Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/FXvxd8iSb5UOqnUQemVQoiPFHr0.roa
File: FXvxd8iSb5UOqnUQemVQoiPFHr0.roa (raw, json)
Hash identifier: xAaj8WYWxsUYDp5IjPLpIHhUT6JTzTLFtyE0B9OOTCo=
Subject key identifier: 15:7B:F1:77:C8:92:6F:95:0E:AA:75:10:7A:65:50:A2:23:C5:1E:BD
Certificate issuer: /CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
Certificate serial: 019D8B2B8C04EAA5B0059C1BF03C41E1D5FD
Authority key identifier: 25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/FXvxd8iSb5UOqnUQemVQoiPFHr0.roa
Signing time: Tue 14 Apr 2026 08:46:20 +0000
ROA not before: Tue 14 Apr 2026 08:46:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 29752
IP address blocks: 104.166.158.0/24 maxlen: 24
2a0b:21c1:601c::/48 maxlen: 48
2a0b:21c1:602a::/48 maxlen: 48
2a0b:21c1:6030::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.mft
rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 02:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:8b:2b:8c:04:ea:a5:b0:05:9c:1b:f0:3c:41:e1:d5:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
Validity
Not Before: Apr 14 08:46:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=157bf177c8926f950eaa75107a6550a223c51ebd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:3e:46:38:d5:46:b5:a1:2e:44:c3:57:7c:06:
88:de:81:51:a1:2a:79:cc:86:aa:73:45:6f:74:4b:
b1:56:92:cf:7d:cb:12:83:65:8f:bf:dc:94:7e:09:
f6:30:3a:24:44:ca:3d:18:15:c4:b7:1f:d5:66:be:
03:c5:67:03:5d:fc:4c:21:08:d1:ef:75:7f:c7:10:
35:0b:aa:0d:e2:4a:c6:39:81:0b:a1:7e:d4:84:6a:
9a:c3:2b:f2:ef:00:05:6a:c0:d2:2b:a7:c7:58:82:
9f:96:a4:2a:42:be:3e:23:d6:b5:da:20:34:51:a3:
ba:a8:5b:56:6a:bf:55:70:ba:23:c2:8a:68:7e:73:
73:d4:c5:a9:e2:ee:31:4c:7b:01:e6:e2:e7:bc:5f:
51:03:36:d4:9e:3d:37:78:bc:ae:f7:0b:bb:12:1a:
cc:0a:3a:02:45:c6:f7:78:b1:a1:0f:63:07:84:f2:
26:24:9f:e5:77:1c:b3:b3:8c:37:5a:f3:3e:3a:cb:
7d:a6:4d:ff:62:63:41:5e:b7:df:f9:0b:c4:b1:77:
57:f0:4d:ad:c2:c2:75:bd:92:19:3c:18:80:65:dd:
c0:5d:61:6a:6e:32:d5:34:c0:54:bc:10:60:c6:ca:
a6:66:bf:9f:b0:fc:36:3e:e6:19:5f:e0:d9:b5:d4:
30:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:7B:F1:77:C8:92:6F:95:0E:AA:75:10:7A:65:50:A2:23:C5:1E:BD
X509v3 Authority Key Identifier:
keyid:25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/FXvxd8iSb5UOqnUQemVQoiPFHr0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
104.166.158.0/24
IPv6:
2a0b:21c1:601c::/48
2a0b:21c1:602a::/48
2a0b:21c1:6030::/48
