Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c58671-3d4e-4775-af21-20af3d1b8ef9/1/BI1f2_dPn6g-BjeCDOP3JI42-SY.roa
File: BI1f2_dPn6g-BjeCDOP3JI42-SY.roa (raw, json)
Hash identifier: goOpdDSN7DtTvPMCWLdaixax4sJ1xWqSmv8uKvzhQeE=
Subject key identifier: 04:8D:5F:DB:F7:4F:9F:A8:3E:06:37:82:0C:E3:F7:24:8E:36:F9:26
Certificate issuer: /CN=97a23bb0aca9d226d05adfac08554181c48ef82e
Certificate serial: 019B7E380402905397A4DA1D5ED64A316928
Authority key identifier: 97:A2:3B:B0:AC:A9:D2:26:D0:5A:DF:AC:08:55:41:81:C4:8E:F8:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/l6I7sKyp0ibQWt-sCFVBgcSO-C4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/c58671-3d4e-4775-af21-20af3d1b8ef9/1/BI1f2_dPn6g-BjeCDOP3JI42-SY.roa
Signing time: Fri 02 Jan 2026 10:19:18 +0000
ROA not before: Fri 02 Jan 2026 10:19:18 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 205243
IP address blocks: 185.215.200.0/22 maxlen: 22
185.224.200.0/22 maxlen: 22
2a0b:adc0::/29 maxlen: 29
2a0d:3c00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/be/c58671-3d4e-4775-af21-20af3d1b8ef9/1/l6I7sKyp0ibQWt-sCFVBgcSO-C4.crl
rsync://rpki.ripe.net/repository/DEFAULT/be/c58671-3d4e-4775-af21-20af3d1b8ef9/1/l6I7sKyp0ibQWt-sCFVBgcSO-C4.mft
rsync://rpki.ripe.net/repository/DEFAULT/l6I7sKyp0ibQWt-sCFVBgcSO-C4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 22:01:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7e:38:04:02:90:53:97:a4:da:1d:5e:d6:4a:31:69:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=97a23bb0aca9d226d05adfac08554181c48ef82e
Validity
Not Before: Jan 2 10:19:18 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=048d5fdbf74f9fa83e0637820ce3f7248e36f926
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:85:24:1b:f6:00:28:a4:e7:ef:85:e9:be:80:
1b:c9:c8:2f:eb:b6:ec:75:c3:cd:64:c4:c7:a7:b5:
57:06:8b:3f:90:41:d2:b0:44:70:bd:6e:5a:48:e7:
2c:72:7c:26:1c:b4:4d:7b:10:ad:ca:a7:88:bf:9a:
78:d0:51:dd:db:84:7e:82:d1:52:fe:c1:6f:13:b3:
99:c6:97:19:5b:d1:d9:1d:39:fc:ab:24:22:aa:8a:
50:c4:09:93:83:86:1b:fc:32:55:0b:cd:85:b1:d5:
22:cc:3a:c1:8c:93:49:09:2a:db:41:e5:9f:74:86:
88:ab:d9:71:0e:60:ce:4e:6e:c6:bd:40:28:b5:c8:
c2:f0:8b:9f:90:e9:e6:fe:c5:4b:dc:d0:2f:8a:c5:
4c:cf:c5:c0:08:99:a0:40:5b:f8:1e:f6:7f:44:2b:
0c:dd:4c:62:3e:84:22:1a:33:93:47:cc:75:fb:31:
27:74:a2:51:ac:4b:16:9a:5c:dc:ca:18:1f:ee:6c:
12:d9:ca:3e:e8:75:a3:54:5b:20:46:05:06:fa:0e:
5a:de:ed:a3:5a:2b:2e:8c:a1:59:5e:e2:0b:91:aa:
f5:e2:23:d7:d8:b0:00:50:c4:fa:90:b1:d9:58:c2:
18:2c:51:d2:46:db:52:71:fe:46:eb:8d:44:82:1e:
f8:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:8D:5F:DB:F7:4F:9F:A8:3E:06:37:82:0C:E3:F7:24:8E:36:F9:26
X509v3 Authority Key Identifier:
keyid:97:A2:3B:B0:AC:A9:D2:26:D0:5A:DF:AC:08:55:41:81:C4:8E:F8:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l6I7sKyp0ibQWt-sCFVBgcSO-C4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c58671-3d4e-4775-af21-20af3d1b8ef9/1/BI1f2_dPn6g-BjeCDOP3JI42-SY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c58671-3d4e-4775-af21-20af3d1b8ef9/1/l6I7sKyp0ibQWt-sCFVBgcSO-C4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.215.200.0/22
185.224.200.0/22
IPv6:
2a0b:adc0::/29
2a0d:3c00::/29
Signature Algorithm: sha256WithRSAEncryption
1d:74:c0:9b:02:4b:99:0a:c9:1d:37:b2:e5:87:0d:1e:dd:42:
64:f5:8d:ce:47:be:6d:bb:6d:3d:b6:78:a5:5d:89:cb:76:70:
3e:15:00:5c:94:b7:34:a0:25:6f:2e:c5:64:84:d9:c3:38:57:
df:45:e9:c7:90:51:1d:9f:ae:d0:bb:ef:79:22:60:12:2c:b4:
56:21:32:cc:5c:7a:c7:92:b2:28:50:d5:76:d3:6f:e9:d6:ef:
56:3f:eb:3d:53:8c:44:9e:e9:04:ef:3e:f3:02:fa:ff:10:a0:
30:65:41:9d:9c:09:11:41:23:8e:90:e8:06:3a:1b:87:dd:99:
14:f4:16:ec:76:53:c5:a7:be:e9:6f:2d:f1:80:f5:bc:a1:1f:
64:ce:02:44:39:f0:5e:84:f2:97:28:1c:85:5a:58:08:00:aa:
d3:67:17:82:d7:86:f8:91:ad:f0:6a:c9:ea:f0:0f:30:c9:29:
8b:b3:31:c3:8f:50:26:9d:40:86:22:5f:cf:33:5f:de:2e:b9:
2f:61:57:bf:ce:6c:36:37:39:0f:d1:b4:cd:bf:9e:fb:39:eb:
e8:8e:3b:44:8e:5f:15:20:b7:e9:d9:0f:3b:c1:38:43:85:cb:
7f:3b:c7:5e:10:e9:5c:54:ab:09:32:74:a9:ca:91:c5:b2:4d:
bc:c9:d3:d0
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZt+OAQCkFOXpNodXtZKMWkoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3YTIzYmIwYWNhOWQyMjZkMDVhZGZhYzA4NTU0MTgxYzQ4
ZWY4MmUwHhcNMjYwMTAyMTAxOTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDhkNWZkYmY3NGY5ZmE4M2UwNjM3ODIwY2UzZjcyNDhlMzZmOTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA34UkG/YAKKTn74XpvoAbycgv67bs
dcPNZMTHp7VXBos/kEHSsERwvW5aSOcscnwmHLRNexCtyqeIv5p40FHd24R+gtFS
/sFvE7OZxpcZW9HZHTn8qyQiqopQxAmTg4Yb/DJVC82FsdUizDrBjJNJCSrbQeWf
dIaIq9lxDmDOTm7GvUAotcjC8IufkOnm/sVL3NAvisVMz8XACJmgQFv4HvZ/RCsM
3UxiPoQiGjOTR8x1+zEndKJRrEsWmlzcyhgf7mwS2co+6HWjVFsgRgUG+g5a3u2j
WisujKFZXuILkar14iPX2LAAUMT6kLHZWMIYLFHSRttScf5G641Egh743wIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFASNX9v3T5+oPgY3ggzj9ySONvkmMB8GA1UdIwQY
MBaAFJeiO7CsqdIm0FrfrAhVQYHEjvguMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDZJN3NLeXAwaWJRV3Qtc0NGVkJnY1NPLUM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jNTg2NzEtM2Q0ZS00Nzc1LWFmMjEt
MjBhZjNkMWI4ZWY5LzEvQkkxZjJfZFBuNmctQmplQ0RPUDNKSTQyLVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jNTg2NzEtM2Q0ZS00Nzc1LWFmMjEtMjBhZjNkMWI4ZWY5
LzEvbDZJN3NLeXAwaWJRV3Qtc0NGVkJnY1NPLUM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCudfIAwQC
ueDIMBQEAgACMA4DBQMqC63AAwUDKg08ADANBgkqhkiG9w0BAQsFAAOCAQEAHXTA
mwJLmQrJHTey5YcNHt1CZPWNzke+bbttPbZ4pV2Jy3ZwPhUAXJS3NKAlby7FZITZ
wzhX30Xpx5BRHZ+u0LvveSJgEiy0ViEyzFx6x5KyKFDVdtNv6dbvVj/rPVOMRJ7p
BO8+8wL6/xCgMGVBnZwJEUEjjpDoBjobh92ZFPQW7HZTxae+6W8t8YD1vKEfZM4C
RDnwXoTylygchVpYCACq02cXgteG+JGt8GrJ6vAPMMkpi7Mxw49QJp1AhiJfzzNf
3i65L2FXv85sNjc5D9G0zb+e+znr6I47RI5fFSC36dkPO8E4Q4XLfzvHXhDpXFSr
CTJ0qcqRxbJNvMnT0A==
-----END CERTIFICATE-----
Generated at Mon Mar 2 07:24:36 2026 by rpki-client