Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/a8ece7-2b6c-4451-8b3d-332dbd9a60af/1/U9tmgs6mFCWkoWieHrxDrEXnwL0.roa
File: U9tmgs6mFCWkoWieHrxDrEXnwL0.roa (raw, json)
Hash identifier: x4lfPhn0duWowl/P6x8Mok6jDaTFHCYfcJEYP4lecMg=
Subject key identifier: 53:DB:66:82:CE:A6:14:25:A4:A1:68:9E:1E:BC:43:AC:45:E7:C0:BD
Certificate issuer: /CN=f966238becd356df87d0c630248123f8f219e18c
Certificate serial: 019B7E3888038B5245BDE7B2A9849AD0E46D
Authority key identifier: F9:66:23:8B:EC:D3:56:DF:87:D0:C6:30:24:81:23:F8:F2:19:E1:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-WYji-zTVt-H0MYwJIEj-PIZ4Yw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b7/a8ece7-2b6c-4451-8b3d-332dbd9a60af/1/U9tmgs6mFCWkoWieHrxDrEXnwL0.roa
Signing time: Fri 02 Jan 2026 10:19:52 +0000
ROA not before: Fri 02 Jan 2026 10:19:52 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 35493
IP address blocks: 91.237.168.0/23 maxlen: 23
91.237.170.0/24 maxlen: 24
185.90.164.0/22 maxlen: 22
2a05:e300::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b7/a8ece7-2b6c-4451-8b3d-332dbd9a60af/1/1-WYji-zTVt-H0MYwJIEj-PIZ4Yw.crl
rsync://rpki.ripe.net/repository/DEFAULT/b7/a8ece7-2b6c-4451-8b3d-332dbd9a60af/1/1-WYji-zTVt-H0MYwJIEj-PIZ4Yw.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-WYji-zTVt-H0MYwJIEj-PIZ4Yw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 22:01:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7e:38:88:03:8b:52:45:bd:e7:b2:a9:84:9a:d0:e4:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f966238becd356df87d0c630248123f8f219e18c
Validity
Not Before: Jan 2 10:19:52 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=53db6682cea61425a4a1689e1ebc43ac45e7c0bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:01:48:35:37:05:d9:7c:57:81:b7:f2:01:50:
bc:68:2c:5f:4f:48:99:c9:91:a8:42:1f:d1:79:59:
fd:27:ac:7d:ba:09:b2:19:25:d5:bc:83:64:28:7b:
0b:43:3f:2e:67:e0:38:b1:40:c3:cb:dc:99:5c:da:
d8:5b:1d:a6:d4:26:71:a0:24:14:60:40:68:40:ad:
29:d0:c1:fc:74:a4:99:94:d9:2d:2d:db:ba:ec:4b:
2b:dc:9f:9d:e4:9b:f4:80:43:20:72:0e:6e:2e:24:
8f:21:67:e5:55:39:9f:12:9d:fe:0c:2c:51:b5:c2:
a7:3d:de:48:b5:94:da:fb:22:3f:e1:9c:a5:16:cf:
ff:52:f2:a8:8b:b7:db:09:dc:cf:19:d7:17:c7:dc:
b2:8b:a0:5c:a3:58:a7:0b:fc:ff:9a:e0:05:61:b3:
b6:b8:38:1d:bf:e7:da:ff:68:54:89:c4:29:e2:f6:
f7:39:d6:58:ad:80:5f:e8:fc:87:e7:f4:76:3a:ee:
2e:f6:87:0f:db:9a:01:44:48:35:a5:c2:65:f5:e7:
27:98:1e:99:f1:68:ec:f7:05:3f:45:31:90:16:06:
01:e5:ea:0e:75:bc:79:33:1f:6f:85:cd:52:04:93:
d4:b1:e8:cb:84:fa:0d:46:2a:6e:48:e9:a0:b7:b0:
cb:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:DB:66:82:CE:A6:14:25:A4:A1:68:9E:1E:BC:43:AC:45:E7:C0:BD
X509v3 Authority Key Identifier:
keyid:F9:66:23:8B:EC:D3:56:DF:87:D0:C6:30:24:81:23:F8:F2:19:E1:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-WYji-zTVt-H0MYwJIEj-PIZ4Yw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/a8ece7-2b6c-4451-8b3d-332dbd9a60af/1/U9tmgs6mFCWkoWieHrxDrEXnwL0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/a8ece7-2b6c-4451-8b3d-332dbd9a60af/1/1-WYji-zTVt-H0MYwJIEj-PIZ4Yw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.237.168.0-91.237.170.255