Signature Algorithm: sha256WithRSAEncryption
62:40:96:3f:d1:5b:74:4d:bb:f5:a2:90:6e:13:d8:0f:b6:86:
f0:c7:88:c8:49:e9:36:7d:7f:1e:d0:86:a7:00:6c:fd:c9:96:
a0:17:3b:a0:33:c6:85:8a:b1:c7:d8:ad:9e:ab:c6:1a:a4:c1:
2a:cd:49:94:12:ed:d8:a5:8c:cf:c2:dd:d7:e4:9f:ce:ed:7f:
46:b2:a5:af:df:c1:c0:47:d9:4c:4d:3a:11:63:4b:dc:75:aa:
59:df:e5:a0:6c:46:a3:a2:2e:ea:f3:19:ce:39:ad:44:99:fb:
05:ad:e1:c9:0c:d6:61:76:4c:9b:ea:1b:33:66:8a:7f:fe:8a:
0e:fe:c0:df:84:ee:3e:dd:e3:10:2c:ee:d8:97:f2:2c:88:a9:
f1:43:c7:d8:b9:9d:28:85:41:b6:99:c0:be:c0:b1:2b:9d:31:
cd:d0:18:31:15:f4:52:ad:ff:1d:77:71:1f:bf:ad:5f:d4:4f:
9a:10:b4:55:aa:66:ed:1e:34:32:42:0b:39:db:e5:52:6a:d5:
e7:a4:bd:8b:9e:4c:7d:ba:b4:02:84:f4:58:0b:26:2e:4c:86:
8d:ff:04:29:05:89:43:db:a2:e9:b5:91:b1:a2:aa:32:9d:3a:
f7:28:81:1d:64:1b:a9:be:4f:8f:d7:eb:e1:8b:5a:7b:0d:f5:
73:b1:93:81
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAZ2LK4wE6qWwBZwb8DxB4dX9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Nzc2Yzc3ZjhlYmU3MDk0Y2EwMDdhY2UxYTljMGJmZGMy
YjNhZWMwHhcNMjYwNDE0MDg0NjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTdiZjE3N2M4OTI2Zjk1MGVhYTc1MTA3YTY1NTBhMjIzYzUxZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArT5GONVGtaEuRMNXfAaI3oFRoSp5
zIaqc0VvdEuxVpLPfcsSg2WPv9yUfgn2MDokRMo9GBXEtx/VZr4DxWcDXfxMIQjR
73V/xxA1C6oN4krGOYELoX7UhGqawyvy7wAFasDSK6fHWIKflqQqQr4+I9a12iA0
UaO6qFtWar9VcLojwopofnNz1MWp4u4xTHsB5uLnvF9RAzbUnj03eLyu9wu7EhrM
CjoCRcb3eLGhD2MHhPImJJ/ldxyzs4w3WvM+Ost9pk3/YmNBXrff+QvEsXdX8E2t
wsJ1vZIZPBiAZd3AXWFqbjLVNMBUvBBgxsqmZr+fsPw2PuYZX+DZtdQwVQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFBV78XfIkm+VDqp1EHplUKIjxR69MB8GA1UdIwQY
MBaAFCV3bHf46+cJTKAHrOGpwL/cKzrsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQt
ZTdkYWVjMTk0YTY5LzEvRlh2eGQ4aVNiNVVPcW5VUWVtVlFvaVBGSHIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQtZTdkYWVjMTk0YTY5
LzEvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAMBAIAATAGAwQAaKaeMCEE
AgACMBsDBwAqCyHBYBwDBwAqCyHBYCoDBwAqCyHBYDAwDQYJKoZIhvcNAQELBQAD
ggEBAGJAlj/RW3RNu/WikG4T2A+2hvDHiMhJ6TZ9fx7QhqcAbP3JlqAXO6AzxoWK
scfYrZ6rxhqkwSrNSZQS7diljM/C3dfkn87tf0aypa/fwcBH2UxNOhFjS9x1qlnf
5aBsRqOiLurzGc45rUSZ+wWt4ckM1mF2TJvqGzNmin/+ig7+wN+E7j7d4xAs7tiX
8iyIqfFDx9i5nSiFQbaZwL7AsSudMc3QGDEV9FKt/x13cR+/rV/UT5oQtFWqZu0e
NDJCCznb5VJq1eekvYueTH26tAKE9FgLJi5Mho3/BCkFiUPboum1kbGiqjKdOvco
gR1kG6m+T4/X6+GLWnsN9XOxk4E=
-----END CERTIFICATE-----
Generated at Sun Apr 19 11:36:32 2026 by rpki-client