Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/KS8FZGBdZ0y4orinEEqfOJRSjls.roa
File: KS8FZGBdZ0y4orinEEqfOJRSjls.roa (raw, json)
Hash identifier: HJN3luz6hWFgRuRZRyosvCtwwPBubzwiJo78kDQ8Cdw=
Subject key identifier: 29:2F:05:64:60:5D:67:4C:B8:A2:B8:A7:10:4A:9F:38:94:52:8E:5B
Certificate issuer: /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial: 019D7292C8E5CFCB41DACE33A6C16624F220
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/KS8FZGBdZ0y4orinEEqfOJRSjls.roa
Signing time: Thu 09 Apr 2026 14:08:35 +0000
ROA not before: Thu 09 Apr 2026 14:08:35 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 397206
IP address blocks: 81.19.194.0/24 maxlen: 24
81.19.194.30/32 maxlen: 32
81.19.195.0/24 maxlen: 24
81.19.195.30/32 maxlen: 32
81.19.195.31/32 maxlen: 32
185.100.0.0/24 maxlen: 24
185.100.0.53/32 maxlen: 32
2a10:eec0:abcd::/48 maxlen: 48
2a10:eec0:abcd::30/128 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 17:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:72:92:c8:e5:cf:cb:41:da:ce:33:a6:c1:66:24:f2:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Validity
Not Before: Apr 9 14:08:35 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=292f0564605d674cb8a2b8a7104a9f3894528e5b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:d6:70:78:00:51:0b:09:1c:fe:db:36:f3:36:
7b:ac:27:96:40:1a:97:b2:d8:3b:0d:f1:e9:bd:4a:
33:87:8e:8a:ea:70:ee:20:25:a1:19:8c:c3:6e:a1:
b6:fe:96:bf:5c:4d:56:fc:9e:5b:e4:0a:82:eb:80:
90:e4:13:54:03:00:4c:61:e5:63:57:f9:69:70:e4:
1e:ad:a9:41:59:5d:25:65:54:a5:0b:8d:b8:c1:fe:
1f:fb:68:85:66:4f:8b:32:4c:7b:57:72:e0:73:6b:
5e:e6:25:78:85:d2:a1:02:31:ca:51:cf:bb:bb:2e:
d9:f5:8f:89:da:46:c5:46:1b:dc:97:82:a7:04:ed:
91:3e:95:69:81:41:9f:28:4a:3f:17:06:46:f9:6a:
40:ed:c2:46:69:ee:5f:69:73:a5:72:1d:e5:16:ee:
54:ac:a8:93:57:cc:45:90:5e:8c:c3:25:60:68:f7:
ad:e2:80:64:75:63:3e:51:af:e7:2c:33:bd:fd:f8:
b2:34:d4:d5:9b:47:b5:1d:b8:34:09:89:38:fe:9f:
a4:4c:20:a2:bf:44:b1:f8:3c:c9:cf:45:e3:64:1e:
1b:39:2a:e9:18:4c:be:57:84:c3:82:ab:3f:13:a0:
b4:f7:7b:bd:42:7c:49:d2:33:09:1f:b1:53:26:6d:
32:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:2F:05:64:60:5D:67:4C:B8:A2:B8:A7:10:4A:9F:38:94:52:8E:5B
X509v3 Authority Key Identifier:
keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/KS8FZGBdZ0y4orinEEqfOJRSjls.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.19.194.0/23
185.100.0.0/24
IPv6:
2a10:eec0:abcd::/48
Signature Algorithm: sha256WithRSAEncryption
4f:01:9c:92:73:52:d8:58:37:4f:ca:0e:02:34:54:58:6c:bb:
ed:6f:10:c0:ba:7d:b1:2d:ad:34:04:97:44:81:de:bf:b8:d0:
b5:16:81:08:cf:a0:30:74:dc:07:45:a6:c6:26:40:e0:8c:3d:
68:e6:25:13:65:82:2b:38:ab:9d:51:df:73:72:8b:5a:fb:69:
60:72:8b:fa:f3:d5:54:60:b2:f9:03:05:38:cd:df:f0:0e:04:
48:e8:23:8f:8e:55:3e:cc:95:0e:29:94:51:23:03:ca:79:98:
5f:1a:9f:84:4e:ec:44:90:37:f9:47:09:20:c7:49:c8:83:98:
10:f1:0e:51:17:7a:69:21:61:67:16:d2:7e:1c:fc:27:55:87:
f8:1a:2b:a6:8e:56:fb:2f:80:e2:1f:5b:a1:6c:51:7e:53:02:
26:55:86:77:14:ac:d1:06:d0:4b:51:bd:1c:99:9a:23:e7:59:
c4:30:ff:60:ad:28:c6:cc:28:51:fc:80:1a:92:7d:e2:a5:b1:
23:e1:b4:f6:b4:f2:dd:43:1a:55:1a:fb:94:db:53:a8:fb:b6:
d4:f5:ad:8d:08:7a:0b:5d:e2:d3:31:f8:1b:d6:fb:43:c9:0a:
9f:8e:28:d8:3b:31:a8:e3:ae:c9:c1:78:65:7e:fb:83:aa:2b:
ae:dc:f5:79
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ1yksjlz8tB2s4zpsFmJPIgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwNDA5MTQwODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTJmMDU2NDYwNWQ2NzRjYjhhMmI4YTcxMDRhOWYzODk0NTI4ZTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6dZweABRCwkc/ts28zZ7rCeWQBqX
stg7DfHpvUozh46K6nDuICWhGYzDbqG2/pa/XE1W/J5b5AqC64CQ5BNUAwBMYeVj
V/lpcOQeralBWV0lZVSlC424wf4f+2iFZk+LMkx7V3Lgc2te5iV4hdKhAjHKUc+7
uy7Z9Y+J2kbFRhvcl4KnBO2RPpVpgUGfKEo/FwZG+WpA7cJGae5faXOlch3lFu5U
rKiTV8xFkF6MwyVgaPet4oBkdWM+Ua/nLDO9/fiyNNTVm0e1Hbg0CYk4/p+kTCCi
v0Sx+DzJz0XjZB4bOSrpGEy+V4TDgqs/E6C093u9QnxJ0jMJH7FTJm0ykQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFCkvBWRgXWdMuKK4pxBKnziUUo5bMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvS1M4RlpHQmRaMHk0b3JpbkVFcWZPSlJTamxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBURPCAwQA
uWQAMA8EAgACMAkDBwAqEO7Aq80wDQYJKoZIhvcNAQELBQADggEBAE8BnJJzUthY
N0/KDgI0VFhsu+1vEMC6fbEtrTQEl0SB3r+40LUWgQjPoDB03AdFpsYmQOCMPWjm
JRNlgis4q51R33Nyi1r7aWByi/rz1VRgsvkDBTjN3/AOBEjoI4+OVT7MlQ4plFEj
A8p5mF8an4RO7ESQN/lHCSDHSciDmBDxDlEXemkhYWcW0n4c/CdVh/gaK6aOVvsv
gOIfW6FsUX5TAiZVhncUrNEG0EtRvRyZmiPnWcQw/2CtKMbMKFH8gBqSfeKlsSPh
tPa08t1DGlUa+5TbU6j7ttT1rY0Iegtd4tMx+BvW+0PJCp+OKNg7MajjrsnBeGV+
+4OqK67c9Xk=
-----END CERTIFICATE-----
Generated at Fri Apr 17 01:19:49 2026 by rpki-client