Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/a9d9da-f8a5-47ba-b66a-bd0b5774f637/1/K7imHnGp5a0GZEXjdJA9ycC0yM0.roa
File: K7imHnGp5a0GZEXjdJA9ycC0yM0.roa (raw, json)
Hash identifier: WpPn3I2nrpKd+2H696eaEy1UwnJ6zYF2icMGlpKEWrE=
Subject key identifier: 2B:B8:A6:1E:71:A9:E5:AD:06:64:45:E3:74:90:3D:C9:C0:B4:C8:CD
Certificate issuer: /CN=8d30810e2dc271a6a0f07b8e209e2dc223637839
Certificate serial: 019B7A5B7006449AF7F1A9116189889FEE30
Authority key identifier: 8D:30:81:0E:2D:C2:71:A6:A0:F0:7B:8E:20:9E:2D:C2:23:63:78:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jTCBDi3Ccaag8HuOIJ4twiNjeDk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/a9d9da-f8a5-47ba-b66a-bd0b5774f637/1/K7imHnGp5a0GZEXjdJA9ycC0yM0.roa
Signing time: Thu 01 Jan 2026 16:19:31 +0000
ROA not before: Thu 01 Jan 2026 16:19:31 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 203726
IP address blocks: 45.84.168.0/23 maxlen: 23
45.84.170.0/24 maxlen: 24
45.84.171.0/24 maxlen: 24
185.124.180.0/22 maxlen: 24
2a06:c880::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/af/a9d9da-f8a5-47ba-b66a-bd0b5774f637/1/jTCBDi3Ccaag8HuOIJ4twiNjeDk.crl
rsync://rpki.ripe.net/repository/DEFAULT/af/a9d9da-f8a5-47ba-b66a-bd0b5774f637/1/jTCBDi3Ccaag8HuOIJ4twiNjeDk.mft
rsync://rpki.ripe.net/repository/DEFAULT/jTCBDi3Ccaag8HuOIJ4twiNjeDk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7a:5b:70:06:44:9a:f7:f1:a9:11:61:89:88:9f:ee:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d30810e2dc271a6a0f07b8e209e2dc223637839
Validity
Not Before: Jan 1 16:19:31 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2bb8a61e71a9e5ad066445e374903dc9c0b4c8cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:df:ff:63:ba:cd:64:db:f4:33:29:9a:6b:10:
aa:ae:a2:13:0b:c2:39:e9:2b:d7:a0:a8:b2:cd:63:
7b:71:db:cf:df:ba:65:48:37:85:89:30:91:da:7c:
91:07:d1:02:a8:b2:55:57:ff:7b:75:d7:0d:49:80:
6c:4d:03:7a:a5:8f:fc:a5:11:b6:d1:c5:70:29:88:
6e:70:37:60:0d:8f:6f:78:d4:27:77:51:09:32:e4:
8c:89:cb:7b:ca:6b:68:7e:0e:16:c3:59:1b:19:ce:
44:e1:b3:5b:77:b2:27:f7:09:f8:c7:53:34:9a:5e:
bc:99:af:91:22:38:8f:9e:0f:a1:30:5a:38:e1:38:
38:68:6c:93:ed:7e:c8:30:30:1b:08:57:fa:e5:87:
de:53:ae:be:f3:f4:ad:31:41:fe:63:e7:5a:41:53:
41:42:b3:3a:71:63:fd:96:45:63:31:10:48:92:bb:
58:4e:99:51:41:a6:81:3d:cd:e2:7f:4d:94:47:c0:
1a:97:2e:50:23:9e:89:5b:eb:b2:b9:d7:77:67:34:
28:32:90:64:2d:77:a0:42:bb:62:61:85:bb:b4:e4:
3e:02:08:c4:52:4f:47:47:68:e5:ff:26:44:95:66:
e1:1d:40:a5:f9:c0:1e:65:2e:55:0c:d4:f1:bf:ff:
06:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:B8:A6:1E:71:A9:E5:AD:06:64:45:E3:74:90:3D:C9:C0:B4:C8:CD
X509v3 Authority Key Identifier:
keyid:8D:30:81:0E:2D:C2:71:A6:A0:F0:7B:8E:20:9E:2D:C2:23:63:78:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jTCBDi3Ccaag8HuOIJ4twiNjeDk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/a9d9da-f8a5-47ba-b66a-bd0b5774f637/1/K7imHnGp5a0GZEXjdJA9ycC0yM0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/a9d9da-f8a5-47ba-b66a-bd0b5774f637/1/jTCBDi3Ccaag8HuOIJ4twiNjeDk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.168.0/22
185.124.180.0/22
IPv6:
2a06:c880::/29
Signature Algorithm: sha256WithRSAEncryption
aa:41:f3:13:77:49:01:4c:c7:d2:0c:76:7f:67:aa:70:3c:eb:
de:b8:be:7e:b8:d6:d5:78:04:d9:18:b3:0d:87:b1:e0:32:fa:
af:86:b3:2d:00:f7:4d:b0:af:b0:ed:c6:0d:e0:aa:1b:a4:82:
52:36:67:c4:a6:34:6a:4a:7e:79:4a:90:f1:ee:ff:15:05:fd:
68:43:17:9a:a6:72:bf:1f:2e:4f:1b:c5:23:9b:a9:1d:49:e6:
b3:f0:5f:dd:21:92:46:c4:2b:cf:20:8a:1d:e2:4d:88:c1:2e:
46:3e:d2:4d:af:a7:6c:c6:88:6a:c1:33:f6:af:d4:35:86:91:
50:7e:f5:fe:0a:83:b3:27:89:d3:7a:a4:a0:c9:ad:04:c7:ee:
36:4c:b3:18:42:04:0a:96:ea:ad:37:32:cf:e4:54:84:cc:c2:
75:84:cb:dd:3d:e2:3f:1a:11:88:8a:88:c6:e8:4f:a3:5f:d6:
d8:cc:96:bb:03:86:61:e1:86:aa:ec:8d:3a:88:a0:cd:59:4c:
bf:78:3b:a1:da:7e:67:00:31:03:be:9d:9a:22:d2:27:5c:b5:
bf:7e:60:10:b5:a8:ea:15:96:8f:ff:83:7d:98:91:d7:f0:37:
94:8c:82:df:d4:1e:da:cb:5a:fb:14:1e:d6:94:50:2c:3a:d2:
ab:0e:ef:c1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt6W3AGRJr38akRYYmIn+4wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMzA4MTBlMmRjMjcxYTZhMGYwN2I4ZTIwOWUyZGMyMjM2
Mzc4MzkwHhcNMjYwMTAxMTYxOTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmI4YTYxZTcxYTllNWFkMDY2NDQ1ZTM3NDkwM2RjOWMwYjRjOGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9//Y7rNZNv0MymaaxCqrqITC8I5
6SvXoKiyzWN7cdvP37plSDeFiTCR2nyRB9ECqLJVV/97ddcNSYBsTQN6pY/8pRG2
0cVwKYhucDdgDY9veNQnd1EJMuSMict7ymtofg4Ww1kbGc5E4bNbd7In9wn4x1M0
ml68ma+RIjiPng+hMFo44Tg4aGyT7X7IMDAbCFf65YfeU66+8/StMUH+Y+daQVNB
QrM6cWP9lkVjMRBIkrtYTplRQaaBPc3if02UR8Aaly5QI56JW+uyudd3ZzQoMpBk
LXegQrtiYYW7tOQ+AgjEUk9HR2jl/yZElWbhHUCl+cAeZS5VDNTxv/8GAQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCu4ph5xqeWtBmRF43SQPcnAtMjNMB8GA1UdIwQY
MBaAFI0wgQ4twnGmoPB7jiCeLcIjY3g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalRDQkRpM0NjYWFnOEh1T0lKNHR3aU5qZURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9hOWQ5ZGEtZjhhNS00N2JhLWI2NmEt
YmQwYjU3NzRmNjM3LzEvSzdpbUhuR3A1YTBHWkVYamRKQTl5Y0MweU0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9hOWQ5ZGEtZjhhNS00N2JhLWI2NmEtYmQwYjU3NzRmNjM3
LzEvalRDQkRpM0NjYWFnOEh1T0lKNHR3aU5qZURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLVSoAwQC
uXy0MA0EAgACMAcDBQMqBsiAMA0GCSqGSIb3DQEBCwUAA4IBAQCqQfMTd0kBTMfS
DHZ/Z6pwPOveuL5+uNbVeATZGLMNh7HgMvqvhrMtAPdNsK+w7cYN4KobpIJSNmfE
pjRqSn55SpDx7v8VBf1oQxeapnK/Hy5PG8Ujm6kdSeaz8F/dIZJGxCvPIIod4k2I
wS5GPtJNr6dsxohqwTP2r9Q1hpFQfvX+CoOzJ4nTeqSgya0Ex+42TLMYQgQKluqt
NzLP5FSEzMJ1hMvdPeI/GhGIiojG6E+jX9bYzJa7A4Zh4Yaq7I06iKDNWUy/eDuh
2n5nADEDvp2aItInXLW/fmAQtajqFZaP/4N9mJHX8DeUjILf1B7ay1r7FB7WlFAs
OtKrDu/B
-----END CERTIFICATE-----
Generated at Mon Mar 2 04:47:29 2026 by rpki-client