Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/f72562-45f5-4019-83a1-74f0c3e663cb/1/b2hDoC2QeOdetXxS8h0K7-tyYmI.roa
File: b2hDoC2QeOdetXxS8h0K7-tyYmI.roa (raw, json)
Hash identifier: 9C3SPDVj2hN5qln0VFtPBwpA+3WenkqM7y2GLRnn6bw=
Subject key identifier: 6F:68:43:A0:2D:90:78:E7:5E:B5:7C:52:F2:1D:0A:EF:EB:72:62:62
Certificate issuer: /CN=2be53d340a8bf47c1bf34d3255e102efb181ad19
Certificate serial: 019C517C1B8E2DADC435EC653F92CFDDC7F3
Authority key identifier: 2B:E5:3D:34:0A:8B:F4:7C:1B:F3:4D:32:55:E1:02:EF:B1:81:AD:19
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/K-U9NAqL9Hwb800yVeEC77GBrRk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/f72562-45f5-4019-83a1-74f0c3e663cb/1/b2hDoC2QeOdetXxS8h0K7-tyYmI.roa
Signing time: Thu 12 Feb 2026 10:53:33 +0000
ROA not before: Thu 12 Feb 2026 10:53:33 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 12703
IP address blocks: 46.236.0.0/18 maxlen: 24
81.29.64.0/19 maxlen: 24
89.151.64.0/18 maxlen: 24
178.236.144.0/20 maxlen: 24
185.68.112.0/23 maxlen: 24
185.68.114.0/23 maxlen: 24
194.164.114.0/24 maxlen: 24
2a02:16f8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e7/f72562-45f5-4019-83a1-74f0c3e663cb/1/K-U9NAqL9Hwb800yVeEC77GBrRk.crl
rsync://rpki.ripe.net/repository/DEFAULT/e7/f72562-45f5-4019-83a1-74f0c3e663cb/1/K-U9NAqL9Hwb800yVeEC77GBrRk.mft
rsync://rpki.ripe.net/repository/DEFAULT/K-U9NAqL9Hwb800yVeEC77GBrRk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:51:7c:1b:8e:2d:ad:c4:35:ec:65:3f:92:cf:dd:c7:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2be53d340a8bf47c1bf34d3255e102efb181ad19
Validity
Not Before: Feb 12 10:53:33 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6f6843a02d9078e75eb57c52f21d0aefeb726262
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:00:4a:c4:18:57:5f:e1:ca:b2:f2:cf:42:29:
6b:1c:6f:fa:6d:db:c4:88:5b:41:68:7b:2d:ae:18:
aa:81:6e:b1:4d:8e:1c:2c:39:cb:db:08:86:26:cd:
48:86:6a:b5:ae:24:36:fa:22:e9:36:6b:ce:07:d9:
69:8a:57:f7:42:9c:e1:71:3c:9e:dc:71:8f:2b:df:
99:2a:a2:6d:bd:de:ab:9f:e6:59:21:33:e6:8d:4c:
46:6f:75:2c:5b:d3:0d:18:22:ec:bc:f0:6a:c4:79:
3d:e1:1f:40:e2:c2:22:fb:02:6f:64:a9:29:be:e6:
37:6f:6b:52:d3:03:2b:ba:a1:5f:c5:1f:91:34:24:
6d:f8:4a:43:a7:22:9b:68:14:db:3b:09:e8:73:3d:
9a:6c:b9:d8:15:38:71:1b:4b:bb:68:14:32:07:72:
13:7e:0b:8d:2f:f0:15:d5:67:26:6d:f7:00:f3:ad:
ec:ab:12:49:6e:62:e1:64:46:45:18:c2:72:0d:fa:
09:31:4b:bc:0b:25:f9:ab:c2:a0:1b:2a:f6:93:0f:
7e:40:a8:f6:d5:e8:d9:ad:ae:cd:2b:87:dc:b8:63:
37:39:da:1c:b8:55:6a:27:6e:2c:8c:15:34:99:17:
f8:53:f2:7b:53:72:51:20:a2:3b:bd:e7:e0:2a:c5:
2d:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:68:43:A0:2D:90:78:E7:5E:B5:7C:52:F2:1D:0A:EF:EB:72:62:62
X509v3 Authority Key Identifier:
keyid:2B:E5:3D:34:0A:8B:F4:7C:1B:F3:4D:32:55:E1:02:EF:B1:81:AD:19
