Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/bQ_2KAYZ-ANxN_du74fXu-azyig.roa
File: bQ_2KAYZ-ANxN_du74fXu-azyig.roa (raw, json)
Hash identifier: 4w2fzmyJ/czolT16Qgh2AOzEmL6aZtIDVZ+0IIo1Sjs=
Subject key identifier: 6D:0F:F6:28:06:19:F8:03:71:37:F7:6E:EF:87:D7:BB:E6:B3:CA:28
Certificate issuer: /CN=1e514098a5a9736cda4303e0495e94652390aa91
Certificate serial: 019C7BD781971E72DBC4441707D7E28802D2
Authority key identifier: 1E:51:40:98:A5:A9:73:6C:DA:43:03:E0:49:5E:94:65:23:90:AA:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/bQ_2KAYZ-ANxN_du74fXu-azyig.roa
Signing time: Fri 20 Feb 2026 16:17:26 +0000
ROA not before: Fri 20 Feb 2026 16:17:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 208959
IP address blocks: 45.86.221.0/24 maxlen: 24
46.232.210.0/23 maxlen: 23
185.207.164.0/22 maxlen: 22
185.207.164.0/24 maxlen: 24
185.207.165.0/24 maxlen: 24
185.207.166.0/23 maxlen: 23
185.207.166.0/24 maxlen: 24
185.207.167.0/24 maxlen: 24
216.163.184.0/22 maxlen: 24
216.163.186.0/24 maxlen: 24
2a11:b00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.mft
rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:7b:d7:81:97:1e:72:db:c4:44:17:07:d7:e2:88:02:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1e514098a5a9736cda4303e0495e94652390aa91
Validity
Not Before: Feb 20 16:17:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6d0ff6280619f8037137f76eef87d7bbe6b3ca28
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:ba:3d:7b:aa:f9:cc:1b:ab:cb:ad:c3:9b:21:
7b:e0:1d:cb:80:a8:bb:4a:f5:0e:65:db:94:8f:a8:
0f:b6:2b:13:db:3b:11:16:18:19:cf:2b:83:b1:33:
c6:4b:09:f3:85:83:31:f8:e7:62:06:be:8f:3a:da:
ba:f2:f2:9b:db:13:74:7f:9c:6e:d1:a6:dc:65:89:
ab:e2:6c:1d:88:98:84:db:eb:e3:59:b9:96:fc:15:
3d:a7:56:00:f2:02:a1:03:42:b0:8e:ca:16:5a:74:
f2:a4:e9:00:e5:89:01:3c:d1:e3:1c:b1:2d:5c:b0:
ac:b9:5f:4e:83:f7:7c:83:09:dd:cc:cf:dd:99:1a:
e7:88:b0:f3:e2:b0:94:7c:f4:00:c1:be:1d:f7:67:
2a:13:ce:d5:50:34:d7:20:d2:53:be:b4:77:0f:93:
e6:d7:3d:35:64:b8:b7:a0:0d:0f:fe:86:e7:42:d7:
ab:5d:e2:27:cd:a1:98:1e:3b:0e:d4:1f:4a:fb:d3:
76:ac:4a:f3:aa:45:01:2f:c3:53:e7:ec:83:e1:a4:
94:2f:2b:50:05:6e:dc:a7:91:73:a9:c4:42:f1:60:
29:5d:ce:e7:2d:6b:9b:1b:00:b9:6c:38:82:5c:97:
7c:c0:df:5a:2d:ff:c3:75:30:37:39:9b:95:a1:e4:
ee:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:0F:F6:28:06:19:F8:03:71:37:F7:6E:EF:87:D7:BB:E6:B3:CA:28
X509v3 Authority Key Identifier:
keyid:1E:51:40:98:A5:A9:73:6C:DA:43:03:E0:49:5E:94:65:23:90:AA:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/bQ_2KAYZ-ANxN_du74fXu-azyig.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.86.221.0/24
46.232.210.0/23
185.207.164.0/22
