Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/d3377a-8d38-4235-aa73-7e89b720190d/1/dMfmkGCssv7XqTWroQRv-l8a5ns.roa
File: dMfmkGCssv7XqTWroQRv-l8a5ns.roa (raw, json)
Hash identifier: hm9ZxaNW+e5ilEfF4gv37M+kUWsrW8nDblCItA5yuBg=
Subject key identifier: 74:C7:E6:90:60:AC:B2:FE:D7:A9:35:AB:A1:04:6F:FA:5F:1A:E6:7B
Certificate issuer: /CN=877d1810048f43720506e4c1820f6fe08ff7ca6e
Certificate serial: 019B7C1361337DC43EA174E9699BBCB8E44D
Authority key identifier: 87:7D:18:10:04:8F:43:72:05:06:E4:C1:82:0F:6F:E0:8F:F7:CA:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/h30YEASPQ3IFBuTBgg9v4I_3ym4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/d3377a-8d38-4235-aa73-7e89b720190d/1/dMfmkGCssv7XqTWroQRv-l8a5ns.roa
Signing time: Fri 02 Jan 2026 00:20:03 +0000
ROA not before: Fri 02 Jan 2026 00:20:03 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 196994
IP address blocks: 178.216.24.0/24 maxlen: 24
178.216.25.0/24 maxlen: 24
178.216.26.0/24 maxlen: 24
178.216.27.0/24 maxlen: 24
178.216.28.0/24 maxlen: 24
178.216.29.0/24 maxlen: 24
178.216.30.0/24 maxlen: 24
178.216.31.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/df/d3377a-8d38-4235-aa73-7e89b720190d/1/h30YEASPQ3IFBuTBgg9v4I_3ym4.crl
rsync://rpki.ripe.net/repository/DEFAULT/df/d3377a-8d38-4235-aa73-7e89b720190d/1/h30YEASPQ3IFBuTBgg9v4I_3ym4.mft
rsync://rpki.ripe.net/repository/DEFAULT/h30YEASPQ3IFBuTBgg9v4I_3ym4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:00:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:13:61:33:7d:c4:3e:a1:74:e9:69:9b:bc:b8:e4:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=877d1810048f43720506e4c1820f6fe08ff7ca6e
Validity
Not Before: Jan 2 00:20:03 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=74c7e69060acb2fed7a935aba1046ffa5f1ae67b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:55:cd:b0:8f:9d:90:e1:8c:ea:fd:da:e6:1a:
16:15:23:c7:30:be:25:0c:4a:28:31:c7:98:2f:4b:
3e:e5:a2:b1:99:40:5d:42:6d:33:3a:94:04:3b:0a:
2a:d1:0d:6c:a9:8e:15:f1:43:55:6e:65:9d:fc:72:
81:70:23:ec:9a:b9:be:0b:d5:a8:88:2c:47:d3:04:
e4:1d:e1:b9:07:cb:93:8f:d4:c8:60:40:22:56:b7:
5b:a9:b3:47:7f:a9:d5:37:82:44:5c:84:cf:d2:2e:
7f:11:f4:16:ee:f9:6f:4a:27:54:34:e4:0b:5f:0b:
29:db:a6:f1:22:9a:3e:78:c4:4c:81:fe:c7:1a:a4:
ac:62:47:2b:28:fc:a4:4b:d9:ce:e8:4d:04:8c:88:
8c:e2:6b:05:00:4e:29:62:86:e2:1c:c2:aa:74:2c:
f9:04:14:5e:68:fe:6f:6f:2d:ca:d2:8b:5b:01:b7:
03:36:a4:6a:80:1b:13:6a:3a:86:32:6d:38:d6:84:
df:4e:99:ff:49:bc:90:f9:48:e0:5c:17:cc:17:25:
6d:df:27:e5:4a:a2:b1:fc:83:01:5e:32:1d:05:8d:
41:bd:65:22:35:b0:62:0b:dc:c3:ff:78:3e:a7:ff:
a0:79:56:f9:20:20:47:f9:ed:28:2f:6d:df:15:fe:
17:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:C7:E6:90:60:AC:B2:FE:D7:A9:35:AB:A1:04:6F:FA:5F:1A:E6:7B
X509v3 Authority Key Identifier:
