Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/xBp86MjNsTAE1o_Ja5hNfqTFSTg.roa
File: xBp86MjNsTAE1o_Ja5hNfqTFSTg.roa (raw, json)
Hash identifier: FGi03YpQB/7IBaStP6pVe3DaTVBQVwM8Sv4+5Z3qVvM=
Subject key identifier: C4:1A:7C:E8:C8:CD:B1:30:04:D6:8F:C9:6B:98:4D:7E:A4:C5:49:38
Certificate issuer: /CN=de87d35bdcab123affc1a91d1736867969709a23
Certificate serial: 019B7C11BED35EB0CFFA99FAE436F4CF7433
Authority key identifier: DE:87:D3:5B:DC:AB:12:3A:FF:C1:A9:1D:17:36:86:79:69:70:9A:23
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3ofTW9yrEjr_wakdFzaGeWlwmiM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/xBp86MjNsTAE1o_Ja5hNfqTFSTg.roa
Signing time: Fri 02 Jan 2026 00:18:16 +0000
ROA not before: Fri 02 Jan 2026 00:18:16 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 205638
IP address blocks: 185.211.156.0/22 maxlen: 22
185.211.156.0/24 maxlen: 24
185.211.157.0/24 maxlen: 24
185.211.158.0/23 maxlen: 23
185.211.158.0/24 maxlen: 24
185.211.159.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/3ofTW9yrEjr_wakdFzaGeWlwmiM.crl
rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/3ofTW9yrEjr_wakdFzaGeWlwmiM.mft
rsync://rpki.ripe.net/repository/DEFAULT/3ofTW9yrEjr_wakdFzaGeWlwmiM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:00:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:11:be:d3:5e:b0:cf:fa:99:fa:e4:36:f4:cf:74:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=de87d35bdcab123affc1a91d1736867969709a23
Validity
Not Before: Jan 2 00:18:16 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c41a7ce8c8cdb13004d68fc96b984d7ea4c54938
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:a9:87:4d:0a:01:20:9a:18:08:6e:38:a3:30:
67:99:8e:93:5c:f0:62:27:eb:38:67:f0:88:9e:90:
3b:e3:37:27:40:c0:f4:64:9d:aa:d6:54:7a:52:0d:
41:aa:d7:f6:ba:da:04:7b:19:b5:2e:03:c4:4f:49:
fb:9e:55:d6:b4:ca:2c:45:bb:51:59:d4:6d:63:cf:
63:bf:5f:5d:eb:0e:69:d5:2c:4a:bb:76:ea:ef:ee:
f6:8f:c1:56:02:aa:e3:25:83:ca:17:60:02:38:08:
9a:8a:23:a8:e3:3a:24:00:a3:6d:aa:1b:a0:50:d7:
42:d4:5a:d6:22:be:a9:70:95:68:8a:4e:f3:96:c2:
2d:4a:fc:42:72:fc:f0:10:de:54:cc:4d:eb:77:40:
7e:c9:e5:bc:a2:90:61:79:ba:ce:29:de:42:ad:b1:
84:3d:fc:65:2c:d7:65:e2:21:00:14:a6:ec:4e:27:
5b:ee:99:83:62:95:97:63:bb:3f:7f:a0:eb:87:18:
18:f0:04:ab:3c:de:bd:80:29:91:1c:87:75:94:09:
c4:d3:63:53:40:36:e3:25:73:d4:dc:a9:8a:04:e3:
2a:9c:31:b8:5d:a2:c2:d8:c8:ef:d6:f8:20:bd:6c:
90:71:bf:fb:2c:3c:2c:d7:49:9c:3d:00:b3:26:41:
38:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:1A:7C:E8:C8:CD:B1:30:04:D6:8F:C9:6B:98:4D:7E:A4:C5:49:38
X509v3 Authority Key Identifier:
keyid:DE:87:D3:5B:DC:AB:12:3A:FF:C1:A9:1D:17:36:86:79:69:70:9A:23
