Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/4b5c19-821a-40ce-9168-df4a3173522b/1/7FjxNVLmNTsgp9nb0ppt16rSW84.roa
File: 7FjxNVLmNTsgp9nb0ppt16rSW84.roa (raw, json)
Hash identifier: AfsskACtTFQG8noHnyBaCKgJpWmzNL8/P7OkiLoJhQ4=
Subject key identifier: EC:58:F1:35:52:E6:35:3B:20:A7:D9:DB:D2:9A:6D:D7:AA:D2:5B:CE
Certificate issuer: /CN=75da0e63eb247d9a0b13b4cb36dd67249920bbca
Certificate serial: 019B7910FF24018FBF8D25C62D53FCA1C9B8
Authority key identifier: 75:DA:0E:63:EB:24:7D:9A:0B:13:B4:CB:36:DD:67:24:99:20:BB:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ddoOY-skfZoLE7TLNt1nJJkgu8o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/4b5c19-821a-40ce-9168-df4a3173522b/1/7FjxNVLmNTsgp9nb0ppt16rSW84.roa
Signing time: Thu 01 Jan 2026 10:18:35 +0000
ROA not before: Thu 01 Jan 2026 10:18:35 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 50025
IP address blocks: 91.229.160.0/22 maxlen: 22
91.229.164.0/23 maxlen: 23
91.229.165.0/24 maxlen: 24
195.211.180.0/22 maxlen: 22
195.211.180.0/23 maxlen: 23
195.211.180.0/24 maxlen: 24
195.211.181.0/24 maxlen: 24
195.211.182.0/23 maxlen: 23
195.211.182.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9b/4b5c19-821a-40ce-9168-df4a3173522b/1/ddoOY-skfZoLE7TLNt1nJJkgu8o.crl
rsync://rpki.ripe.net/repository/DEFAULT/9b/4b5c19-821a-40ce-9168-df4a3173522b/1/ddoOY-skfZoLE7TLNt1nJJkgu8o.mft
rsync://rpki.ripe.net/repository/DEFAULT/ddoOY-skfZoLE7TLNt1nJJkgu8o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:05:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:79:10:ff:24:01:8f:bf:8d:25:c6:2d:53:fc:a1:c9:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=75da0e63eb247d9a0b13b4cb36dd67249920bbca
Validity
Not Before: Jan 1 10:18:35 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ec58f13552e6353b20a7d9dbd29a6dd7aad25bce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:cd:5b:c6:33:bf:fe:aa:e8:5b:16:14:58:42:
9f:21:c5:3e:c7:b9:62:69:a5:e7:20:b3:da:fe:7a:
f9:74:65:d8:f5:5e:c8:2c:4f:78:cb:62:7f:08:16:
25:e8:ac:d3:1f:14:71:46:2b:6b:62:f2:61:43:dd:
83:fe:4c:44:9d:f4:da:62:08:9b:99:7d:15:df:7c:
ac:e4:5c:55:09:71:10:ba:30:ed:8c:05:e9:50:ac:
0d:56:0e:1a:b6:9e:4d:c7:1a:c4:a9:4e:7e:90:bf:
2f:61:61:fb:35:82:ab:4b:68:f9:da:82:3b:89:9d:
e1:71:62:9e:95:75:f2:df:21:e1:6d:23:ca:b0:0f:
c3:08:95:31:64:bc:e6:c8:4a:29:1f:b3:3a:dc:7a:
72:23:d7:8e:13:e3:85:d1:aa:39:71:2e:21:77:53:
1b:4b:77:64:6c:a3:73:a4:d1:c9:d7:61:d9:12:6b:
42:8e:49:a1:92:f7:13:67:13:61:84:2b:46:c6:c3:
e2:60:65:53:87:d0:3d:9e:2c:41:9e:3b:22:ee:33:
1a:e4:f2:59:23:74:07:7d:0b:4f:b4:e6:0f:59:74:
de:11:e9:65:e5:6b:6e:3a:60:6c:cc:e2:ef:05:e0:
84:e0:6c:92:c3:58:24:80:eb:65:19:05:a1:6e:ad:
7d:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:58:F1:35:52:E6:35:3B:20:A7:D9:DB:D2:9A:6D:D7:AA:D2:5B:CE
X509v3 Authority Key Identifier:
keyid:75:DA:0E:63:EB:24:7D:9A:0B:13:B4:CB:36:DD:67:24:99:20:BB:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ddoOY-skfZoLE7TLNt1nJJkgu8o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/4b5c19-821a-40ce-9168-df4a3173522b/1/7FjxNVLmNTsgp9nb0ppt16rSW84.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/4b5c19-821a-40ce-9168-df4a3173522b/1/ddoOY-skfZoLE7TLNt1nJJkgu8o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.229.160.0-91.229.165.255
195.211.180.0/22
Signature Algorithm: sha256WithRSAEncryption
67:90:35:5c:c5:90:20:39:58:36:b0:cf:da:d7:06:3a:26:6f:
8f:d9:26:b3:ba:4f:79:2e:7c:81:b9:b5:66:9e:6a:48:5a:49:
ba:50:e3:e0:30:eb:49:f5:0a:63:9b:f3:1d:52:a3:d6:1e:f5:
97:33:ab:8b:1d:fb:18:e5:bc:d6:08:51:69:ce:15:72:73:40:
4d:83:0c:88:fd:38:6c:6c:f5:8b:d5:ae:cc:77:08:ed:a2:34:
cf:ac:20:b4:f7:54:b8:c6:14:cb:26:93:f8:e1:d2:ec:97:22:
81:fa:f2:a6:6c:13:02:6a:7c:81:d4:bc:10:f3:62:a7:dc:ec:
19:2a:c4:e0:01:bc:aa:b8:31:96:47:8d:02:d5:2b:29:50:e5:
43:b3:41:af:15:5c:91:7e:26:cd:5d:87:3e:21:c8:3a:cc:29:
f4:e5:4b:0e:2c:68:52:54:97:88:69:3e:40:48:34:0e:09:8f:
7f:b3:a2:7f:48:a6:a1:4b:59:c6:a3:8a:d3:b9:23:f0:7b:d8:
e8:a6:f8:64:85:00:5f:39:45:da:b1:cd:bb:81:44:76:5c:57:
a4:ea:c7:47:a9:fa:d0:7c:3b:3e:c7:c0:2c:8f:18:f1:d0:77:
da:da:15:2c:a2:f0:56:d5:55:2c:90:f3:09:48:a1:80:87:47:
1f:51:3c:88
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZt5EP8kAY+/jSXGLVP8ocm4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZGEwZTYzZWIyNDdkOWEwYjEzYjRjYjM2ZGQ2NzI0OTky
MGJiY2EwHhcNMjYwMTAxMTAxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzU4ZjEzNTUyZTYzNTNiMjBhN2Q5ZGJkMjlhNmRkN2FhZDI1YmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4M1bxjO//qroWxYUWEKfIcU+x7li
aaXnILPa/nr5dGXY9V7ILE94y2J/CBYl6KzTHxRxRitrYvJhQ92D/kxEnfTaYgib
mX0V33ys5FxVCXEQujDtjAXpUKwNVg4atp5NxxrEqU5+kL8vYWH7NYKrS2j52oI7
iZ3hcWKelXXy3yHhbSPKsA/DCJUxZLzmyEopH7M63HpyI9eOE+OF0ao5cS4hd1Mb
S3dkbKNzpNHJ12HZEmtCjkmhkvcTZxNhhCtGxsPiYGVTh9A9nixBnjsi7jMa5PJZ
I3QHfQtPtOYPWXTeEell5WtuOmBszOLvBeCE4GySw1gkgOtlGQWhbq19lwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOxY8TVS5jU7IKfZ29Kabdeq0lvOMB8GA1UdIwQY
MBaAFHXaDmPrJH2aCxO0yzbdZySZILvKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGRvT1ktc2tmWm9MRTdUTE50MW5KSmtndThvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi80YjVjMTktODIxYS00MGNlLTkxNjgt
ZGY0YTMxNzM1MjJiLzEvN0ZqeE5WTG1OVHNncDluYjBwcHQxNnJTVzg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi80YjVjMTktODIxYS00MGNlLTkxNjgtZGY0YTMxNzM1MjJi
LzEvZGRvT1ktc2tmWm9MRTdUTE50MW5KSmtndThvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAVb5aAD
BAFb5aQDBALD07QwDQYJKoZIhvcNAQELBQADggEBAGeQNVzFkCA5WDawz9rXBjom
b4/ZJrO6T3kufIG5tWaeakhaSbpQ4+Aw60n1CmOb8x1So9Ye9Zczq4sd+xjlvNYI
UWnOFXJzQE2DDIj9OGxs9YvVrsx3CO2iNM+sILT3VLjGFMsmk/jh0uyXIoH68qZs
EwJqfIHUvBDzYqfc7BkqxOABvKq4MZZHjQLVKylQ5UOzQa8VXJF+Js1dhz4hyDrM
KfTlSw4saFJUl4hpPkBINA4Jj3+zon9IpqFLWcajitO5I/B72Oim+GSFAF85Rdqx
zbuBRHZcV6Tqx0ep+tB8Oz7HwCyPGPHQd9raFSyi8FbVVSyQ8wlIoYCHRx9RPIg=
-----END CERTIFICATE-----
Generated at Tue Mar 3 00:25:54 2026 by rpki-client