Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/KFiiFWif923SIcwC9nBmJ-HUVJ4.roa
File: KFiiFWif923SIcwC9nBmJ-HUVJ4.roa (raw, json)
Hash identifier: ycwpSj4ZG3+CrkzSV++20ftzs6baQIacEYL2lp7sLR0=
Subject key identifier: 28:58:A2:15:68:9F:F7:6D:D2:21:CC:02:F6:70:66:27:E1:D4:54:9E
Certificate issuer: /CN=991e4b179e0953b9ecc585ad9859a00be3568001
Certificate serial: 019C7B1E91B78661BE4068F86245F7D74614
Authority key identifier: 99:1E:4B:17:9E:09:53:B9:EC:C5:85:AD:98:59:A0:0B:E3:56:80:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mR5LF54JU7nsxYWtmFmgC-NWgAE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/KFiiFWif923SIcwC9nBmJ-HUVJ4.roa
Signing time: Fri 20 Feb 2026 12:55:26 +0000
ROA not before: Fri 20 Feb 2026 12:55:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 8726
IP address blocks: 81.21.192.0/21 maxlen: 21
81.21.192.0/24 maxlen: 24
81.21.193.0/24 maxlen: 24
81.21.194.0/24 maxlen: 24
81.21.195.0/24 maxlen: 24
81.21.196.0/24 maxlen: 24
81.21.197.0/24 maxlen: 24
81.21.198.0/24 maxlen: 24
81.21.199.0/24 maxlen: 24
81.21.200.0/22 maxlen: 22
81.21.200.0/24 maxlen: 24
81.21.201.0/24 maxlen: 24
81.21.202.0/24 maxlen: 24
81.21.203.0/24 maxlen: 24
81.21.204.0/23 maxlen: 23
81.21.204.0/24 maxlen: 24
81.21.205.0/24 maxlen: 24
81.21.207.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/mR5LF54JU7nsxYWtmFmgC-NWgAE.crl
rsync://rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/mR5LF54JU7nsxYWtmFmgC-NWgAE.mft
rsync://rpki.ripe.net/repository/DEFAULT/mR5LF54JU7nsxYWtmFmgC-NWgAE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:01:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:7b:1e:91:b7:86:61:be:40:68:f8:62:45:f7:d7:46:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=991e4b179e0953b9ecc585ad9859a00be3568001
Validity
Not Before: Feb 20 12:55:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2858a215689ff76dd221cc02f6706627e1d4549e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:58:d4:87:53:96:f5:5d:21:df:ea:99:50:61:
2d:8b:f7:bd:72:3e:2b:3b:00:6f:71:d7:60:6a:99:
a1:84:b6:a6:65:ea:71:35:bf:05:f5:c9:f7:4b:2f:
c2:d8:3e:71:19:e8:1e:d8:f0:90:9b:fb:06:a6:26:
f0:83:d0:5e:da:02:a5:64:b2:b7:3b:35:af:04:4e:
1e:8c:2f:ec:30:52:b4:d4:23:92:2d:89:56:bc:84:
a3:b2:14:7d:4a:4a:b8:cf:f0:d8:a7:a8:ac:4b:c7:
c3:0e:72:e9:47:de:89:4b:87:08:a3:86:f6:45:63:
46:57:8d:b6:3a:7d:56:0d:0f:ad:5b:9c:09:40:42:
4c:98:7c:56:b4:bd:f5:ba:2a:97:0d:14:db:d5:c0:
99:60:b3:f4:5c:63:89:d5:a6:93:66:a0:2b:07:05:
2f:24:d3:86:e8:ca:83:af:26:53:ef:0b:99:8a:f0:
9a:d0:f3:ad:47:6d:3e:00:fb:ca:22:5f:15:ce:98:
44:79:aa:3c:91:1d:0f:db:a2:5b:7f:e0:5a:f1:28:
69:1d:d5:44:d8:6f:71:04:22:4b:e2:43:79:57:7e:
02:c1:21:68:c9:f0:5b:30:7d:1e:14:80:44:e0:b6:
50:cb:0e:dd:f9:6d:3b:9b:61:ce:ad:c1:d7:12:4c:
99:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:58:A2:15:68:9F:F7:6D:D2:21:CC:02:F6:70:66:27:E1:D4:54:9E
X509v3 Authority Key Identifier:
keyid:99:1E:4B:17:9E:09:53:B9:EC:C5:85:AD:98:59:A0:0B:E3:56:80:01