keyid:87:7D:18:10:04:8F:43:72:05:06:E4:C1:82:0F:6F:E0:8F:F7:CA:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h30YEASPQ3IFBuTBgg9v4I_3ym4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/d3377a-8d38-4235-aa73-7e89b720190d/1/dMfmkGCssv7XqTWroQRv-l8a5ns.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/d3377a-8d38-4235-aa73-7e89b720190d/1/h30YEASPQ3IFBuTBgg9v4I_3ym4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.216.24.0/21
Signature Algorithm: sha256WithRSAEncryption
8f:c5:d5:04:a9:8d:8d:d0:b2:2f:92:0e:fb:c2:b3:86:0f:2c:
cc:44:24:0e:6a:84:04:10:04:d3:7e:1e:9b:a6:dd:ba:c7:18:
f0:34:5c:e4:94:3c:c5:42:8d:71:e9:fc:9c:1c:ab:33:0b:7d:
64:10:d5:69:54:76:da:42:7d:1f:06:15:fa:a8:74:35:17:ef:
55:0b:71:a1:5d:d4:2f:b7:66:cd:a2:f9:8a:4c:3f:78:5a:6e:
00:92:f1:05:da:d8:24:bd:b9:1a:41:05:8a:5d:77:0c:41:46:
48:19:ab:7a:3b:a1:9c:52:4a:14:00:63:e1:4f:58:be:c5:c9:
3a:ad:d3:0a:7f:33:d3:3f:4d:45:38:9b:97:3f:a2:db:9b:a7:
bb:d2:d8:a2:c7:58:9f:51:10:fb:85:be:02:72:bb:86:73:87:
dc:8c:bb:0f:59:17:03:25:31:5b:cf:f7:2c:ef:8c:68:3e:b9:
e7:ac:cc:4b:ed:18:8b:be:1d:f0:45:a8:17:d0:f6:16:7e:b8:
32:2d:cb:5c:b7:45:41:cd:cd:58:a9:61:2b:68:63:e2:53:b2:
82:5b:3b:bf:ef:ba:95:f6:b9:03:84:18:e1:d3:fa:39:b2:0b:
65:7c:ec:0f:80:e7:94:9b:42:67:08:44:b8:01:7f:47:22:94:
54:19:9c:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E2EzfcQ+oXTpaZu8uORNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3N2QxODEwMDQ4ZjQzNzIwNTA2ZTRjMTgyMGY2ZmUwOGZm
N2NhNmUwHhcNMjYwMTAyMDAyMDAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGM3ZTY5MDYwYWNiMmZlZDdhOTM1YWJhMTA0NmZmYTVmMWFlNjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1XNsI+dkOGM6v3a5hoWFSPHML4l
DEooMceYL0s+5aKxmUBdQm0zOpQEOwoq0Q1sqY4V8UNVbmWd/HKBcCPsmrm+C9Wo
iCxH0wTkHeG5B8uTj9TIYEAiVrdbqbNHf6nVN4JEXITP0i5/EfQW7vlvSidUNOQL
Xwsp26bxIpo+eMRMgf7HGqSsYkcrKPykS9nO6E0EjIiM4msFAE4pYobiHMKqdCz5
BBReaP5vby3K0otbAbcDNqRqgBsTajqGMm041oTfTpn/SbyQ+UjgXBfMFyVt3yfl
SqKx/IMBXjIdBY1BvWUiNbBiC9zD/3g+p/+geVb5ICBH+e0oL23fFf4XhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTH5pBgrLL+16k1q6EEb/pfGuZ7MB8GA1UdIwQY
MBaAFId9GBAEj0NyBQbkwYIPb+CP98puMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDMwWUVBU1BRM0lGQnVUQmdnOXY0SV8zeW00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9kMzM3N2EtOGQzOC00MjM1LWFhNzMt
N2U4OWI3MjAxOTBkLzEvZE1mbWtHQ3NzdjdYcVRXcm9RUnYtbDhhNW5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9kMzM3N2EtOGQzOC00MjM1LWFhNzMtN2U4OWI3MjAxOTBk
LzEvaDMwWUVBU1BRM0lGQnVUQmdnOXY0SV8zeW00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstgYMA0G
CSqGSIb3DQEBCwUAA4IBAQCPxdUEqY2N0LIvkg77wrOGDyzMRCQOaoQEEATTfh6b
pt26xxjwNFzklDzFQo1x6fycHKszC31kENVpVHbaQn0fBhX6qHQ1F+9VC3GhXdQv
t2bNovmKTD94Wm4AkvEF2tgkvbkaQQWKXXcMQUZIGat6O6GcUkoUAGPhT1i+xck6
rdMKfzPTP01FOJuXP6Lbm6e70tiix1ifURD7hb4CcruGc4fcjLsPWRcDJTFbz/cs
74xoPrnnrMxL7RiLvh3wRagX0PYWfrgyLctct0VBzc1YqWEraGPiU7KCWzu/77qV
9rkDhBjh0/o5sgtlfOwPgOeUm0JnCES4AX9HIpRUGZzi
-----END CERTIFICATE-----
Generated at Mon Mar 2 22:38:15 2026 by rpki-client