Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/KpNNrs7-74JuAx07tH3Ntml_vj8.roa
File: KpNNrs7-74JuAx07tH3Ntml_vj8.roa (raw, json)
Hash identifier: iDfnHxKAzmOYLOtglm6RsnOhV84NnDbI1O2L4oOFWp8=
Subject key identifier: 2A:93:4D:AE:CE:FE:EF:82:6E:03:1D:3B:B4:7D:CD:B6:69:7F:BE:3F
Certificate issuer: /CN=5c1dd6ec4a2e1f376c855c58312195a005cdb850
Certificate serial: 019C952E050D05853BD10A2F83D9F3DBD496
Authority key identifier: 5C:1D:D6:EC:4A:2E:1F:37:6C:85:5C:58:31:21:95:A0:05:CD:B8:50
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XB3W7EouHzdshVxYMSGVoAXNuFA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/KpNNrs7-74JuAx07tH3Ntml_vj8.roa
Signing time: Wed 25 Feb 2026 14:22:26 +0000
ROA not before: Wed 25 Feb 2026 14:22:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43709
IP address blocks: 78.157.160.0/19 maxlen: 19
78.157.160.0/20 maxlen: 20
78.157.160.0/21 maxlen: 21
78.157.168.0/21 maxlen: 21
78.157.176.0/20 maxlen: 20
78.157.176.0/21 maxlen: 21
78.157.184.0/21 maxlen: 21
2a02:d8a0::/32 maxlen: 32
2a02:d8a0::/33 maxlen: 33
2a02:d8a0::/34 maxlen: 34
2a02:d8a0:4000::/34 maxlen: 34
2a02:d8a0:8000::/33 maxlen: 33
2a02:d8a0:8000::/34 maxlen: 34
2a02:d8a0:c000::/34 maxlen: 34
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/XB3W7EouHzdshVxYMSGVoAXNuFA.crl
rsync://rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/XB3W7EouHzdshVxYMSGVoAXNuFA.mft
rsync://rpki.ripe.net/repository/DEFAULT/XB3W7EouHzdshVxYMSGVoAXNuFA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 02:00:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:95:2e:05:0d:05:85:3b:d1:0a:2f:83:d9:f3:db:d4:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5c1dd6ec4a2e1f376c855c58312195a005cdb850
Validity
Not Before: Feb 25 14:22:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2a934daecefeef826e031d3bb47dcdb6697fbe3f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:2e:72:a3:73:7c:d5:8a:73:14:ed:8f:c8:94:
13:42:78:e4:ca:5f:68:59:fb:a4:2e:b0:2c:75:d3:
22:6f:ed:e2:10:78:ba:02:2f:4c:14:cd:db:a4:69:
80:98:51:75:54:a8:e9:94:ae:1d:aa:3c:2f:1d:19:
02:14:f1:93:d9:18:6f:3b:f9:7e:3b:ce:b9:f9:9c:
c5:ff:cf:87:2e:ca:2d:b9:c5:00:72:34:27:21:ec:
f9:8b:be:a6:7c:71:54:52:32:e8:6e:76:04:ea:52:
eb:3b:40:ce:cb:1f:64:a8:7c:9b:1f:f3:4d:03:35:
6d:de:76:1a:08:38:63:72:f7:29:4a:bb:19:3b:27:
25:b1:67:71:4f:41:6c:4e:2a:39:7e:f5:4a:2c:9c:
4b:59:ad:81:3e:be:6f:4b:98:9c:59:6e:46:01:af:
55:10:40:e9:d5:c5:f6:8e:3a:14:36:65:2e:0a:a1:
96:8a:a4:84:d2:c1:99:de:8c:33:56:4d:f0:3d:82:
73:b9:93:52:c7:f4:5a:10:cc:be:bf:17:4d:2c:ac:
1e:8b:1f:9e:48:d9:81:62:38:e3:7a:ff:3a:71:82:
e2:82:0b:3a:ba:7d:9e:06:da:55:b9:f0:06:80:cc:
59:03:42:39:a7:b1:f5:dd:0e:92:f2:a0:65:fe:01:
c1:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:93:4D:AE:CE:FE:EF:82:6E:03:1D:3B:B4:7D:CD:B6:69:7F:BE:3F
X509v3 Authority Key Identifier:
keyid:5C:1D:D6:EC:4A:2E:1F:37:6C:85:5C:58:31:21:95:A0:05:CD:B8:50
