Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/0680ae-22f9-43be-90a8-77eeeaf71d08/1/fk0rJpICkt4HosKM9biS-s54R4k.roa
File: fk0rJpICkt4HosKM9biS-s54R4k.roa (raw, json)
Hash identifier: jEMhMu5Y75M093gIaOZAU+jMxmAtEVqkpOFyEZZLGCk=
Subject key identifier: 7E:4D:2B:26:92:02:92:DE:07:A2:C2:8C:F5:B8:92:FA:CE:78:47:89
Certificate issuer: /CN=08fcaaf8d17dd1a65795f714b267f1bce21938b9
Certificate serial: 019B7F15630B5C1C9281DAAD7DB5856B74B3
Authority key identifier: 08:FC:AA:F8:D1:7D:D1:A6:57:95:F7:14:B2:67:F1:BC:E2:19:38:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CPyq-NF90aZXlfcUsmfxvOIZOLk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/0680ae-22f9-43be-90a8-77eeeaf71d08/1/fk0rJpICkt4HosKM9biS-s54R4k.roa
Signing time: Fri 02 Jan 2026 14:21:06 +0000
ROA not before: Fri 02 Jan 2026 14:21:06 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 205929
IP address blocks: 185.221.61.0/24 maxlen: 24
2a06:89c3:5010::/48 maxlen: 48
2a06:89c4:a000::/48 maxlen: 48
2a06:89c4:c000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ac/0680ae-22f9-43be-90a8-77eeeaf71d08/1/CPyq-NF90aZXlfcUsmfxvOIZOLk.crl
rsync://rpki.ripe.net/repository/DEFAULT/ac/0680ae-22f9-43be-90a8-77eeeaf71d08/1/CPyq-NF90aZXlfcUsmfxvOIZOLk.mft
rsync://rpki.ripe.net/repository/DEFAULT/CPyq-NF90aZXlfcUsmfxvOIZOLk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 06:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7f:15:63:0b:5c:1c:92:81:da:ad:7d:b5:85:6b:74:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=08fcaaf8d17dd1a65795f714b267f1bce21938b9
Validity
Not Before: Jan 2 14:21:06 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=7e4d2b26920292de07a2c28cf5b892face784789
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:ee:ae:49:d5:4f:58:c4:81:60:76:6f:5b:fe:
76:08:3e:1a:d7:94:c9:76:23:62:bb:f3:e5:35:dd:
25:68:e5:f2:e3:b2:db:24:1f:a6:0b:45:a8:4f:0d:
47:92:b2:3e:86:dc:f0:53:6d:88:d7:a5:64:eb:6c:
cd:b0:6f:6c:08:cc:91:c3:25:d8:7e:0e:47:1e:63:
b4:42:6a:3a:3b:b6:ff:a1:dd:32:e0:f1:6a:27:df:
18:00:43:a9:bc:a9:e3:4c:b2:12:55:b1:28:fd:3b:
6f:bc:86:67:0a:a3:cd:f2:67:b7:1b:fd:fe:75:ed:
47:c4:86:d8:24:f1:88:47:85:d1:45:9b:f5:62:1a:
01:1f:15:71:91:2a:eb:d1:0f:93:0d:b8:22:15:ae:
ae:34:f0:94:75:aa:89:1b:24:16:db:18:bd:68:7c:
7e:0d:69:bf:61:d6:3c:50:03:24:ed:a0:06:e7:60:
ce:7c:94:3b:e3:26:ec:d5:5b:1e:c4:50:23:33:4a:
30:13:5c:92:6f:6b:6f:f4:9d:f7:90:95:7a:04:f0:
a0:ca:e2:8e:03:44:44:2f:22:82:aa:94:8e:db:90:
30:61:31:28:27:0c:40:34:6e:44:12:c9:fe:97:33:
c3:9b:69:6a:7c:ff:e0:c5:5e:1f:6e:68:51:65:34:
16:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:4D:2B:26:92:02:92:DE:07:A2:C2:8C:F5:B8:92:FA:CE:78:47:89
X509v3 Authority Key Identifier:
keyid:08:FC:AA:F8:D1:7D:D1:A6:57:95:F7:14:B2:67:F1:BC:E2:19:38:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPyq-NF90aZXlfcUsmfxvOIZOLk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/0680ae-22f9-43be-90a8-77eeeaf71d08/1/fk0rJpICkt4HosKM9biS-s54R4k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/0680ae-22f9-43be-90a8-77eeeaf71d08/1/CPyq-NF90aZXlfcUsmfxvOIZOLk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.221.61.0/24
IPv6:
2a06:89c3:5010::/48
2a06:89c4:a000::/48
2a06:89c4:c000::/36
Signature Algorithm: sha256WithRSAEncryption
2e:fb:2d:f5:c9:3a:94:92:de:c0:d0:55:64:1e:5a:5e:30:29:
4e:91:4b:f8:21:25:07:ee:8f:38:6f:4b:ca:64:fd:92:e1:db:
89:b8:f4:06:75:44:d1:ff:9d:c2:f9:f8:e4:51:66:68:d5:85:
c6:6b:0e:8f:10:b3:4b:0e:b2:84:96:1c:01:cf:5a:1d:35:24:
88:67:7a:4a:8a:71:e3:a1:bf:4d:26:83:f9:f1:5b:ce:00:30:
31:75:29:83:2f:f5:9a:54:2d:c6:6c:33:8b:c6:28:2c:cc:85:
36:50:30:f6:e7:c3:19:a5:ff:37:66:6b:a8:44:2b:f2:a0:16:
f8:6e:32:c8:1f:4c:61:d4:dc:8f:f5:87:ac:fe:8a:3d:ee:b4:
65:3e:74:93:8f:7d:ae:d5:91:d1:33:67:6e:70:a7:6e:3b:89:
f1:7c:16:1d:43:f6:80:7b:96:02:3e:e0:72:7a:10:f2:e8:e4:
d1:d9:cd:e0:c6:c1:11:d7:15:87:52:34:2f:ab:e7:57:7d:04:
86:cc:8c:c5:52:ae:94:19:86:46:ba:4a:43:2c:d0:40:7a:0d:
8c:32:fd:c2:dd:80:fa:7a:08:41:9c:3f:f0:dd:86:28:30:7f:
5d:83:21:81:c1:cf:cc:41:18:22:67:73:0a:48:37:b1:ce:f0:
4d:e7:dd:77
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZt/FWMLXBySgdqtfbWFa3SzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZmNhYWY4ZDE3ZGQxYTY1Nzk1ZjcxNGIyNjdmMWJjZTIx
OTM4YjkwHhcNMjYwMTAyMTQyMTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTRkMmIyNjkyMDI5MmRlMDdhMmMyOGNmNWI4OTJmYWNlNzg0Nzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+6uSdVPWMSBYHZvW/52CD4a15TJ
diNiu/PlNd0laOXy47LbJB+mC0WoTw1HkrI+htzwU22I16Vk62zNsG9sCMyRwyXY
fg5HHmO0Qmo6O7b/od0y4PFqJ98YAEOpvKnjTLISVbEo/TtvvIZnCqPN8me3G/3+
de1HxIbYJPGIR4XRRZv1YhoBHxVxkSrr0Q+TDbgiFa6uNPCUdaqJGyQW2xi9aHx+
DWm/YdY8UAMk7aAG52DOfJQ74ybs1VsexFAjM0owE1ySb2tv9J33kJV6BPCgyuKO
A0RELyKCqpSO25AwYTEoJwxANG5EEsn+lzPDm2lqfP/gxV4fbmhRZTQW6wIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFH5NKyaSApLeB6LCjPW4kvrOeEeJMB8GA1UdIwQY
MBaAFAj8qvjRfdGmV5X3FLJn8bziGTi5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1B5cS1ORjkwYVpYbGZjVXNtZnh2T0laT0xrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8wNjgwYWUtMjJmOS00M2JlLTkwYTgt
NzdlZWVhZjcxZDA4LzEvZmswckpwSUNrdDRIb3NLTTliaVMtczU0UjRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8wNjgwYWUtMjJmOS00M2JlLTkwYTgtNzdlZWVhZjcxZDA4
LzEvQ1B5cS1ORjkwYVpYbGZjVXNtZnh2T0laT0xrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAMBAIAATAGAwQAud09MCAE
AgACMBoDBwAqBonDUBADBwAqBonEoAADBgQqBonEwDANBgkqhkiG9w0BAQsFAAOC
AQEALvst9ck6lJLewNBVZB5aXjApTpFL+CElB+6POG9LymT9kuHbibj0BnVE0f+d
wvn45FFmaNWFxmsOjxCzSw6yhJYcAc9aHTUkiGd6Sopx46G/TSaD+fFbzgAwMXUp
gy/1mlQtxmwzi8YoLMyFNlAw9ufDGaX/N2ZrqEQr8qAW+G4yyB9MYdTcj/WHrP6K
Pe60ZT50k499rtWR0TNnbnCnbjuJ8XwWHUP2gHuWAj7gcnoQ8ujk0dnN4MbBEdcV
h1I0L6vnV30EhsyMxVKulBmGRrpKQyzQQHoNjDL9wt2A+noIQZw/8N2GKDB/XYMh
gcHPzEEYImdzCkg3sc7wTefddw==
-----END CERTIFICATE-----
Generated at Sun Mar 1 14:53:57 2026 by rpki-client