Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ipi0F89eulNCOpUBOCm3RlSBalQ.roa
File: ipi0F89eulNCOpUBOCm3RlSBalQ.roa (raw, json)
Hash identifier: COhVGgFcv5ptZR8Ez01osTK9CrBdeNilu2jiPoizg/I=
Subject key identifier: 8A:98:B4:17:CF:5E:BA:53:42:3A:95:01:38:29:B7:46:54:81:6A:54
Certificate issuer: /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial: 019D7292A77A3810F28A470EE0DD48F0BB97
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ipi0F89eulNCOpUBOCm3RlSBalQ.roa
Signing time: Thu 09 Apr 2026 14:08:26 +0000
ROA not before: Thu 09 Apr 2026 14:08:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 396561
IP address blocks: 81.19.194.0/24 maxlen: 24
81.19.194.30/32 maxlen: 32
81.19.195.0/24 maxlen: 24
81.19.195.30/32 maxlen: 32
81.19.195.31/32 maxlen: 32
185.100.0.0/24 maxlen: 24
185.100.0.53/32 maxlen: 32
2a10:eec0:abcd::/48 maxlen: 48
2a10:eec0:abcd::30/128 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 17:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:72:92:a7:7a:38:10:f2:8a:47:0e:e0:dd:48:f0:bb:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Validity
Not Before: Apr 9 14:08:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8a98b417cf5eba53423a95013829b74654816a54
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:b9:46:3e:d0:80:a1:6e:38:d7:28:16:a0:b1:
16:57:34:c4:74:61:b9:4f:13:84:32:9a:a5:cc:79:
0f:29:79:68:d5:bd:d4:c7:97:c4:e3:4a:9e:41:50:
be:47:04:d4:d8:61:34:34:a6:11:f7:66:60:2a:e1:
84:99:77:31:2f:10:0a:fd:e3:48:65:33:ec:15:eb:
8f:e6:23:b2:91:70:1e:4f:81:d1:92:25:d6:97:a3:
f7:6a:82:23:9b:47:10:cf:e8:e2:ae:96:87:69:29:
b2:55:73:bb:6e:6e:a5:57:d6:63:d0:79:48:d7:44:
f3:98:e3:a9:43:06:37:78:2f:9c:1e:45:bb:28:61:
7b:05:09:80:30:20:40:83:0e:b4:4f:f4:82:12:27:
57:31:61:99:82:1d:b2:02:2f:1d:ac:f8:a5:da:b1:
3c:bb:5c:56:60:4d:21:18:49:9d:14:77:24:fc:20:
38:cf:92:5e:d7:37:86:7a:63:77:b8:3e:db:01:d8:
4a:45:e1:7f:3f:77:80:9c:89:74:c7:65:a5:44:47:
a2:c2:9c:12:1f:f9:c9:65:3e:71:b0:30:c0:61:72:
b8:dd:b3:36:1f:f4:3a:50:1b:9d:db:bd:e4:b4:34:
1e:1c:18:36:53:31:a9:6d:90:62:0f:ce:ff:0e:28:
bb:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:98:B4:17:CF:5E:BA:53:42:3A:95:01:38:29:B7:46:54:81:6A:54
X509v3 Authority Key Identifier:
keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/ipi0F89eulNCOpUBOCm3RlSBalQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.19.194.0/23
185.100.0.0/24
IPv6:
2a10:eec0:abcd::/48
Signature Algorithm: sha256WithRSAEncryption
c0:0c:d8:43:7f:70:60:50:17:42:47:42:56:54:50:95:c5:cd:
43:f1:96:39:b3:75:27:c6:05:86:f0:da:c1:af:5a:a7:b0:a0:
a0:36:8d:12:59:1c:ae:ad:94:fb:ba:04:1a:23:8e:a4:97:f8:
09:59:25:43:a7:0e:3e:ff:86:23:36:e2:8a:df:e4:b8:fe:07:
ba:cb:9d:be:57:16:ec:56:6a:9e:72:b4:d2:fa:3f:a1:93:fa:
21:03:fb:c8:82:35:45:13:b0:67:38:ef:90:94:3a:66:7b:74:
1e:5c:34:31:75:17:59:20:a9:8c:93:b1:ac:27:48:91:b3:d5:
0e:0a:ff:c1:49:ae:f7:18:5f:af:83:91:fd:0b:1e:78:b5:75:
86:ac:45:8a:56:fc:3c:96:2d:80:f3:38:28:dd:b6:69:b1:b9:
9a:88:ad:78:7b:fa:0e:c0:d0:b9:1b:e4:a3:4d:b0:81:5d:51:
f2:b4:7e:3f:8d:ba:77:2d:7e:e1:ac:9b:de:46:ab:26:53:12:
7e:a7:81:f5:06:c5:72:61:ba:0f:fb:8f:e8:5d:d4:5f:2e:7c:
68:77:5f:9f:b6:fc:5a:51:7e:53:96:90:f0:53:20:e0:3d:2b:
97:f0:f8:98:ed:6f:21:0f:50:d0:3f:dc:e1:f2:0d:46:e0:72:
c2:ee:4e:8a
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ1ykqd6OBDyikcO4N1I8LuXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwNDA5MTQwODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTk4YjQxN2NmNWViYTUzNDIzYTk1MDEzODI5Yjc0NjU0ODE2YTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLlGPtCAoW441ygWoLEWVzTEdGG5
TxOEMpqlzHkPKXlo1b3Ux5fE40qeQVC+RwTU2GE0NKYR92ZgKuGEmXcxLxAK/eNI
ZTPsFeuP5iOykXAeT4HRkiXWl6P3aoIjm0cQz+jirpaHaSmyVXO7bm6lV9Zj0HlI
10TzmOOpQwY3eC+cHkW7KGF7BQmAMCBAgw60T/SCEidXMWGZgh2yAi8drPil2rE8
u1xWYE0hGEmdFHck/CA4z5Je1zeGemN3uD7bAdhKReF/P3eAnIl0x2WlREeiwpwS
H/nJZT5xsDDAYXK43bM2H/Q6UBud273ktDQeHBg2UzGpbZBiD87/Dii75wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFIqYtBfPXrpTQjqVATgpt0ZUgWpUMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvaXBpMEY4OWV1bE5DT3BVQk9DbTNSbFNCYWxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBURPCAwQA
uWQAMA8EAgACMAkDBwAqEO7Aq80wDQYJKoZIhvcNAQELBQADggEBAMAM2EN/cGBQ
F0JHQlZUUJXFzUPxljmzdSfGBYbw2sGvWqewoKA2jRJZHK6tlPu6BBojjqSX+AlZ
JUOnDj7/hiM24orf5Lj+B7rLnb5XFuxWap5ytNL6P6GT+iED+8iCNUUTsGc475CU
OmZ7dB5cNDF1F1kgqYyTsawnSJGz1Q4K/8FJrvcYX6+Dkf0LHni1dYasRYpW/DyW
LYDzOCjdtmmxuZqIrXh7+g7A0Lkb5KNNsIFdUfK0fj+NunctfuGsm95GqyZTEn6n
gfUGxXJhug/7j+hd1F8ufGh3X5+2/FpRflOWkPBTIOA9K5fw+JjtbyEPUNA/3OHy
DUbgcsLuToo=
-----END CERTIFICATE-----
Generated at Fri Apr 17 02:33:38 2026 by rpki-client