Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/531a4c-6521-4ef9-8878-31f4cc12d620/1/nd2ovDlF_Zmo_XxAGJs-agTwP6k.roa
File: nd2ovDlF_Zmo_XxAGJs-agTwP6k.roa (raw, json)
Hash identifier: wKDGlke9HUoxSKsazb91lMdI0w1rZkvOiuN/NBOarjE=
Subject key identifier: 9D:DD:A8:BC:39:45:FD:99:A8:FD:7C:40:18:9B:3E:6A:04:F0:3F:A9
Certificate issuer: /CN=c66a5f2b468db35eb562bd37e1f36ecea813ccac
Certificate serial: 019C7F3330049D499DDE3402CD1A39A2B847
Authority key identifier: C6:6A:5F:2B:46:8D:B3:5E:B5:62:BD:37:E1:F3:6E:CE:A8:13:CC:AC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmpfK0aNs161Yr034fNuzqgTzKw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ba/531a4c-6521-4ef9-8878-31f4cc12d620/1/nd2ovDlF_Zmo_XxAGJs-agTwP6k.roa
Signing time: Sat 21 Feb 2026 07:56:26 +0000
ROA not before: Sat 21 Feb 2026 07:56:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 41670
IP address blocks: 89.248.240.0/20 maxlen: 20
185.110.204.0/22 maxlen: 22
2a01:168::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ba/531a4c-6521-4ef9-8878-31f4cc12d620/1/xmpfK0aNs161Yr034fNuzqgTzKw.crl
rsync://rpki.ripe.net/repository/DEFAULT/ba/531a4c-6521-4ef9-8878-31f4cc12d620/1/xmpfK0aNs161Yr034fNuzqgTzKw.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmpfK0aNs161Yr034fNuzqgTzKw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 07:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:7f:33:30:04:9d:49:9d:de:34:02:cd:1a:39:a2:b8:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66a5f2b468db35eb562bd37e1f36ecea813ccac
Validity
Not Before: Feb 21 07:56:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9ddda8bc3945fd99a8fd7c40189b3e6a04f03fa9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:ae:23:c1:e5:cf:7c:f2:0b:c9:4e:28:dd:62:
11:7e:87:c8:fc:44:40:14:d0:81:2f:0f:e1:16:79:
c0:98:15:a8:b9:40:5a:f1:d9:91:cf:b7:5d:af:be:
3f:cf:55:16:e0:77:5a:70:84:6d:c2:d0:32:ec:bd:
7b:49:c7:0c:35:17:79:55:ca:f6:18:0b:a0:37:37:
2d:56:e5:46:c6:b4:78:e5:56:25:5c:b3:88:00:eb:
91:35:c1:ed:61:3d:82:90:ab:5f:e7:6e:86:de:0f:
18:54:0f:d6:58:b6:cd:9f:d9:1e:ee:97:b5:5b:ea:
e1:89:ee:87:4f:d1:80:6b:82:72:e9:e6:6a:60:9f:
06:e6:1a:fe:89:8f:59:10:d1:f4:14:b4:0b:9c:c7:
65:b8:e7:ed:49:e2:0a:2c:83:8d:b0:20:c2:4e:98:
cd:fa:34:09:01:ef:16:e5:5e:53:43:9d:d3:4f:71:
5e:55:4f:65:bd:dd:3a:19:59:dd:30:24:f7:f0:50:
1d:25:d4:32:23:fa:b9:45:e4:43:ef:51:57:46:e7:
05:8e:22:1c:e0:41:35:7a:00:24:c9:e6:aa:31:a9:
5d:ec:71:f2:64:56:86:d8:61:62:cd:38:1d:79:4f:
40:74:4b:fd:74:9a:17:aa:88:8f:a1:05:b3:c2:1b:
10:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:DD:A8:BC:39:45:FD:99:A8:FD:7C:40:18:9B:3E:6A:04:F0:3F:A9
X509v3 Authority Key Identifier:
keyid:C6:6A:5F:2B:46:8D:B3:5E:B5:62:BD:37:E1:F3:6E:CE:A8:13:CC:AC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmpfK0aNs161Yr034fNuzqgTzKw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/531a4c-6521-4ef9-8878-31f4cc12d620/1/nd2ovDlF_Zmo_XxAGJs-agTwP6k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/531a4c-6521-4ef9-8878-31f4cc12d620/1/xmpfK0aNs161Yr034fNuzqgTzKw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.248.240.0/20
185.110.204.0/22
IPv6:
2a01:168::/29
Signature Algorithm: sha256WithRSAEncryption
85:a3:c9:53:90:d0:94:23:67:fa:b0:6e:35:66:05:da:8b:8e:
78:9b:83:58:02:3f:fc:63:48:90:75:21:9a:41:94:e0:d3:1b:
31:ad:58:86:3b:e8:9b:72:73:94:d5:b8:86:51:e5:d8:8f:2d:
32:94:d9:f8:34:83:cd:af:1e:7d:91:f0:03:18:bf:b5:9f:04:
0e:50:1b:a0:13:1a:0b:bd:3a:d0:ee:b6:a3:18:32:7f:33:10:
8c:8c:5f:8e:89:88:41:4d:44:24:5c:27:9a:03:e5:c5:f2:28:
20:ec:93:16:1c:81:45:1e:84:67:b5:55:7f:f0:c4:ef:dc:1d:
24:d9:aa:19:43:5a:b2:c3:90:53:b7:4a:cf:8e:fc:10:15:5b:
98:c2:bf:07:38:22:bf:08:b4:21:38:2c:71:4c:86:3c:50:ca:
02:c8:72:8b:aa:9f:ed:7e:0e:93:9e:7e:26:f3:92:ed:ae:90:
71:b9:79:84:9a:c9:e7:c0:1c:d3:68:61:8b:40:06:06:af:59:
5b:b3:e6:a5:96:11:21:6a:88:7f:98:6d:11:15:40:5e:96:63:
ff:6b:29:d0:60:ac:38:16:9a:09:c3:5c:64:e9:b5:02:45:c7:
c2:5b:69:0b:ed:6b:42:9f:29:32:93:20:32:92:0e:7c:3a:6a:
1c:88:69:e8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZx/MzAEnUmd3jQCzRo5orhHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmE1ZjJiNDY4ZGIzNWViNTYyYmQzN2UxZjM2ZWNlYTgx
M2NjYWMwHhcNMjYwMjIxMDc1NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGRkYThiYzM5NDVmZDk5YThmZDdjNDAxODliM2U2YTA0ZjAzZmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu64jweXPfPILyU4o3WIRfofI/ERA
FNCBLw/hFnnAmBWouUBa8dmRz7ddr74/z1UW4HdacIRtwtAy7L17SccMNRd5Vcr2
GAugNzctVuVGxrR45VYlXLOIAOuRNcHtYT2CkKtf526G3g8YVA/WWLbNn9ke7pe1
W+rhie6HT9GAa4Jy6eZqYJ8G5hr+iY9ZENH0FLQLnMdluOftSeIKLIONsCDCTpjN
+jQJAe8W5V5TQ53TT3FeVU9lvd06GVndMCT38FAdJdQyI/q5ReRD71FXRucFjiIc
4EE1egAkyeaqMald7HHyZFaG2GFizTgdeU9AdEv9dJoXqoiPoQWzwhsQhwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJ3dqLw5Rf2ZqP18QBibPmoE8D+pMB8GA1UdIwQY
MBaAFMZqXytGjbNetWK9N+Hzbs6oE8ysMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1wZkswYU5zMTYxWXIwMzRmTnV6cWdUekt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS81MzFhNGMtNjUyMS00ZWY5LTg4Nzgt
MzFmNGNjMTJkNjIwLzEvbmQyb3ZEbEZfWm1vX1h4QUdKcy1hZ1R3UDZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS81MzFhNGMtNjUyMS00ZWY5LTg4NzgtMzFmNGNjMTJkNjIw
LzEveG1wZkswYU5zMTYxWXIwMzRmTnV6cWdUekt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEWfjwAwQC
uW7MMA0EAgACMAcDBQMqAQFoMA0GCSqGSIb3DQEBCwUAA4IBAQCFo8lTkNCUI2f6
sG41ZgXai454m4NYAj/8Y0iQdSGaQZTg0xsxrViGO+ibcnOU1biGUeXYjy0ylNn4
NIPNrx59kfADGL+1nwQOUBugExoLvTrQ7rajGDJ/MxCMjF+OiYhBTUQkXCeaA+XF
8igg7JMWHIFFHoRntVV/8MTv3B0k2aoZQ1qyw5BTt0rPjvwQFVuYwr8HOCK/CLQh
OCxxTIY8UMoCyHKLqp/tfg6Tnn4m85LtrpBxuXmEmsnnwBzTaGGLQAYGr1lbs+al
lhEhaoh/mG0RFUBelmP/aynQYKw4FpoJw1xk6bUCRcfCW2kL7WtCnykykyAykg58
OmociGno
-----END CERTIFICATE-----
Generated at Mon Mar 2 16:27:46 2026 by rpki-client