Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/lXMxcKHZjXUz8BMF7GJSSi2LGo8.roa
File: lXMxcKHZjXUz8BMF7GJSSi2LGo8.roa (raw, json)
Hash identifier: OwZes0MV5N3/lGZs61retFyzYfzAu1gmXsT7MTPszqM=
Subject key identifier: 95:73:31:70:A1:D9:8D:75:33:F0:13:05:EC:62:52:4A:2D:8B:1A:8F
Certificate issuer: /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial: 019D7292994B306F93ECC0870C150D380D20
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/lXMxcKHZjXUz8BMF7GJSSi2LGo8.roa
Signing time: Thu 09 Apr 2026 14:08:23 +0000
ROA not before: Thu 09 Apr 2026 14:08:23 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 36623
IP address blocks: 81.19.194.0/24 maxlen: 24
81.19.194.30/32 maxlen: 32
81.19.195.0/24 maxlen: 24
81.19.195.30/32 maxlen: 32
81.19.195.31/32 maxlen: 32
185.100.0.0/24 maxlen: 24
185.100.0.53/32 maxlen: 32
2a10:eec0:abcd::/48 maxlen: 48
2a10:eec0:abcd::30/128 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 02:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:72:92:99:4b:30:6f:93:ec:c0:87:0c:15:0d:38:0d:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Validity
Not Before: Apr 9 14:08:23 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=95733170a1d98d7533f01305ec62524a2d8b1a8f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:94:f4:6e:98:43:5d:d5:bc:aa:b9:67:7e:d8:
9a:fc:d7:96:4e:86:ff:a1:5c:ad:65:e0:a1:61:76:
d7:8f:d7:9f:82:f4:b2:84:21:91:a1:de:0f:a7:c6:
87:c3:43:87:16:1b:c2:76:e0:71:41:62:43:2c:b6:
3c:33:3a:04:5a:4a:2a:c0:79:11:81:a8:da:b8:78:
20:08:3e:e3:56:34:ce:fc:73:51:04:ee:cb:55:25:
43:3f:48:ff:49:a9:b0:51:e2:ec:8d:57:e0:31:dc:
7f:96:53:6c:55:a6:ef:d7:c8:f1:37:54:db:5e:a1:
08:e9:f3:32:0e:5b:87:39:56:31:f5:1c:63:31:8d:
12:9a:fa:78:1d:1b:f5:5d:f2:d6:0d:09:74:c2:c5:
37:37:56:72:b0:a6:e9:90:24:3c:39:6b:4c:41:89:
ea:27:b2:72:a2:13:fc:49:2c:7c:36:52:90:dd:8a:
9e:72:40:ec:66:63:9c:53:47:14:db:4b:9a:66:e1:
e0:10:f6:b2:01:6f:7c:e5:eb:d5:e9:05:d9:58:65:
f1:3b:e4:77:33:ee:a6:42:2d:1a:3a:91:69:c2:a1:
76:86:92:29:43:9b:db:18:59:49:28:d7:cd:7a:64:
c4:3b:27:9d:1e:33:64:fd:0c:86:81:ad:67:76:cd:
97:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:73:31:70:A1:D9:8D:75:33:F0:13:05:EC:62:52:4A:2D:8B:1A:8F
X509v3 Authority Key Identifier:
keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/lXMxcKHZjXUz8BMF7GJSSi2LGo8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.19.194.0/23
185.100.0.0/24
IPv6:
2a10:eec0:abcd::/48
Signature Algorithm: sha256WithRSAEncryption
8a:30:1b:ab:4b:90:b8:7e:0e:50:14:57:df:a0:b8:61:e7:e3:
6c:4f:ff:18:c0:e9:61:54:d9:6c:89:65:6b:32:46:dc:67:3a:
01:06:7e:be:3a:72:4f:73:b8:98:14:01:bd:cc:08:1e:9d:26:
1d:70:82:10:64:49:74:78:af:d9:16:21:62:87:1a:8a:ec:99:
8d:68:10:82:91:e2:8d:73:80:64:e1:e1:e0:6f:47:84:a7:7c:
26:bb:76:7a:e6:45:0a:97:ad:f0:b6:54:be:35:80:c9:48:38:
27:81:01:eb:0d:9b:5e:c7:26:66:28:69:2a:af:6e:f5:ea:bf:
fc:4e:77:22:8d:42:46:bd:54:6d:34:05:ef:a3:2f:51:2d:88:
19:68:2d:60:6e:ea:e1:6f:a6:57:5a:12:01:bd:34:49:ea:34:
2a:b2:01:77:cb:2c:a9:8a:85:9d:48:51:4a:10:f7:78:46:6d:
2e:3a:2b:ce:86:e5:be:e8:f2:93:64:46:e5:2a:f1:65:1a:3d:
1f:a9:8d:e3:fb:12:aa:65:6d:25:35:10:85:b3:45:68:5e:ef:
98:a7:9d:16:c5:fb:6f:da:99:2b:be:8b:84:ae:44:95:ea:60:
69:5f:dd:20:e7:a1:29:41:8a:30:fe:34:22:81:52:7b:99:c5:
e9:2d:b8:be
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ1ykplLMG+T7MCHDBUNOA0gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwNDA5MTQwODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTczMzE3MGExZDk4ZDc1MzNmMDEzMDVlYzYyNTI0YTJkOGIxYThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ZT0bphDXdW8qrlnftia/NeWTob/
oVytZeChYXbXj9efgvSyhCGRod4Pp8aHw0OHFhvCduBxQWJDLLY8MzoEWkoqwHkR
gajauHggCD7jVjTO/HNRBO7LVSVDP0j/SamwUeLsjVfgMdx/llNsVabv18jxN1Tb
XqEI6fMyDluHOVYx9RxjMY0Smvp4HRv1XfLWDQl0wsU3N1ZysKbpkCQ8OWtMQYnq
J7JyohP8SSx8NlKQ3YqeckDsZmOcU0cU20uaZuHgEPayAW985evV6QXZWGXxO+R3
M+6mQi0aOpFpwqF2hpIpQ5vbGFlJKNfNemTEOyedHjNk/QyGga1nds2XqQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJVzMXCh2Y11M/ATBexiUkotixqPMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvbFhNeGNLSFpqWFV6OEJNRjdHSlNTaTJMR284LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBURPCAwQA
uWQAMA8EAgACMAkDBwAqEO7Aq80wDQYJKoZIhvcNAQELBQADggEBAIowG6tLkLh+
DlAUV9+guGHn42xP/xjA6WFU2WyJZWsyRtxnOgEGfr46ck9zuJgUAb3MCB6dJh1w
ghBkSXR4r9kWIWKHGorsmY1oEIKR4o1zgGTh4eBvR4SnfCa7dnrmRQqXrfC2VL41
gMlIOCeBAesNm17HJmYoaSqvbvXqv/xOdyKNQka9VG00Be+jL1EtiBloLWBu6uFv
pldaEgG9NEnqNCqyAXfLLKmKhZ1IUUoQ93hGbS46K86G5b7o8pNkRuUq8WUaPR+p
jeP7EqplbSU1EIWzRWhe75innRbF+2/amSu+i4SuRJXqYGlf3SDnoSlBijD+NCKB
UnuZxektuL4=
-----END CERTIFICATE-----
Generated at Sun Apr 19 11:18:18 2026 by rpki-client