Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/drTfELXRJZXWeJKJ7Do04Kgfe6Q.roa
File: drTfELXRJZXWeJKJ7Do04Kgfe6Q.roa (raw, json)
Hash identifier: 0sgZcLmG/Tw2BeGi2FoOS6eP1w6dJYbZOAQ3NwCEzUU=
Subject key identifier: 76:B4:DF:10:B5:D1:25:95:D6:78:92:89:EC:3A:34:E0:A8:1F:7B:A4
Certificate issuer: /CN=b38bb62a47b1a2aedb70f32f58c979ba0c777f06
Certificate serial: 019CAE55B99566ED3E1D23921AD2760DA804
Authority key identifier: B3:8B:B6:2A:47:B1:A2:AE:DB:70:F3:2F:58:C9:79:BA:0C:77:7F:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s4u2Kkexoq7bcPMvWMl5ugx3fwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/drTfELXRJZXWeJKJ7Do04Kgfe6Q.roa
Signing time: Mon 02 Mar 2026 11:36:19 +0000
ROA not before: Mon 02 Mar 2026 11:36:19 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 34245
IP address blocks: 37.26.72.0/23 maxlen: 23
85.91.0.0/19 maxlen: 24
87.192.80.0/24 maxlen: 24
87.192.220.0/23 maxlen: 24
87.198.0.0/16 maxlen: 24
87.198.204.0/24 maxlen: 24
87.232.32.0/19 maxlen: 24
87.232.64.0/18 maxlen: 24
87.232.128.0/21 maxlen: 24
87.232.134.0/24 maxlen: 24
87.232.193.0/24 maxlen: 24
87.232.224.0/24 maxlen: 24
87.232.250.0/23 maxlen: 24
87.232.252.0/22 maxlen: 24
89.124.242.0/23 maxlen: 24
89.124.244.0/24 maxlen: 24
185.106.88.0/22 maxlen: 24
212.17.32.0/19 maxlen: 24
213.79.32.0/19 maxlen: 24
213.159.128.0/22 maxlen: 24
2a01:148::/29 maxlen: 32
2a01:148::/32 maxlen: 32
2a01:14f::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/s4u2Kkexoq7bcPMvWMl5ugx3fwY.crl
rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/s4u2Kkexoq7bcPMvWMl5ugx3fwY.mft
rsync://rpki.ripe.net/repository/DEFAULT/s4u2Kkexoq7bcPMvWMl5ugx3fwY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 11:36:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:ae:55:b9:95:66:ed:3e:1d:23:92:1a:d2:76:0d:a8:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b38bb62a47b1a2aedb70f32f58c979ba0c777f06
Validity
Not Before: Mar 2 11:36:19 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=76b4df10b5d12595d6789289ec3a34e0a81f7ba4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:f3:6b:5d:c5:63:b5:32:71:0a:88:2d:49:de:
e4:44:58:71:b2:c6:9a:ed:36:4f:5b:43:25:2b:b0:
36:45:e3:3d:ca:2e:f3:84:f6:55:f1:74:a8:de:57:
96:a5:74:19:fe:15:c3:3a:a4:01:9f:c4:b9:19:a8:
3b:e1:f7:17:94:51:1d:d9:35:a1:93:a7:96:c8:1c:
82:38:1f:9d:3c:61:65:97:ea:fc:a8:da:8f:1e:c2:
cb:c7:7d:ba:27:1c:ff:ce:93:82:fa:5b:8a:0a:f7:
21:97:11:7a:ac:a7:7d:12:7a:58:ac:d8:f7:a6:33:
c8:85:b6:12:44:6b:f0:78:21:ce:45:1d:59:c3:6d:
9e:07:98:d9:a8:71:fa:ac:af:c3:6a:9c:c5:5b:da:
d3:57:cc:0d:ec:08:f9:ae:0c:30:4b:d0:65:34:e1:
bc:d0:ab:a2:ad:d5:ec:c7:f7:49:a9:78:87:92:88:
5d:88:0a:55:68:ca:32:8e:f2:b0:a2:e1:21:6e:fe:
d0:c4:28:cf:30:a0:cb:ce:e2:e3:56:b2:d8:7b:97:
41:fd:55:dc:52:f0:23:53:be:d3:a0:dd:c8:57:55:
f9:ed:ed:f9:06:19:2e:1d:1a:94:74:48:b2:b9:f9:
c9:b2:6d:80:21:ff:1b:f3:4c:2f:f3:fc:ef:7e:75:
5a:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:B4:DF:10:B5:D1:25:95:D6:78:92:89:EC:3A:34:E0:A8:1F:7B:A4
X509v3 Authority Key Identifier:
