Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/72e3a1-906c-448b-98da-5a206e8b1369/1/fjfBNYgsUNX3mydnGn3xY9hxxkI.roa
File: fjfBNYgsUNX3mydnGn3xY9hxxkI.roa (raw, json)
Hash identifier: RcxMT9Fv//tOCCRi6oIZLm/dau+OtJX1wqCmolZkb18=
Subject key identifier: 7E:37:C1:35:88:2C:50:D5:F7:9B:27:67:1A:7D:F1:63:D8:71:C6:42
Certificate issuer: /CN=09fecd7071b727db3d12f09efbb454e04d4f743d
Certificate serial: 019C56937F9580E7F304656D36408F40D00F
Authority key identifier: 09:FE:CD:70:71:B7:27:DB:3D:12:F0:9E:FB:B4:54:E0:4D:4F:74:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Cf7NcHG3J9s9EvCe-7RU4E1PdD0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/72e3a1-906c-448b-98da-5a206e8b1369/1/fjfBNYgsUNX3mydnGn3xY9hxxkI.roa
Signing time: Fri 13 Feb 2026 10:37:12 +0000
ROA not before: Fri 13 Feb 2026 10:37:12 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 207558
IP address blocks: 91.196.228.0/24 maxlen: 24
91.196.229.0/24 maxlen: 24
91.196.230.0/24 maxlen: 24
91.196.231.0/24 maxlen: 24
91.224.171.0/24 maxlen: 24
185.235.142.0/24 maxlen: 24
2a0f:d840::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/72e3a1-906c-448b-98da-5a206e8b1369/1/Cf7NcHG3J9s9EvCe-7RU4E1PdD0.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/72e3a1-906c-448b-98da-5a206e8b1369/1/Cf7NcHG3J9s9EvCe-7RU4E1PdD0.mft
rsync://rpki.ripe.net/repository/DEFAULT/Cf7NcHG3J9s9EvCe-7RU4E1PdD0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 07:00:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:56:93:7f:95:80:e7:f3:04:65:6d:36:40:8f:40:d0:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=09fecd7071b727db3d12f09efbb454e04d4f743d
Validity
Not Before: Feb 13 10:37:12 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=7e37c135882c50d5f79b27671a7df163d871c642
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:df:a9:41:d9:62:94:9d:5d:84:a6:e0:a3:db:
7b:8b:b7:ae:22:4e:84:b7:ee:79:97:c8:a8:20:dc:
34:72:b1:2f:b6:ee:0c:7c:78:46:c8:a7:50:2d:bf:
c3:c8:d0:39:0a:25:49:60:2f:de:bb:6d:b2:05:5a:
13:c5:46:9c:cf:2d:22:aa:9b:a9:68:30:8a:51:93:
7c:cd:26:04:fb:90:2b:bd:2a:e3:32:0a:b2:7e:c3:
e5:de:4e:55:fe:aa:a8:25:5d:d7:81:bb:12:be:5d:
78:25:b4:df:f6:03:23:44:19:77:b4:08:4c:b4:cf:
ff:f4:15:4e:f4:37:42:42:4c:b5:33:0a:e8:7a:81:
95:bd:02:43:dd:fc:f9:59:85:c3:9c:a6:aa:23:d9:
2c:00:f4:80:43:ae:6f:76:24:8a:9a:36:2f:0c:51:
66:d2:fc:3f:a5:c1:f8:f1:55:a2:c6:75:1a:e9:69:
54:93:49:42:78:61:0a:71:e2:9c:a6:b3:59:bf:b7:
47:01:00:a3:37:29:c6:be:a9:4d:a2:4a:9e:63:29:
56:5b:57:71:3a:a9:2a:a8:04:3a:1b:fa:6c:43:f3:
8e:58:32:74:46:be:41:f9:a2:e9:39:16:34:a9:ef:
be:cd:55:eb:63:0a:d7:09:44:24:7f:86:e7:b0:98:
6b:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:37:C1:35:88:2C:50:D5:F7:9B:27:67:1A:7D:F1:63:D8:71:C6:42
X509v3 Authority Key Identifier:
keyid:09:FE:CD:70:71:B7:27:DB:3D:12:F0:9E:FB:B4:54:E0:4D:4F:74:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cf7NcHG3J9s9EvCe-7RU4E1PdD0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/72e3a1-906c-448b-98da-5a206e8b1369/1/fjfBNYgsUNX3mydnGn3xY9hxxkI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/72e3a1-906c-448b-98da-5a206e8b1369/1/Cf7NcHG3J9s9EvCe-7RU4E1PdD0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.196.228.0/22
91.224.171.0/24
185.235.142.0/24
IPv6:
2a0f:d840::/29
Signature Algorithm: sha256WithRSAEncryption
04:59:a6:58:f3:30:50:ad:8f:92:c8:93:66:3a:c0:c1:00:37:
38:87:3c:77:39:8a:28:dc:3e:71:d9:2c:77:57:58:db:4c:8b:
4b:19:fd:d1:2c:5b:66:33:fc:a0:3e:74:3a:7d:7d:7f:db:90:
d7:ca:bc:97:99:ed:85:10:6b:1a:dd:b4:e9:4d:9a:a6:9d:42:
43:39:7e:06:2b:eb:95:7e:0c:2d:22:a6:90:5f:e2:41:71:5f:
98:f8:7c:df:96:d8:39:08:0f:4f:17:60:e3:aa:29:8c:13:fa:
03:84:a6:b0:cf:a2:bd:b8:78:19:93:41:a4:0f:f9:3e:c0:f1:
65:8e:86:83:49:09:98:08:00:d3:e1:74:06:de:6d:0b:1c:af:
d8:cc:7e:9a:be:e9:23:84:64:e4:51:6b:d2:10:e7:50:ea:00:
4d:9b:82:63:37:d5:1f:0f:63:75:74:71:b1:96:52:6d:38:9c:
61:c3:9b:85:5a:0e:ce:5e:7b:6b:22:34:88:eb:d3:a7:79:82:
98:0a:fe:3c:47:ea:c8:2a:99:44:05:2a:1e:9b:c2:68:2b:1e:
52:5f:98:53:25:1d:4e:9b:0c:ae:cc:17:3d:ce:4d:58:3f:eb:
6b:a9:8c:2f:8b:60:b1:7c:50:7c:76:c4:4f:42:27:ad:b3:26:
f6:79:08:c5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZxWk3+VgOfzBGVtNkCPQNAPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZmVjZDcwNzFiNzI3ZGIzZDEyZjA5ZWZiYjQ1NGUwNGQ0
Zjc0M2QwHhcNMjYwMjEzMTAzNzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTM3YzEzNTg4MmM1MGQ1Zjc5YjI3NjcxYTdkZjE2M2Q4NzFjNjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9+pQdlilJ1dhKbgo9t7i7euIk6E
t+55l8ioINw0crEvtu4MfHhGyKdQLb/DyNA5CiVJYC/eu22yBVoTxUaczy0iqpup
aDCKUZN8zSYE+5ArvSrjMgqyfsPl3k5V/qqoJV3XgbsSvl14JbTf9gMjRBl3tAhM
tM//9BVO9DdCQky1MwroeoGVvQJD3fz5WYXDnKaqI9ksAPSAQ65vdiSKmjYvDFFm
0vw/pcH48VWixnUa6WlUk0lCeGEKceKcprNZv7dHAQCjNynGvqlNokqeYylWW1dx
OqkqqAQ6G/psQ/OOWDJ0Rr5B+aLpORY0qe++zVXrYwrXCUQkf4bnsJhrxQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFH43wTWILFDV95snZxp98WPYccZCMB8GA1UdIwQY
MBaAFAn+zXBxtyfbPRLwnvu0VOBNT3Q9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2Y3TmNIRzNKOXM5RXZDZS03UlU0RTFQZEQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS83MmUzYTEtOTA2Yy00NDhiLTk4ZGEt
NWEyMDZlOGIxMzY5LzEvZmpmQk5ZZ3NVTlgzbXlkbkduM3hZOWh4eGtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS83MmUzYTEtOTA2Yy00NDhiLTk4ZGEtNWEyMDZlOGIxMzY5
LzEvQ2Y3TmNIRzNKOXM5RXZDZS03UlU0RTFQZEQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCW8TkAwQA
W+CrAwQAueuOMA0EAgACMAcDBQMqD9hAMA0GCSqGSIb3DQEBCwUAA4IBAQAEWaZY
8zBQrY+SyJNmOsDBADc4hzx3OYoo3D5x2Sx3V1jbTItLGf3RLFtmM/ygPnQ6fX1/
25DXyryXme2FEGsa3bTpTZqmnUJDOX4GK+uVfgwtIqaQX+JBcV+Y+Hzfltg5CA9P
F2DjqimME/oDhKawz6K9uHgZk0GkD/k+wPFljoaDSQmYCADT4XQG3m0LHK/YzH6a
vukjhGTkUWvSEOdQ6gBNm4JjN9UfD2N1dHGxllJtOJxhw5uFWg7OXntrIjSI69On
eYKYCv48R+rIKplEBSoem8JoKx5SX5hTJR1OmwyuzBc9zk1YP+trqYwvi2CxfFB8
dsRPQietsyb2eQjF
-----END CERTIFICATE-----
Generated at Mon Mar 2 13:33:17 2026 by rpki-client