Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/X9ZqGynMA1KtK65ZVtTizqC4m9M.roa
File: X9ZqGynMA1KtK65ZVtTizqC4m9M.roa (raw, json)
Hash identifier: hcMM10zcyfbfDa1u/NFR+3E0NC3GcUNUVcvC/8j8tfA=
Subject key identifier: 5F:D6:6A:1B:29:CC:03:52:AD:2B:AE:59:56:D4:E2:CE:A0:B8:9B:D3
Certificate issuer: /CN=2eeec5231d212b310579d78fc41479ca6ec2aa07
Certificate serial: 019D47B500799C158A338817C6AAD979FFE7
Authority key identifier: 2E:EE:C5:23:1D:21:2B:31:05:79:D7:8F:C4:14:79:CA:6E:C2:AA:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Lu7FIx0hKzEFedePxBR5ym7Cqgc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/X9ZqGynMA1KtK65ZVtTizqC4m9M.roa
Signing time: Wed 01 Apr 2026 06:22:17 +0000
ROA not before: Wed 01 Apr 2026 06:22:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 58002
IP address blocks: 37.208.64.0/20 maxlen: 20
77.247.232.0/21 maxlen: 21
92.241.0.0/19 maxlen: 24
92.241.0.0/21 maxlen: 21
92.241.8.0/22 maxlen: 22
92.241.12.0/23 maxlen: 23
92.241.14.0/24 maxlen: 24
92.241.18.0/24 maxlen: 24
2a00:c9c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/Lu7FIx0hKzEFedePxBR5ym7Cqgc.crl
rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/Lu7FIx0hKzEFedePxBR5ym7Cqgc.mft
rsync://rpki.ripe.net/repository/DEFAULT/Lu7FIx0hKzEFedePxBR5ym7Cqgc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:47:b5:00:79:9c:15:8a:33:88:17:c6:aa:d9:79:ff:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2eeec5231d212b310579d78fc41479ca6ec2aa07
Validity
Not Before: Apr 1 06:22:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5fd66a1b29cc0352ad2bae5956d4e2cea0b89bd3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:60:f8:07:ff:a8:72:f0:8a:bf:3d:77:c1:84:
ea:54:ba:95:50:19:68:a5:a9:27:7f:a0:29:e3:e9:
46:6a:39:f6:c5:28:b1:60:18:48:5b:e8:d6:41:17:
ba:45:09:1f:fb:62:52:19:45:06:fb:26:97:66:34:
2a:26:c8:17:0d:22:d2:a5:c4:80:21:55:77:01:5d:
18:15:b4:5c:be:56:1f:c9:08:36:a5:da:8b:90:7c:
7f:1e:29:1b:ac:5b:5b:68:3e:00:da:9e:ac:54:03:
af:4b:5f:14:43:bc:a0:af:f7:e4:3c:f7:fb:7d:08:
11:d1:b8:1e:08:43:b2:8d:5a:e5:ce:e1:36:f9:70:
e7:4b:61:7b:53:76:5a:f6:01:2c:e0:93:84:47:24:
ee:dc:fa:1b:ab:85:c0:61:34:6b:86:9c:cd:36:66:
93:f1:50:22:a3:4c:b3:33:02:c1:50:ce:7a:c5:b7:
55:d7:6e:af:90:79:b0:56:88:54:43:d2:9a:a8:b3:
26:ab:e5:90:4f:62:26:93:40:94:52:9d:d0:b1:c4:
a6:c5:f8:b5:4b:e6:41:3a:ad:46:5a:c6:77:58:20:
80:90:64:4e:a1:bf:ae:a1:83:2e:a2:db:ac:c9:27:
5c:2c:2c:1f:7c:04:bc:1f:8c:17:fa:c4:38:82:03:
b2:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:D6:6A:1B:29:CC:03:52:AD:2B:AE:59:56:D4:E2:CE:A0:B8:9B:D3
X509v3 Authority Key Identifier:
keyid:2E:EE:C5:23:1D:21:2B:31:05:79:D7:8F:C4:14:79:CA:6E:C2:AA:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lu7FIx0hKzEFedePxBR5ym7Cqgc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/X9ZqGynMA1KtK65ZVtTizqC4m9M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/Lu7FIx0hKzEFedePxBR5ym7Cqgc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.208.64.0/20
