Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/fbgFYZOUj66PVAQpKUGgeHpzr24.roa
File: fbgFYZOUj66PVAQpKUGgeHpzr24.roa (raw, json)
Hash identifier: SB3DJT334kxLqXYnE2DumDnn0I2NFlsBAqoFvdcBUgQ=
Subject key identifier: 7D:B8:05:61:93:94:8F:AE:8F:54:04:29:29:41:A0:78:7A:73:AF:6E
Certificate issuer: /CN=5d0a0d396f769369365f2b983c531afeca9710a7
Certificate serial: 019B7CEE274FD6D48EC5C9AC8808AEE67D89
Authority key identifier: 5D:0A:0D:39:6F:76:93:69:36:5F:2B:98:3C:53:1A:FE:CA:97:10:A7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XQoNOW92k2k2XyuYPFMa_sqXEKc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/fbgFYZOUj66PVAQpKUGgeHpzr24.roa
Signing time: Fri 02 Jan 2026 04:19:01 +0000
ROA not before: Fri 02 Jan 2026 04:19:01 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 48350
IP address blocks: 45.148.236.0/22 maxlen: 22
45.148.236.0/24 maxlen: 24
45.148.237.0/24 maxlen: 24
45.148.238.0/24 maxlen: 24
45.148.239.0/24 maxlen: 24
91.208.130.0/24 maxlen: 24
91.209.111.0/24 maxlen: 24
2a0f:7a00::/32 maxlen: 48
2a0f:7a02::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/XQoNOW92k2k2XyuYPFMa_sqXEKc.crl
rsync://rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/XQoNOW92k2k2XyuYPFMa_sqXEKc.mft
rsync://rpki.ripe.net/repository/DEFAULT/XQoNOW92k2k2XyuYPFMa_sqXEKc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:ee:27:4f:d6:d4:8e:c5:c9:ac:88:08:ae:e6:7d:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5d0a0d396f769369365f2b983c531afeca9710a7
Validity
Not Before: Jan 2 04:19:01 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=7db8056193948fae8f5404292941a0787a73af6e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:55:db:c3:de:02:1f:51:3c:2b:29:80:76:e2:
8d:0b:6c:f6:25:73:ab:25:a7:02:d7:a4:7e:c5:04:
12:ff:c0:52:fb:e9:67:84:8d:86:14:18:c8:c8:f6:
77:64:54:c2:58:b1:57:ef:8c:01:10:27:49:c9:a3:
9c:00:c3:1d:bb:3b:57:cc:7c:43:c7:c2:07:36:17:
83:08:e6:7a:0c:8b:ab:48:81:1b:69:a1:e8:b8:79:
49:93:ea:7d:24:2c:5b:d5:d1:37:70:57:4b:21:02:
03:ec:48:e2:ef:54:89:de:09:7b:89:f6:35:2e:52:
86:fa:dd:38:dc:12:42:bc:8d:54:f6:11:25:fe:6c:
7b:da:2b:11:da:40:35:27:7a:38:32:7d:07:08:c0:
06:1f:77:d1:ec:e1:be:ed:f5:c6:f3:f0:72:f6:3e:
ce:68:fb:25:7d:6e:4b:6f:bb:2e:73:6c:05:28:da:
08:6e:79:65:39:3a:93:79:56:d0:6a:eb:05:8f:06:
9e:78:d2:03:36:e9:08:90:76:ec:9d:7a:f8:6a:a0:
b4:f1:da:87:e7:4e:29:7c:26:2b:be:4a:d5:ff:60:
c1:bd:e1:c4:f2:6a:83:15:f2:ad:33:be:bd:fa:14:
96:62:0e:ea:86:7d:4f:94:7f:90:0b:8f:07:63:24:
c4:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:B8:05:61:93:94:8F:AE:8F:54:04:29:29:41:A0:78:7A:73:AF:6E
X509v3 Authority Key Identifier:
keyid:5D:0A:0D:39:6F:76:93:69:36:5F:2B:98:3C:53:1A:FE:CA:97:10:A7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XQoNOW92k2k2XyuYPFMa_sqXEKc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/fbgFYZOUj66PVAQpKUGgeHpzr24.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/XQoNOW92k2k2XyuYPFMa_sqXEKc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.148.236.0/22
