Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/kGPfhXxpreZtjaPga5IzFyy5BYc.roa
File: kGPfhXxpreZtjaPga5IzFyy5BYc.roa (raw, json)
Hash identifier: i9y196dGRt0WCvB/nvKsvdx4WF+EKGdHmOuGX6kQ6qY=
Subject key identifier: 90:63:DF:85:7C:69:AD:E6:6D:8D:A3:E0:6B:92:33:17:2C:B9:05:87
Certificate issuer: /CN=f62eeb879085c94194297dd9e4cd249cd2516515
Certificate serial: 019C8F7701859EB5F07B92B83A356930455B
Authority key identifier: F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/kGPfhXxpreZtjaPga5IzFyy5BYc.roa
Signing time: Tue 24 Feb 2026 11:44:26 +0000
ROA not before: Tue 24 Feb 2026 11:44:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 214996
IP address blocks: 159.195.12.0/22 maxlen: 22
159.195.16.0/22 maxlen: 22
159.195.91.0/24 maxlen: 24
159.195.92.0/22 maxlen: 22
159.195.107.0/24 maxlen: 24
2a0a:4cc0:101::/48 maxlen: 48
2a0a:4cc0:101::/52 maxlen: 52
2a0a:4cc0:120::/43 maxlen: 43
2a0a:4cc0:2000::/43 maxlen: 48
2a0a:4cc0:2000::/48 maxlen: 48
2a0a:4cc0:2000:4300::/56 maxlen: 56
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.mft
rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:8f:77:01:85:9e:b5:f0:7b:92:b8:3a:35:69:30:45:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f62eeb879085c94194297dd9e4cd249cd2516515
Validity
Not Before: Feb 24 11:44:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9063df857c69ade66d8da3e06b9233172cb90587
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:3d:12:32:46:43:e0:67:0a:94:11:77:70:da:
e5:61:6c:59:db:23:c9:2b:d5:38:e4:90:b9:50:78:
0d:9c:11:29:06:16:44:7b:54:2b:a6:06:dd:9a:44:
1f:d0:36:8b:0a:7f:0e:17:68:75:a8:74:6d:a9:4c:
bd:86:50:24:e7:1e:72:2a:8c:c6:d3:05:ff:a7:18:
da:50:78:11:53:3d:45:cb:43:bf:ae:34:08:2b:f1:
f4:e9:d0:ae:7e:46:5d:88:1b:da:39:ec:f6:76:15:
ce:8d:f4:17:47:25:6e:8c:1b:be:9a:98:de:c5:3d:
4c:d7:5d:87:7b:e3:2f:de:61:23:90:05:bb:f5:5d:
f5:cc:c4:9a:2c:02:44:27:e8:5f:51:1a:35:69:d2:
d1:ee:33:eb:bd:14:84:7f:e5:26:bb:ae:3b:61:b4:
c3:08:10:99:ea:7f:93:92:a4:f8:1e:17:87:19:fc:
70:11:b0:b2:1d:9e:a7:97:b4:4b:54:76:a9:b4:5c:
67:c1:72:dc:5b:cb:8d:30:90:32:d2:5f:21:1f:4b:
97:c2:25:83:29:06:f3:bb:5c:15:ae:e0:c6:4c:45:
77:2b:65:d9:c3:73:41:95:b7:e4:08:3e:d9:4f:aa:
fa:23:c9:59:64:44:04:bc:5f:cc:87:1c:2e:00:e6:
56:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:63:DF:85:7C:69:AD:E6:6D:8D:A3:E0:6B:92:33:17:2C:B9:05:87
X509v3 Authority Key Identifier:
keyid:F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/kGPfhXxpreZtjaPga5IzFyy5BYc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.195.12.0-159.195.19.255
159.195.91.0-159.195.95.255