77.247.232.0/21
92.241.0.0/19
IPv6:
2a00:c9c0::/32
Signature Algorithm: sha256WithRSAEncryption
56:c3:84:60:f9:2a:4e:8f:0b:04:73:9c:51:77:6b:f8:81:08:
e9:91:e3:89:c9:63:37:88:80:43:34:f0:eb:b9:ac:bc:e5:87:
7b:94:32:7c:d1:88:69:74:10:08:45:48:3f:f2:67:d2:e9:4b:
66:26:36:c8:88:ce:8e:f1:50:f1:ff:27:08:41:53:13:00:9d:
47:e8:b3:52:99:2d:1d:51:0f:6c:e0:df:c0:93:c4:90:12:93:
bf:38:14:d6:9f:e9:50:64:0b:50:f3:ff:ed:47:c1:c5:ce:98:
a2:8c:77:28:06:8e:27:b6:3a:3c:c0:1b:af:60:2b:99:e1:53:
41:83:81:f3:ac:ce:97:92:f8:14:a2:3b:42:f6:fd:22:db:cc:
3b:28:6f:1b:0a:a9:42:9c:67:68:d7:a6:4c:10:07:8c:3e:eb:
b8:0f:08:38:08:3c:79:96:55:f7:5f:70:9a:89:73:39:cd:95:
bd:e8:9f:21:8c:f7:1f:73:19:cf:84:d0:7b:75:65:36:30:e5:
fa:c5:d2:b8:f2:2b:4a:7d:26:64:6c:62:10:75:ca:0b:3f:55:
96:7c:33:6c:52:b1:60:99:91:b6:73:6f:56:ce:ad:49:0e:bd:
e0:6f:b9:4d:b0:0f:6b:fc:10:01:91:c1:7d:14:e9:4b:54:84:
f7:12:02:45
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZ1HtQB5nBWKM4gXxqrZef/nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZWVjNTIzMWQyMTJiMzEwNTc5ZDc4ZmM0MTQ3OWNhNmVj
MmFhMDcwHhcNMjYwNDAxMDYyMjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmQ2NmExYjI5Y2MwMzUyYWQyYmFlNTk1NmQ0ZTJjZWEwYjg5YmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGD4B/+ocvCKvz13wYTqVLqVUBlo
paknf6Ap4+lGajn2xSixYBhIW+jWQRe6RQkf+2JSGUUG+yaXZjQqJsgXDSLSpcSA
IVV3AV0YFbRcvlYfyQg2pdqLkHx/HikbrFtbaD4A2p6sVAOvS18UQ7ygr/fkPPf7
fQgR0bgeCEOyjVrlzuE2+XDnS2F7U3Za9gEs4JOERyTu3Pobq4XAYTRrhpzNNmaT
8VAio0yzMwLBUM56xbdV126vkHmwVohUQ9KaqLMmq+WQT2Imk0CUUp3QscSmxfi1
S+ZBOq1GWsZ3WCCAkGROob+uoYMuotusySdcLCwffAS8H4wX+sQ4ggOyOwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFF/WahspzANSrSuuWVbU4s6guJvTMB8GA1UdIwQY
MBaAFC7uxSMdISsxBXnXj8QUecpuwqoHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHU3Rkl4MGhLekVGZWRlUHhCUjV5bTdDcWdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84Yjg1NmEtMzhhZS00Y2ZiLTgxZDIt
MjcxYTk1NzZlYWU3LzEvWDlacUd5bk1BMUt0SzY1WlZ0VGl6cUM0bTlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84Yjg1NmEtMzhhZS00Y2ZiLTgxZDItMjcxYTk1NzZlYWU3
LzEvTHU3Rkl4MGhLekVGZWRlUHhCUjV5bTdDcWdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQEJdBAAwQD
TffoAwQFXPEAMA0EAgACMAcDBQAqAMnAMA0GCSqGSIb3DQEBCwUAA4IBAQBWw4Rg
+SpOjwsEc5xRd2v4gQjpkeOJyWM3iIBDNPDruay85Yd7lDJ80YhpdBAIRUg/8mfS
6UtmJjbIiM6O8VDx/ycIQVMTAJ1H6LNSmS0dUQ9s4N/Ak8SQEpO/OBTWn+lQZAtQ
8//tR8HFzpiijHcoBo4ntjo8wBuvYCuZ4VNBg4HzrM6XkvgUojtC9v0i28w7KG8b
CqlCnGdo16ZMEAeMPuu4Dwg4CDx5llX3X3CaiXM5zZW96J8hjPcfcxnPhNB7dWU2
MOX6xdK48itKfSZkbGIQdcoLP1WWfDNsUrFgmZG2c29Wzq1JDr3gb7lNsA9r/BAB
kcF9FOlLVIT3EgJF
-----END CERTIFICATE-----
Generated at Fri Apr 17 13:28:37 2026 by rpki-client