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ofTW9yrEjr_wakdFzaGeWlwmiM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/xBp86MjNsTAE1o_Ja5hNfqTFSTg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/3ofTW9yrEjr_wakdFzaGeWlwmiM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.211.156.0/22
Signature Algorithm: sha256WithRSAEncryption
8c:9d:3e:f2:3b:84:25:11:60:b8:09:28:6c:02:85:87:5e:fb:
85:d8:e1:d2:c9:ff:01:36:75:2d:e7:35:78:d3:26:dd:2f:89:
56:43:a7:2a:a4:d4:d7:e3:5a:15:e5:f2:d8:9a:66:ba:7f:11:
a1:85:ac:74:0d:19:91:36:2d:88:09:1a:56:42:ec:60:1a:4f:
e5:32:f3:02:ad:c0:d8:1c:d2:0a:98:17:ac:f6:53:0c:a0:2c:
da:4f:71:5e:2c:85:c8:82:57:98:98:23:94:03:c3:9e:76:50:
ce:2f:3a:c7:4d:43:d9:7f:d9:c8:04:5d:bb:cb:5a:ca:8f:e8:
aa:ba:17:32:87:6b:19:f9:e6:52:33:5d:0a:af:93:bd:5b:31:
ef:da:44:7d:07:29:06:ac:4a:41:3a:8e:66:5c:13:bb:2d:dc:
8e:b3:69:40:03:45:ca:b5:7c:16:48:3f:fe:fb:7f:92:3b:e1:
fd:94:cc:ef:f9:3d:b4:cd:8e:45:17:28:3b:7c:c1:2f:c3:29:
a8:9f:e6:cd:f9:e8:8a:81:9c:15:de:73:48:bf:a3:d1:72:08:
9f:fd:a4:1b:81:13:77:4e:2c:fd:69:15:14:99:8a:a4:87:95:
cb:30:81:d9:c2:b2:cc:cd:58:0f:33:80:90:b4:95:32:40:4c:
48:09:45:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Eb7TXrDP+pn65Db0z3QzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlODdkMzViZGNhYjEyM2FmZmMxYTkxZDE3MzY4Njc5Njk3
MDlhMjMwHhcNMjYwMTAyMDAxODE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDFhN2NlOGM4Y2RiMTMwMDRkNjhmYzk2Yjk4NGQ3ZWE0YzU0OTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKmHTQoBIJoYCG44ozBnmY6TXPBi
J+s4Z/CInpA74zcnQMD0ZJ2q1lR6Ug1Bqtf2utoEexm1LgPET0n7nlXWtMosRbtR
WdRtY89jv19d6w5p1SxKu3bq7+72j8FWAqrjJYPKF2ACOAiaiiOo4zokAKNtqhug
UNdC1FrWIr6pcJVoik7zlsItSvxCcvzwEN5UzE3rd0B+yeW8opBhebrOKd5CrbGE
PfxlLNdl4iEAFKbsTidb7pmDYpWXY7s/f6DrhxgY8ASrPN69gCmRHId1lAnE02NT
QDbjJXPU3KmKBOMqnDG4XaLC2Mjv1vggvWyQcb/7LDws10mcPQCzJkE4DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQafOjIzbEwBNaPyWuYTX6kxUk4MB8GA1UdIwQY
MBaAFN6H01vcqxI6/8GpHRc2hnlpcJojMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM29mVFc5eXJFanJfd2FrZEZ6YUdlV2x3bWlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS85MTA3MTYtZjI2Ni00N2YwLTliYWQt
YzIyMzkwZThkOWE2LzEveEJwODZNak5zVEFFMW9fSmE1aE5mcVRGU1RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS85MTA3MTYtZjI2Ni00N2YwLTliYWQtYzIyMzkwZThkOWE2
LzEvM29mVFc5eXJFanJfd2FrZEZ6YUdlV2x3bWlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudOcMA0G
CSqGSIb3DQEBCwUAA4IBAQCMnT7yO4QlEWC4CShsAoWHXvuF2OHSyf8BNnUt5zV4
0ybdL4lWQ6cqpNTX41oV5fLYmma6fxGhhax0DRmRNi2ICRpWQuxgGk/lMvMCrcDY
HNIKmBes9lMMoCzaT3FeLIXIgleYmCOUA8OedlDOLzrHTUPZf9nIBF27y1rKj+iq
uhcyh2sZ+eZSM10Kr5O9WzHv2kR9BykGrEpBOo5mXBO7LdyOs2lAA0XKtXwWSD/+
+3+SO+H9lMzv+T20zY5FFyg7fMEvwymon+bN+eiKgZwV3nNIv6PRcgif/aQbgRN3
Tiz9aRUUmYqkh5XLMIHZwrLMzVgPM4CQtJUyQExICUUx
-----END CERTIFICATE-----
Generated at Mon Mar 2 23:37:40 2026 by rpki-client