159.195.107.0/24
IPv6:
2a0a:4cc0:101::/48
2a0a:4cc0:120::/43
2a0a:4cc0:2000::/43
Signature Algorithm: sha256WithRSAEncryption
5e:5e:fc:d1:e0:01:b5:2f:d0:38:dc:b9:11:df:1f:fb:6b:03:
58:69:f3:80:b4:ac:df:74:ae:69:3b:33:5e:fd:99:e1:47:a3:
f7:6b:61:c0:01:f3:32:85:d7:47:80:41:bb:7a:7b:bd:9f:5b:
5a:72:f8:94:f2:43:cf:82:0d:ec:03:b8:db:ef:c4:45:91:e7:
09:ee:95:66:1e:39:b2:d7:28:f5:63:e9:f9:65:22:74:3e:c8:
5e:75:dd:a7:c9:4e:ac:32:81:ec:7d:7d:30:67:62:ae:e9:91:
ee:ee:73:70:c7:be:6d:47:a8:99:cf:96:f8:0a:90:95:fa:e7:
f9:c5:f3:5d:a9:f1:38:56:1f:1d:a6:d1:ef:8b:a1:bb:d9:88:
84:f1:7d:2b:61:3b:a1:bb:70:60:eb:ce:56:ca:6e:7d:e5:c9:
e0:73:cd:4b:da:ec:bc:3a:41:e2:67:8a:29:68:a4:01:42:42:
53:dd:b8:0a:e8:14:70:0b:e2:ff:9e:7a:b9:07:d4:9b:a8:ec:
60:3e:8b:30:bc:32:08:57:e0:ed:8a:c8:3d:41:31:8a:00:e8:
24:b5:78:83:a2:be:f0:60:2c:6f:96:61:cb:f1:b0:b4:e4:94:
9c:9e:b9:86:ca:39:51:f4:47:6f:e8:69:5d:10:c8:58:d1:af:
a8:f5:31:2d
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZyPdwGFnrXwe5K4OjVpMEVbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MmVlYjg3OTA4NWM5NDE5NDI5N2RkOWU0Y2QyNDljZDI1
MTY1MTUwHhcNMjYwMjI0MTE0NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDYzZGY4NTdjNjlhZGU2NmQ4ZGEzZTA2YjkyMzMxNzJjYjkwNTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwz0SMkZD4GcKlBF3cNrlYWxZ2yPJ
K9U45JC5UHgNnBEpBhZEe1QrpgbdmkQf0DaLCn8OF2h1qHRtqUy9hlAk5x5yKozG
0wX/pxjaUHgRUz1Fy0O/rjQIK/H06dCufkZdiBvaOez2dhXOjfQXRyVujBu+mpje
xT1M112He+Mv3mEjkAW79V31zMSaLAJEJ+hfURo1adLR7jPrvRSEf+Umu647YbTD
CBCZ6n+TkqT4HheHGfxwEbCyHZ6nl7RLVHaptFxnwXLcW8uNMJAy0l8hH0uXwiWD
KQbzu1wVruDGTEV3K2XZw3NBlbfkCD7ZT6r6I8lZZEQEvF/MhxwuAOZWTQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFJBj34V8aa3mbY2j4GuSMxcsuQWHMB8GA1UdIwQY
MBaAFPYu64eQhclBlCl92eTNJJzSUWUVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzIt
NWZiZjlhMjliNmUxLzEva0dQZmhYeHByZVp0amFQZ2E1SXpGeXk1QlljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzItNWZiZjlhMjliNmUx
LzEvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTAoBAIAATAiMAwDBAKfwwwD
BAKfwxAwDAMEAJ/DWwMEBZ/DQAMEAJ/DazAhBAIAAjAbAwcAKgpMwAEBAwcFKgpM
wAEgAwcFKgpMwCAAMA0GCSqGSIb3DQEBCwUAA4IBAQBeXvzR4AG1L9A43LkR3x/7
awNYafOAtKzfdK5pOzNe/ZnhR6P3a2HAAfMyhddHgEG7enu9n1tacviU8kPPgg3s
A7jb78RFkecJ7pVmHjmy1yj1Y+n5ZSJ0Pshedd2nyU6sMoHsfX0wZ2Ku6ZHu7nNw
x75tR6iZz5b4CpCV+uf5xfNdqfE4Vh8dptHvi6G72YiE8X0rYTuhu3Bg685Wym59
5cngc81L2uy8OkHiZ4opaKQBQkJT3bgK6BRwC+L/nnq5B9SbqOxgPoswvDIIV+Dt
isg9QTGKAOgktXiDor7wYCxvlmHL8bC05JScnrmGyjlR9Edv6GldEMhY0a+o9TEt
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:30:55 2026 by rpki-client