Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/f4506e-fb88-48a9-8285-c9acfe3f3121/1/aHOqp1ZMoDrn_Rz0nU13prJUF_M.roa
File: aHOqp1ZMoDrn_Rz0nU13prJUF_M.roa (raw, json)
Hash identifier: aPL+Mw0PwgSles+WTwist9EMPvDKnBfA4ED9lGmk97A=
Subject key identifier: 68:73:AA:A7:56:4C:A0:3A:E7:FD:1C:F4:9D:4D:77:A6:B2:54:17:F3
Certificate issuer: /CN=f1c064460ea6d5cfd3f88dc1cf4ed07502bbb699
Certificate serial: 019B7BA43D33CFE5797BFBDC4CD237477D51
Authority key identifier: F1:C0:64:46:0E:A6:D5:CF:D3:F8:8D:C1:CF:4E:D0:75:02:BB:B6:99
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8cBkRg6m1c_T-I3Bz07QdQK7tpk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f4/f4506e-fb88-48a9-8285-c9acfe3f3121/1/aHOqp1ZMoDrn_Rz0nU13prJUF_M.roa
Signing time: Thu 01 Jan 2026 22:18:39 +0000
ROA not before: Thu 01 Jan 2026 22:18:39 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 216067
IP address blocks: 104.167.26.0/23 maxlen: 23
176.116.4.0/24 maxlen: 24
185.77.23.0/24 maxlen: 24
185.188.16.0/24 maxlen: 24
217.114.35.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f4/f4506e-fb88-48a9-8285-c9acfe3f3121/1/8cBkRg6m1c_T-I3Bz07QdQK7tpk.crl
rsync://rpki.ripe.net/repository/DEFAULT/f4/f4506e-fb88-48a9-8285-c9acfe3f3121/1/8cBkRg6m1c_T-I3Bz07QdQK7tpk.mft
rsync://rpki.ripe.net/repository/DEFAULT/8cBkRg6m1c_T-I3Bz07QdQK7tpk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 04:01:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7b:a4:3d:33:cf:e5:79:7b:fb:dc:4c:d2:37:47:7d:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1c064460ea6d5cfd3f88dc1cf4ed07502bbb699
Validity
Not Before: Jan 1 22:18:39 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6873aaa7564ca03ae7fd1cf49d4d77a6b25417f3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:e6:37:ef:17:41:d9:c6:fe:88:ba:bc:ac:18:
bd:6b:da:ef:e9:ea:87:87:22:31:57:7c:11:d9:fc:
37:6d:d4:5a:ae:a1:e6:46:9f:11:3a:5f:16:ce:9d:
7c:65:c0:6b:09:aa:40:00:d0:74:c6:c7:62:1b:91:
a4:ce:c3:47:d9:35:c8:06:64:3b:9b:d5:de:67:e5:
fa:72:7a:8b:ea:0f:c3:fa:35:7f:e8:d0:66:1a:8d:
62:5c:4c:90:b2:9a:18:8a:d0:b5:6d:3c:81:dd:ca:
4f:b0:2c:8d:74:0a:2d:17:15:a3:1d:77:68:b1:2b:
d5:b0:85:a6:f0:d7:92:e4:c9:2f:0c:34:59:59:b3:
03:2a:22:f6:c4:7e:23:dc:1c:a5:f2:d7:3c:f3:10:
b6:e5:16:03:2b:ef:fd:d5:c7:60:43:08:05:db:ff:
95:75:c3:6f:64:f0:a5:ca:d7:5c:ea:be:f4:db:a9:
58:6f:0f:b0:29:aa:be:5c:83:fe:9a:8d:2a:89:50:
26:6f:b0:6e:cc:2f:56:7d:07:52:b7:3d:69:1e:a0:
4f:7f:6c:f4:a6:c5:76:92:a2:7f:21:26:2a:b9:dc:
03:11:75:cc:ed:ae:20:80:7d:29:28:72:25:57:f9:
23:0a:3e:92:29:de:0b:f3:43:7e:47:75:78:c9:85:
44:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:73:AA:A7:56:4C:A0:3A:E7:FD:1C:F4:9D:4D:77:A6:B2:54:17:F3
X509v3 Authority Key Identifier:
keyid:F1:C0:64:46:0E:A6:D5:CF:D3:F8:8D:C1:CF:4E:D0:75:02:BB:B6:99
