Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/26c68c-0482-4b62-b2af-4855366edfef/1/r8juWr0fR7eZlL-VMsSrNDl110A.roa
File: r8juWr0fR7eZlL-VMsSrNDl110A.roa (raw, json)
Hash identifier: qD3xa796k/oSV1zGO4Nx/TZT/oEThkLyNOjdtEBA5fg=
Subject key identifier: AF:C8:EE:5A:BD:1F:47:B7:99:94:BF:95:32:C4:AB:34:39:75:D7:40
Certificate issuer: /CN=75923ec546df371d09e68c6b06025ea31261234a
Certificate serial: 019D435F61657D5E37FFBE6965EACF473277
Authority key identifier: 75:92:3E:C5:46:DF:37:1D:09:E6:8C:6B:06:02:5E:A3:12:61:23:4A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dZI-xUbfNx0J5oxrBgJeoxJhI0o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bd/26c68c-0482-4b62-b2af-4855366edfef/1/r8juWr0fR7eZlL-VMsSrNDl110A.roa
Signing time: Tue 31 Mar 2026 10:10:17 +0000
ROA not before: Tue 31 Mar 2026 10:10:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 3213
IP address blocks: 85.158.40.0/21 maxlen: 21
91.103.128.0/21 maxlen: 21
93.186.32.0/20 maxlen: 20
94.126.192.0/21 maxlen: 21
185.102.248.0/22 maxlen: 22
185.172.120.0/22 maxlen: 22
193.178.223.0/24 maxlen: 24
194.39.143.0/24 maxlen: 24
2001:4b10::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bd/26c68c-0482-4b62-b2af-4855366edfef/1/dZI-xUbfNx0J5oxrBgJeoxJhI0o.crl
rsync://rpki.ripe.net/repository/DEFAULT/bd/26c68c-0482-4b62-b2af-4855366edfef/1/dZI-xUbfNx0J5oxrBgJeoxJhI0o.mft
rsync://rpki.ripe.net/repository/DEFAULT/dZI-xUbfNx0J5oxrBgJeoxJhI0o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:43:5f:61:65:7d:5e:37:ff:be:69:65:ea:cf:47:32:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=75923ec546df371d09e68c6b06025ea31261234a
Validity
Not Before: Mar 31 10:10:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=afc8ee5abd1f47b79994bf9532c4ab343975d740
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:f4:fc:0a:27:6f:d4:f8:b0:77:4e:14:66:6e:
ef:c4:82:e6:d8:9b:1d:69:43:66:06:b5:1f:99:5e:
a6:a3:27:9b:98:19:84:19:3a:cb:d9:a9:95:5c:f3:
ce:23:e5:df:4e:e7:72:10:39:6f:ad:e5:f0:46:69:
5e:c6:3b:e8:bc:28:36:fa:7b:dc:2b:f8:6b:b4:86:
75:7e:2d:01:ec:52:c5:7a:e3:0b:9c:de:a4:3d:c5:
de:d2:1b:ea:0f:a2:ce:84:98:ca:3a:2e:82:a6:f1:
fb:b8:ae:4b:b1:c9:0a:6c:a6:ea:81:de:5b:28:d7:
34:0b:24:ad:6f:b8:7d:fe:43:f8:23:87:4d:c2:e0:
a9:2d:d9:40:1d:0c:5a:ae:4b:23:c8:26:18:e3:12:
9e:bc:7b:c1:47:4f:1e:53:b3:76:a7:d7:4b:ed:b0:
e8:d5:32:d3:e1:56:ad:e1:71:fd:40:2a:3f:d5:19:
90:b6:09:5e:99:83:41:11:b7:09:47:24:51:59:94:
4b:4b:c6:54:7c:7d:f8:4e:c0:c5:6f:7b:ce:bd:95:
b6:3c:d6:04:40:55:5d:7f:56:79:2a:55:1e:2b:50:
d6:9b:70:ed:18:82:02:fc:58:62:cf:9c:f9:e6:33:
c7:90:59:0e:dc:f1:26:71:da:8f:20:77:aa:a6:63:
20:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:C8:EE:5A:BD:1F:47:B7:99:94:BF:95:32:C4:AB:34:39:75:D7:40
X509v3 Authority Key Identifier:
keyid:75:92:3E:C5:46:DF:37:1D:09:E6:8C:6B:06:02:5E:A3:12:61:23:4A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dZI-xUbfNx0J5oxrBgJeoxJhI0o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/26c68c-0482-4b62-b2af-4855366edfef/1/r8juWr0fR7eZlL-VMsSrNDl110A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/26c68c-0482-4b62-b2af-4855366edfef/1/dZI-xUbfNx0J5oxrBgJeoxJhI0o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.158.40.0/21
