Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/KrmXZwgnRGscsMKWljFzfxtl-Ek.roa
File: KrmXZwgnRGscsMKWljFzfxtl-Ek.roa (raw, json)
Hash identifier: utiJtPDDzFaZJqFyW9ZtBGm1lsfZTK1n3A1a/gw9OmA=
Subject key identifier: 2A:B9:97:67:08:27:44:6B:1C:B0:C2:96:96:31:73:7F:1B:65:F8:49
Certificate issuer: /CN=6e6d7bcabfcc308d420053c482a0d59fb1282e30
Certificate serial: 019D43A320F43968DA39E23874705E5CF4C6
Authority key identifier: 6E:6D:7B:CA:BF:CC:30:8D:42:00:53:C4:82:A0:D5:9F:B1:28:2E:30
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bm17yr_MMI1CAFPEgqDVn7EoLjA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/KrmXZwgnRGscsMKWljFzfxtl-Ek.roa
Signing time: Tue 31 Mar 2026 11:24:17 +0000
ROA not before: Tue 31 Mar 2026 11:24:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 201017
IP address blocks: 145.219.6.0/24 maxlen: 24
145.219.8.0/24 maxlen: 24
145.219.9.0/24 maxlen: 24
145.219.10.0/24 maxlen: 24
145.219.11.0/24 maxlen: 24
145.219.12.0/24 maxlen: 24
145.219.13.0/24 maxlen: 24
145.219.14.0/24 maxlen: 24
145.219.15.0/24 maxlen: 24
145.219.16.0/24 maxlen: 24
145.219.17.0/24 maxlen: 24
2a04:b0c0::/44 maxlen: 44
2a04:b0c0:31::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/bm17yr_MMI1CAFPEgqDVn7EoLjA.crl
rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/bm17yr_MMI1CAFPEgqDVn7EoLjA.mft
rsync://rpki.ripe.net/repository/DEFAULT/bm17yr_MMI1CAFPEgqDVn7EoLjA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:43:a3:20:f4:39:68:da:39:e2:38:74:70:5e:5c:f4:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6e6d7bcabfcc308d420053c482a0d59fb1282e30
Validity
Not Before: Mar 31 11:24:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2ab997670827446b1cb0c2969631737f1b65f849
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:1b:32:74:52:59:b9:e7:f5:f4:55:2f:88:0a:
01:96:f7:72:15:72:54:58:54:5e:70:55:ad:71:01:
5c:e5:b9:ac:75:6c:a0:0c:86:7d:83:39:ad:bf:4c:
6f:c4:42:e5:ba:40:09:a4:29:23:36:71:2d:b7:e9:
71:59:68:4d:16:b9:af:bf:46:12:70:14:2b:21:40:
c9:a5:ba:95:df:e9:34:e1:c1:2b:8c:30:3a:ce:b7:
6c:f5:0b:22:37:cf:75:e2:42:83:6e:00:c4:8d:51:
37:3c:2c:24:e5:f4:70:e1:98:12:55:ae:ca:86:6b:
f9:11:1e:43:11:05:cd:5c:26:21:94:d7:99:eb:9b:
ac:d5:f1:d4:20:48:5d:07:25:6a:55:d8:f4:63:eb:
b8:0e:b3:f3:e1:bb:0d:d1:b9:24:f7:bc:53:ca:13:
11:22:78:69:bb:29:99:6e:47:86:aa:2a:15:38:a8:
fe:29:9e:70:45:a0:80:2c:61:5b:45:92:9a:65:7e:
a9:99:e2:fc:89:7f:c3:ed:34:bc:c7:a4:49:bd:5d:
b9:1a:af:19:dc:56:b6:58:3c:c0:72:10:49:48:f8:
66:97:a5:4b:85:7e:d5:f4:ab:26:32:7e:a4:d4:77:
20:9f:af:71:00:83:be:e3:cc:e9:10:45:8c:91:3b:
26:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:B9:97:67:08:27:44:6B:1C:B0:C2:96:96:31:73:7F:1B:65:F8:49
X509v3 Authority Key Identifier:
keyid:6E:6D:7B:CA:BF:CC:30:8D:42:00:53:C4:82:A0:D5:9F:B1:28:2E:30
