Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/65985b-55b7-4cb7-a4f4-998783c6841d/1/iBZH9xLd0zyACP8OFYzhScTPN60.roa
File: iBZH9xLd0zyACP8OFYzhScTPN60.roa (raw, json)
Hash identifier: hb9DBt4b/awETrD9MjB0afdtZlVeiqyp5xxAKLKl4MM=
Subject key identifier: 88:16:47:F7:12:DD:D3:3C:80:08:FF:0E:15:8C:E1:49:C4:CF:37:AD
Certificate issuer: /CN=453b84e8e0e5617c34260d768f440a5131f2dcf4
Certificate serial: 019B7835568D88128E446C5432B5200CCF95
Authority key identifier: 45:3B:84:E8:E0:E5:61:7C:34:26:0D:76:8F:44:0A:51:31:F2:DC:F4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RTuE6ODlYXw0Jg12j0QKUTHy3PQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/65985b-55b7-4cb7-a4f4-998783c6841d/1/iBZH9xLd0zyACP8OFYzhScTPN60.roa
Signing time: Thu 01 Jan 2026 06:18:40 +0000
ROA not before: Thu 01 Jan 2026 06:18:40 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 207535
IP address blocks: 5.154.180.0/24 maxlen: 24
91.192.11.0/24 maxlen: 24
91.250.242.0/24 maxlen: 24
2a10:ab40::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/78/65985b-55b7-4cb7-a4f4-998783c6841d/1/RTuE6ODlYXw0Jg12j0QKUTHy3PQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/78/65985b-55b7-4cb7-a4f4-998783c6841d/1/RTuE6ODlYXw0Jg12j0QKUTHy3PQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/RTuE6ODlYXw0Jg12j0QKUTHy3PQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:01:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:78:35:56:8d:88:12:8e:44:6c:54:32:b5:20:0c:cf:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453b84e8e0e5617c34260d768f440a5131f2dcf4
Validity
Not Before: Jan 1 06:18:40 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=881647f712ddd33c8008ff0e158ce149c4cf37ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:6a:db:74:12:01:ff:7e:d8:01:a1:90:ff:54:
09:a8:6d:81:43:9b:32:d0:45:c7:8d:14:d1:01:59:
f5:b3:ee:6c:da:fb:2f:4f:95:8f:aa:4b:bf:22:2d:
15:d9:55:58:ce:96:51:d9:90:a1:d3:d8:4c:f3:14:
e0:4d:10:ca:66:1d:0c:29:ba:45:76:c3:df:27:c9:
2a:1f:fa:09:d3:b9:92:2b:27:d1:aa:b1:cc:47:f1:
23:91:8f:aa:82:ac:05:c7:69:b7:f0:72:18:32:c1:
2a:14:a3:f8:03:a9:ad:bc:00:65:61:00:b7:92:de:
ca:49:a5:7d:92:c5:3d:f2:0f:72:4d:bd:db:1a:ba:
5c:92:a3:dc:3c:49:e5:e6:fc:d8:a5:65:82:bf:d0:
c6:47:7e:26:24:bc:c9:87:5b:c1:cc:81:c2:27:98:
f9:bb:8d:87:e0:8e:1d:59:c6:59:6a:65:b5:a7:b6:
0f:4a:74:4a:94:63:d7:9a:a4:13:bf:bc:80:15:46:
78:fa:9a:d3:1a:70:10:aa:cf:7d:36:c7:99:e3:d0:
2e:f0:ee:f6:54:3a:b9:29:e0:a4:cb:ae:2f:d3:d6:
c1:28:86:6f:4a:a9:4b:63:18:09:84:dc:94:6a:88:
82:ab:a8:cd:d2:0a:9d:ad:92:fb:b2:a2:21:64:92:
fb:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:16:47:F7:12:DD:D3:3C:80:08:FF:0E:15:8C:E1:49:C4:CF:37:AD
X509v3 Authority Key Identifier:
keyid:45:3B:84:E8:E0:E5:61:7C:34:26:0D:76:8F:44:0A:51:31:F2:DC:F4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RTuE6ODlYXw0Jg12j0QKUTHy3PQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/65985b-55b7-4cb7-a4f4-998783c6841d/1/iBZH9xLd0zyACP8OFYzhScTPN60.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/65985b-55b7-4cb7-a4f4-998783c6841d/1/RTuE6ODlYXw0Jg12j0QKUTHy3PQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.154.180.0/24
91.192.11.0/24
91.250.242.0/24
IPv6:
2a10:ab40::/32
Signature Algorithm: sha256WithRSAEncryption
46:ed:9f:9b:38:ed:6d:ba:3e:aa:35:29:25:40:42:68:c2:0d:
5b:2f:2b:b7:43:2d:7f:72:f1:aa:8e:a6:1e:8f:63:c8:ff:32:
16:78:89:23:81:ab:af:ed:be:db:72:c0:0a:af:b1:c9:0f:b4:
68:ba:83:fe:72:fe:ba:f6:c7:84:c0:4a:be:3e:8d:84:14:fa:
e5:d9:8b:db:56:b6:b8:c5:ca:f6:6f:bb:2f:07:69:a0:7f:19:
3b:93:02:e4:3b:5b:cf:d0:f6:ef:c5:90:9d:54:c4:67:b0:3e:
82:d4:0c:d7:75:9f:3e:53:25:04:9a:50:71:dc:e0:7d:6c:4d:
4e:1b:0e:46:36:0c:96:c6:76:38:a5:cc:2d:28:eb:1d:66:20:
5c:25:a7:38:2a:23:72:9d:b5:e9:67:d7:1e:69:4b:f2:6f:92:
4a:68:d7:64:3c:f1:20:da:c7:93:ee:c3:96:47:ce:72:73:33:
c9:b7:51:00:97:2d:09:42:9b:5c:ad:70:8e:7a:46:48:3a:c2:
51:82:8f:38:e2:95:e8:20:f6:af:2d:02:8b:1d:f9:09:aa:c7:
eb:c2:e7:84:2d:2e:d6:04:4f:49:24:a4:01:29:28:c6:10:b8:
cb:2c:b5:24:e3:68:70:ff:01:be:fc:1b:65:42:b4:d4:88:d7:
32:bd:e6:66
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZt4NVaNiBKORGxUMrUgDM+VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1M2I4NGU4ZTBlNTYxN2MzNDI2MGQ3NjhmNDQwYTUxMzFm
MmRjZjQwHhcNMjYwMTAxMDYxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODE2NDdmNzEyZGRkMzNjODAwOGZmMGUxNThjZTE0OWM0Y2YzN2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA12rbdBIB/37YAaGQ/1QJqG2BQ5sy
0EXHjRTRAVn1s+5s2vsvT5WPqku/Ii0V2VVYzpZR2ZCh09hM8xTgTRDKZh0MKbpF
dsPfJ8kqH/oJ07mSKyfRqrHMR/EjkY+qgqwFx2m38HIYMsEqFKP4A6mtvABlYQC3
kt7KSaV9ksU98g9yTb3bGrpckqPcPEnl5vzYpWWCv9DGR34mJLzJh1vBzIHCJ5j5
u42H4I4dWcZZamW1p7YPSnRKlGPXmqQTv7yAFUZ4+prTGnAQqs99NseZ49Au8O72
VDq5KeCky64v09bBKIZvSqlLYxgJhNyUaoiCq6jN0gqdrZL7sqIhZJL7CwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFIgWR/cS3dM8gAj/DhWM4UnEzzetMB8GA1UdIwQY
MBaAFEU7hOjg5WF8NCYNdo9EClEx8tz0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlR1RTZPRGxZWHcwSmcxMmowUUtVVEh5M1BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NTk4NWItNTViNy00Y2I3LWE0ZjQt
OTk4NzgzYzY4NDFkLzEvaUJaSDl4TGQwenlBQ1A4T0ZZemhTY1RQTjYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NTk4NWItNTViNy00Y2I3LWE0ZjQtOTk4NzgzYzY4NDFk
LzEvUlR1RTZPRGxZWHcwSmcxMmowUUtVVEh5M1BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQABZq0AwQA
W8ALAwQAW/ryMA0EAgACMAcDBQAqEKtAMA0GCSqGSIb3DQEBCwUAA4IBAQBG7Z+b
OO1tuj6qNSklQEJowg1bLyu3Qy1/cvGqjqYej2PI/zIWeIkjgauv7b7bcsAKr7HJ
D7RouoP+cv669seEwEq+Po2EFPrl2YvbVra4xcr2b7svB2mgfxk7kwLkO1vP0Pbv
xZCdVMRnsD6C1AzXdZ8+UyUEmlBx3OB9bE1OGw5GNgyWxnY4pcwtKOsdZiBcJac4
KiNynbXpZ9ceaUvyb5JKaNdkPPEg2seT7sOWR85yczPJt1EAly0JQptcrXCOekZI
OsJRgo844pXoIPavLQKLHfkJqsfrwueELS7WBE9JJKQBKSjGELjLLLUk42hw/wG+
/BtlQrTUiNcyveZm
-----END CERTIFICATE-----
Generated at Tue Mar 3 00:25:39 2026 by rpki-client