185.90.164.0/22
IPv6:
2a05:e300::/29
Signature Algorithm: sha256WithRSAEncryption
54:36:61:56:6b:76:80:24:ef:c8:ee:af:c8:71:68:af:6a:d0:
b9:99:58:79:aa:5c:81:b6:54:d0:07:8e:2f:4d:45:2e:48:f0:
47:3a:5c:b3:0e:46:63:42:1f:27:d5:0e:37:3b:09:fd:fe:c6:
7b:a6:a5:b4:33:c6:eb:b5:ea:8d:46:1b:46:0c:df:98:cd:41:
f3:f6:db:f2:2d:1f:f6:4c:3b:f3:55:bf:31:65:37:e2:e1:3b:
ca:f5:e8:88:8e:72:8e:6f:7d:94:b0:52:0c:80:78:89:af:46:
69:51:ee:3f:58:3b:ac:5a:6e:c9:b2:83:08:1f:13:82:df:a0:
81:43:3a:e2:d1:33:f0:89:b7:93:4f:e7:bc:11:3f:16:18:47:
19:b9:45:c3:c3:e6:b1:6d:b9:fc:2e:51:3e:7b:67:4d:2b:b0:
af:2f:b9:c4:57:2b:d6:60:0b:e1:7b:6d:e8:5b:26:d4:5a:12:
b2:e3:d3:45:94:be:a5:00:f5:ae:6f:2e:48:f8:25:ed:9d:40:
99:5e:ca:77:ff:7e:50:09:58:cf:5e:a4:8d:a6:17:c3:e9:50:
49:23:03:77:2d:a6:cf:62:63:96:2e:e6:9c:34:ca:7c:57:2b:
7c:81:20:20:ab:a0:ee:35:57:41:47:6e:d0:c4:f0:27:fe:de:
ad:e9:b0:d0
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAZt+OIgDi1JFveeyqYSa0ORtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NjYyMzhiZWNkMzU2ZGY4N2QwYzYzMDI0ODEyM2Y4ZjIx
OWUxOGMwHhcNMjYwMTAyMTAxOTUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2RiNjY4MmNlYTYxNDI1YTRhMTY4OWUxZWJjNDNhYzQ1ZTdjMGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0wFINTcF2XxXgbfyAVC8aCxfT0iZ
yZGoQh/ReVn9J6x9ugmyGSXVvINkKHsLQz8uZ+A4sUDDy9yZXNrYWx2m1CZxoCQU
YEBoQK0p0MH8dKSZlNktLdu67Esr3J+d5Jv0gEMgcg5uLiSPIWflVTmfEp3+DCxR
tcKnPd5ItZTa+yI/4ZylFs//UvKoi7fbCdzPGdcXx9yyi6Bco1inC/z/muAFYbO2
uDgdv+fa/2hUicQp4vb3OdZYrYBf6PyH5/R2Ou4u9ocP25oBREg1pcJl9ecnmB6Z
8Wjs9wU/RTGQFgYB5eoOdbx5Mx9vhc1SBJPUsejLhPoNRipuSOmgt7DLXwIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFFPbZoLOphQlpKFonh68Q6xF58C9MB8GA1UdIwQY
MBaAFPlmI4vs01bfh9DGMCSBI/jyGeGMMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1XWWppLXpUVnQtSDBNWXdKSUVqLVBJWjRZdy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjcvYThlY2U3LTJiNmMtNDQ1MS04YjNk
LTMzMmRiZDlhNjBhZi8xL1U5dG1nczZtRkNXa29XaWVIcnhEckVYbndMMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjcvYThlY2U3LTJiNmMtNDQ1MS04YjNkLTMzMmRiZDlhNjBh
Zi8xLzEtV1lqaS16VFZ0LUgwTVl3SklFai1QSVo0WXcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwPAYIKwYBBQUHAQcBAf8ELTArMBoEAgABMBQwDAMEA1vt
qAMEAFvtqgMEArlapDANBAIAAjAHAwUDKgXjADANBgkqhkiG9w0BAQsFAAOCAQEA
VDZhVmt2gCTvyO6vyHFor2rQuZlYeapcgbZU0AeOL01FLkjwRzpcsw5GY0IfJ9UO
NzsJ/f7Ge6altDPG67XqjUYbRgzfmM1B8/bb8i0f9kw781W/MWU34uE7yvXoiI5y
jm99lLBSDIB4ia9GaVHuP1g7rFpuybKDCB8Tgt+ggUM64tEz8Im3k0/nvBE/FhhH
GblFw8PmsW25/C5RPntnTSuwry+5xFcr1mAL4Xtt6Fsm1FoSsuPTRZS+pQD1rm8u
SPgl7Z1AmV7Kd/9+UAlYz16kjaYXw+lQSSMDdy2mz2Jjli7mnDTKfFcrfIEgIKug
7jVXQUdu0MTwJ/7eremw0A==
-----END CERTIFICATE-----
Generated at Mon Mar 2 07:35:27 2026 by rpki-client