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mR5LF54JU7nsxYWtmFmgC-NWgAE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/KFiiFWif923SIcwC9nBmJ-HUVJ4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/bfdda9-2742-4b2f-85b6-ef9c95276932/1/mR5LF54JU7nsxYWtmFmgC-NWgAE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.21.192.0-81.21.205.255
81.21.207.0/24
Signature Algorithm: sha256WithRSAEncryption
60:4f:0e:0c:26:c6:53:15:e6:d1:a5:dc:99:c7:eb:e8:59:ef:
24:5a:42:15:77:f9:c9:05:47:ac:46:d5:3f:17:c2:e0:33:9c:
aa:63:58:47:8b:98:ff:c3:f9:45:29:22:b6:15:35:ee:07:05:
3f:09:70:05:ab:5e:66:f8:a1:d6:fb:0b:68:d3:c4:8c:b3:77:
34:a8:b0:b8:2b:f9:6f:98:69:4b:c4:78:2c:df:20:14:a6:c1:
91:df:41:15:60:32:7f:27:da:30:32:6c:4d:c2:2e:d8:00:8c:
e7:b2:a4:ac:41:32:0e:89:f2:39:c7:5d:54:17:d7:0e:7f:8e:
ef:8e:a5:a5:0a:61:6f:8f:97:fe:4c:a1:89:28:5a:8f:1a:3e:
da:fd:89:86:4b:0a:e0:80:cb:27:52:77:5a:8d:e9:07:b8:de:
ed:df:34:d1:2b:90:5c:72:27:01:a3:e4:1e:07:e0:b5:02:d7:
67:3b:07:d7:10:9b:d7:8c:b9:f0:85:45:9f:7e:76:a6:2a:ef:
0a:00:4e:1d:29:9c:c2:f7:46:4b:6d:ca:8c:43:5f:0b:2b:ca:
a7:47:c9:7b:32:10:af:88:99:1c:3d:9b:fd:30:f7:95:af:07:
76:6d:23:d0:d3:89:a6:aa:19:e6:92:7c:d7:ec:1e:d6:b9:a7:
dd:c1:08:02
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZx7HpG3hmG+QGj4YkX310YUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MWU0YjE3OWUwOTUzYjllY2M1ODVhZDk4NTlhMDBiZTM1
NjgwMDEwHhcNMjYwMjIwMTI1NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODU4YTIxNTY4OWZmNzZkZDIyMWNjMDJmNjcwNjYyN2UxZDQ1NDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1jUh1OW9V0h3+qZUGEti/e9cj4r
OwBvcddgapmhhLamZepxNb8F9cn3Sy/C2D5xGege2PCQm/sGpibwg9Be2gKlZLK3
OzWvBE4ejC/sMFK01COSLYlWvISjshR9Skq4z/DYp6isS8fDDnLpR96JS4cIo4b2
RWNGV422On1WDQ+tW5wJQEJMmHxWtL31uiqXDRTb1cCZYLP0XGOJ1aaTZqArBwUv
JNOG6MqDryZT7wuZivCa0POtR20+APvKIl8VzphEeao8kR0P26Jbf+Ba8ShpHdVE
2G9xBCJL4kN5V34CwSFoyfBbMH0eFIBE4LZQyw7d+W07m2HOrcHXEkyZOQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFChYohVon/dt0iHMAvZwZifh1FSeMB8GA1UdIwQY
MBaAFJkeSxeeCVO57MWFrZhZoAvjVoABMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVI1TEY1NEpVN25zeFlXdG1GbWdDLU5XZ0FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9iZmRkYTktMjc0Mi00YjJmLTg1YjYt
ZWY5Yzk1Mjc2OTMyLzEvS0ZpaUZXaWY5MjNTSWN3QzluQm1KLUhVVko0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9iZmRkYTktMjc0Mi00YjJmLTg1YjYtZWY5Yzk1Mjc2OTMy
LzEvbVI1TEY1NEpVN25zeFlXdG1GbWdDLU5XZ0FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAZRFcAD
BAFRFcwDBABRFc8wDQYJKoZIhvcNAQELBQADggEBAGBPDgwmxlMV5tGl3JnH6+hZ
7yRaQhV3+ckFR6xG1T8XwuAznKpjWEeLmP/D+UUpIrYVNe4HBT8JcAWrXmb4odb7
C2jTxIyzdzSosLgr+W+YaUvEeCzfIBSmwZHfQRVgMn8n2jAybE3CLtgAjOeypKxB
Mg6J8jnHXVQX1w5/ju+OpaUKYW+Pl/5MoYkoWo8aPtr9iYZLCuCAyydSd1qN6Qe4
3u3fNNErkFxyJwGj5B4H4LUC12c7B9cQm9eMufCFRZ9+dqYq7woATh0pnML3Rktt
yoxDXwsryqdHyXsyEK+ImRw9m/0w95WvB3ZtI9DTiaaqGeaSfNfsHta5p93BCAI=
-----END CERTIFICATE-----
Generated at Mon Mar 2 19:22:38 2026 by rpki-client