Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/0-0aZ6-8EEmgPfcY5U7C5NdNA2U.roa
File: 0-0aZ6-8EEmgPfcY5U7C5NdNA2U.roa (raw, json)
Hash identifier: rl4srRHZEw9BtxFJSfiItkHlastSWfYok5CtgXEBFDc=
Subject key identifier: D3:ED:1A:67:AF:BC:10:49:A0:3D:F7:18:E5:4E:C2:E4:D7:4D:03:65
Certificate issuer: /CN=bfe3971a32c0692c4e342e911790662470cf31b2
Certificate serial: 019ED025B9886BC454FB9A055F85301BFEFF
Authority key identifier: BF:E3:97:1A:32:C0:69:2C:4E:34:2E:91:17:90:66:24:70:CF:31:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v-OXGjLAaSxONC6RF5BmJHDPMbI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/0-0aZ6-8EEmgPfcY5U7C5NdNA2U.roa
Signing time: Tue 16 Jun 2026 11:16:33 +0000
ROA not before: Tue 16 Jun 2026 11:16:33 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 207208
IP address blocks: 5.181.191.0/24 maxlen: 24
185.1.217.0/24 maxlen: 24
2001:67c:2498::/48 maxlen: 48
2a09:d581::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/v-OXGjLAaSxONC6RF5BmJHDPMbI.crl
rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/v-OXGjLAaSxONC6RF5BmJHDPMbI.mft
rsync://rpki.ripe.net/repository/DEFAULT/v-OXGjLAaSxONC6RF5BmJHDPMbI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 18 Jun 2026 05:01:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:d0:25:b9:88:6b:c4:54:fb:9a:05:5f:85:30:1b:fe:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bfe3971a32c0692c4e342e911790662470cf31b2
Validity
Not Before: Jun 16 11:16:33 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d3ed1a67afbc1049a03df718e54ec2e4d74d0365
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:c1:bd:1d:06:ce:20:f5:f6:a0:4a:f8:71:8d:
07:08:8a:a3:2f:67:a4:ca:d2:f5:fb:f0:dc:f1:3b:
12:d6:fc:63:c7:1a:b9:99:0a:8e:16:ba:97:45:e8:
6a:6c:e2:ab:16:c7:cd:58:a9:bc:40:a8:be:5d:58:
85:ca:76:24:91:75:b5:d6:20:80:0f:1c:4e:2a:0d:
2a:1a:d1:52:9b:f3:2f:b1:da:09:6a:da:86:97:f1:
73:72:68:cf:a2:b5:d7:54:73:8e:82:80:cd:6d:63:
b0:a2:e9:78:4d:6c:23:bb:5e:2f:17:ed:d9:a2:8e:
04:09:cb:f1:2f:41:97:a7:3e:66:b8:1a:5c:62:b8:
25:bc:b3:91:b3:01:06:bf:9b:3d:60:ab:56:fe:bb:
8a:a8:e5:56:01:c2:9d:d4:7c:22:bf:ee:88:71:f7:
7b:30:09:c9:fc:80:3b:d6:f7:14:7e:e5:cd:2f:5c:
ea:a3:c7:cc:9f:9d:18:2f:65:91:26:22:93:4d:48:
ee:41:31:63:1c:0c:68:02:81:09:cb:d7:0c:34:7d:
fc:57:f9:95:7f:22:b1:ba:69:6e:ad:34:28:be:86:
29:33:2c:5a:80:0f:73:3f:90:8b:3c:6d:3a:24:9a:
c5:0b:22:2e:33:55:95:f1:6f:03:3b:dc:0f:9f:43:
87:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:ED:1A:67:AF:BC:10:49:A0:3D:F7:18:E5:4E:C2:E4:D7:4D:03:65
X509v3 Authority Key Identifier:
keyid:BF:E3:97:1A:32:C0:69:2C:4E:34:2E:91:17:90:66:24:70:CF:31:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v-OXGjLAaSxONC6RF5BmJHDPMbI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/0-0aZ6-8EEmgPfcY5U7C5NdNA2U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/v-OXGjLAaSxONC6RF5BmJHDPMbI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.181.191.0/24
