Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/8ood-uHTXVuPr-Uhci0MBhQD_Ok.roa
File: 8ood-uHTXVuPr-Uhci0MBhQD_Ok.roa (raw, json)
Hash identifier: D9cQAbFXlUASgQDnCIvuvRErkHMl72I/fsdMBXIjpGU=
Subject key identifier: F2:8A:1D:FA:E1:D3:5D:5B:8F:AF:E5:21:72:2D:0C:06:14:03:FC:E9
Certificate issuer: /CN=295579f5b673dbe2ebba348cfb0f56124cde7048
Certificate serial: 019B7C127CF83BCF3AF34C9DD8F793048CB7
Authority key identifier: 29:55:79:F5:B6:73:DB:E2:EB:BA:34:8C:FB:0F:56:12:4C:DE:70:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KVV59bZz2-LrujSM-w9WEkzecEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/8ood-uHTXVuPr-Uhci0MBhQD_Ok.roa
Signing time: Fri 02 Jan 2026 00:19:04 +0000
ROA not before: Fri 02 Jan 2026 00:19:04 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 56647
IP address blocks: 185.94.84.0/23 maxlen: 23
185.94.86.0/24 maxlen: 24
185.168.112.0/24 maxlen: 24
185.168.113.0/24 maxlen: 24
2a04:2d00::/48 maxlen: 48
2a04:2d01::/48 maxlen: 48
2a0b:f600::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/KVV59bZz2-LrujSM-w9WEkzecEg.crl
rsync://rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/KVV59bZz2-LrujSM-w9WEkzecEg.mft
rsync://rpki.ripe.net/repository/DEFAULT/KVV59bZz2-LrujSM-w9WEkzecEg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:12:7c:f8:3b:cf:3a:f3:4c:9d:d8:f7:93:04:8c:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=295579f5b673dbe2ebba348cfb0f56124cde7048
Validity
Not Before: Jan 2 00:19:04 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f28a1dfae1d35d5b8fafe521722d0c061403fce9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:3e:14:01:cf:0a:a3:ef:ee:25:bf:21:01:5d:
c3:b6:db:01:4c:69:ba:b1:36:f7:ab:85:f5:4e:57:
d6:c3:23:07:a9:e2:4b:ec:95:48:77:d8:46:26:88:
7f:64:49:70:c2:dd:f6:2e:bc:1f:a6:83:96:ed:0f:
a4:f8:83:a1:aa:fa:cc:0d:07:af:f9:bb:d0:b7:fa:
17:95:5f:88:3a:5b:37:65:96:8a:f5:db:1d:0b:28:
49:b2:90:1c:be:c0:59:fe:40:e6:83:58:b3:df:14:
ad:9f:71:58:04:2d:85:71:3c:cd:45:a8:fc:9a:56:
2b:d3:f7:9a:7c:05:58:4c:3d:7f:e6:0c:16:33:0a:
ab:9d:d1:84:c0:a8:50:4f:92:d2:76:f4:95:91:bb:
30:0d:fc:37:ab:f3:2c:47:b3:8d:c8:cd:74:3e:39:
70:7b:77:c4:c0:45:5c:d9:31:c7:2d:a2:35:8f:82:
23:93:54:54:00:9b:37:4a:e4:24:4b:8b:32:b6:2e:
a5:a7:05:39:80:6b:f0:12:ec:9e:17:7c:98:a5:87:
ee:2e:24:6f:b7:c3:53:40:b6:66:d6:f2:d8:2d:d3:
15:3b:31:ba:ac:ac:c4:c2:d5:3f:be:1d:97:74:21:
93:da:ab:22:cf:eb:32:22:a1:cb:55:7f:68:6a:a0:
56:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:8A:1D:FA:E1:D3:5D:5B:8F:AF:E5:21:72:2D:0C:06:14:03:FC:E9
X509v3 Authority Key Identifier:
keyid:29:55:79:F5:B6:73:DB:E2:EB:BA:34:8C:FB:0F:56:12:4C:DE:70:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KVV59bZz2-LrujSM-w9WEkzecEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/8ood-uHTXVuPr-Uhci0MBhQD_Ok.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/KVV59bZz2-LrujSM-w9WEkzecEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.94.84.0-185.94.86.255
