Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/_DW8wUVCxqMdASxMaqTiWAuckGA.roa
File: _DW8wUVCxqMdASxMaqTiWAuckGA.roa (raw, json)
Hash identifier: hYAIGzVjJYhXedWTmqMPkiFnezuOjFXVqNlqL7yEehY=
Subject key identifier: FC:35:BC:C1:45:42:C6:A3:1D:01:2C:4C:6A:A4:E2:58:0B:9C:90:60
Certificate issuer: /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial: 019CA5DB1FB0C3920CB47DFA9DC7C04F832B
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/_DW8wUVCxqMdASxMaqTiWAuckGA.roa
Signing time: Sat 28 Feb 2026 20:05:26 +0000
ROA not before: Sat 28 Feb 2026 20:05:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 205090
IP address blocks: 89.44.86.0/24 maxlen: 24
89.44.87.0/24 maxlen: 24
91.200.12.0/24 maxlen: 24
91.200.13.0/24 maxlen: 24
95.81.121.0/24 maxlen: 24
95.81.122.0/24 maxlen: 24
103.71.20.0/24 maxlen: 24
103.71.21.0/24 maxlen: 24
104.128.130.0/24 maxlen: 24
104.128.133.0/24 maxlen: 24
104.128.134.0/24 maxlen: 24
104.128.135.0/24 maxlen: 24
109.69.62.0/24 maxlen: 24
109.69.63.0/24 maxlen: 24
185.105.88.0/24 maxlen: 24
185.105.89.0/24 maxlen: 24
185.105.90.0/24 maxlen: 24
185.105.91.0/24 maxlen: 24
185.128.104.0/24 maxlen: 24
185.128.105.0/24 maxlen: 24
185.128.106.0/24 maxlen: 24
185.128.107.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 23:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:a5:db:1f:b0:c3:92:0c:b4:7d:fa:9d:c7:c0:4f:83:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
Validity
Not Before: Feb 28 20:05:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fc35bcc14542c6a31d012c4c6aa4e2580b9c9060
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:d3:62:1a:f5:1b:46:25:59:75:31:ff:cc:28:
e0:58:a0:1f:bf:6b:04:15:0f:91:18:3e:41:77:15:
2f:15:e7:b8:42:6d:e6:dc:ce:ff:f2:05:57:e9:9b:
06:7a:20:e2:9b:36:c4:e7:ca:da:1e:4f:d9:a8:af:
e1:32:e1:c7:ba:3a:18:c3:8f:69:82:1b:30:55:c5:
6e:8e:33:ee:47:6a:ba:fd:21:b2:57:a3:86:c9:0b:
43:e6:4a:df:d4:62:57:e2:46:32:a1:a1:9f:99:2c:
f9:8b:0a:e9:7f:1d:93:1f:89:e4:7d:c5:af:ad:05:
0f:87:18:d3:c1:c8:c4:d5:25:3b:29:ea:64:6b:5a:
6c:4e:7a:7d:20:4b:77:e6:bb:75:79:68:c0:62:73:
54:b5:e0:3f:72:79:67:3c:d9:c0:d7:f6:ad:6e:5e:
66:7f:1c:3d:5d:41:9e:76:a1:48:43:fa:ff:50:bc:
65:cf:dc:a1:2d:3b:8e:55:c1:cb:e4:e5:ae:36:3f:
f1:13:db:f7:3b:89:e3:68:5f:6e:15:a5:33:5a:f7:
06:ea:28:f8:75:54:18:b2:b4:b1:64:dc:0f:8a:9c:
56:b6:2d:3e:51:9a:00:76:bc:c7:00:6a:af:d3:6c:
d1:90:06:bc:a0:6e:4d:b7:b9:1a:73:6d:be:41:52:
2c:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:35:BC:C1:45:42:C6:A3:1D:01:2C:4C:6A:A4:E2:58:0B:9C:90:60
X509v3 Authority Key Identifier:
keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/_DW8wUVCxqMdASxMaqTiWAuckGA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.44.86.0/23
91.200.12.0/23
95.81.121.0-95.81.122.255
103.71.20.0/23
104.128.130.0/24
104.128.133.0-104.128.135.255
109.69.62.0/23
185.105.88.0/22
185.128.104.0/22
Signature Algorithm: sha256WithRSAEncryption
a5:6e:2d:e6:c2:fb:4e:b1:18:3b:d1:7b:41:71:ac:aa:4f:97:
1d:58:51:16:1c:f9:fd:98:05:e5:2b:2c:17:27:42:3a:a6:85:
64:5c:b5:99:fb:c4:2f:fc:14:41:3f:67:4b:29:ba:de:5b:89:
59:33:15:2b:9e:7c:5a:88:53:7f:0a:1f:2a:c2:f1:ac:47:93:
0f:e1:8f:ef:62:2f:91:57:4c:d0:f8:20:96:05:9e:3c:0a:6f:
d7:a5:de:fc:5e:04:c4:c7:b7:af:df:87:9c:76:cc:6e:fb:0e:
0e:c1:15:9b:49:54:d3:3d:df:11:f8:ba:25:db:4a:c7:87:f6:
e4:4b:18:cd:81:78:a1:c2:dd:47:6d:26:fc:ad:99:69:af:53:
f7:cc:02:7b:aa:84:92:aa:7e:23:65:6b:3e:6a:f0:7f:e4:49:
cb:84:33:dd:ca:b9:7c:c3:a5:57:a0:2f:27:3b:02:79:4e:5e:
73:24:a5:f5:95:de:bd:dc:8a:09:94:7c:21:2e:ea:76:0b:ec:
7d:4a:7c:6d:30:20:33:c8:37:c4:75:ef:22:da:aa:ce:3a:21:
59:44:16:0c:f8:53:33:ee:90:61:3c:35:01:d4:dd:1b:77:6d:
8e:ea:e1:1f:68:76:7a:c3:9d:a0:1e:0b:94:ab:c2:c8:56:fc:
2c:82:31:27
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZyl2x+ww5IMtH36ncfAT4MrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjYwMjI4MjAwNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzM1YmNjMTQ1NDJjNmEzMWQwMTJjNGM2YWE0ZTI1ODBiOWM5MDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09NiGvUbRiVZdTH/zCjgWKAfv2sE
FQ+RGD5BdxUvFee4Qm3m3M7/8gVX6ZsGeiDimzbE58raHk/ZqK/hMuHHujoYw49p
ghswVcVujjPuR2q6/SGyV6OGyQtD5krf1GJX4kYyoaGfmSz5iwrpfx2TH4nkfcWv
rQUPhxjTwcjE1SU7Kepka1psTnp9IEt35rt1eWjAYnNUteA/cnlnPNnA1/atbl5m
fxw9XUGedqFIQ/r/ULxlz9yhLTuOVcHL5OWuNj/xE9v3O4njaF9uFaUzWvcG6ij4
dVQYsrSxZNwPipxWti0+UZoAdrzHAGqv02zRkAa8oG5Nt7kac22+QVIsgwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFPw1vMFFQsajHQEsTGqk4lgLnJBgMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvX0RXOHdVVkN4cU1kQVN4TWFxVGlXQXVja0dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQBWSxWAwQB
W8gMMAwDBABfUXkDBABfUXoDBAFnRxQDBABogIIwDAMEAGiAhQMEA2iAgAMEAW1F
PgMEArlpWAMEArmAaDANBgkqhkiG9w0BAQsFAAOCAQEApW4t5sL7TrEYO9F7QXGs
qk+XHVhRFhz5/ZgF5SssFydCOqaFZFy1mfvEL/wUQT9nSym63luJWTMVK558WohT
fwofKsLxrEeTD+GP72IvkVdM0PgglgWePApv16Xe/F4ExMe3r9+HnHbMbvsODsEV
m0lU0z3fEfi6JdtKx4f25EsYzYF4ocLdR20m/K2Zaa9T98wCe6qEkqp+I2VrPmrw
f+RJy4Qz3cq5fMOlV6AvJzsCeU5ecySl9ZXevdyKCZR8IS7qdgvsfUp8bTAgM8g3
xHXvItqqzjohWUQWDPhTM+6QYTw1AdTdG3dtjurhH2h2esOdoB4LlKvCyFb8LIIx
Jw==
-----END CERTIFICATE-----
Generated at Mon Mar 2 08:24:17 2026 by rpki-client