Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/I76TWZeLfQyYdOP-XjBVVdu_jac.roa
File: I76TWZeLfQyYdOP-XjBVVdu_jac.roa (raw, json)
Hash identifier: PBINuc6FPOMDkRg12jkFXWIfIhxSnzcMvaq6vVPmQMw=
Subject key identifier: 23:BE:93:59:97:8B:7D:0C:98:74:E3:FE:5E:30:55:55:DB:BF:8D:A7
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 019C74FC3F4B010773F9040B523E623951A6
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/I76TWZeLfQyYdOP-XjBVVdu_jac.roa
Signing time: Thu 19 Feb 2026 08:20:14 +0000
ROA not before: Thu 19 Feb 2026 08:20:14 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202780
IP address blocks: 192.165.130.0/24 maxlen: 24
192.165.133.0/24 maxlen: 24
193.183.165.0/24 maxlen: 24
193.234.68.0/23 maxlen: 23
194.71.104.0/23 maxlen: 23
194.71.104.0/24 maxlen: 24
194.71.105.0/24 maxlen: 24
194.103.206.0/24 maxlen: 24
194.132.36.0/22 maxlen: 24
2a01:280:360::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:74:fc:3f:4b:01:07:73:f9:04:0b:52:3e:62:39:51:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Feb 19 08:20:14 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=23be9359978b7d0c9874e3fe5e305555dbbf8da7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:5f:73:9f:32:20:b4:17:5c:d1:0f:2b:ac:2a:
09:5f:73:bf:a2:66:75:15:fc:bc:8c:a4:8e:d5:26:
7b:e2:21:aa:4f:76:ba:62:0d:8a:bf:3f:f3:4d:38:
79:79:96:e4:fa:4c:87:cd:29:85:fa:e5:cb:57:2f:
89:b3:9b:40:1e:4a:e7:66:c3:3c:8e:83:a4:20:28:
6e:e2:71:5a:d0:aa:76:3a:3d:67:c3:fb:54:25:47:
11:09:be:c2:05:f1:b0:76:f1:b0:85:d5:66:5e:e0:
5c:fe:bd:55:62:ea:1f:4b:26:d4:63:64:2c:a2:d0:
85:95:1a:51:49:02:3e:41:b6:e3:45:28:1e:8f:1c:
6b:97:43:25:3a:ce:49:ea:7b:d2:b3:5b:43:4e:9b:
f1:62:81:05:a4:18:58:94:72:a1:4f:51:f9:21:f1:
65:dc:c7:60:76:af:8a:fd:cb:93:46:c0:83:5c:b9:
82:11:c4:fb:56:c5:5a:f3:04:c3:53:4f:7c:19:08:
ce:81:cc:ed:2a:2f:8c:58:31:8b:cb:74:29:5d:31:
aa:48:60:0e:00:f6:3d:4b:ea:ae:cc:93:90:1a:2e:
09:9e:06:c9:7b:49:2a:0b:38:b1:06:66:ac:94:0b:
a7:97:c6:c6:f5:e8:83:bf:38:c5:be:fb:34:c2:e7:
95:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:BE:93:59:97:8B:7D:0C:98:74:E3:FE:5E:30:55:55:DB:BF:8D:A7
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/I76TWZeLfQyYdOP-XjBVVdu_jac.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.165.130.0/24
192.165.133.0/24
193.183.165.0/24
193.234.68.0/23
194.71.104.0/23
194.103.206.0/24
194.132.36.0/22
IPv6:
2a01:280:360::/48
Signature Algorithm: sha256WithRSAEncryption
3a:a9:4c:24:e3:54:f7:26:1d:19:2e:7e:21:1f:2c:e8:98:73:
d0:3e:f8:ec:43:f8:c5:65:cb:8a:97:01:33:bc:e8:13:4f:9b:
97:74:bb:35:c7:cc:0c:74:41:3e:91:a3:5a:c0:1e:92:1b:d4:
78:c3:17:78:5a:f6:a6:20:d2:17:86:5f:00:a9:fc:21:5a:ac:
9c:0c:64:67:ea:72:1e:f6:e1:38:d5:a0:6f:fe:d4:30:32:6a:
47:be:65:4a:00:1a:f7:a0:32:fe:bd:9c:67:cc:22:13:bf:2e:
a4:50:bb:8d:a6:b0:2c:15:0b:10:45:a2:d9:c7:1e:38:fd:5f:
89:3c:30:e8:cc:a4:09:ee:00:37:94:36:4a:5c:da:1a:2d:5c:
2f:c3:0a:ed:fa:bc:a6:9c:47:a3:9c:96:7c:06:f3:92:dc:87:
ed:dd:04:ec:5d:29:ed:0f:c4:45:58:cc:db:80:8c:32:a8:4f:
10:29:96:0e:2c:3d:99:74:71:6b:f4:4f:60:eb:5e:42:ad:4c:
bf:6e:b9:1c:0c:94:fd:4a:36:87:c4:52:1c:3c:61:60:22:b6:
27:83:bd:ec:74:33:1b:bf:20:4d:96:31:fd:67:1f:44:de:99:
86:d2:53:7e:ba:93:68:05:b5:c5:d0:17:bc:79:87:07:74:66:
a5:67:a7:0e
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZx0/D9LAQdz+QQLUj5iOVGmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjYwMjE5MDgyMDE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2JlOTM1OTk3OGI3ZDBjOTg3NGUzZmU1ZTMwNTU1NWRiYmY4ZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm19znzIgtBdc0Q8rrCoJX3O/omZ1
Ffy8jKSO1SZ74iGqT3a6Yg2Kvz/zTTh5eZbk+kyHzSmF+uXLVy+Js5tAHkrnZsM8
joOkIChu4nFa0Kp2Oj1nw/tUJUcRCb7CBfGwdvGwhdVmXuBc/r1VYuofSybUY2Qs
otCFlRpRSQI+QbbjRSgejxxrl0MlOs5J6nvSs1tDTpvxYoEFpBhYlHKhT1H5IfFl
3Mdgdq+K/cuTRsCDXLmCEcT7VsVa8wTDU098GQjOgcztKi+MWDGLy3QpXTGqSGAO
APY9S+quzJOQGi4JngbJe0kqCzixBmaslAunl8bG9eiDvzjFvvs0wueV3QIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFCO+k1mXi30MmHTj/l4wVVXbv42nMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvSTc2VFdaZUxmUXlZZE9QLVhqQlZWZHVfamFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAwBAIAATAqAwQAwKWCAwQA
wKWFAwQAwbelAwQBwepEAwQBwkdoAwQAwmfOAwQCwoQkMA8EAgACMAkDBwAqAQKA
A2AwDQYJKoZIhvcNAQELBQADggEBADqpTCTjVPcmHRkufiEfLOiYc9A++OxD+MVl
y4qXATO86BNPm5d0uzXHzAx0QT6Ro1rAHpIb1HjDF3ha9qYg0heGXwCp/CFarJwM
ZGfqch724TjVoG/+1DAyake+ZUoAGvegMv69nGfMIhO/LqRQu42msCwVCxBFotnH
Hjj9X4k8MOjMpAnuADeUNkpc2hotXC/DCu36vKacR6OclnwG85Lch+3dBOxdKe0P
xEVYzNuAjDKoTxAplg4sPZl0cWv0T2DrXkKtTL9uuRwMlP1KNofEUhw8YWAitieD
vex0Mxu/IE2WMf1nH0TemYbSU366k2gFtcXQF7x5hwd0ZqVnpw4=
-----END CERTIFICATE-----
Generated at Mon Mar 2 12:03:34 2026 by rpki-client