Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/k82VZQjPTfp29HOrsd4ebLlbLLQ.roa
File: k82VZQjPTfp29HOrsd4ebLlbLLQ.roa (raw, json)
Hash identifier: mCVrb2F3QQSAvERyzJs5ziCWnKSLVC3ur8XxDFUzHh0=
Subject key identifier: 93:CD:95:65:08:CF:4D:FA:76:F4:73:AB:B1:DE:1E:6C:B9:5B:2C:B4
Certificate issuer: /CN=20a7fcbe59314c372b68f232223828b1e33a03ec
Certificate serial: 019B78A306C1025C803F4F053DCFC1D48663
Authority key identifier: 20:A7:FC:BE:59:31:4C:37:2B:68:F2:32:22:38:28:B1:E3:3A:03:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IKf8vlkxTDcraPIyIjgoseM6A-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/k82VZQjPTfp29HOrsd4ebLlbLLQ.roa
Signing time: Thu 01 Jan 2026 08:18:28 +0000
ROA not before: Thu 01 Jan 2026 08:18:28 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 208365
IP address blocks: 31.223.186.0/24 maxlen: 24
45.151.76.0/24 maxlen: 24
45.151.77.0/24 maxlen: 24
45.151.78.0/24 maxlen: 24
45.151.79.0/24 maxlen: 24
81.22.32.0/24 maxlen: 24
81.22.33.0/24 maxlen: 24
81.22.34.0/24 maxlen: 24
81.22.35.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/IKf8vlkxTDcraPIyIjgoseM6A-w.crl
rsync://rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/IKf8vlkxTDcraPIyIjgoseM6A-w.mft
rsync://rpki.ripe.net/repository/DEFAULT/IKf8vlkxTDcraPIyIjgoseM6A-w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:05:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:78:a3:06:c1:02:5c:80:3f:4f:05:3d:cf:c1:d4:86:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=20a7fcbe59314c372b68f232223828b1e33a03ec
Validity
Not Before: Jan 1 08:18:28 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=93cd956508cf4dfa76f473abb1de1e6cb95b2cb4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:2f:82:dc:f5:e4:a7:4a:13:73:25:2e:3c:ca:
d6:52:7f:ef:44:a7:8e:b5:c3:27:52:7a:e2:76:01:
44:e9:0f:49:d8:5b:5d:6c:b2:3e:69:b0:c6:48:a3:
9b:a7:27:59:45:a6:ec:75:9b:78:eb:9e:5b:c2:ba:
28:52:c9:cc:0e:79:53:41:b9:f7:c6:7d:e9:84:89:
ca:6c:b9:e7:48:a6:8f:52:e9:66:36:96:84:81:1e:
85:3b:17:f9:e8:09:75:df:c1:1b:01:bf:69:38:ff:
19:d2:09:55:df:86:2c:6e:64:d1:15:8b:67:62:be:
0b:97:fe:85:7e:6b:2d:47:07:21:36:de:10:89:c9:
10:80:e6:1b:4c:94:58:3f:a0:0d:ac:5a:e0:d3:39:
85:e0:d2:dc:c4:00:51:62:4a:eb:09:35:bb:0f:bd:
d6:2b:0e:ee:d5:1d:ea:a7:0c:1a:ac:2a:0b:6f:7e:
71:96:97:ea:b0:51:d6:7d:cf:ce:a9:1f:a1:97:25:
b9:11:0a:95:4b:e2:64:59:66:05:a8:f9:52:94:04:
15:d1:af:26:b7:50:63:f7:d9:cb:ce:19:a6:2a:8a:
af:37:2b:d3:a6:ff:0d:05:0f:4c:32:55:75:94:20:
28:76:e9:2f:db:f2:48:c2:68:37:43:d3:fd:0e:24:
f5:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:CD:95:65:08:CF:4D:FA:76:F4:73:AB:B1:DE:1E:6C:B9:5B:2C:B4
X509v3 Authority Key Identifier:
keyid:20:A7:FC:BE:59:31:4C:37:2B:68:F2:32:22:38:28:B1:E3:3A:03:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IKf8vlkxTDcraPIyIjgoseM6A-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/k82VZQjPTfp29HOrsd4ebLlbLLQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/IKf8vlkxTDcraPIyIjgoseM6A-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.223.186.0/24
45.151.76.0/22
81.22.32.0/22
Signature Algorithm: sha256WithRSAEncryption
9b:4c:da:ae:41:95:12:90:5b:01:47:fe:85:d4:b6:50:53:ed:
8d:bc:44:38:93:87:d8:ab:e5:0e:90:ea:a1:c1:85:ba:7d:cf:
b9:cc:a3:48:85:00:dd:57:c7:c5:bd:8b:ef:02:db:a8:a1:b0:
0b:1c:ee:a2:88:a1:3f:c1:b9:17:ae:ee:b1:f8:0d:c1:fd:8c:
e3:ee:26:e6:c4:f6:80:9e:90:66:15:00:01:7e:ec:f9:ba:e2:
65:3b:9e:08:d8:fa:e6:6c:fa:1f:06:77:a1:22:1e:4d:d7:ae:
f1:75:d4:b4:75:34:9e:29:2c:ac:31:8f:41:e4:58:72:cc:cd:
f0:ff:dd:43:53:45:88:fc:e9:65:97:75:02:fc:c1:55:15:72:
3e:47:2c:01:92:55:7a:b5:cd:26:db:fc:67:6c:bb:89:17:1d:
38:16:cb:c5:2f:ab:51:1d:cd:99:ef:ee:ab:72:26:8c:03:fa:
c5:a7:ec:96:8e:e9:78:67:c2:52:79:a0:a1:52:f8:bb:22:59:
1c:24:c0:03:83:e3:62:1f:f8:3d:17:ab:98:36:5d:1b:81:98:
b1:8a:a6:4f:e5:b5:70:6a:e3:58:6e:58:33:6a:50:2b:60:61:
d8:fc:0c:cc:63:03:6e:00:d5:51:8d:06:f1:ef:32:97:44:ed:
bb:42:f3:a0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt4owbBAlyAP08FPc/B1IZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYTdmY2JlNTkzMTRjMzcyYjY4ZjIzMjIyMzgyOGIxZTMz
YTAzZWMwHhcNMjYwMTAxMDgxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2NkOTU2NTA4Y2Y0ZGZhNzZmNDczYWJiMWRlMWU2Y2I5NWIyY2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjy+C3PXkp0oTcyUuPMrWUn/vRKeO
tcMnUnridgFE6Q9J2FtdbLI+abDGSKObpydZRabsdZt4655bwrooUsnMDnlTQbn3
xn3phInKbLnnSKaPUulmNpaEgR6FOxf56Al138EbAb9pOP8Z0glV34YsbmTRFYtn
Yr4Ll/6FfmstRwchNt4QickQgOYbTJRYP6ANrFrg0zmF4NLcxABRYkrrCTW7D73W
Kw7u1R3qpwwarCoLb35xlpfqsFHWfc/OqR+hlyW5EQqVS+JkWWYFqPlSlAQV0a8m
t1Bj99nLzhmmKoqvNyvTpv8NBQ9MMlV1lCAodukv2/JIwmg3Q9P9DiT1OwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJPNlWUIz036dvRzq7HeHmy5Wyy0MB8GA1UdIwQY
MBaAFCCn/L5ZMUw3K2jyMiI4KLHjOgPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUtmOHZsa3hURGNyYVBJeUlqZ29zZU02QS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9jMzk4OGUtODY1NC00MzExLTgyOTIt
NDI2MDM5Nzg4OTE5LzEvazgyVlpRalBUZnAyOUhPcnNkNGViTGxiTExRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9jMzk4OGUtODY1NC00MzExLTgyOTItNDI2MDM5Nzg4OTE5
LzEvSUtmOHZsa3hURGNyYVBJeUlqZ29zZU02QS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAH9+6AwQC
LZdMAwQCURYgMA0GCSqGSIb3DQEBCwUAA4IBAQCbTNquQZUSkFsBR/6F1LZQU+2N
vEQ4k4fYq+UOkOqhwYW6fc+5zKNIhQDdV8fFvYvvAtuoobALHO6iiKE/wbkXru6x
+A3B/Yzj7ibmxPaAnpBmFQABfuz5uuJlO54I2PrmbPofBnehIh5N167xddS0dTSe
KSysMY9B5FhyzM3w/91DU0WI/Olll3UC/MFVFXI+RywBklV6tc0m2/xnbLuJFx04
FsvFL6tRHc2Z7+6rciaMA/rFp+yWjul4Z8JSeaChUvi7IlkcJMADg+NiH/g9F6uY
Nl0bgZixiqZP5bVwauNYblgzalArYGHY/AzMYwNuANVRjQbx7zKXRO27QvOg
-----END CERTIFICATE-----
Generated at Mon Mar 2 23:05:05 2026 by rpki-client