Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/8a322f-dc28-422f-b570-58b64d557c0c/1/_vmewA9W8DyxXaiP_EZ3cz5dROk.roa
File: _vmewA9W8DyxXaiP_EZ3cz5dROk.roa (raw, json)
Hash identifier: SjnU2OshL4XrUnyu6qZvohhXfN1UkCVyA6v9bEVIxns=
Subject key identifier: FE:F9:9E:C0:0F:56:F0:3C:B1:5D:A8:8F:FC:46:77:73:3E:5D:44:E9
Certificate issuer: /CN=f9e00abe184a625b76f8d1fbceef817aaf71415b
Certificate serial: 019C7FFD85635EBE09D7A195DE2E3D679EED
Authority key identifier: F9:E0:0A:BE:18:4A:62:5B:76:F8:D1:FB:CE:EF:81:7A:AF:71:41:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-eAKvhhKYlt2-NH7zu-Beq9xQVs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9f/8a322f-dc28-422f-b570-58b64d557c0c/1/_vmewA9W8DyxXaiP_EZ3cz5dROk.roa
Signing time: Sat 21 Feb 2026 11:37:26 +0000
ROA not before: Sat 21 Feb 2026 11:37:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 212706
IP address blocks: 89.169.5.0/24 maxlen: 24
89.169.6.0/24 maxlen: 24
89.169.8.0/24 maxlen: 24
89.169.9.0/24 maxlen: 24
89.169.10.0/24 maxlen: 24
89.169.11.0/24 maxlen: 24
93.183.68.0/24 maxlen: 24
93.183.69.0/24 maxlen: 24
93.183.70.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9f/8a322f-dc28-422f-b570-58b64d557c0c/1/1-eAKvhhKYlt2-NH7zu-Beq9xQVs.crl
rsync://rpki.ripe.net/repository/DEFAULT/9f/8a322f-dc28-422f-b570-58b64d557c0c/1/1-eAKvhhKYlt2-NH7zu-Beq9xQVs.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-eAKvhhKYlt2-NH7zu-Beq9xQVs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:05:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:7f:fd:85:63:5e:be:09:d7:a1:95:de:2e:3d:67:9e:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f9e00abe184a625b76f8d1fbceef817aaf71415b
Validity
Not Before: Feb 21 11:37:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fef99ec00f56f03cb15da88ffc4677733e5d44e9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:4a:ea:9c:4f:05:01:d4:a6:15:e9:cf:a7:20:
45:0b:82:65:40:d7:d8:ad:3a:52:2a:73:e1:e1:5b:
d3:75:71:6c:f9:8a:96:b6:9c:c2:b7:f6:00:ad:ed:
40:8c:f0:92:23:34:33:51:b2:42:4f:de:0d:e1:a5:
d1:ce:52:53:3d:bc:90:17:7a:49:98:22:d7:05:c7:
6b:6c:a9:e6:1f:74:48:64:99:1d:25:24:36:ae:9a:
44:c8:08:ac:a7:da:9e:27:fc:ac:84:d4:47:94:d5:
3d:ea:a3:37:1f:2d:54:43:6c:40:9f:af:e3:5d:4b:
81:e1:9c:a1:18:f7:11:79:67:a9:e4:bb:b4:94:55:
7e:c8:ca:74:e3:a4:ca:c0:c0:f6:6c:62:09:11:ca:
d4:78:83:d8:bd:2a:be:de:f2:9e:29:98:bb:48:61:
29:f4:18:97:4a:88:10:31:c1:a4:d9:d9:ca:17:2f:
41:d2:d0:05:12:e8:0d:95:6a:de:73:b2:bd:b5:2e:
61:60:99:ae:83:ab:4a:eb:f4:7f:07:bf:38:3f:eb:
9d:1c:df:5d:6b:8d:e9:af:59:86:c6:c9:7d:e3:db:
8a:50:3a:4e:8c:04:13:f5:5f:23:b9:81:36:84:16:
a6:d8:92:84:fb:cd:14:01:07:b0:3d:2f:c1:6f:2b:
82:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:F9:9E:C0:0F:56:F0:3C:B1:5D:A8:8F:FC:46:77:73:3E:5D:44:E9
X509v3 Authority Key Identifier:
keyid:F9:E0:0A:BE:18:4A:62:5B:76:F8:D1:FB:CE:EF:81:7A:AF:71:41:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-eAKvhhKYlt2-NH7zu-Beq9xQVs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/8a322f-dc28-422f-b570-58b64d557c0c/1/_vmewA9W8DyxXaiP_EZ3cz5dROk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/8a322f-dc28-422f-b570-58b64d557c0c/1/1-eAKvhhKYlt2-NH7zu-Beq9xQVs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.169.5.0-89.169.6.255
89.169.8.0/22
93.183.68.0-93.183.70.255
Signature Algorithm: sha256WithRSAEncryption
89:20:6e:c2:28:30:9d:94:77:99:f8:cf:15:31:d3:a5:79:c1:
8d:a7:91:88:5e:51:99:32:39:c6:c4:65:72:62:36:ef:71:d4:
14:64:a9:77:31:37:ea:29:7d:07:5f:32:ff:2e:f3:b5:60:74:
67:4d:34:2a:5d:87:15:02:93:57:aa:26:e7:1e:10:3b:1e:30:
1b:35:69:6a:8c:67:8a:48:17:6f:0c:89:19:0a:b7:56:24:5c:
49:51:5e:28:ea:2c:96:cc:f6:36:6d:fb:45:9c:8b:9a:0a:25:
6c:88:61:be:4c:bd:d2:1f:35:46:9b:e6:a3:4b:68:45:25:52:
70:26:a2:4d:b3:56:26:3a:6f:9e:b5:2a:ee:b9:76:9b:94:56:
c6:89:8f:5d:f8:7f:0d:4a:ae:f2:79:15:08:5f:ba:5d:ae:d1:
ee:2d:2d:2a:c5:46:e9:cf:0b:9b:97:37:d8:4b:b8:44:c1:a3:
9a:87:41:8c:61:07:5a:db:75:b0:6a:43:92:41:c3:75:15:ed:
2e:ff:bb:82:2f:72:4b:83:d8:5e:eb:d5:19:94:89:d1:41:f3:
ac:4c:e4:54:5c:8b:0a:9c:f3:71:ba:41:8c:50:a5:d7:44:22:
eb:37:b9:9a:d6:8e:19:d7:28:93:25:47:d3:93:da:a5:83:bd:
5d:d4:cf:55
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZx//YVjXr4J16GV3i49Z57tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5ZTAwYWJlMTg0YTYyNWI3NmY4ZDFmYmNlZWY4MTdhYWY3
MTQxNWIwHhcNMjYwMjIxMTEzNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWY5OWVjMDBmNTZmMDNjYjE1ZGE4OGZmYzQ2Nzc3MzNlNWQ0NGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUrqnE8FAdSmFenPpyBFC4JlQNfY
rTpSKnPh4VvTdXFs+YqWtpzCt/YAre1AjPCSIzQzUbJCT94N4aXRzlJTPbyQF3pJ
mCLXBcdrbKnmH3RIZJkdJSQ2rppEyAisp9qeJ/yshNRHlNU96qM3Hy1UQ2xAn6/j
XUuB4ZyhGPcReWep5Lu0lFV+yMp046TKwMD2bGIJEcrUeIPYvSq+3vKeKZi7SGEp
9BiXSogQMcGk2dnKFy9B0tAFEugNlWrec7K9tS5hYJmug6tK6/R/B784P+udHN9d
a43pr1mGxsl949uKUDpOjAQT9V8juYE2hBam2JKE+80UAQewPS/BbyuCVQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFP75nsAPVvA8sV2oj/xGd3M+XUTpMB8GA1UdIwQY
MBaAFPngCr4YSmJbdvjR+87vgXqvcUFbMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1lQUt2aGhLWWx0Mi1OSDd6dS1CZXE5eFFWcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWYvOGEzMjJmLWRjMjgtNDIyZi1iNTcw
LTU4YjY0ZDU1N2MwYy8xL192bWV3QTlXOER5eFhhaVBfRVozY3o1ZFJPay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWYvOGEzMjJmLWRjMjgtNDIyZi1iNTcwLTU4YjY0ZDU1N2Mw
Yy8xLzEtZUFLdmhoS1lsdDItTkg3enUtQmVxOXhRVnMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwOwYIKwYBBQUHAQcBAf8ELDAqMCgEAgABMCIwDAMEAFmp
BQMEAFmpBgMEAlmpCDAMAwQCXbdEAwQAXbdGMA0GCSqGSIb3DQEBCwUAA4IBAQCJ
IG7CKDCdlHeZ+M8VMdOlecGNp5GIXlGZMjnGxGVyYjbvcdQUZKl3MTfqKX0HXzL/
LvO1YHRnTTQqXYcVApNXqibnHhA7HjAbNWlqjGeKSBdvDIkZCrdWJFxJUV4o6iyW
zPY2bftFnIuaCiVsiGG+TL3SHzVGm+ajS2hFJVJwJqJNs1YmOm+etSruuXablFbG
iY9d+H8NSq7yeRUIX7pdrtHuLS0qxUbpzwublzfYS7hEwaOah0GMYQda23WwakOS
QcN1Fe0u/7uCL3JLg9he69UZlInRQfOsTORUXIsKnPNxukGMUKXXRCLrN7ma1o4Z
1yiTJUfTk9qlg71d1M9V
-----END CERTIFICATE-----
Generated at Mon Mar 2 23:03:55 2026 by rpki-client