keyid:B3:8B:B6:2A:47:B1:A2:AE:DB:70:F3:2F:58:C9:79:BA:0C:77:7F:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s4u2Kkexoq7bcPMvWMl5ugx3fwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/drTfELXRJZXWeJKJ7Do04Kgfe6Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/s4u2Kkexoq7bcPMvWMl5ugx3fwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.26.72.0/23
85.91.0.0/19
87.192.80.0/24
87.192.220.0/23
87.198.0.0/16
87.232.32.0-87.232.135.255
87.232.193.0/24
87.232.224.0/24
87.232.250.0-87.232.255.255
89.124.242.0-89.124.244.255
185.106.88.0/22
212.17.32.0/19
213.79.32.0/19
213.159.128.0/22
IPv6:
2a01:148::/29
Signature Algorithm: sha256WithRSAEncryption
0e:db:c5:c6:6d:b4:aa:30:2e:02:dc:b2:3b:4d:9d:4a:97:e2:
06:13:1e:82:9d:fd:40:e5:d6:f5:e6:77:3c:3f:43:1a:86:30:
6c:2a:3f:4a:25:59:e3:8c:71:18:9c:e4:64:fb:d9:cd:69:fd:
8a:a0:e6:69:6f:40:59:73:21:fb:6e:50:9a:fc:21:22:5a:42:
fc:77:d6:34:98:d7:71:17:32:b3:85:6a:91:22:72:71:60:c4:
57:df:5c:9c:a5:23:1e:d8:87:cd:ac:04:ce:85:c1:15:fb:3c:
29:05:c8:81:37:d4:c2:fd:c4:40:a8:6d:a0:f3:6e:3e:0f:e6:
a7:42:19:10:ed:6b:b9:38:7f:7b:6e:c3:31:c8:3e:15:a9:0e:
db:6e:81:6b:51:a3:06:22:59:3b:9e:a0:e4:ca:a1:08:64:6e:
3a:d5:96:d3:22:3d:ff:18:b4:da:8f:0a:b6:ce:86:02:09:41:
31:b6:8c:08:f2:7a:8a:9c:69:9d:14:09:dc:e9:85:7c:f7:f8:
f3:43:92:7c:a3:ec:ab:7e:2b:49:98:ae:89:24:24:4b:3f:dd:
e7:e7:28:48:08:6e:d6:f1:f6:bf:3d:74:96:15:ef:86:c4:7a:
9d:72:3f:d1:e0:ad:ea:dd:e2:3c:dc:74:50:8f:ba:44:11:8d:
4e:bd:5e:35
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZyuVbmVZu0+HSOSGtJ2DagEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOGJiNjJhNDdiMWEyYWVkYjcwZjMyZjU4Yzk3OWJhMGM3
NzdmMDYwHhcNMjYwMzAyMTEzNjE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmI0ZGYxMGI1ZDEyNTk1ZDY3ODkyODllYzNhMzRlMGE4MWY3YmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPNrXcVjtTJxCogtSd7kRFhxssaa
7TZPW0MlK7A2ReM9yi7zhPZV8XSo3leWpXQZ/hXDOqQBn8S5Gag74fcXlFEd2TWh
k6eWyByCOB+dPGFll+r8qNqPHsLLx326Jxz/zpOC+luKCvchlxF6rKd9EnpYrNj3
pjPIhbYSRGvweCHORR1Zw22eB5jZqHH6rK/DapzFW9rTV8wN7Aj5rgwwS9BlNOG8
0KuirdXsx/dJqXiHkohdiApVaMoyjvKwouEhbv7QxCjPMKDLzuLjVrLYe5dB/VXc
UvAjU77ToN3IV1X57e35BhkuHRqUdEiyufnJsm2AIf8b80wv8/zvfnVatQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFHa03xC10SWV1niSiew6NOCoH3ukMB8GA1UdIwQY
MBaAFLOLtipHsaKu23DzL1jJeboMd38GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczR1MktrZXhvcTdiY1BNdldNbDV1Z3gzZndZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZjY4MmMtMWM1Ny00Y2U1LWJiOTgt
MDYwNWMwODlmYzM4LzEvZHJUZkVMWFJKWlhXZUpLSjdEbzA0S2dmZTZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZjY4MmMtMWM1Ny00Y2U1LWJiOTgtMDYwNWMwODlmYzM4
LzEvczR1MktrZXhvcTdiY1BNdldNbDV1Z3gzZndZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGUBggrBgEFBQcBBwEB/wSBhDCBgTBwBAIAATBqAwQBJRpI
AwQFVVsAAwQAV8BQAwQBV8DcAwMAV8YwDAMEBVfoIAMEA1fogAMEAFfowQMEAFfo
4DALAwQBV+j6AwMAV+gwDAMEAVl88gMEAFl89AMEArlqWAMEBdQRIAMEBdVPIAME
AtWfgDANBAIAAjAHAwUDKgEBSDANBgkqhkiG9w0BAQsFAAOCAQEADtvFxm20qjAu
AtyyO02dSpfiBhMegp39QOXW9eZ3PD9DGoYwbCo/SiVZ44xxGJzkZPvZzWn9iqDm
aW9AWXMh+25QmvwhIlpC/HfWNJjXcRcys4VqkSJycWDEV99cnKUjHtiHzawEzoXB
Ffs8KQXIgTfUwv3EQKhtoPNuPg/mp0IZEO1ruTh/e27DMcg+FakO226Ba1GjBiJZ
O56g5MqhCGRuOtWW0yI9/xi02o8Kts6GAglBMbaMCPJ6ipxpnRQJ3OmFfPf480OS
fKPsq34rSZiuiSQkSz/d5+coSAhu1vH2vz10lhXvhsR6nXI/0eCt6t3iPNx0UI+6
RBGNTr1eNQ==
-----END CERTIFICATE-----
Generated at Mon Mar 2 18:26:13 2026 by rpki-client