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8cBkRg6m1c_T-I3Bz07QdQK7tpk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/f4506e-fb88-48a9-8285-c9acfe3f3121/1/aHOqp1ZMoDrn_Rz0nU13prJUF_M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/f4506e-fb88-48a9-8285-c9acfe3f3121/1/8cBkRg6m1c_T-I3Bz07QdQK7tpk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
104.167.26.0/23
176.116.4.0/24
185.77.23.0/24
185.188.16.0/24
217.114.35.0/24
Signature Algorithm: sha256WithRSAEncryption
35:3c:a5:61:49:bf:37:d0:b4:9c:c0:e1:ff:92:25:6d:a9:19:
7f:26:20:15:0f:38:23:bf:de:c3:f6:1c:78:ac:0d:34:2a:56:
a8:7d:10:03:0a:f9:a5:56:80:cc:68:ec:e2:04:ef:b1:e1:e4:
24:0b:94:3f:45:74:ce:68:d6:ef:e9:aa:f5:7c:fc:9c:72:3f:
b6:70:48:d8:af:7d:d0:70:c9:8f:5e:da:38:05:2c:ad:86:93:
7e:44:9c:f6:48:0a:5b:73:e8:3d:2f:56:c0:78:a9:15:8a:aa:
7e:34:86:d7:30:55:48:94:59:5e:04:43:0e:09:95:75:d1:f3:
70:7c:ac:72:f4:8e:be:cf:91:10:df:09:37:17:ac:9a:e2:91:
92:6c:fe:9d:bb:7e:ea:d6:14:b5:fe:3b:72:b0:1b:eb:25:d7:
eb:55:95:d6:2e:8d:4b:73:76:1f:45:f1:e4:ac:b9:32:ff:e5:
1a:79:12:14:20:c0:52:b1:74:72:4f:8c:a9:51:82:d4:1f:9b:
d8:1c:56:75:99:66:e8:57:80:dd:cb:d5:34:b8:f7:96:b8:ee:
d4:fb:f1:79:c0:20:f9:f8:18:d4:e7:46:f7:85:70:1c:90:d8:
d2:86:75:6c:fb:5c:94:de:72:ab:24:83:46:96:38:48:db:0e:
92:6d:52:8a
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZt7pD0zz+V5e/vcTNI3R31RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYzA2NDQ2MGVhNmQ1Y2ZkM2Y4OGRjMWNmNGVkMDc1MDJi
YmI2OTkwHhcNMjYwMTAxMjIxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODczYWFhNzU2NGNhMDNhZTdmZDFjZjQ5ZDRkNzdhNmIyNTQxN2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+Y37xdB2cb+iLq8rBi9a9rv6eqH
hyIxV3wR2fw3bdRarqHmRp8ROl8Wzp18ZcBrCapAANB0xsdiG5GkzsNH2TXIBmQ7
m9XeZ+X6cnqL6g/D+jV/6NBmGo1iXEyQspoYitC1bTyB3cpPsCyNdAotFxWjHXdo
sSvVsIWm8NeS5MkvDDRZWbMDKiL2xH4j3Byl8tc88xC25RYDK+/91cdgQwgF2/+V
dcNvZPClytdc6r7026lYbw+wKaq+XIP+mo0qiVAmb7BuzC9WfQdStz1pHqBPf2z0
psV2kqJ/ISYqudwDEXXM7a4ggH0pKHIlV/kjCj6SKd4L80N+R3V4yYVEcwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFGhzqqdWTKA65/0c9J1Nd6ayVBfzMB8GA1UdIwQY
MBaAFPHAZEYOptXP0/iNwc9O0HUCu7aZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGNCa1JnNm0xY19ULUkzQnowN1FkUUs3dHBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9mNDUwNmUtZmI4OC00OGE5LTgyODUt
YzlhY2ZlM2YzMTIxLzEvYUhPcXAxWk1vRHJuX1J6MG5VMTNwckpVRl9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9mNDUwNmUtZmI4OC00OGE5LTgyODUtYzlhY2ZlM2YzMTIx
LzEvOGNCa1JnNm0xY19ULUkzQnowN1FkUUs3dHBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBaKcaAwQA
sHQEAwQAuU0XAwQAubwQAwQA2XIjMA0GCSqGSIb3DQEBCwUAA4IBAQA1PKVhSb83
0LScwOH/kiVtqRl/JiAVDzgjv97D9hx4rA00KlaofRADCvmlVoDMaOziBO+x4eQk
C5Q/RXTOaNbv6ar1fPyccj+2cEjYr33QcMmPXto4BSythpN+RJz2SApbc+g9L1bA
eKkViqp+NIbXMFVIlFleBEMOCZV10fNwfKxy9I6+z5EQ3wk3F6ya4pGSbP6du37q
1hS1/jtysBvrJdfrVZXWLo1Lc3YfRfHkrLky/+UaeRIUIMBSsXRyT4ypUYLUH5vY
HFZ1mWboV4Ddy9U0uPeWuO7U+/F5wCD5+BjU50b3hXAckNjShnVs+1yU3nKrJING
ljhI2w6SbVKK
-----END CERTIFICATE-----
Generated at Mon Mar 2 13:01:09 2026 by rpki-client