216.163.184.0/22
IPv6:
2a11:b00::/29
Signature Algorithm: sha256WithRSAEncryption
04:dd:db:3d:97:a5:94:3e:25:9b:70:d6:0d:6e:71:0b:00:03:
1f:eb:01:39:17:97:9c:19:a0:e0:fe:88:3b:f4:9d:18:44:da:
73:13:32:e3:d9:9f:e4:18:85:fc:79:0c:67:5d:23:ed:fa:5c:
24:75:a0:67:95:6a:c5:7b:60:94:f4:5a:e1:1a:6c:b5:66:13:
d4:47:77:ac:b6:66:1d:d7:a3:cf:02:b2:2c:95:1a:6f:d2:73:
89:8e:94:b1:cd:ec:f5:f2:0b:d1:fe:c5:d5:38:87:d8:43:68:
3f:18:f2:40:0b:a0:37:f0:6a:c6:7f:dd:fa:d5:e2:22:40:ad:
11:47:46:ec:cd:68:d2:98:06:fa:91:da:ef:c5:d8:3e:06:2f:
a1:fe:ac:96:34:3e:6b:b0:cd:a8:9a:9b:d6:a9:a6:f8:d6:d0:
11:cf:db:a9:15:43:37:d9:6b:d3:59:65:81:be:d2:3f:a2:73:
ba:e9:0e:8a:9d:a9:bb:77:73:2d:bc:47:f6:3b:22:68:1e:9a:
e8:7c:16:db:a7:ae:b4:b8:5d:d2:08:ed:d0:67:da:7f:74:b2:
7a:54:57:23:f8:29:45:cb:3a:ee:75:cc:aa:78:66:1b:6b:16:
9f:94:12:4d:71:f4:ce:c7:08:af:2e:e4:36:e6:74:a4:3d:e0:
66:c4:b5:b2
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZx714GXHnLbxEQXB9fiiALSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNTE0MDk4YTVhOTczNmNkYTQzMDNlMDQ5NWU5NDY1MjM5
MGFhOTEwHhcNMjYwMjIwMTYxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDBmZjYyODA2MTlmODAzNzEzN2Y3NmVlZjg3ZDdiYmU2YjNjYTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLo9e6r5zBury63DmyF74B3LgKi7
SvUOZduUj6gPtisT2zsRFhgZzyuDsTPGSwnzhYMx+OdiBr6POtq68vKb2xN0f5xu
0abcZYmr4mwdiJiE2+vjWbmW/BU9p1YA8gKhA0KwjsoWWnTypOkA5YkBPNHjHLEt
XLCsuV9Og/d8gwndzM/dmRrniLDz4rCUfPQAwb4d92cqE87VUDTXINJTvrR3D5Pm
1z01ZLi3oA0P/obnQterXeInzaGYHjsO1B9K+9N2rErzqkUBL8NT5+yD4aSULytQ
BW7cp5FzqcRC8WApXc7nLWubGwC5bDiCXJd8wN9aLf/DdTA3OZuVoeTuIQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFG0P9igGGfgDcTf3bu+H17vms8ooMB8GA1UdIwQY
MBaAFB5RQJilqXNs2kMD4ElelGUjkKqRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxGQW1LV3BjMnphUXdQZ1NWNlVaU09RcXBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8zNWRmY2ItZDkyZC00OGZlLTlkYWQt
ODU0MzgxNjg2YzdiLzEvYlFfMktBWVotQU54Tl9kdTc0Zlh1LWF6eWlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8zNWRmY2ItZDkyZC00OGZlLTlkYWQtODU0MzgxNjg2Yzdi
LzEvSGxGQW1LV3BjMnphUXdQZ1NWNlVaU09RcXBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQALVbdAwQB
LujSAwQCuc+kAwQC2KO4MA0EAgACMAcDBQMqEQsAMA0GCSqGSIb3DQEBCwUAA4IB
AQAE3ds9l6WUPiWbcNYNbnELAAMf6wE5F5ecGaDg/og79J0YRNpzEzLj2Z/kGIX8
eQxnXSPt+lwkdaBnlWrFe2CU9FrhGmy1ZhPUR3estmYd16PPArIslRpv0nOJjpSx
zez18gvR/sXVOIfYQ2g/GPJAC6A38GrGf9361eIiQK0RR0bszWjSmAb6kdrvxdg+
Bi+h/qyWND5rsM2ompvWqab41tARz9upFUM32WvTWWWBvtI/onO66Q6Knam7d3Mt
vEf2OyJoHprofBbbp660uF3SCO3QZ9p/dLJ6VFcj+ClFyzrudcyqeGYbaxaflBJN
cfTOxwivLuQ25nSkPeBmxLWy
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:30:55 2026 by rpki-client