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bm17yr_MMI1CAFPEgqDVn7EoLjA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/KrmXZwgnRGscsMKWljFzfxtl-Ek.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/bm17yr_MMI1CAFPEgqDVn7EoLjA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
145.219.6.0/24
145.219.8.0-145.219.17.255
IPv6:
2a04:b0c0::/44
2a04:b0c0:31::/48
Signature Algorithm: sha256WithRSAEncryption
64:87:10:15:57:2a:64:64:39:1d:8a:3c:f3:27:38:14:58:3b:
f2:44:59:1e:86:c9:6b:60:f9:1b:30:b9:93:bc:c1:5a:11:06:
23:19:5c:87:a4:e8:65:37:1b:15:26:d2:71:51:49:0c:5e:46:
c8:4a:88:d1:11:97:0c:0b:05:13:9d:c5:75:24:ca:24:ac:3f:
07:48:f8:b4:ad:f2:b0:73:ec:40:20:9b:37:fb:28:f1:08:4f:
9c:03:c9:50:07:db:cd:a2:f5:21:17:7d:79:e3:80:fe:27:4d:
3c:b0:f7:63:2f:58:cd:96:e8:af:47:50:01:56:fe:ec:03:10:
43:61:5b:db:63:e7:4b:b9:14:fe:5f:26:7b:f3:86:64:33:2e:
d6:e8:e2:13:8f:16:f9:3a:24:ca:c0:52:05:b3:3a:12:45:6d:
25:8c:61:20:b3:27:0a:06:a9:65:02:4b:99:3e:80:2c:8e:bc:
6f:05:22:41:95:09:11:df:19:ac:fa:1a:69:f8:0d:a1:9a:ef:
fc:b3:20:2e:74:ab:04:3e:49:49:96:97:c0:b1:30:e2:e8:f1:
8a:85:08:19:cf:14:aa:2f:39:c9:68:5d:9d:82:6c:0c:b1:0c:
03:b6:62:19:20:3f:e5:1b:a9:1c:ab:82:c9:8e:54:2c:bf:c7:
15:78:d2:29
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZ1DoyD0OWjaOeI4dHBeXPTGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNmQ3YmNhYmZjYzMwOGQ0MjAwNTNjNDgyYTBkNTlmYjEy
ODJlMzAwHhcNMjYwMzMxMTEyNDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWI5OTc2NzA4Mjc0NDZiMWNiMGMyOTY5NjMxNzM3ZjFiNjVmODQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7xsydFJZuef19FUviAoBlvdyFXJU
WFRecFWtcQFc5bmsdWygDIZ9gzmtv0xvxELlukAJpCkjNnEtt+lxWWhNFrmvv0YS
cBQrIUDJpbqV3+k04cErjDA6zrds9QsiN8914kKDbgDEjVE3PCwk5fRw4ZgSVa7K
hmv5ER5DEQXNXCYhlNeZ65us1fHUIEhdByVqVdj0Y+u4DrPz4bsN0bkk97xTyhMR
InhpuymZbkeGqioVOKj+KZ5wRaCALGFbRZKaZX6pmeL8iX/D7TS8x6RJvV25Gq8Z
3Fa2WDzAchBJSPhml6VLhX7V9KsmMn6k1Hcgn69xAIO+48zpEEWMkTsmCwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFCq5l2cIJ0RrHLDClpYxc38bZfhJMB8GA1UdIwQY
MBaAFG5te8q/zDCNQgBTxIKg1Z+xKC4wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm0xN3lyX01NSTFDQUZQRWdxRFZuN0VvTGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy80NWM2ODktYWZhYS00ZGEzLWE5NDIt
OTMxOTRlYjYxMDhkLzEvS3JtWFp3Z25SR3Njc01LV2xqRnpmeHRsLUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy80NWM2ODktYWZhYS00ZGEzLWE5NDItOTMxOTRlYjYxMDhk
LzEvYm0xN3lyX01NSTFDQUZQRWdxRFZuN0VvTGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAaBAIAATAUAwQAkdsGMAwD
BAOR2wgDBAGR2xAwGAQCAAIwEgMHBCoEsMAAAAMHACoEsMAAMTANBgkqhkiG9w0B
AQsFAAOCAQEAZIcQFVcqZGQ5HYo88yc4FFg78kRZHobJa2D5GzC5k7zBWhEGIxlc
h6ToZTcbFSbScVFJDF5GyEqI0RGXDAsFE53FdSTKJKw/B0j4tK3ysHPsQCCbN/so
8QhPnAPJUAfbzaL1IRd9eeOA/idNPLD3Yy9YzZbor0dQAVb+7AMQQ2Fb22PnS7kU
/l8me/OGZDMu1ujiE48W+TokysBSBbM6EkVtJYxhILMnCgapZQJLmT6ALI68bwUi
QZUJEd8ZrPoaafgNoZrv/LMgLnSrBD5JSZaXwLEw4ujxioUIGc8Uqi85yWhdnYJs
DLEMA7ZiGSA/5RupHKuCyY5ULL/HFXjSKQ==
-----END CERTIFICATE-----
Generated at Fri Apr 17 01:18:41 2026 by rpki-client