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K-U9NAqL9Hwb800yVeEC77GBrRk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/f72562-45f5-4019-83a1-74f0c3e663cb/1/b2hDoC2QeOdetXxS8h0K7-tyYmI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/f72562-45f5-4019-83a1-74f0c3e663cb/1/K-U9NAqL9Hwb800yVeEC77GBrRk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.236.0.0/18
81.29.64.0/19
89.151.64.0/18
178.236.144.0/20
185.68.112.0/22
194.164.114.0/24
IPv6:
2a02:16f8::/32
Signature Algorithm: sha256WithRSAEncryption
4e:ea:1a:90:76:22:95:d1:98:19:86:5c:7d:ce:2d:20:f4:8b:
5c:9d:d1:a0:48:b6:df:bc:b7:f5:66:b0:c4:e1:ef:a4:3f:11:
54:f0:31:81:0f:07:73:ce:4a:c9:b2:d2:47:16:3a:2c:87:8e:
91:1c:f8:9a:91:5e:46:85:71:60:12:61:da:c1:e6:7e:59:b9:
bd:5a:55:06:f6:2f:61:d3:13:1d:03:ea:7c:2d:0d:c8:65:d7:
dc:52:7a:52:9c:67:c0:78:d2:13:74:ac:94:1d:d1:c9:22:8a:
5a:74:ff:42:c1:86:51:89:66:ce:18:5f:b5:c5:0d:34:cc:da:
49:cc:71:cf:7d:4f:7e:a8:c8:a3:01:7d:14:89:4f:a5:5d:81:
a5:1f:94:16:24:76:0d:f4:8c:34:f7:a3:18:39:13:3b:7c:14:
c7:1e:b0:56:89:1a:aa:1a:c2:59:34:1f:e6:c6:61:d8:66:b8:
8e:96:62:09:58:7f:42:09:11:f9:b3:35:50:2c:00:5b:d2:a0:
fa:32:88:55:a6:04:b7:03:5e:64:95:c0:bc:35:44:db:9f:da:
08:a7:3d:82:97:75:60:c5:b8:55:80:42:bd:fa:a3:79:aa:31:
e4:f2:6f:f0:47:82:59:02:d4:d7:28:59:61:f2:ac:88:de:ed:
a2:ad:d5:bb
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZxRfBuOLa3ENexlP5LP3cfzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiZTUzZDM0MGE4YmY0N2MxYmYzNGQzMjU1ZTEwMmVmYjE4
MWFkMTkwHhcNMjYwMjEyMTA1MzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjY4NDNhMDJkOTA3OGU3NWViNTdjNTJmMjFkMGFlZmViNzI2MjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyABKxBhXX+HKsvLPQilrHG/6bdvE
iFtBaHstrhiqgW6xTY4cLDnL2wiGJs1Ihmq1riQ2+iLpNmvOB9lpilf3QpzhcTye
3HGPK9+ZKqJtvd6rn+ZZITPmjUxGb3UsW9MNGCLsvPBqxHk94R9A4sIi+wJvZKkp
vuY3b2tS0wMruqFfxR+RNCRt+EpDpyKbaBTbOwnocz2abLnYFThxG0u7aBQyB3IT
fguNL/AV1WcmbfcA863sqxJJbmLhZEZFGMJyDfoJMUu8CyX5q8KgGyr2kw9+QKj2
1ejZra7NK4fcuGM3OdocuFVqJ24sjBU0mRf4U/J7U3JRIKI7vefgKsUtIQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFG9oQ6AtkHjnXrV8UvIdCu/rcmJiMB8GA1UdIwQY
MBaAFCvlPTQKi/R8G/NNMlXhAu+xga0ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSy1VOU5BcUw5SHdiODAweVZlRUM3N0dCclJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9mNzI1NjItNDVmNS00MDE5LTgzYTEt
NzRmMGMzZTY2M2NiLzEvYjJoRG9DMlFlT2RldFh4UzhoMEs3LXR5WW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9mNzI1NjItNDVmNS00MDE5LTgzYTEtNzRmMGMzZTY2M2Ni
LzEvSy1VOU5BcUw5SHdiODAweVZlRUM3N0dCclJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQGLuwAAwQF
UR1AAwQGWZdAAwQEsuyQAwQCuURwAwQAwqRyMA0EAgACMAcDBQAqAhb4MA0GCSqG
SIb3DQEBCwUAA4IBAQBO6hqQdiKV0ZgZhlx9zi0g9ItcndGgSLbfvLf1ZrDE4e+k
PxFU8DGBDwdzzkrJstJHFjosh46RHPiakV5GhXFgEmHaweZ+Wbm9WlUG9i9h0xMd
A+p8LQ3IZdfcUnpSnGfAeNITdKyUHdHJIopadP9CwYZRiWbOGF+1xQ00zNpJzHHP
fU9+qMijAX0UiU+lXYGlH5QWJHYN9Iw096MYORM7fBTHHrBWiRqqGsJZNB/mxmHY
ZriOlmIJWH9CCRH5szVQLABb0qD6MohVpgS3A15klcC8NUTbn9oIpz2Cl3VgxbhV
gEK9+qN5qjHk8m/wR4JZAtTXKFlh8qyI3u2irdW7
-----END CERTIFICATE-----
Generated at Mon Mar 2 08:40:43 2026 by rpki-client