Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/1aa875-03b5-4c17-bb39-b0c1e3304e74/1/RAC2EIsVMHG6hRns7HbMn17gGls.roa
File: RAC2EIsVMHG6hRns7HbMn17gGls.roa (raw, json)
Hash identifier: FF3H1038Rgf//9+NtLOprCe/ZirTllG7HflUAk9dINQ=
Subject key identifier: 44:00:B6:10:8B:15:30:71:BA:85:19:EC:EC:76:CC:9F:5E:E0:1A:5B
Certificate issuer: /CN=f222fbe85ae408d377b217d4eba7b38b24baf5dd
Certificate serial: 019C9456DE3940F56BF41BAE5C96DF9E0ADD
Authority key identifier: F2:22:FB:E8:5A:E4:08:D3:77:B2:17:D4:EB:A7:B3:8B:24:BA:F5:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8iL76FrkCNN3shfU66eziyS69d0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/1aa875-03b5-4c17-bb39-b0c1e3304e74/1/RAC2EIsVMHG6hRns7HbMn17gGls.roa
Signing time: Wed 25 Feb 2026 10:27:26 +0000
ROA not before: Wed 25 Feb 2026 10:27:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43150
IP address blocks: 153.94.128.0/23 maxlen: 23
217.199.199.0/24 maxlen: 24
2a00:4d80::/32 maxlen: 32
2a00:4d80::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f2/1aa875-03b5-4c17-bb39-b0c1e3304e74/1/8iL76FrkCNN3shfU66eziyS69d0.crl
rsync://rpki.ripe.net/repository/DEFAULT/f2/1aa875-03b5-4c17-bb39-b0c1e3304e74/1/8iL76FrkCNN3shfU66eziyS69d0.mft
rsync://rpki.ripe.net/repository/DEFAULT/8iL76FrkCNN3shfU66eziyS69d0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:94:56:de:39:40:f5:6b:f4:1b:ae:5c:96:df:9e:0a:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f222fbe85ae408d377b217d4eba7b38b24baf5dd
Validity
Not Before: Feb 25 10:27:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4400b6108b153071ba8519ecec76cc9f5ee01a5b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:07:82:59:8c:46:6e:8c:22:0a:9b:f4:5f:99:
31:27:ae:d6:14:83:f9:c9:ff:9e:97:85:87:10:e4:
5c:dd:fc:85:eb:83:78:ae:ba:fa:c2:50:ae:03:1c:
61:ad:6a:3f:cb:b4:90:1a:68:69:0f:20:6e:6c:aa:
71:cb:3d:71:d3:5b:b9:33:81:54:37:55:cc:b5:bd:
05:64:d2:01:37:f4:5e:57:02:c1:26:bf:5f:8f:97:
1a:1b:f5:8e:50:50:2c:e1:56:b0:3e:e3:0b:03:d2:
b9:77:07:89:e0:f1:07:f6:7d:8a:de:b6:b8:98:89:
06:4a:15:e5:8e:98:ab:be:20:b7:2b:5a:b8:df:aa:
16:fe:a0:a5:6b:e9:33:04:ef:5a:5b:ba:a0:74:40:
5f:bd:09:3a:93:87:9b:cb:4d:64:b0:a2:5e:46:3e:
d8:d9:1c:a3:35:29:72:d0:c5:f9:5b:88:ff:ad:7a:
95:a6:14:0d:c6:cf:5f:f6:ae:22:ae:9e:88:be:b8:
cb:a0:16:12:a2:03:50:a6:24:36:42:5d:dd:4b:63:
d2:bc:f5:35:2e:a1:7a:57:6f:f5:00:13:7f:06:8d:
3c:55:3e:58:42:17:58:e7:08:4f:04:71:41:6a:5c:
39:ae:df:95:ca:65:09:93:48:45:a3:81:79:b0:c1:
ac:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:00:B6:10:8B:15:30:71:BA:85:19:EC:EC:76:CC:9F:5E:E0:1A:5B
X509v3 Authority Key Identifier:
keyid:F2:22:FB:E8:5A:E4:08:D3:77:B2:17:D4:EB:A7:B3:8B:24:BA:F5:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8iL76FrkCNN3shfU66eziyS69d0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/1aa875-03b5-4c17-bb39-b0c1e3304e74/1/RAC2EIsVMHG6hRns7HbMn17gGls.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/1aa875-03b5-4c17-bb39-b0c1e3304e74/1/8iL76FrkCNN3shfU66eziyS69d0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
