Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1-sY9lBWZwwO_x8lQTKAaDrf9EjQ.roa
File: 1-sY9lBWZwwO_x8lQTKAaDrf9EjQ.roa (raw, json)
Hash identifier: U7d2EA8vKcNfPdvs6idvL2VWBwMx4bSqquFEC2/r2nw=
Subject key identifier: FA:C6:3D:94:15:99:C3:03:BF:C7:C9:50:4C:A0:1A:0E:B7:FD:12:34
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 019C969C3BD6D8EBE619C14232C6F2FD5D70
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1-sY9lBWZwwO_x8lQTKAaDrf9EjQ.roa
Signing time: Wed 25 Feb 2026 21:02:27 +0000
ROA not before: Wed 25 Feb 2026 21:02:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 13213
IP address blocks: 89.36.23.0/24 maxlen: 24
93.114.192.0/24 maxlen: 24
220.158.198.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:96:9c:3b:d6:d8:eb:e6:19:c1:42:32:c6:f2:fd:5d:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 25 21:02:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fac63d941599c303bfc7c9504ca01a0eb7fd1234
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:d4:ac:0b:0c:15:ad:af:cf:bb:9c:a9:fe:a9:
1a:ed:ec:f1:19:87:9b:1f:3e:73:ac:89:cc:dc:58:
a6:26:f2:6c:7f:3d:cf:71:39:d1:e7:70:9c:31:57:
87:fd:a0:88:6b:50:63:e8:c1:f2:fa:0e:d5:97:95:
4b:18:91:f3:ec:6e:66:f7:8e:53:f6:ec:39:3b:36:
3d:bb:03:97:f4:ed:30:45:c0:a6:49:25:37:2a:59:
c2:60:92:d1:cb:25:ac:1e:ac:63:40:2d:14:91:7c:
cb:d2:60:0d:56:6d:8d:32:ab:51:04:43:e7:23:b0:
d2:8f:d6:40:08:e9:1a:38:f1:b7:c9:f7:5d:1a:48:
26:ec:d6:bf:68:60:88:f2:24:41:b6:1b:8b:f0:e6:
12:66:43:b0:82:7d:80:a2:27:19:2f:f3:19:4b:a4:
ae:17:16:5e:e6:4e:63:00:5d:9d:c2:72:e6:41:9f:
55:2d:d8:77:4a:2b:71:e2:53:68:71:99:4e:e1:8d:
a9:d8:b5:ab:8e:6e:fc:eb:04:43:d8:a6:6d:80:37:
9e:cf:e3:12:e1:3d:ea:2f:1e:9d:00:a8:b4:3f:aa:
8b:a5:c5:29:98:ad:81:e7:05:d7:f0:e8:9b:24:47:
66:53:39:c9:50:79:74:2b:7e:ad:1a:3d:53:3e:25:
e6:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:C6:3D:94:15:99:C3:03:BF:C7:C9:50:4C:A0:1A:0E:B7:FD:12:34
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1-sY9lBWZwwO_x8lQTKAaDrf9EjQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.36.23.0/24
93.114.192.0/24
220.158.198.0/24
Signature Algorithm: sha256WithRSAEncryption
17:f1:22:38:11:02:2c:0e:7c:cf:44:51:ea:ea:f8:05:1d:8c:
0d:5d:1f:f7:3a:17:0b:64:be:5d:d0:cc:a5:1c:b7:e9:8a:8b:
46:09:39:b6:97:62:09:55:7c:9f:bd:73:23:4d:65:fa:ac:2e:
ff:8e:95:ba:37:d7:f1:4c:d7:63:c4:6f:a2:76:b2:27:1f:f5:
a7:34:0c:0b:e7:a4:1d:35:fc:cd:25:d6:3b:75:3b:44:93:8d:
38:d0:e3:c5:b8:3e:e0:72:88:b9:43:b1:27:87:ee:4b:53:24:
f5:38:58:5b:20:8e:66:94:70:db:f3:2f:01:b5:1d:d1:1c:c1:
9c:62:51:f4:8b:31:d6:15:24:1a:14:56:74:51:d2:23:8f:cc:
fc:b7:2f:59:a7:0e:76:71:cf:b1:00:c7:26:9f:51:50:f1:ee:
09:c5:01:1f:2a:e6:c4:5d:83:53:da:ab:98:58:80:ec:0a:3e:
df:38:6f:92:14:70:43:bb:f8:3f:1e:22:40:0b:18:7d:34:51:
43:26:2f:da:34:86:4e:ea:32:41:1f:30:12:61:c1:9e:f5:3f:
9a:e8:a8:c0:7f:7f:91:66:ae:25:2b:5d:a8:92:f5:de:5a:2a:
75:21:df:13:4c:61:b8:71:e0:fa:54:39:51:4b:b6:03:0e:10:
03:7f:88:7c
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZyWnDvW2OvmGcFCMsby/V1wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMjI1MjEwMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWM2M2Q5NDE1OTljMzAzYmZjN2M5NTA0Y2EwMWEwZWI3ZmQxMjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtSsCwwVra/Pu5yp/qka7ezxGYeb
Hz5zrInM3FimJvJsfz3PcTnR53CcMVeH/aCIa1Bj6MHy+g7Vl5VLGJHz7G5m945T
9uw5OzY9uwOX9O0wRcCmSSU3KlnCYJLRyyWsHqxjQC0UkXzL0mANVm2NMqtRBEPn
I7DSj9ZACOkaOPG3yfddGkgm7Na/aGCI8iRBthuL8OYSZkOwgn2AoicZL/MZS6Su
FxZe5k5jAF2dwnLmQZ9VLdh3Sitx4lNocZlO4Y2p2LWrjm786wRD2KZtgDeez+MS
4T3qLx6dAKi0P6qLpcUpmK2B5wXX8OibJEdmUznJUHl0K36tGj1TPiXmOQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFPrGPZQVmcMDv8fJUEygGg63/RI0MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMS1zWTlsQldad3dPX3g4bFFUS0FhRHJmOUVqUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmMvOGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1
OC8xL05zS2t0OVhYUEZ0WEJHSWp2ekRyWlRBRnNPSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAFkkFwME
AF1ywAMEANyexjANBgkqhkiG9w0BAQsFAAOCAQEAF/EiOBECLA58z0RR6ur4BR2M
DV0f9zoXC2S+XdDMpRy36YqLRgk5tpdiCVV8n71zI01l+qwu/46VujfX8UzXY8Rv
onayJx/1pzQMC+ekHTX8zSXWO3U7RJONONDjxbg+4HKIuUOxJ4fuS1Mk9ThYWyCO
ZpRw2/MvAbUd0RzBnGJR9Isx1hUkGhRWdFHSI4/M/LcvWacOdnHPsQDHJp9RUPHu
CcUBHyrmxF2DU9qrmFiA7Ao+3zhvkhRwQ7v4Px4iQAsYfTRRQyYv2jSGTuoyQR8w
EmHBnvU/muiowH9/kWauJStdqJL13loqdSHfE0xhuHHg+lQ5UUu2Aw4QA3+IfA==
-----END CERTIFICATE-----
Generated at Mon Mar 2 10:08:50 2026 by rpki-client