91.103.128.0/21
93.186.32.0/20
94.126.192.0/21
185.102.248.0/22
185.172.120.0/22
193.178.223.0/24
194.39.143.0/24
IPv6:
2001:4b10::/32
Signature Algorithm: sha256WithRSAEncryption
95:bc:d2:97:5a:b5:38:93:c8:9e:32:2b:a4:ec:f9:5d:ea:10:
4b:bd:77:fa:4d:c0:f5:3e:6d:e1:7f:0e:08:db:51:6e:80:a3:
42:5c:a6:76:bb:a7:d1:d3:53:90:b4:4f:d5:36:36:e7:d4:f1:
09:13:36:9d:79:a9:53:3a:3c:a8:da:70:ad:87:31:d0:9d:67:
32:1d:38:85:c2:15:ba:a4:b5:51:fe:b3:0f:79:c2:31:92:6f:
e2:65:1c:69:9f:ac:ac:5e:4f:7e:6e:7d:e2:6b:b6:36:09:ce:
79:26:ec:de:d3:9a:ee:51:d3:ed:22:1e:3f:9e:51:ba:46:f2:
b3:54:63:e7:4d:9c:f9:7f:81:ed:49:9a:75:1a:96:ed:d3:eb:
31:89:17:9b:aa:51:7f:ab:ea:39:c6:03:a5:53:94:16:a4:2d:
30:10:e6:60:56:a9:b0:4f:47:4f:b1:d1:0a:12:c5:8b:86:c9:
80:db:4d:6d:f2:f4:48:ef:8a:82:0b:c1:60:75:b7:1d:1c:d3:
66:6d:43:6b:5a:b5:7c:b0:32:8d:31:4b:e2:91:3b:ac:63:45:
7e:cb:2f:47:e5:f6:61:8a:6e:d0:99:d0:1e:76:c3:c4:52:a5:
6e:e0:48:70:7b:b4:12:e8:d3:80:51:9a:ba:85:d9:98:9a:cb:
9f:17:da:37
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZ1DX2FlfV43/75pZerPRzJ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1OTIzZWM1NDZkZjM3MWQwOWU2OGM2YjA2MDI1ZWEzMTI2
MTIzNGEwHhcNMjYwMzMxMTAxMDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmM4ZWU1YWJkMWY0N2I3OTk5NGJmOTUzMmM0YWIzNDM5NzVkNzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfT8Cidv1Piwd04UZm7vxILm2Jsd
aUNmBrUfmV6moyebmBmEGTrL2amVXPPOI+XfTudyEDlvreXwRmlexjvovCg2+nvc
K/hrtIZ1fi0B7FLFeuMLnN6kPcXe0hvqD6LOhJjKOi6CpvH7uK5LsckKbKbqgd5b
KNc0CyStb7h9/kP4I4dNwuCpLdlAHQxarksjyCYY4xKevHvBR08eU7N2p9dL7bDo
1TLT4Vat4XH9QCo/1RmQtglemYNBEbcJRyRRWZRLS8ZUfH34TsDFb3vOvZW2PNYE
QFVdf1Z5KlUeK1DWm3DtGIIC/Fhiz5z55jPHkFkO3PEmcdqPIHeqpmMgfwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFK/I7lq9H0e3mZS/lTLEqzQ5dddAMB8GA1UdIwQY
MBaAFHWSPsVG3zcdCeaMawYCXqMSYSNKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFpJLXhVYmZOeDBKNW94ckJnSmVveEpoSTBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8yNmM2OGMtMDQ4Mi00YjYyLWIyYWYt
NDg1NTM2NmVkZmVmLzEvcjhqdVdyMGZSN2VabEwtVk1zU3JORGwxMTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8yNmM2OGMtMDQ4Mi00YjYyLWIyYWYtNDg1NTM2NmVkZmVm
LzEvZFpJLXhVYmZOeDBKNW94ckJnSmVveEpoSTBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDVZ4oAwQD
W2eAAwQEXbogAwQDXn7AAwQCuWb4AwQCuax4AwQAwbLfAwQAwiePMA0EAgACMAcD
BQAgAUsQMA0GCSqGSIb3DQEBCwUAA4IBAQCVvNKXWrU4k8ieMiuk7Pld6hBLvXf6
TcD1Pm3hfw4I21FugKNCXKZ2u6fR01OQtE/VNjbn1PEJEzadealTOjyo2nCthzHQ
nWcyHTiFwhW6pLVR/rMPecIxkm/iZRxpn6ysXk9+bn3ia7Y2Cc55Juze05ruUdPt
Ih4/nlG6RvKzVGPnTZz5f4HtSZp1Gpbt0+sxiRebqlF/q+o5xgOlU5QWpC0wEOZg
VqmwT0dPsdEKEsWLhsmA201t8vRI74qCC8FgdbcdHNNmbUNrWrV8sDKNMUvikTus
Y0V+yy9H5fZhim7QmdAedsPEUqVu4Ehwe7QS6NOAUZq6hdmYmsufF9o3
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:11:52 2026 by rpki-client