Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/P1bw9rYWo49y12HRXmApS6My_8Y.roa
File: P1bw9rYWo49y12HRXmApS6My_8Y.roa (raw, json)
Hash identifier: 9AqUQgieKub166QUqwy0x3KBBuJmfSfs9fB9oABYTjM=
Subject key identifier: 3F:56:F0:F6:B6:16:A3:8F:72:D7:61:D1:5E:60:29:4B:A3:32:FF:C6
Certificate issuer: /CN=b85b0c8a75893a4f8e1ef0d9a4d41478d8b33278
Certificate serial: 019D2F97994CC9AF63B730196B482FD606C0
Authority key identifier: B8:5B:0C:8A:75:89:3A:4F:8E:1E:F0:D9:A4:D4:14:78:D8:B3:32:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uFsMinWJOk-OHvDZpNQUeNizMng.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/P1bw9rYWo49y12HRXmApS6My_8Y.roa
Signing time: Fri 27 Mar 2026 13:59:17 +0000
ROA not before: Fri 27 Mar 2026 13:59:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 62033
IP address blocks: 45.132.34.0/24 maxlen: 24
87.121.134.0/24 maxlen: 24
87.121.135.0/24 maxlen: 24
91.92.248.0/24 maxlen: 24
91.92.249.0/24 maxlen: 24
185.127.129.0/24 maxlen: 24
216.176.232.0/22 maxlen: 22
216.176.232.0/24 maxlen: 24
216.176.233.0/24 maxlen: 24
216.176.234.0/24 maxlen: 24
216.176.235.0/24 maxlen: 24
2a10:5d80:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/uFsMinWJOk-OHvDZpNQUeNizMng.crl
rsync://rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/uFsMinWJOk-OHvDZpNQUeNizMng.mft
rsync://rpki.ripe.net/repository/DEFAULT/uFsMinWJOk-OHvDZpNQUeNizMng.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 04:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:2f:97:99:4c:c9:af:63:b7:30:19:6b:48:2f:d6:06:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b85b0c8a75893a4f8e1ef0d9a4d41478d8b33278
Validity
Not Before: Mar 27 13:59:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3f56f0f6b616a38f72d761d15e60294ba332ffc6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:83:bb:d8:b9:45:66:42:36:96:10:b5:b8:2f:
13:d3:78:17:c9:c1:34:51:aa:6f:02:01:b7:ed:e6:
13:94:5e:65:31:b8:81:5e:6c:72:1b:13:e3:d2:d8:
5a:99:5f:48:02:45:b1:b4:d2:62:70:0a:5b:d8:f9:
fb:31:c7:d9:d5:5b:61:bd:4a:f7:10:c4:c7:11:9a:
88:6b:0c:50:bc:d6:07:86:9d:db:50:8a:74:de:47:
61:1c:4b:02:e3:59:2c:b6:9e:40:46:b0:92:62:96:
37:1e:f3:a1:46:2b:ad:57:00:d8:81:87:e0:73:49:
97:46:ae:75:95:ad:8c:0f:60:b4:39:b2:10:32:6e:
8b:aa:b2:49:fd:ff:1e:1f:bc:6a:42:0a:bd:e3:e4:
6a:a9:bb:6c:c1:e5:08:48:72:82:08:bc:44:3f:27:
c4:2c:30:17:ee:7f:9e:5c:43:9d:d8:cd:6d:a5:ca:
7c:3a:63:8b:fb:8a:29:2b:2b:3c:20:ef:9c:08:5f:
48:37:fd:c9:e7:47:6d:a3:fa:cc:7a:eb:32:dc:55:
ca:60:7d:7b:37:71:ab:3a:68:a7:29:71:37:1c:b0:
b9:db:a2:cb:90:34:71:46:13:99:8a:04:c2:1a:60:
7e:a1:5a:85:a2:d7:cf:dd:22:f7:63:ed:6d:02:22:
d2:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:56:F0:F6:B6:16:A3:8F:72:D7:61:D1:5E:60:29:4B:A3:32:FF:C6
X509v3 Authority Key Identifier:
keyid:B8:5B:0C:8A:75:89:3A:4F:8E:1E:F0:D9:A4:D4:14:78:D8:B3:32:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uFsMinWJOk-OHvDZpNQUeNizMng.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/P1bw9rYWo49y12HRXmApS6My_8Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/uFsMinWJOk-OHvDZpNQUeNizMng.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.132.34.0/24
87.121.134.0/23
91.92.248.0/23
185.127.129.0/24
216.176.232.0/22
IPv6:
2a10:5d80:1::/48
Signature Algorithm: sha256WithRSAEncryption
9a:b3:3c:81:4b:9d:53:27:1c:a7:c7:cd:1d:45:00:c3:a4:fd:
e4:29:2b:12:90:a0:35:a4:bd:93:53:e7:3f:a8:db:3f:8c:6d:
3e:cc:0f:9b:0e:fc:7b:e0:a1:c3:1a:03:62:51:6c:9d:93:eb:
4a:07:7b:66:f1:74:b9:e6:60:aa:18:53:b6:a1:25:8e:19:09:
5d:c8:c5:17:d4:7f:97:32:2b:de:95:76:7c:a6:30:57:5a:bd:
d8:80:c1:70:d2:13:7c:04:d4:cc:c6:6b:93:61:b2:eb:aa:9a:
81:a0:da:35:ff:66:d8:e9:c7:27:e7:db:91:06:5c:7c:eb:f4:
8e:51:27:c3:c6:77:59:4c:ea:44:f4:5b:57:4a:f0:5a:f4:4b:
5d:6a:12:4c:e5:37:46:32:a0:cb:2a:3c:40:30:f5:48:0f:f6:
e5:f5:81:a0:ae:05:c7:77:65:4b:e3:ba:13:f2:3f:bc:78:9f:
8e:60:ae:8d:30:ee:14:77:d0:b4:10:e0:10:f2:7e:d6:d3:81:
4f:c5:73:f0:27:35:b3:3c:18:17:87:f5:03:18:ad:18:59:19:
d7:09:63:aa:53:53:23:34:76:9c:cc:a0:87:16:f3:47:d1:0a:
c6:20:fb:db:a3:90:df:bf:96:60:c0:d2:2a:ca:59:08:47:2f:
e3:fd:e6:a6
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZ0vl5lMya9jtzAZa0gv1gbAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NWIwYzhhNzU4OTNhNGY4ZTFlZjBkOWE0ZDQxNDc4ZDhi
MzMyNzgwHhcNMjYwMzI3MTM1OTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjU2ZjBmNmI2MTZhMzhmNzJkNzYxZDE1ZTYwMjk0YmEzMzJmZmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIO72LlFZkI2lhC1uC8T03gXycE0
UapvAgG37eYTlF5lMbiBXmxyGxPj0thamV9IAkWxtNJicApb2Pn7McfZ1VthvUr3
EMTHEZqIawxQvNYHhp3bUIp03kdhHEsC41kstp5ARrCSYpY3HvOhRiutVwDYgYfg
c0mXRq51la2MD2C0ObIQMm6LqrJJ/f8eH7xqQgq94+RqqbtsweUISHKCCLxEPyfE
LDAX7n+eXEOd2M1tpcp8OmOL+4opKys8IO+cCF9IN/3J50dto/rMeusy3FXKYH17
N3GrOminKXE3HLC526LLkDRxRhOZigTCGmB+oVqFotfP3SL3Y+1tAiLSlQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFD9W8Pa2FqOPctdh0V5gKUujMv/GMB8GA1UdIwQY
MBaAFLhbDIp1iTpPjh7w2aTUFHjYszJ4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUZzTWluV0pPay1PSHZEWnBOUVVlTml6TW5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC84ODE5ZTItYzRlMy00YmNlLWE2MWMt
MzA1ZDQxZDUzYTY1LzEvUDFidzlyWVdvNDl5MTJIUlhtQXBTNk15XzhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC84ODE5ZTItYzRlMy00YmNlLWE2MWMtMzA1ZDQxZDUzYTY1
LzEvdUZzTWluV0pPay1PSHZEWnBOUVVlTml6TW5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQALYQiAwQB
V3mGAwQBW1z4AwQAuX+BAwQC2LDoMA8EAgACMAkDBwAqEF2AAAEwDQYJKoZIhvcN
AQELBQADggEBAJqzPIFLnVMnHKfHzR1FAMOk/eQpKxKQoDWkvZNT5z+o2z+MbT7M
D5sO/HvgocMaA2JRbJ2T60oHe2bxdLnmYKoYU7ahJY4ZCV3IxRfUf5cyK96Vdnym
MFdavdiAwXDSE3wE1MzGa5NhsuuqmoGg2jX/Ztjpxyfn25EGXHzr9I5RJ8PGd1lM
6kT0W1dK8Fr0S11qEkzlN0YyoMsqPEAw9UgP9uX1gaCuBcd3ZUvjuhPyP7x4n45g
ro0w7hR30LQQ4BDyftbTgU/Fc/AnNbM8GBeH9QMYrRhZGdcJY6pTUyM0dpzMoIcW
80fRCsYg+9ujkN+/lmDA0irKWQhHL+P95qY=
-----END CERTIFICATE-----
Generated at Fri Apr 17 13:29:09 2026 by rpki-client