Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/r2XflIxJmGjomC-U95Gf0ECC1qI.roa
File: r2XflIxJmGjomC-U95Gf0ECC1qI.roa (raw, json)
Hash identifier: EUpiOOzuQ1ajI7Abfpjw3XhaAtJ0Ofbh3qfZy0diV4s=
Subject key identifier: AF:65:DF:94:8C:49:98:68:E8:98:2F:94:F7:91:9F:D0:40:82:D6:A2
Certificate issuer: /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial: 019D7292A39944E1D1F51661CB59B690D6A7
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/r2XflIxJmGjomC-U95Gf0ECC1qI.roa
Signing time: Thu 09 Apr 2026 14:08:25 +0000
ROA not before: Thu 09 Apr 2026 14:08:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 396550
IP address blocks: 81.19.194.0/24 maxlen: 24
81.19.194.30/32 maxlen: 32
81.19.195.0/24 maxlen: 24
81.19.195.30/32 maxlen: 32
81.19.195.31/32 maxlen: 32
185.100.0.0/24 maxlen: 24
185.100.0.53/32 maxlen: 32
2a10:eec0:abcd::/48 maxlen: 48
2a10:eec0:abcd::30/128 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 17:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:72:92:a3:99:44:e1:d1:f5:16:61:cb:59:b6:90:d6:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Validity
Not Before: Apr 9 14:08:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=af65df948c499868e8982f94f7919fd04082d6a2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:a5:d3:c1:6b:d5:44:9a:d0:2b:17:43:96:10:
58:36:6e:64:4b:5a:ee:e1:d1:e3:e8:a1:2d:27:b3:
96:e8:4f:cf:47:87:dc:79:19:98:0d:81:1e:d1:ff:
96:d6:b4:af:3f:0c:65:14:1f:ae:d2:e8:f8:08:b1:
18:ca:ae:a8:da:25:7b:20:9d:1a:e6:17:c5:31:83:
5c:d1:51:d8:09:43:5e:e4:c6:14:13:e8:ef:6d:b4:
ba:1d:6b:6b:04:68:ae:d2:45:be:28:9a:09:a8:75:
01:61:96:0f:c2:88:91:f5:b4:d3:f1:35:b7:2d:2b:
9b:d4:be:0e:8c:e5:cb:47:91:b8:46:42:fa:d8:37:
28:bf:a2:77:c9:fc:d9:1c:cc:96:cb:98:c2:d1:98:
68:cd:ed:73:86:be:d9:c0:65:42:2d:ed:93:d3:1b:
b9:97:a7:09:0d:c9:85:ab:51:79:3c:5f:44:50:6f:
fa:da:97:3e:a1:66:8a:05:9d:05:f0:c8:28:d1:14:
4e:fc:70:fa:43:41:31:fa:92:c4:d8:d1:10:7a:e6:
2f:19:01:6d:f5:9f:96:3e:fd:35:43:49:31:de:9c:
45:53:d8:11:ae:20:05:16:f4:15:7e:b9:dd:e4:ad:
23:84:9c:55:36:e6:80:6c:cd:1f:ba:0a:00:20:64:
ca:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:65:DF:94:8C:49:98:68:E8:98:2F:94:F7:91:9F:D0:40:82:D6:A2
X509v3 Authority Key Identifier:
keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/r2XflIxJmGjomC-U95Gf0ECC1qI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.19.194.0/23
185.100.0.0/24
IPv6:
2a10:eec0:abcd::/48
Signature Algorithm: sha256WithRSAEncryption
49:97:9b:ce:b9:6d:42:38:67:63:b8:99:58:82:87:54:a5:7f:
9e:50:8c:9e:ca:dd:93:3b:32:cc:fc:a5:f5:51:0f:3d:dc:7f:
70:fc:a0:25:97:53:0e:a6:fd:12:70:bf:c2:04:81:27:d9:32:
93:7e:1c:34:5f:f8:13:b9:15:89:73:86:05:79:5d:22:be:c6:
5c:15:7d:13:ee:47:4e:11:65:29:59:8f:bb:12:c3:ec:b4:d5:
b6:9b:71:50:7a:24:9a:6f:36:a2:40:f0:52:90:fb:8c:cc:51:
3b:d4:c9:eb:21:09:d5:94:03:c3:f2:8e:0f:b3:89:52:be:c3:
c4:cb:bf:fa:c5:f0:a5:b4:d8:71:39:17:66:eb:19:fe:d9:80:
35:bc:6e:c5:c8:48:5a:3c:39:d0:74:fd:75:aa:13:2b:b1:3d:
75:5a:8b:bd:bd:42:48:a4:bd:9a:64:a3:d1:64:13:b0:8e:27:
be:23:95:61:53:76:64:4e:fe:f7:ac:0c:ec:17:2a:49:d3:ec:
c2:ab:95:f3:bd:24:9e:66:55:73:44:e3:5a:e7:a3:d7:c8:64:
93:c0:d5:3b:ab:36:6b:2d:5b:1b:a7:db:1e:76:81:f9:36:65:
a3:d9:3c:7a:b5:50:79:8f:52:2a:ef:db:53:de:de:79:01:d8:
c8:a7:bd:ba
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ1ykqOZROHR9RZhy1m2kNanMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwNDA5MTQwODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjY1ZGY5NDhjNDk5ODY4ZTg5ODJmOTRmNzkxOWZkMDQwODJkNmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaXTwWvVRJrQKxdDlhBYNm5kS1ru
4dHj6KEtJ7OW6E/PR4fceRmYDYEe0f+W1rSvPwxlFB+u0uj4CLEYyq6o2iV7IJ0a
5hfFMYNc0VHYCUNe5MYUE+jvbbS6HWtrBGiu0kW+KJoJqHUBYZYPwoiR9bTT8TW3
LSub1L4OjOXLR5G4RkL62Dcov6J3yfzZHMyWy5jC0Zhoze1zhr7ZwGVCLe2T0xu5
l6cJDcmFq1F5PF9EUG/62pc+oWaKBZ0F8Mgo0RRO/HD6Q0Ex+pLE2NEQeuYvGQFt
9Z+WPv01Q0kx3pxFU9gRriAFFvQVfrnd5K0jhJxVNuaAbM0fugoAIGTKUwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFK9l35SMSZho6JgvlPeRn9BAgtaiMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvcjJYZmxJeEptR2pvbUMtVTk1R2YwRUNDMXFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBURPCAwQA
uWQAMA8EAgACMAkDBwAqEO7Aq80wDQYJKoZIhvcNAQELBQADggEBAEmXm865bUI4
Z2O4mViCh1Slf55QjJ7K3ZM7Msz8pfVRDz3cf3D8oCWXUw6m/RJwv8IEgSfZMpN+
HDRf+BO5FYlzhgV5XSK+xlwVfRPuR04RZSlZj7sSw+y01babcVB6JJpvNqJA8FKQ
+4zMUTvUyeshCdWUA8Pyjg+ziVK+w8TLv/rF8KW02HE5F2brGf7ZgDW8bsXISFo8
OdB0/XWqEyuxPXVai729QkikvZpko9FkE7COJ74jlWFTdmRO/vesDOwXKknT7MKr
lfO9JJ5mVXNE41rno9fIZJPA1TurNmstWxun2x52gfk2ZaPZPHq1UHmPUirv21Pe
3nkB2Minvbo=
-----END CERTIFICATE-----
Generated at Fri Apr 17 01:21:23 2026 by rpki-client