91.208.130.0/24
91.209.111.0/24
IPv6:
2a0f:7a00::/32
2a0f:7a02::/32
Signature Algorithm: sha256WithRSAEncryption
a1:67:ba:dd:cc:f5:3b:1c:f4:ee:5a:7e:af:71:6b:0f:17:3e:
1f:72:ca:8c:1c:53:b7:8e:5f:24:eb:dc:46:b6:cd:d2:99:d7:
41:3c:80:4a:6a:f7:99:61:12:ed:e6:35:01:ae:62:e7:79:fd:
19:19:1c:80:6a:5b:be:15:95:6b:36:b2:b2:d5:a7:52:51:ec:
52:1f:07:08:1e:ce:67:db:b5:b7:50:6f:b8:c6:21:87:f0:0f:
0e:88:a4:65:7c:35:69:c3:78:c5:39:64:77:44:dc:ae:9f:fb:
0c:f3:19:cb:55:61:5b:22:63:22:e8:82:f3:e0:ab:ce:1b:7d:
31:a0:3b:ef:2d:2a:1e:a5:7c:2b:b9:f4:ae:0d:af:dd:b9:05:
43:24:93:b0:05:7e:28:60:50:9e:f5:24:28:6f:0d:a4:f8:a7:
f7:4c:cd:15:3f:ac:ce:19:32:be:8f:ad:91:88:37:8c:26:89:
cf:4c:1a:97:2a:01:ba:e5:a7:aa:82:fc:03:29:5d:6f:9a:d2:
0e:c8:73:98:ed:6d:76:0f:cd:35:a0:ff:3b:61:da:c6:be:92:
ed:f7:f6:b5:44:45:86:b5:2c:33:a8:6a:86:a6:e0:b0:7b:d7:
db:60:d5:51:e0:b1:60:42:ce:94:b2:4f:cf:ee:a6:b0:50:8e:
a8:20:5f:80
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZt87idP1tSOxcmsiAiu5n2JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMGEwZDM5NmY3NjkzNjkzNjVmMmI5ODNjNTMxYWZlY2E5
NzEwYTcwHhcNMjYwMTAyMDQxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGI4MDU2MTkzOTQ4ZmFlOGY1NDA0MjkyOTQxYTA3ODdhNzNhZjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21Xbw94CH1E8KymAduKNC2z2JXOr
JacC16R+xQQS/8BS++lnhI2GFBjIyPZ3ZFTCWLFX74wBECdJyaOcAMMduztXzHxD
x8IHNheDCOZ6DIurSIEbaaHouHlJk+p9JCxb1dE3cFdLIQID7Eji71SJ3gl7ifY1
LlKG+t043BJCvI1U9hEl/mx72isR2kA1J3o4Mn0HCMAGH3fR7OG+7fXG8/By9j7O
aPslfW5Lb7suc2wFKNoIbnllOTqTeVbQausFjwaeeNIDNukIkHbsnXr4aqC08dqH
504pfCYrvkrV/2DBveHE8mqDFfKtM769+hSWYg7qhn1PlH+QC48HYyTE3QIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFH24BWGTlI+uj1QEKSlBoHh6c69uMB8GA1UdIwQY
MBaAFF0KDTlvdpNpNl8rmDxTGv7KlxCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFFvTk9XOTJrMmsyWHl1WVBGTWFfc3FYRUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yMjNkOGYtNThhYy00ZGY3LWJmMWUt
NDQyMDEwYjU3OWVmLzEvZmJnRllaT1VqNjZQVkFRcEtVR2dlSHB6cjI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yMjNkOGYtNThhYy00ZGY3LWJmMWUtNDQyMDEwYjU3OWVm
LzEvWFFvTk9XOTJrMmsyWHl1WVBGTWFfc3FYRUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQCLZTsAwQA
W9CCAwQAW9FvMBQEAgACMA4DBQAqD3oAAwUAKg96AjANBgkqhkiG9w0BAQsFAAOC
AQEAoWe63cz1Oxz07lp+r3FrDxc+H3LKjBxTt45fJOvcRrbN0pnXQTyASmr3mWES
7eY1Aa5i53n9GRkcgGpbvhWVazaystWnUlHsUh8HCB7OZ9u1t1BvuMYhh/APDoik
ZXw1acN4xTlkd0Tcrp/7DPMZy1VhWyJjIuiC8+Crzht9MaA77y0qHqV8K7n0rg2v
3bkFQySTsAV+KGBQnvUkKG8NpPin90zNFT+szhkyvo+tkYg3jCaJz0walyoBuuWn
qoL8Ayldb5rSDshzmO1tdg/NNaD/O2Haxr6S7ff2tURFhrUsM6hqhqbgsHvX22DV
UeCxYELOlLJPz+6msFCOqCBfgA==
-----END CERTIFICATE-----
Generated at Mon Mar 2 10:46:28 2026 by rpki-client