Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/23e16e-943e-4595-9530-a82f658a2aa1/1/oxwK7ORpNdbpT88HwfpKeXMaclU.roa
File: oxwK7ORpNdbpT88HwfpKeXMaclU.roa (raw, json)
Hash identifier: Wa92A7nZrCyu9yJGfUvVy9HkpHlaa9cNxOWmvKp3jX0=
Subject key identifier: A3:1C:0A:EC:E4:69:35:D6:E9:4F:CF:07:C1:FA:4A:79:73:1A:72:55
Certificate issuer: /CN=940ff880330af762ae6cc050de5f34b5f57b0b09
Certificate serial: 019C7471FB4A2C1CBE447EDC9980E4CFBCD4
Authority key identifier: 94:0F:F8:80:33:0A:F7:62:AE:6C:C0:50:DE:5F:34:B5:F5:7B:0B:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lA_4gDMK92KubMBQ3l80tfV7Cwk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d6/23e16e-943e-4595-9530-a82f658a2aa1/1/oxwK7ORpNdbpT88HwfpKeXMaclU.roa
Signing time: Thu 19 Feb 2026 05:49:12 +0000
ROA not before: Thu 19 Feb 2026 05:49:12 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 20723
IP address blocks: 31.177.30.0/24 maxlen: 24
79.170.248.0/21 maxlen: 21
131.117.208.0/21 maxlen: 21
178.20.136.0/21 maxlen: 21
185.84.232.0/22 maxlen: 22
217.112.160.0/20 maxlen: 20
217.115.240.0/20 maxlen: 20
2a00:6500::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d6/23e16e-943e-4595-9530-a82f658a2aa1/1/lA_4gDMK92KubMBQ3l80tfV7Cwk.crl
rsync://rpki.ripe.net/repository/DEFAULT/d6/23e16e-943e-4595-9530-a82f658a2aa1/1/lA_4gDMK92KubMBQ3l80tfV7Cwk.mft
rsync://rpki.ripe.net/repository/DEFAULT/lA_4gDMK92KubMBQ3l80tfV7Cwk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 11:01:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:74:71:fb:4a:2c:1c:be:44:7e:dc:99:80:e4:cf:bc:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=940ff880330af762ae6cc050de5f34b5f57b0b09
Validity
Not Before: Feb 19 05:49:12 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a31c0aece46935d6e94fcf07c1fa4a79731a7255
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:44:de:a4:d7:fa:91:d6:b3:b1:75:71:b3:ed:
81:d6:9f:a3:6e:62:91:12:88:a3:55:b1:3d:d4:48:
4c:e7:35:44:60:ec:2f:95:e1:df:3e:6a:63:94:97:
b3:01:89:ba:f1:67:16:73:00:d9:52:2d:ac:75:da:
58:53:fc:8e:75:ff:1d:30:29:54:8c:2c:a8:03:bd:
8e:aa:2e:c4:f5:3a:4d:f1:98:bc:be:f8:59:3a:35:
d1:ee:28:b1:47:b5:c8:f7:16:c5:79:2b:67:30:0e:
99:5b:d2:94:38:ab:0c:a8:03:58:6d:aa:7b:82:60:
c3:e4:06:5e:02:ad:af:7f:d1:3e:eb:65:e7:e3:b1:
36:75:b5:d4:df:d4:f2:15:2b:c9:2d:97:40:d9:40:
7b:a1:85:76:91:0c:3f:2d:71:b1:08:76:50:be:6b:
8a:89:6b:ba:21:4d:7a:20:4b:45:c1:9a:12:33:38:
04:63:dc:02:fc:fd:77:30:0c:a9:eb:95:c8:b8:10:
ca:3e:ba:6c:be:83:b4:51:23:22:6b:03:1d:33:42:
48:e4:ed:ab:3f:ff:34:ad:a1:0b:45:38:33:4e:6a:
e2:d3:cc:87:67:0f:8f:db:83:46:3b:28:2c:66:34:
11:1d:93:17:e3:9d:cd:55:f8:b2:e0:bf:1c:e0:d4:
c1:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:1C:0A:EC:E4:69:35:D6:E9:4F:CF:07:C1:FA:4A:79:73:1A:72:55
X509v3 Authority Key Identifier:
keyid:94:0F:F8:80:33:0A:F7:62:AE:6C:C0:50:DE:5F:34:B5:F5:7B:0B:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lA_4gDMK92KubMBQ3l80tfV7Cwk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/23e16e-943e-4595-9530-a82f658a2aa1/1/oxwK7ORpNdbpT88HwfpKeXMaclU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/23e16e-943e-4595-9530-a82f658a2aa1/1/lA_4gDMK92KubMBQ3l80tfV7Cwk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.177.30.0/24
79.170.248.0/21
131.117.208.0/21
178.20.136.0/21
185.84.232.0/22
217.112.160.0/20
217.115.240.0/20
IPv6:
2a00:6500::/29
Signature Algorithm: sha256WithRSAEncryption
46:cd:ed:46:ec:ba:43:0a:75:28:bd:3d:33:0f:62:a6:81:fa:
f5:48:7f:7c:cf:d4:12:ac:5e:f3:42:b4:4d:e2:86:3b:8c:f7:
d9:b9:ae:84:43:da:66:b9:5b:13:e5:db:68:56:33:d3:dc:92:
ae:cb:9d:e6:3d:a6:85:95:27:72:ad:47:9e:c8:d7:3b:32:37:
7b:92:85:7e:14:c4:9a:d0:b7:56:f3:0f:e1:17:e5:cd:7c:c0:
9f:52:82:22:4b:68:ca:0f:fc:99:3c:0c:16:99:d9:eb:b7:d8:
56:e2:93:2b:8b:20:9c:53:b5:f9:56:86:6a:82:19:25:12:a4:
cf:6e:32:02:78:e5:ad:d0:f2:e7:77:9f:a4:62:dd:9e:e9:98:
6f:de:ff:e8:9e:bf:3f:14:1d:1b:bc:61:c6:87:25:c0:6f:29:
a4:73:f9:18:e0:3d:f7:77:fe:40:d0:c6:d8:1b:f5:b3:0a:b6:
6e:51:05:c8:f6:81:79:b4:6a:f5:56:12:59:1f:25:81:17:65:
70:2f:0f:c3:dc:56:a7:8f:15:0e:e1:fb:8a:4f:b9:c3:67:b0:
62:be:9e:b4:88:5e:df:af:22:1b:aa:01:4f:02:17:77:73:0c:
e8:bb:10:26:43:93:47:86:42:ab:af:3f:c9:c8:c7:8c:ea:62:
44:d7:e7:01
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZx0cftKLBy+RH7cmYDkz7zUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MGZmODgwMzMwYWY3NjJhZTZjYzA1MGRlNWYzNGI1ZjU3
YjBiMDkwHhcNMjYwMjE5MDU0OTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzFjMGFlY2U0NjkzNWQ2ZTk0ZmNmMDdjMWZhNGE3OTczMWE3MjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUTepNf6kdazsXVxs+2B1p+jbmKR
EoijVbE91EhM5zVEYOwvleHfPmpjlJezAYm68WcWcwDZUi2sddpYU/yOdf8dMClU
jCyoA72Oqi7E9TpN8Zi8vvhZOjXR7iixR7XI9xbFeStnMA6ZW9KUOKsMqANYbap7
gmDD5AZeAq2vf9E+62Xn47E2dbXU39TyFSvJLZdA2UB7oYV2kQw/LXGxCHZQvmuK
iWu6IU16IEtFwZoSMzgEY9wC/P13MAyp65XIuBDKPrpsvoO0USMiawMdM0JI5O2r
P/80raELRTgzTmri08yHZw+P24NGOygsZjQRHZMX453NVfiy4L8c4NTBDQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFKMcCuzkaTXW6U/PB8H6SnlzGnJVMB8GA1UdIwQY
MBaAFJQP+IAzCvdirmzAUN5fNLX1ewsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEFfNGdETUs5Mkt1Yk1CUTNsODB0ZlY3Q3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8yM2UxNmUtOTQzZS00NTk1LTk1MzAt
YTgyZjY1OGEyYWExLzEvb3h3SzdPUnBOZGJwVDg4SHdmcEtlWE1hY2xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8yM2UxNmUtOTQzZS00NTk1LTk1MzAtYTgyZjY1OGEyYWEx
LzEvbEFfNGdETUs5Mkt1Yk1CUTNsODB0ZlY3Q3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQAH7EeAwQD
T6r4AwQDg3XQAwQDshSIAwQCuVToAwQE2XCgAwQE2XPwMA0EAgACMAcDBQMqAGUA
MA0GCSqGSIb3DQEBCwUAA4IBAQBGze1G7LpDCnUovT0zD2Kmgfr1SH98z9QSrF7z
QrRN4oY7jPfZua6EQ9pmuVsT5dtoVjPT3JKuy53mPaaFlSdyrUeeyNc7Mjd7koV+
FMSa0LdW8w/hF+XNfMCfUoIiS2jKD/yZPAwWmdnrt9hW4pMriyCcU7X5VoZqghkl
EqTPbjICeOWt0PLnd5+kYt2e6Zhv3v/onr8/FB0bvGHGhyXAbymkc/kY4D33d/5A
0MbYG/WzCrZuUQXI9oF5tGr1VhJZHyWBF2VwLw/D3FanjxUO4fuKT7nDZ7Bivp60
iF7fryIbqgFPAhd3cwzouxAmQ5NHhkKrrz/JyMeM6mJE1+cB
-----END CERTIFICATE-----
Generated at Mon Mar 2 19:21:16 2026 by rpki-client