Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/kxqtulv5zQYdOzeHCNHt2dII7RQ.roa
File: kxqtulv5zQYdOzeHCNHt2dII7RQ.roa (raw, json)
Hash identifier: MhQzatvqDipTWBB073T8YhyjkBMKwO8Lh6PPAk3Qxco=
Subject key identifier: 93:1A:AD:BA:5B:F9:CD:06:1D:3B:37:87:08:D1:ED:D9:D2:08:ED:14
Certificate issuer: /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial: 019D7292B67B8994C17BDA2D480F11DD8DE8
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/kxqtulv5zQYdOzeHCNHt2dII7RQ.roa
Signing time: Thu 09 Apr 2026 14:08:30 +0000
ROA not before: Thu 09 Apr 2026 14:08:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 396596
IP address blocks: 81.19.194.0/24 maxlen: 24
81.19.194.30/32 maxlen: 32
81.19.195.0/24 maxlen: 24
81.19.195.30/32 maxlen: 32
81.19.195.31/32 maxlen: 32
185.100.0.0/24 maxlen: 24
185.100.0.53/32 maxlen: 32
2a10:eec0:abcd::/48 maxlen: 48
2a10:eec0:abcd::30/128 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 17:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:72:92:b6:7b:89:94:c1:7b:da:2d:48:0f:11:dd:8d:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Validity
Not Before: Apr 9 14:08:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=931aadba5bf9cd061d3b378708d1edd9d208ed14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:1c:bb:1b:71:a9:89:88:44:64:51:22:c2:0e:
1d:39:ca:1f:d9:71:e6:7c:30:da:4b:aa:da:cf:5f:
9e:ed:8d:71:3e:b4:f3:6e:50:f9:05:54:e3:b3:d1:
77:e0:cf:1d:5f:50:c6:d8:93:46:f8:97:2c:b8:83:
6c:b0:22:25:f4:17:73:82:15:39:c2:76:aa:e8:96:
3f:bf:5e:7b:a6:4d:53:d9:bd:2d:8c:28:15:98:19:
53:42:30:6e:ad:9d:52:45:b3:d9:1b:80:d8:d5:5a:
12:5e:31:6b:3d:9e:dc:c3:69:d6:8d:61:b6:bb:99:
16:e5:86:93:98:7a:12:d6:38:e8:0a:35:72:e7:a8:
ee:b7:5a:ac:a5:f0:5e:3a:fc:be:e9:38:b8:bd:c1:
33:36:f9:a3:23:ad:98:a2:37:79:e2:a2:db:69:21:
15:11:54:ce:67:df:1d:6e:39:d6:f5:92:fc:b7:1b:
fe:d7:63:2c:c1:ff:01:e8:f4:54:c0:17:05:23:85:
21:8c:34:ff:68:12:e3:fe:63:23:0e:8a:6d:47:60:
59:59:b8:6d:39:70:76:59:af:d4:87:15:10:8c:c8:
2e:e1:20:f7:58:d5:8d:72:3d:63:fe:75:f9:3e:5f:
d9:fe:cf:ca:10:6d:e2:67:15:64:0e:d8:2c:21:df:
12:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:1A:AD:BA:5B:F9:CD:06:1D:3B:37:87:08:D1:ED:D9:D2:08:ED:14
X509v3 Authority Key Identifier:
keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/kxqtulv5zQYdOzeHCNHt2dII7RQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.19.194.0/23
185.100.0.0/24
IPv6:
2a10:eec0:abcd::/48
Signature Algorithm: sha256WithRSAEncryption
a6:1c:e0:bf:86:45:97:e1:23:e4:6d:ee:42:c9:48:ad:ac:05:
50:eb:7e:6e:8f:fc:3e:cd:38:91:af:8a:06:b4:3c:da:81:a3:
10:d2:75:85:16:b3:d0:9a:d9:12:f2:88:9c:af:96:e2:4c:87:
72:94:4f:1f:56:3b:19:23:9f:76:24:70:db:8e:09:cb:bf:2d:
74:fb:c0:0f:8c:64:39:56:1c:78:53:17:47:3d:65:92:ca:b7:
0b:52:ef:ab:9c:1b:df:f3:02:b4:91:c8:42:cf:ea:f1:d2:93:
1c:b2:eb:6f:e6:fe:c8:14:8b:91:41:c0:23:1e:b0:d7:a7:87:
0b:b2:4c:22:a4:30:b9:9e:f5:23:3a:40:da:82:98:8b:a9:6d:
cd:1d:ea:79:25:24:43:68:c9:82:7d:5d:02:e7:ac:77:e2:e0:
fc:9b:f9:85:8c:57:9d:36:67:05:e5:ef:8e:08:68:ca:be:87:
17:54:32:74:09:44:39:15:7b:93:e1:39:c2:5a:da:7f:81:41:
99:3e:cb:90:ef:95:c1:c5:44:7b:90:07:6c:5e:ae:4c:17:ad:
09:7c:fe:b5:b4:a2:4c:92:58:61:9d:e3:8d:70:cb:ac:a3:3e:
57:fe:06:6d:89:33:e4:cb:cf:ce:00:90:d9:7d:d6:e6:b9:9d:
64:75:c5:2e
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ1ykrZ7iZTBe9otSA8R3Y3oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwNDA5MTQwODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzFhYWRiYTViZjljZDA2MWQzYjM3ODcwOGQxZWRkOWQyMDhlZDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhy7G3GpiYhEZFEiwg4dOcof2XHm
fDDaS6raz1+e7Y1xPrTzblD5BVTjs9F34M8dX1DG2JNG+JcsuINssCIl9BdzghU5
wnaq6JY/v157pk1T2b0tjCgVmBlTQjBurZ1SRbPZG4DY1VoSXjFrPZ7cw2nWjWG2
u5kW5YaTmHoS1jjoCjVy56jut1qspfBeOvy+6Ti4vcEzNvmjI62Yojd54qLbaSEV
EVTOZ98dbjnW9ZL8txv+12Mswf8B6PRUwBcFI4UhjDT/aBLj/mMjDoptR2BZWbht
OXB2Wa/UhxUQjMgu4SD3WNWNcj1j/nX5Pl/Z/s/KEG3iZxVkDtgsId8S5QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJMarbpb+c0GHTs3hwjR7dnSCO0UMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEva3hxdHVsdjV6UVlkT3plSENOSHQyZElJN1JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBURPCAwQA
uWQAMA8EAgACMAkDBwAqEO7Aq80wDQYJKoZIhvcNAQELBQADggEBAKYc4L+GRZfh
I+Rt7kLJSK2sBVDrfm6P/D7NOJGviga0PNqBoxDSdYUWs9Ca2RLyiJyvluJMh3KU
Tx9WOxkjn3YkcNuOCcu/LXT7wA+MZDlWHHhTF0c9ZZLKtwtS76ucG9/zArSRyELP
6vHSkxyy62/m/sgUi5FBwCMesNenhwuyTCKkMLme9SM6QNqCmIupbc0d6nklJENo
yYJ9XQLnrHfi4Pyb+YWMV502ZwXl744IaMq+hxdUMnQJRDkVe5PhOcJa2n+BQZk+
y5DvlcHFRHuQB2xerkwXrQl8/rW0okySWGGd441wy6yjPlf+Bm2JM+TLz84AkNl9
1ua5nWR1xS4=
-----END CERTIFICATE-----
Generated at Fri Apr 17 01:21:28 2026 by rpki-client