Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/tYOricibO-KabvmT8eQ1zyGrKEA.roa
File: tYOricibO-KabvmT8eQ1zyGrKEA.roa (raw, json)
Hash identifier: Lkff8lU5ZU5gKUyiaEa6wcjVoJMU/7T+t8GK7OIzhXQ=
Subject key identifier: B5:83:AB:89:C8:9B:3B:E2:9A:6E:F9:93:F1:E4:35:CF:21:AB:28:40
Certificate issuer: /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial: 019D31C26B2825C4D32776B85A0E47633BE6
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/tYOricibO-KabvmT8eQ1zyGrKEA.roa
Signing time: Sat 28 Mar 2026 00:05:18 +0000
ROA not before: Sat 28 Mar 2026 00:05:18 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 58325
IP address blocks: 212.134.220.0/22 maxlen: 22
212.135.130.0/23 maxlen: 24
212.135.132.0/23 maxlen: 24
212.135.136.0/23 maxlen: 24
212.135.138.0/23 maxlen: 24
212.135.140.0/23 maxlen: 24
212.135.142.0/23 maxlen: 24
212.135.146.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:31:c2:6b:28:25:c4:d3:27:76:b8:5a:0e:47:63:3b:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e20b034e2c497b1884488def106972704765029
Validity
Not Before: Mar 28 00:05:18 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b583ab89c89b3be29a6ef993f1e435cf21ab2840
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:aa:f4:0c:61:08:fb:3a:01:9e:82:b1:66:7e:
58:dd:ce:03:8f:58:00:8d:1c:d2:34:4f:be:9b:85:
c7:fc:e2:51:86:7b:87:0b:09:b2:77:35:1c:11:43:
06:4c:a8:85:a8:6d:c9:ce:bc:23:86:26:39:4c:65:
0f:58:5c:bb:37:4a:ae:dd:f0:cd:65:37:00:8e:d7:
9b:32:bb:05:4d:9e:6b:c6:1b:4a:31:81:55:a4:f3:
4c:dd:ab:c3:f2:dc:ee:e4:53:d2:ab:71:dd:d1:dd:
dc:9a:cb:b7:cc:0e:c8:36:b4:88:82:e1:86:31:b1:
9e:ec:5c:77:04:ee:5a:c7:13:6b:db:4a:25:b1:c5:
9a:d2:69:ae:45:0b:01:de:df:70:9f:16:c0:93:bc:
50:bd:e0:45:e7:f0:2e:9a:f3:5c:0c:c3:a9:55:47:
0c:9c:52:c5:62:4b:dc:a4:53:f6:e8:1b:aa:80:5f:
1f:bc:39:46:c0:c9:7d:63:92:5a:ea:96:10:ea:5d:
0d:c1:e2:07:ec:c7:8b:57:2b:35:a4:ee:de:8c:98:
ac:c9:34:70:20:da:84:67:2e:dc:63:e8:7a:a7:01:
ec:84:1d:27:d4:8a:5a:12:3b:2e:e3:7d:90:9a:24:
73:ef:dc:4c:c9:9c:9c:f1:e4:53:57:7d:a5:23:cf:
02:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:83:AB:89:C8:9B:3B:E2:9A:6E:F9:93:F1:E4:35:CF:21:AB:28:40
X509v3 Authority Key Identifier:
keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/tYOricibO-KabvmT8eQ1zyGrKEA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.134.220.0/22
212.135.130.0-212.135.133.255
212.135.136.0/21
212.135.146.0/23
Signature Algorithm: sha256WithRSAEncryption
b6:e6:f9:b6:ed:7f:76:48:56:e6:58:31:70:9f:a5:9c:aa:f0:
f9:67:39:56:83:5b:ea:58:f0:74:16:3c:4c:0d:e7:10:8a:17:
80:75:7b:cc:b1:8f:4b:b6:8d:77:41:f0:b1:cf:33:39:e4:6e:
5f:2e:cb:53:29:9d:4b:ef:3d:84:2c:b2:a2:43:d4:db:83:bf:
7a:3c:be:cf:2c:cd:6b:9f:70:0f:4e:eb:5a:bf:31:0d:79:62:
d9:1b:61:2f:1b:76:18:96:a6:b8:a9:e5:91:d9:3c:40:30:54:
4d:92:ab:70:04:6b:d0:57:54:7c:f9:91:46:a6:a3:0f:e7:82:
5a:6a:c2:84:ba:5d:92:6a:31:b0:9e:6a:57:0a:cb:04:84:06:
8f:33:fb:d2:7e:8f:43:07:70:ee:1d:77:1e:53:e4:7d:50:1b:
ce:6c:fa:ca:e8:74:1e:22:61:73:74:0d:d7:9a:f1:74:fc:0e:
9e:f4:bf:6c:d2:ab:3a:64:a7:e8:9a:c0:33:32:b3:6a:43:c5:
d4:b4:3e:60:ee:9a:dc:45:8d:69:15:fc:fc:8a:ae:a4:65:56:
8c:a1:00:5f:49:cb:87:05:17:3a:4c:6d:43:8c:3e:50:89:9a:
04:e7:12:1f:34:61:dc:c5:44:14:62:b0:93:7d:ae:95:d1:9b:
2f:83:6e:f8
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ0xwmsoJcTTJ3a4Wg5HYzvmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMzI4MDAwNTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTgzYWI4OWM4OWIzYmUyOWE2ZWY5OTNmMWU0MzVjZjIxYWIyODQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwar0DGEI+zoBnoKxZn5Y3c4Dj1gA
jRzSNE++m4XH/OJRhnuHCwmydzUcEUMGTKiFqG3JzrwjhiY5TGUPWFy7N0qu3fDN
ZTcAjtebMrsFTZ5rxhtKMYFVpPNM3avD8tzu5FPSq3Hd0d3cmsu3zA7INrSIguGG
MbGe7Fx3BO5axxNr20olscWa0mmuRQsB3t9wnxbAk7xQveBF5/AumvNcDMOpVUcM
nFLFYkvcpFP26BuqgF8fvDlGwMl9Y5Ja6pYQ6l0NweIH7MeLVys1pO7ejJisyTRw
INqEZy7cY+h6pwHshB0n1IpaEjsu432QmiRz79xMyZyc8eRTV32lI88C7QIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFLWDq4nImzvimm75k/HkNc8hqyhAMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvdFlPcmljaWJPLUthYnZtVDhlUTF6eUdyS0VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQC1IbcMAwD
BAHUh4IDBAHUh4QDBAPUh4gDBAHUh5IwDQYJKoZIhvcNAQELBQADggEBALbm+bbt
f3ZIVuZYMXCfpZyq8PlnOVaDW+pY8HQWPEwN5xCKF4B1e8yxj0u2jXdB8LHPMznk
bl8uy1MpnUvvPYQssqJD1NuDv3o8vs8szWufcA9O61q/MQ15YtkbYS8bdhiWprip
5ZHZPEAwVE2Sq3AEa9BXVHz5kUamow/nglpqwoS6XZJqMbCealcKywSEBo8z+9J+
j0MHcO4ddx5T5H1QG85s+srodB4iYXN0Ddea8XT8Dp70v2zSqzpkp+iawDMys2pD
xdS0PmDumtxFjWkV/PyKrqRlVoyhAF9Jy4cFFzpMbUOMPlCJmgTnEh80YdzFRBRi
sJN9rpXRmy+Dbvg=
-----END CERTIFICATE-----
Generated at Fri Apr 17 16:11:28 2026 by rpki-client