185.168.112.0/23
IPv6:
2a04:2d00::/48
2a04:2d01::/48
2a0b:f600::/48
Signature Algorithm: sha256WithRSAEncryption
87:3e:29:be:ea:39:0e:5c:b8:72:83:e2:81:00:c9:3e:aa:f2:
28:59:9b:35:67:84:0c:1a:7d:2a:66:65:c5:86:40:02:95:24:
82:11:91:2e:0c:d7:87:02:8c:38:33:ba:39:f7:43:53:cf:9a:
ea:6d:13:b3:e2:eb:86:f5:94:db:3e:5f:cf:a2:56:c6:c9:c1:
82:cb:63:c0:05:d3:79:f0:af:b1:d2:9c:e3:82:2a:8b:6e:34:
5a:ae:c9:a2:0e:96:cc:bc:d8:87:bc:f6:fb:4f:25:7d:d0:81:
c8:06:c7:f8:c3:7c:58:eb:c1:ab:f4:67:05:ef:05:87:68:af:
98:7b:7f:8f:d7:55:a0:e0:e5:92:56:c2:99:e8:c8:5a:2b:f2:
83:e9:9e:ef:96:d2:13:13:f4:96:dd:55:1a:09:96:5b:00:4a:
fd:74:75:08:a5:4d:9b:4b:cb:ac:59:55:bf:56:5c:6a:22:67:
76:6d:d6:ab:e2:40:0d:5b:1a:e6:2b:e3:6e:6a:4d:19:95:31:
c4:e5:0b:aa:3f:25:d6:98:70:d5:7b:c5:11:e7:ea:fd:31:28:
45:69:a8:03:11:e5:db:31:b9:d0:80:89:92:69:92:3d:0c:68:
4e:86:8e:38:fa:be:58:2d:ff:d1:8e:99:4a:47:09:3e:51:39:
ed:75:3d:c5
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAZt8Enz4O88680yd2PeTBIy3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NTU3OWY1YjY3M2RiZTJlYmJhMzQ4Y2ZiMGY1NjEyNGNk
ZTcwNDgwHhcNMjYwMTAyMDAxOTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjhhMWRmYWUxZDM1ZDViOGZhZmU1MjE3MjJkMGMwNjE0MDNmY2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuz4UAc8Ko+/uJb8hAV3DttsBTGm6
sTb3q4X1TlfWwyMHqeJL7JVId9hGJoh/ZElwwt32LrwfpoOW7Q+k+IOhqvrMDQev
+bvQt/oXlV+IOls3ZZaK9dsdCyhJspAcvsBZ/kDmg1iz3xStn3FYBC2FcTzNRaj8
mlYr0/eafAVYTD1/5gwWMwqrndGEwKhQT5LSdvSVkbswDfw3q/MsR7ONyM10Pjlw
e3fEwEVc2THHLaI1j4Ijk1RUAJs3SuQkS4syti6lpwU5gGvwEuyeF3yYpYfuLiRv
t8NTQLZm1vLYLdMVOzG6rKzEwtU/vh2XdCGT2qsiz+syIqHLVX9oaqBWXwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFPKKHfrh011bj6/lIXItDAYUA/zpMB8GA1UdIwQY
MBaAFClVefW2c9vi67o0jPsPVhJM3nBIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1ZWNTliWnoyLUxydWpTTS13OVdFa3plY0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS8xNTc0YzktMDFkNS00OGZkLTk4MGYt
MzQzYzRkMjRjMjNiLzEvOG9vZC11SFRYVnVQci1VaGNpME1CaFFEX09rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS8xNTc0YzktMDFkNS00OGZkLTk4MGYtMzQzYzRkMjRjMjNi
LzEvS1ZWNTliWnoyLUxydWpTTS13OVdFa3plY0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAaBAIAATAUMAwDBAK5XlQD
BAC5XlYDBAG5qHAwIQQCAAIwGwMHACoELQAAAAMHACoELQEAAAMHACoL9gAAADAN
BgkqhkiG9w0BAQsFAAOCAQEAhz4pvuo5Dly4coPigQDJPqryKFmbNWeEDBp9KmZl
xYZAApUkghGRLgzXhwKMODO6OfdDU8+a6m0Ts+LrhvWU2z5fz6JWxsnBgstjwAXT
efCvsdKc44Iqi240Wq7Jog6WzLzYh7z2+08lfdCByAbH+MN8WOvBq/RnBe8Fh2iv
mHt/j9dVoODlklbCmejIWivyg+me75bSExP0lt1VGgmWWwBK/XR1CKVNm0vLrFlV
v1ZcaiJndm3Wq+JADVsa5ivjbmpNGZUxxOULqj8l1phw1XvFEefq/TEoRWmoAxHl
2zG50ICJkmmSPQxoToaOOPq+WC3/0Y6ZSkcJPlE57XU9xQ==
-----END CERTIFICATE-----
Generated at Mon Mar 2 10:35:04 2026 by rpki-client