185.1.217.0/24
IPv6:
2001:67c:2498::/48
2a09:d581::/32
Signature Algorithm: sha256WithRSAEncryption
03:bf:eb:c3:fb:7e:4d:36:8a:6f:60:43:67:0d:98:c2:6c:77:
e2:85:7e:7e:99:0c:b6:ae:84:0b:bf:b7:79:ab:e6:2c:75:94:
20:80:63:eb:8b:a7:16:9f:6c:01:15:f8:46:aa:4f:04:7e:e9:
1e:8d:69:a7:08:7f:42:7e:e5:e7:75:d0:ef:4c:12:90:a9:fd:
d3:1e:85:ae:e4:a5:c5:55:02:a9:36:9e:b1:15:71:70:11:a6:
17:26:8a:17:b4:2c:20:47:c9:fa:e7:66:55:e3:e8:39:0e:e7:
e2:2b:05:59:50:6f:14:bc:b2:1f:81:d5:ea:92:4a:ab:e8:74:
b0:f4:43:11:48:77:ee:97:e5:7a:6c:7f:cc:ce:8a:24:a2:53:
ea:38:8d:8f:61:e3:fb:70:a2:bb:0e:de:ec:23:34:b2:b1:d4:
d5:28:c7:a5:dc:51:1e:78:19:07:b1:4d:64:dd:02:03:3d:57:
15:a8:d3:0c:9d:df:5e:31:57:2a:81:74:7d:32:e6:a6:8e:2f:
6a:7f:be:ae:68:6f:0a:cd:ce:39:e0:e0:90:78:31:d4:cb:b0:
e4:8e:02:7c:29:61:23:8f:c0:57:d9:d9:8a:20:ae:72:0a:05:
c1:f0:2e:39:ab:2e:a6:b1:d4:d5:5d:63:f7:eb:55:70:be:03:
30:7c:d3:3c
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ7QJbmIa8RU+5oFX4UwG/7/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZTM5NzFhMzJjMDY5MmM0ZTM0MmU5MTE3OTA2NjI0NzBj
ZjMxYjIwHhcNMjYwNjE2MTExNjMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2VkMWE2N2FmYmMxMDQ5YTAzZGY3MThlNTRlYzJlNGQ3NGQwMzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7sG9HQbOIPX2oEr4cY0HCIqjL2ek
ytL1+/Dc8TsS1vxjxxq5mQqOFrqXRehqbOKrFsfNWKm8QKi+XViFynYkkXW11iCA
DxxOKg0qGtFSm/MvsdoJatqGl/FzcmjPorXXVHOOgoDNbWOwoul4TWwju14vF+3Z
oo4ECcvxL0GXpz5muBpcYrglvLORswEGv5s9YKtW/ruKqOVWAcKd1Hwiv+6Icfd7
MAnJ/IA71vcUfuXNL1zqo8fMn50YL2WRJiKTTUjuQTFjHAxoAoEJy9cMNH38V/mV
fyKxumlurTQovoYpMyxagA9zP5CLPG06JJrFCyIuM1WV8W8DO9wPn0OHmQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNPtGmevvBBJoD33GOVOwuTXTQNlMB8GA1UdIwQY
MBaAFL/jlxoywGksTjQukReQZiRwzzGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdi1PWEdqTEFhU3hPTkM2UkY1Qm1KSERQTWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9kNzZiZjgtNTQxZi00ZWZjLTk4YzUt
YzRkY2M3ZjZiN2RmLzEvMC0wYVo2LThFRW1nUGZjWTVVN0M1TmROQTJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9kNzZiZjgtNTQxZi00ZWZjLTk4YzUtYzRkY2M3ZjZiN2Rm
LzEvdi1PWEdqTEFhU3hPTkM2UkY1Qm1KSERQTWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQABbW/AwQA
uQHZMBYEAgACMBADBwAgAQZ8JJgDBQAqCdWBMA0GCSqGSIb3DQEBCwUAA4IBAQAD
v+vD+35NNopvYENnDZjCbHfihX5+mQy2roQLv7d5q+YsdZQggGPri6cWn2wBFfhG
qk8EfukejWmnCH9CfuXnddDvTBKQqf3THoWu5KXFVQKpNp6xFXFwEaYXJooXtCwg
R8n652ZV4+g5DufiKwVZUG8UvLIfgdXqkkqr6HSw9EMRSHful+V6bH/MzookolPq
OI2PYeP7cKK7Dt7sIzSysdTVKMel3FEeeBkHsU1k3QIDPVcVqNMMnd9eMVcqgXR9
Muamji9qf76uaG8Kzc454OCQeDHUy7DkjgJ8KWEjj8BX2dmKIK5yCgXB8C45qy6m
sdTVXWP361VwvgMwfNM8
-----END CERTIFICATE-----
Generated at Wed Jun 17 15:28:33 2026 by rpki-client