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XB3W7EouHzdshVxYMSGVoAXNuFA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/KpNNrs7-74JuAx07tH3Ntml_vj8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/XB3W7EouHzdshVxYMSGVoAXNuFA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.157.160.0/19
IPv6:
2a02:d8a0::/32
Signature Algorithm: sha256WithRSAEncryption
83:e7:20:1f:c7:92:bf:7f:75:bc:b1:f5:f0:84:dc:85:04:3e:
da:f0:ac:1e:a4:a7:a2:4d:1c:83:33:c4:88:ff:0d:9b:c2:a2:
a7:94:5c:b5:c0:e1:49:41:23:c0:05:5b:7a:d6:38:ec:77:a8:
ea:21:15:88:72:f0:61:72:15:f1:93:7e:58:cf:96:d3:a1:e7:
b8:e4:db:79:d8:ea:88:b7:5f:cd:84:c6:e5:11:02:a0:bd:ae:
f2:3a:ef:76:b8:df:64:6e:15:74:de:3f:0a:70:36:5e:54:de:
22:74:22:59:81:70:db:6f:17:28:98:13:22:b5:b7:1f:1c:47:
45:a4:01:7f:a4:0a:60:a8:92:14:76:75:3d:30:71:83:34:37:
49:0a:30:0b:50:ac:ec:6c:2b:75:23:e7:63:74:83:8f:b7:87:
40:6a:f4:02:9b:c9:28:c6:0d:ab:0e:1c:00:10:e2:6c:50:55:
b5:fd:ec:9c:a5:2a:2f:ba:1f:18:1f:23:08:8f:27:6b:9f:82:
f1:5c:47:07:d0:c0:c3:a2:1a:09:8f:6b:ac:d0:23:c6:74:6a:
b2:5c:f7:57:c0:0a:c4:ed:a9:c0:3d:65:5a:16:9c:45:57:3d:
44:6d:d5:b8:91:cc:3e:42:6f:a5:90:0f:52:f4:65:fd:fc:62:
86:e8:e1:41
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZyVLgUNBYU70Qovg9nz29SWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjMWRkNmVjNGEyZTFmMzc2Yzg1NWM1ODMxMjE5NWEwMDVj
ZGI4NTAwHhcNMjYwMjI1MTQyMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTkzNGRhZWNlZmVlZjgyNmUwMzFkM2JiNDdkY2RiNjY5N2ZiZTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzC5yo3N81YpzFO2PyJQTQnjkyl9o
WfukLrAsddMib+3iEHi6Ai9MFM3bpGmAmFF1VKjplK4dqjwvHRkCFPGT2RhvO/l+
O865+ZzF/8+HLsotucUAcjQnIez5i76mfHFUUjLobnYE6lLrO0DOyx9kqHybH/NN
AzVt3nYaCDhjcvcpSrsZOyclsWdxT0FsTio5fvVKLJxLWa2BPr5vS5icWW5GAa9V
EEDp1cX2jjoUNmUuCqGWiqSE0sGZ3owzVk3wPYJzuZNSx/RaEMy+vxdNLKweix+e
SNmBYjjjev86cYLiggs6un2eBtpVufAGgMxZA0I5p7H13Q6S8qBl/gHBbwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCqTTa7O/u+CbgMdO7R9zbZpf74/MB8GA1UdIwQY
MBaAFFwd1uxKLh83bIVcWDEhlaAFzbhQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEIzVzdFb3VIemRzaFZ4WU1TR1ZvQVhOdUZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC81ZTRjMjItY2ZkZS00ZGVkLWE1MjYt
Mzk2NzFlMGI2MjY2LzEvS3BOTnJzNy03NEp1QXgwN3RIM050bWxfdmo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC81ZTRjMjItY2ZkZS00ZGVkLWE1MjYtMzk2NzFlMGI2MjY2
LzEvWEIzVzdFb3VIemRzaFZ4WU1TR1ZvQVhOdUZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFTp2gMA0E
AgACMAcDBQAqAtigMA0GCSqGSIb3DQEBCwUAA4IBAQCD5yAfx5K/f3W8sfXwhNyF
BD7a8KwepKeiTRyDM8SI/w2bwqKnlFy1wOFJQSPABVt61jjsd6jqIRWIcvBhchXx
k35Yz5bToee45Nt52OqIt1/NhMblEQKgva7yOu92uN9kbhV03j8KcDZeVN4idCJZ
gXDbbxcomBMitbcfHEdFpAF/pApgqJIUdnU9MHGDNDdJCjALUKzsbCt1I+djdIOP
t4dAavQCm8koxg2rDhwAEOJsUFW1/eycpSovuh8YHyMIjydrn4LxXEcH0MDDohoJ
j2us0CPGdGqyXPdXwArE7anAPWVaFpxFVz1EbdW4kcw+Qm+lkA9S9GX9/GKG6OFB
-----END CERTIFICATE-----
Generated at Mon Mar 2 12:52:13 2026 by rpki-client