Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/gF27_52ZRC4gIzvNDOB94hGXO-A.roa
File: gF27_52ZRC4gIzvNDOB94hGXO-A.roa (raw, json)
Hash identifier: BBKKaC8VekjedH3Gw1n/9HFwG8H1ZVO17yVUydTpymg=
Subject key identifier: 80:5D:BB:FF:9D:99:44:2E:20:23:3B:CD:0C:E0:7D:E2:11:97:3B:E0
Certificate issuer: /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial: 019D29C7477C523F9AACF45A516530585409
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/gF27_52ZRC4gIzvNDOB94hGXO-A.roa
Signing time: Thu 26 Mar 2026 10:53:38 +0000
ROA not before: Thu 26 Mar 2026 10:53:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 51352
IP address blocks: 85.142.151.0/24 maxlen: 24
85.142.154.0/23 maxlen: 23
85.143.88.0/21 maxlen: 21
2001:b08:100::/44 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 02:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:29:c7:47:7c:52:3f:9a:ac:f4:5a:51:65:30:58:54:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Validity
Not Before: Mar 26 10:53:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=805dbbff9d99442e20233bcd0ce07de211973be0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:4d:4a:2e:ed:9c:6c:0e:80:ec:b8:77:43:0b:
c9:6d:1f:41:ad:c1:ff:08:d4:f0:86:8d:ec:19:dc:
9f:01:19:cb:96:b8:77:bb:5c:5c:cc:8c:7b:6b:b7:
6f:7e:68:20:d1:19:25:0a:ae:ec:4f:5f:f4:61:37:
61:63:2a:6f:0c:2b:10:06:ee:35:9f:c4:c3:74:c7:
83:ab:d5:f5:b7:ce:a5:22:32:23:6f:6c:d8:c8:74:
48:68:c3:bf:5f:89:ad:2b:72:78:3b:11:1c:53:39:
2e:fd:03:78:a8:45:5c:d9:fc:8a:e0:ed:48:50:a5:
be:1c:dc:b6:af:d6:b7:e1:dc:2e:5e:ab:87:ef:3f:
95:34:6d:8b:e5:e8:30:61:e2:30:f2:cf:ae:67:95:
eb:5c:2b:c2:98:0c:50:cc:13:4c:4d:5a:b5:e8:08:
b9:f5:f6:41:13:12:ec:c0:d7:dd:2d:07:94:6e:83:
a5:88:97:37:f3:d3:e5:29:da:aa:20:08:ec:ea:1d:
37:cc:40:42:e9:7f:49:19:81:40:da:71:51:be:9b:
5e:12:65:36:4c:b2:34:e8:35:04:5e:24:f5:32:0b:
ec:05:cb:47:35:9f:85:82:cb:6c:19:ad:a9:3f:da:
68:76:ee:b7:3f:92:c6:1e:db:52:58:09:04:9a:a6:
4e:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:5D:BB:FF:9D:99:44:2E:20:23:3B:CD:0C:E0:7D:E2:11:97:3B:E0
X509v3 Authority Key Identifier:
keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/gF27_52ZRC4gIzvNDOB94hGXO-A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.142.151.0/24
85.142.154.0/23
85.143.88.0/21
IPv6:
2001:b08:100::/44
Signature Algorithm: sha256WithRSAEncryption
31:46:fd:36:25:cf:59:92:9e:cb:43:ea:b0:61:46:3e:e6:85:
e6:ce:ed:46:81:02:5e:89:94:46:a6:1e:95:ba:7b:82:f8:b7:
06:89:72:06:70:b9:f0:16:ce:56:f9:53:ef:21:c6:17:76:0c:
67:f5:55:ff:77:01:de:09:6e:b2:eb:b1:16:67:7b:7d:34:ff:
b8:5f:0e:bc:9c:53:97:89:11:be:53:a8:03:0a:26:66:4b:46:
ee:2e:42:43:12:90:e4:07:8c:a9:cc:5f:c6:0a:2e:d6:5e:aa:
c9:c7:21:b8:95:3b:48:c9:e9:0a:cc:35:d6:1a:59:c2:9e:f6:
fe:1a:94:1f:82:17:db:b7:2f:93:1b:36:11:7f:c3:62:85:b5:
2d:e1:5e:84:b3:19:ed:9a:38:84:07:8b:03:46:31:f1:19:50:
24:bd:f3:8b:ca:6f:8b:ca:a7:2d:d0:22:96:03:a0:44:66:94:
b7:b8:f0:41:60:b9:d0:fb:86:ae:3d:1a:e0:b3:2b:c3:23:83:
be:53:c4:5e:b3:37:63:2c:a0:a9:bf:c6:2a:76:07:b8:04:b5:
f1:7c:86:2b:8b:9e:88:f0:00:4d:41:48:32:30:9d:0b:e0:11:
4f:c3:9b:89:a0:30:8b:b1:f2:9e:62:b5:15:bd:87:a9:5d:55:
06:57:d1:e9
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZ0px0d8Uj+arPRaUWUwWFQJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjYwMzI2MTA1MzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDVkYmJmZjlkOTk0NDJlMjAyMzNiY2QwY2UwN2RlMjExOTczYmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtU1KLu2cbA6A7Lh3QwvJbR9BrcH/
CNTwho3sGdyfARnLlrh3u1xczIx7a7dvfmgg0RklCq7sT1/0YTdhYypvDCsQBu41
n8TDdMeDq9X1t86lIjIjb2zYyHRIaMO/X4mtK3J4OxEcUzku/QN4qEVc2fyK4O1I
UKW+HNy2r9a34dwuXquH7z+VNG2L5egwYeIw8s+uZ5XrXCvCmAxQzBNMTVq16Ai5
9fZBExLswNfdLQeUboOliJc389PlKdqqIAjs6h03zEBC6X9JGYFA2nFRvpteEmU2
TLI06DUEXiT1MgvsBctHNZ+FgstsGa2pP9podu63P5LGHttSWAkEmqZOqQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFIBdu/+dmUQuICM7zQzgfeIRlzvgMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvZ0YyN181MlpSQzRnSXp2TkRPQjk0aEdYTy1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQAVY6XAwQB
VY6aAwQDVY9YMA8EAgACMAkDBwQgAQsIAQAwDQYJKoZIhvcNAQELBQADggEBADFG
/TYlz1mSnstD6rBhRj7mhebO7UaBAl6JlEamHpW6e4L4twaJcgZwufAWzlb5U+8h
xhd2DGf1Vf93Ad4JbrLrsRZne300/7hfDrycU5eJEb5TqAMKJmZLRu4uQkMSkOQH
jKnMX8YKLtZeqsnHIbiVO0jJ6QrMNdYaWcKe9v4alB+CF9u3L5MbNhF/w2KFtS3h
XoSzGe2aOIQHiwNGMfEZUCS984vKb4vKpy3QIpYDoERmlLe48EFgudD7hq49GuCz
K8Mjg75TxF6zN2MsoKm/xip2B7gEtfF8hiuLnojwAE1BSDIwnQvgEU/Dm4mgMIux
8p5itRW9h6ldVQZX0ek=
-----END CERTIFICATE-----
Generated at Sun Apr 19 11:33:24 2026 by rpki-client