153.94.128.0/23
217.199.199.0/24
IPv6:
2a00:4d80::/32
Signature Algorithm: sha256WithRSAEncryption
b5:69:5e:bb:01:af:e5:44:7a:37:00:c4:31:30:9f:27:f0:5a:
6b:47:33:bf:5a:a6:99:63:75:c3:d6:16:69:35:04:dc:d8:7f:
92:d9:4a:99:d2:3e:f2:aa:30:12:14:90:ec:b2:33:0e:b7:1e:
cd:cd:87:94:5c:0b:93:ac:ac:06:7d:a3:31:8a:93:d5:99:fc:
a2:3a:a5:68:40:d7:18:7b:c9:1d:1a:10:68:14:d7:6d:4b:14:
49:9c:93:d6:77:94:fa:40:f4:37:15:2d:1f:96:2d:be:61:c5:
c3:68:0d:58:44:92:71:93:c8:bf:2d:3a:b4:dc:2c:c5:e7:d2:
a2:90:5f:2e:22:0a:45:ae:cb:b4:b8:b6:d3:91:0f:7e:48:0e:
e0:05:49:c6:24:54:45:61:ca:98:8d:f9:fa:bf:bc:d0:4d:ac:
8f:01:5b:6d:06:60:36:64:bf:49:a2:07:a5:3e:92:ec:9f:b7:
29:f2:4d:a0:77:63:11:77:65:e7:c4:5e:e5:d7:45:d9:22:ce:
88:9d:f2:36:39:c1:f2:0b:98:0e:d1:78:73:4f:35:f3:98:0d:
f3:e2:8f:54:78:1f:12:0f:e6:81:2a:01:b0:c2:7d:61:e9:1b:
7e:60:97:ab:7c:91:31:b7:42:31:a1:42:a0:ed:96:79:a0:7d:
72:31:8b:d4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZyUVt45QPVr9BuuXJbfngrdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMjJmYmU4NWFlNDA4ZDM3N2IyMTdkNGViYTdiMzhiMjRi
YWY1ZGQwHhcNMjYwMjI1MTAyNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDAwYjYxMDhiMTUzMDcxYmE4NTE5ZWNlYzc2Y2M5ZjVlZTAxYTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgeCWYxGbowiCpv0X5kxJ67WFIP5
yf+el4WHEORc3fyF64N4rrr6wlCuAxxhrWo/y7SQGmhpDyBubKpxyz1x01u5M4FU
N1XMtb0FZNIBN/ReVwLBJr9fj5caG/WOUFAs4VawPuMLA9K5dweJ4PEH9n2K3ra4
mIkGShXljpirviC3K1q436oW/qCla+kzBO9aW7qgdEBfvQk6k4eby01ksKJeRj7Y
2RyjNSly0MX5W4j/rXqVphQNxs9f9q4irp6IvrjLoBYSogNQpiQ2Ql3dS2PSvPU1
LqF6V2/1ABN/Bo08VT5YQhdY5whPBHFBalw5rt+VymUJk0hFo4F5sMGshQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEQAthCLFTBxuoUZ7Ox2zJ9e4BpbMB8GA1UdIwQY
MBaAFPIi++ha5AjTd7IX1Ouns4skuvXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGlMNzZGcmtDTk4zc2hmVTY2ZXppeVM2OWQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8xYWE4NzUtMDNiNS00YzE3LWJiMzkt
YjBjMWUzMzA0ZTc0LzEvUkFDMkVJc1ZNSEc2aFJuczdIYk1uMTdnR2xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8xYWE4NzUtMDNiNS00YzE3LWJiMzktYjBjMWUzMzA0ZTc0
LzEvOGlMNzZGcmtDTk4zc2hmVTY2ZXppeVM2OWQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBmV6AAwQA
2cfHMA0EAgACMAcDBQAqAE2AMA0GCSqGSIb3DQEBCwUAA4IBAQC1aV67Aa/lRHo3
AMQxMJ8n8FprRzO/WqaZY3XD1hZpNQTc2H+S2UqZ0j7yqjASFJDssjMOtx7NzYeU
XAuTrKwGfaMxipPVmfyiOqVoQNcYe8kdGhBoFNdtSxRJnJPWd5T6QPQ3FS0fli2+
YcXDaA1YRJJxk8i/LTq03CzF59KikF8uIgpFrsu0uLbTkQ9+SA7gBUnGJFRFYcqY
jfn6v7zQTayPAVttBmA2ZL9JogelPpLsn7cp8k2gd2MRd2XnxF7l10XZIs6InfI2
OcHyC5gO0XhzTzXzmA3z4o9UeB8SD+aBKgGwwn1h6Rt+YJerfJExt0IxoUKg7ZZ5
oH1yMYvU
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:46:18 2026 by rpki-client