Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/faea43-f333-4509-a6db-3ac96be285e0/1/d2YpPYTenafvZ_RaINu156L8Uwo.roa
File: d2YpPYTenafvZ_RaINu156L8Uwo.roa (raw, json)
Hash identifier: CMTonUYiOCRZMLmytRZF7eJJ3JvO2VABjeLXssmZVNw=
Subject key identifier: 77:66:29:3D:84:DE:9D:A7:EF:67:F4:5A:20:DB:B5:E7:A2:FC:53:0A
Certificate issuer: /CN=859d5177077b90818c6f90ae4e44332d8cacbb74
Certificate serial: 019B7DC9361E88527C1330B05A8FD66F1210
Authority key identifier: 85:9D:51:77:07:7B:90:81:8C:6F:90:AE:4E:44:33:2D:8C:AC:BB:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hZ1Rdwd7kIGMb5CuTkQzLYysu3Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/faea43-f333-4509-a6db-3ac96be285e0/1/d2YpPYTenafvZ_RaINu156L8Uwo.roa
Signing time: Fri 02 Jan 2026 08:18:17 +0000
ROA not before: Fri 02 Jan 2026 08:18:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 50583
IP address blocks: 46.30.184.0/22 maxlen: 22
46.33.160.0/19 maxlen: 19
46.33.160.0/24 maxlen: 24
46.33.161.0/24 maxlen: 24
46.33.162.0/24 maxlen: 24
46.33.163.0/24 maxlen: 24
46.33.164.0/24 maxlen: 24
46.33.165.0/24 maxlen: 24
46.33.166.0/24 maxlen: 24
46.33.167.0/24 maxlen: 24
46.33.168.0/24 maxlen: 24
46.33.169.0/24 maxlen: 24
46.33.170.0/24 maxlen: 24
46.33.171.0/24 maxlen: 24
46.33.172.0/24 maxlen: 24
46.33.173.0/24 maxlen: 24
46.33.174.0/24 maxlen: 24
46.33.175.0/24 maxlen: 24
46.33.176.0/24 maxlen: 24
46.33.177.0/24 maxlen: 24
46.33.178.0/24 maxlen: 24
46.33.179.0/24 maxlen: 24
46.33.180.0/24 maxlen: 24
46.33.181.0/24 maxlen: 24
46.33.182.0/24 maxlen: 24
46.33.183.0/24 maxlen: 24
46.33.184.0/24 maxlen: 24
46.33.185.0/24 maxlen: 24
46.33.186.0/24 maxlen: 24
46.33.187.0/24 maxlen: 24
46.33.188.0/24 maxlen: 24
46.33.189.0/24 maxlen: 24
46.33.190.0/24 maxlen: 24
46.33.190.51/32 maxlen: 32
46.33.191.0/24 maxlen: 24
185.173.124.0/22 maxlen: 22
185.173.124.0/24 maxlen: 24
185.173.125.0/24 maxlen: 24
185.173.126.0/24 maxlen: 24
185.173.127.0/24 maxlen: 24
195.191.172.0/23 maxlen: 23
195.191.172.0/24 maxlen: 24
195.191.173.0/24 maxlen: 24
212.114.0.0/20 maxlen: 20
212.114.0.0/21 maxlen: 21
212.114.7.0/24 maxlen: 24
212.114.8.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7b/faea43-f333-4509-a6db-3ac96be285e0/1/hZ1Rdwd7kIGMb5CuTkQzLYysu3Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/7b/faea43-f333-4509-a6db-3ac96be285e0/1/hZ1Rdwd7kIGMb5CuTkQzLYysu3Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/hZ1Rdwd7kIGMb5CuTkQzLYysu3Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 14:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7d:c9:36:1e:88:52:7c:13:30:b0:5a:8f:d6:6f:12:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=859d5177077b90818c6f90ae4e44332d8cacbb74
Validity
Not Before: Jan 2 08:18:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=7766293d84de9da7ef67f45a20dbb5e7a2fc530a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:fe:2f:fb:c3:cb:2f:b7:0b:0e:e8:6a:dd:a0:
73:3c:22:b6:65:3a:39:64:87:35:40:37:41:5b:7c:
f5:b2:e5:07:ff:50:37:57:91:9a:82:38:c9:97:15:
3e:c7:d0:a5:a5:ae:6b:57:1f:e8:02:3e:4a:52:db:
f0:1a:c4:6a:1b:81:95:8f:45:a2:b9:1f:0f:7e:6a:
11:44:2e:1c:f2:0f:d5:3a:71:64:58:28:4f:78:dd:
b4:84:d6:d0:5b:f2:14:2e:cb:1b:86:93:4b:00:8e:
27:bc:ca:0c:5b:42:e8:a2:4a:04:0a:fd:f1:b3:97:
75:cb:c1:b5:95:dc:a1:5c:86:8a:47:bb:c8:96:dc:
09:b4:76:a4:1f:d3:c3:d7:e4:0a:81:5e:88:65:63:
7d:bc:cc:4c:4e:7a:a5:f1:bd:20:06:52:f1:c2:b9:
f6:ec:f2:c5:1f:a0:bc:5e:b5:7b:e7:47:cb:9e:66:
13:0f:0e:d5:01:b3:c2:e2:38:e0:87:71:d3:7e:32:
3b:6e:34:9d:be:08:9c:71:b8:ea:9d:6b:4d:93:52:
24:f3:89:e8:fc:b9:16:da:66:80:71:89:62:8a:1c:
4a:93:6b:03:aa:1a:a3:b3:4c:72:4b:35:c6:4f:12:
38:51:bc:2f:c6:e6:67:50:ee:51:4d:4e:1c:29:cf:
3c:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:66:29:3D:84:DE:9D:A7:EF:67:F4:5A:20:DB:B5:E7:A2:FC:53:0A
X509v3 Authority Key Identifier:
keyid:85:9D:51:77:07:7B:90:81:8C:6F:90:AE:4E:44:33:2D:8C:AC:BB:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hZ1Rdwd7kIGMb5CuTkQzLYysu3Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/faea43-f333-4509-a6db-3ac96be285e0/1/d2YpPYTenafvZ_RaINu156L8Uwo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/faea43-f333-4509-a6db-3ac96be285e0/1/hZ1Rdwd7kIGMb5CuTkQzLYysu3Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.30.184.0/22
46.33.160.0/19
185.173.124.0/22
195.191.172.0/23
212.114.0.0/20
Signature Algorithm: sha256WithRSAEncryption
c2:39:1e:24:f8:af:db:8e:45:a6:81:bb:b4:08:8b:4b:2a:a8:
67:18:61:e8:68:35:1b:1e:4e:5a:0e:ad:0b:b7:66:10:ef:ef:
53:49:0a:de:a0:ac:07:f7:0e:52:ff:cf:30:3d:7e:26:95:47:
25:d8:15:22:cf:27:82:3e:94:ac:15:88:97:6d:8c:36:70:ea:
de:cf:c9:03:c6:f1:2b:0b:47:6c:e6:47:56:f3:dc:1b:32:dd:
d9:2c:bc:83:c3:d3:d4:b7:7c:43:b4:20:be:9d:94:a7:6d:6d:
c6:3d:63:5f:e8:df:14:74:5c:c9:5c:6a:42:cd:6f:d4:48:3b:
24:fd:99:58:4f:57:af:02:1b:cb:1c:a0:b3:6f:e6:46:63:bd:
45:55:da:7c:c7:11:e2:52:ee:47:d2:e3:85:9f:48:63:9d:b6:
0a:e5:06:d2:ab:4f:bc:d4:f0:0a:6e:d4:84:9b:7d:d4:40:6e:
aa:81:47:47:ba:db:4f:49:65:72:41:d4:e1:b5:1d:66:06:a9:
b4:e8:a7:b9:b9:9f:21:82:00:15:f6:ab:9d:b5:7c:04:27:8e:
53:47:a9:27:be:2e:89:d2:61:81:40:58:b8:9b:fa:b2:bb:02:
a5:30:88:97:66:26:88:c8:70:f1:5c:93:ba:a8:3d:eb:dc:04:
14:46:f7:08
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZt9yTYeiFJ8EzCwWo/WbxIQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1OWQ1MTc3MDc3YjkwODE4YzZmOTBhZTRlNDQzMzJkOGNh
Y2JiNzQwHhcNMjYwMTAyMDgxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzY2MjkzZDg0ZGU5ZGE3ZWY2N2Y0NWEyMGRiYjVlN2EyZmM1MzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsP4v+8PLL7cLDuhq3aBzPCK2ZTo5
ZIc1QDdBW3z1suUH/1A3V5GagjjJlxU+x9Clpa5rVx/oAj5KUtvwGsRqG4GVj0Wi
uR8PfmoRRC4c8g/VOnFkWChPeN20hNbQW/IULssbhpNLAI4nvMoMW0LookoECv3x
s5d1y8G1ldyhXIaKR7vIltwJtHakH9PD1+QKgV6IZWN9vMxMTnql8b0gBlLxwrn2
7PLFH6C8XrV750fLnmYTDw7VAbPC4jjgh3HTfjI7bjSdvgiccbjqnWtNk1Ik84no
/LkW2maAcYliihxKk2sDqhqjs0xySzXGTxI4UbwvxuZnUO5RTU4cKc88dwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFHdmKT2E3p2n72f0WiDbteei/FMKMB8GA1UdIwQY
MBaAFIWdUXcHe5CBjG+Qrk5EMy2MrLt0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFoxUmR3ZDdrSUdNYjVDdVRrUXpMWXlzdTNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9mYWVhNDMtZjMzMy00NTA5LWE2ZGIt
M2FjOTZiZTI4NWUwLzEvZDJZcFBZVGVuYWZ2Wl9SYUlOdTE1Nkw4VXdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9mYWVhNDMtZjMzMy00NTA5LWE2ZGItM2FjOTZiZTI4NWUw
LzEvaFoxUmR3ZDdrSUdNYjVDdVRrUXpMWXlzdTNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCLh64AwQF
LiGgAwQCua18AwQBw7+sAwQE1HIAMA0GCSqGSIb3DQEBCwUAA4IBAQDCOR4k+K/b
jkWmgbu0CItLKqhnGGHoaDUbHk5aDq0Lt2YQ7+9TSQreoKwH9w5S/88wPX4mlUcl
2BUizyeCPpSsFYiXbYw2cOrez8kDxvErC0ds5kdW89wbMt3ZLLyDw9PUt3xDtCC+
nZSnbW3GPWNf6N8UdFzJXGpCzW/USDsk/ZlYT1evAhvLHKCzb+ZGY71FVdp8xxHi
Uu5H0uOFn0hjnbYK5QbSq0+81PAKbtSEm33UQG6qgUdHuttPSWVyQdThtR1mBqm0
6Ke5uZ8hggAV9qudtXwEJ45TR6knvi6J0mGBQFi4m/qyuwKlMIiXZiaIyHDxXJO6
qD3r3AQURvcI
-----END CERTIFICATE-----
Generated at Mon Mar 2 21:19:43 2026 by rpki-client