32
Signature Algorithm: sha256WithRSAEncryption
a6:9a:ed:b3:7a:4a:3a:b8:f1:f0:7b:e1:96:58:8c:5c:87:a1:
ec:9e:75:fd:38:4b:fa:f7:ba:09:46:7d:24:e7:85:da:e1:57:
c5:ea:46:bf:d8:0e:7d:3e:e4:17:df:15:bd:2a:a6:35:3c:95:
37:99:d4:59:24:c7:c0:c1:cc:13:00:26:68:3a:72:07:64:03:
e5:e7:25:db:98:09:cf:42:c1:98:b8:bc:8d:10:24:25:1d:7c:
2c:20:bb:17:21:df:1c:28:24:8c:b3:f5:d9:21:0e:12:41:12:
1c:0b:60:3f:35:1e:0d:38:da:8f:0e:5c:cd:13:e6:be:8a:f2:
43:d3:ef:59:3f:61:4c:42:49:92:79:35:90:97:f3:ab:a3:fd:
32:70:ed:c1:5d:89:52:dd:bb:b5:79:4a:15:2a:2c:78:0f:8f:
bd:bb:ab:8a:2c:f8:13:d7:d0:fe:fc:c8:f4:6e:52:7c:14:12:
5c:67:55:24:1c:65:ff:93:cd:58:64:86:fe:74:68:57:08:5c:
42:63:ab:02:16:3e:aa:6e:f8:4c:85:8d:b1:ac:c8:55:63:96:
e6:a9:74:81:12:56:ae:6e:96:5e:48:02:a2:cf:7e:9a:30:3f:
45:48:de:35:51:34:fa:b9:90:6d:c9:80:d3:99:46:e0:36:6e:
84:0b:d3:22
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZ120jIWhOl7xaJSXl81hdbHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMmViYmJjYmUxYmY2MzQ2ZWQ0NzZiODNjN2UxM2E3ODQ0
MTdhY2QwHhcNMjYwNDEwMDk1NjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzMxMWY3MmEzOTcwNzMzYzRmNTUyZWY5ZDI3YmVmMDdiYTIwYTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWK9chMKYh8pynRMLrq8c/7QSr09
xRB/zzP0ixXWt0OZNJL5QTSQ6eG8QJ0gtyOQvnn0WW1GflZtQ6H1q7QvS870iQyR
AV7kTIZMXrYJngj52vAIfXnWYRnxaqWS9OyGc4fsXRxIU8aQiiBSkHrQRwEHL0Xc
k9MZ+KWAd1uj9HaB+J+JMbw2vczxNEaPHX/byTi86uIFYc2yIsiw1bSIYgWpBYHS
QPXABOTUAs8myquc4+mOkYsDr3zsBaKZElVILtMJ0T3eEC6aVRfUnZg5WSA49w31
r+uyBjSjaMbCTe6SJu8CigIKyPe7wklG15THdPbyCDuXNOm3Y6I2LzW+zQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFCcxH3KjlwczxPVS750nvvB7ogoeMB8GA1UdIwQY
MBaAFJouu7y+G/Y0btR2uDx+E6eEQXrNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWk2N3ZMNGI5alJ1MUhhNFBINFRwNFJCZXMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS8xYTFjYmUtMjE3ZC00MzRiLWFkYTEt
NDRlMjE5YTllOTZlLzEvSnpFZmNxT1hCelBFOVZMdm5TZS04SHVpQ2g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS8xYTFjYmUtMjE3ZC00MzRiLWFkYTEtNDRlMjE5YTllOTZl
LzEvbWk2N3ZMNGI5alJ1MUhhNFBINFRwNFJCZXMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQELvyQAwQC
URwIAwQCVmtgAwQCWSisAwQCX4WAAwQCuRPQAwQCuR9AMA0EAgACMAcDBQAqA6UA
MA0GCSqGSIb3DQEBCwUAA4IBAQCmmu2zeko6uPHwe+GWWIxch6HsnnX9OEv697oJ
Rn0k54Xa4VfF6ka/2A59PuQX3xW9KqY1PJU3mdRZJMfAwcwTACZoOnIHZAPl5yXb
mAnPQsGYuLyNECQlHXwsILsXId8cKCSMs/XZIQ4SQRIcC2A/NR4NONqPDlzNE+a+
ivJD0+9ZP2FMQkmSeTWQl/Oro/0ycO3BXYlS3bu1eUoVKix4D4+9u6uKLPgT19D+
/Mj0blJ8FBJcZ1UkHGX/k81YZIb+dGhXCFxCY6sCFj6qbvhMhY2xrMhVY5bmqXSB
ElaubpZeSAKiz36aMD9FSN41UTT6uZBtyYDTmUbgNm6EC9Mi
-----END CERTIFICATE-----
Generated at Fri Apr 17 23:24:53 2026 by rpki-client