Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/722a81-f737-47c3-8634-01993ae0f634/1/KFxafXhhfLaW-gpG0Qp8xa6PXxk.roa
File: KFxafXhhfLaW-gpG0Qp8xa6PXxk.roa (raw, json)
Hash identifier: i+ofv0cbmE9Ws7/+QJMB11kRvt2A2P+Z3BL5lLoxu6Q=
Subject key identifier: 28:5C:5A:7D:78:61:7C:B6:96:FA:0A:46:D1:0A:7C:C5:AE:8F:5F:19
Certificate issuer: /CN=02b916b3b2e957d185032cdb499976a00eba4975
Certificate serial: 019B7E3876A0B0380527803F90ED681F74C2
Authority key identifier: 02:B9:16:B3:B2:E9:57:D1:85:03:2C:DB:49:99:76:A0:0E:BA:49:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ArkWs7LpV9GFAyzbSZl2oA66SXU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0c/722a81-f737-47c3-8634-01993ae0f634/1/KFxafXhhfLaW-gpG0Qp8xa6PXxk.roa
Signing time: Fri 02 Jan 2026 10:19:48 +0000
ROA not before: Fri 02 Jan 2026 10:19:48 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 201952
IP address blocks: 5.101.24.0/21 maxlen: 21
178.57.0.0/19 maxlen: 19
185.57.236.0/22 maxlen: 22
185.67.52.0/22 maxlen: 22
188.68.16.0/20 maxlen: 20
2a04:de80::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0c/722a81-f737-47c3-8634-01993ae0f634/1/ArkWs7LpV9GFAyzbSZl2oA66SXU.crl
rsync://rpki.ripe.net/repository/DEFAULT/0c/722a81-f737-47c3-8634-01993ae0f634/1/ArkWs7LpV9GFAyzbSZl2oA66SXU.mft
rsync://rpki.ripe.net/repository/DEFAULT/ArkWs7LpV9GFAyzbSZl2oA66SXU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 16:00:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7e:38:76:a0:b0:38:05:27:80:3f:90:ed:68:1f:74:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=02b916b3b2e957d185032cdb499976a00eba4975
Validity
Not Before: Jan 2 10:19:48 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=285c5a7d78617cb696fa0a46d10a7cc5ae8f5f19
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:a8:43:9d:b8:29:7d:dc:66:b7:75:7e:05:5c:
03:78:ac:7f:f0:c9:ee:99:fb:95:e4:ea:f6:fa:1d:
59:ed:a3:37:49:e0:e2:ac:10:e9:3c:c9:8e:a8:97:
a3:7e:19:9a:7a:87:45:1e:da:e1:db:28:a2:ac:7f:
42:e0:e4:e2:ba:dd:53:fb:05:c3:db:a1:c3:cd:5a:
59:4e:46:32:45:2f:38:71:46:80:70:e5:84:97:dc:
a0:2c:3b:91:43:a7:a4:71:14:98:9d:c7:32:04:77:
26:fb:f7:b5:8a:19:7c:08:4f:cc:66:0d:1c:17:1e:
60:25:d5:64:34:d6:57:8f:74:f4:bc:97:e1:67:c3:
ab:26:75:c1:fa:95:5e:e6:5c:c3:1c:8d:fb:8a:73:
d7:d3:23:53:70:ac:12:23:19:75:c9:5c:32:d8:f9:
d9:cb:a8:b7:22:52:8e:4f:ac:a3:8c:3a:3f:96:81:
5a:4f:1f:76:32:a3:f9:81:4b:cc:65:b3:a5:f5:87:
e1:1a:1f:9e:db:5e:b5:a6:5b:c4:1e:09:3a:7f:67:
90:7e:dc:20:e4:35:22:e6:3d:c2:55:00:04:e0:79:
6c:9d:49:b3:3e:96:d0:d2:5f:dc:c9:cc:a0:a7:83:
06:c2:55:3b:29:ce:a9:87:ae:51:6b:ff:a6:01:26:
dc:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:5C:5A:7D:78:61:7C:B6:96:FA:0A:46:D1:0A:7C:C5:AE:8F:5F:19
X509v3 Authority Key Identifier:
keyid:02:B9:16:B3:B2:E9:57:D1:85:03:2C:DB:49:99:76:A0:0E:BA:49:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ArkWs7LpV9GFAyzbSZl2oA66SXU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/722a81-f737-47c3-8634-01993ae0f634/1/KFxafXhhfLaW-gpG0Qp8xa6PXxk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/722a81-f737-47c3-8634-01993ae0f634/1/ArkWs7LpV9GFAyzbSZl2oA66SXU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.101.24.0/21
178.57.0.0/19
185.57.236.0/22
185.67.52.0/22
188.68.16.0/20
IPv6:
2a04:de80::/29
Signature Algorithm: sha256WithRSAEncryption
5d:c3:3b:a8:a5:89:cf:41:84:dc:6a:45:10:94:b2:82:7b:79:
ac:d9:c2:36:cf:4d:4f:5b:19:8e:aa:ed:de:06:aa:5f:fd:81:
2f:f9:d2:a0:b2:6e:0b:9f:ba:9f:37:58:32:c4:f0:5a:a3:d3:
0b:73:c1:1e:85:c6:a4:d4:32:83:0c:29:92:59:3c:82:94:68:
ed:9d:c8:e2:52:5c:32:c2:8d:ff:04:2c:08:30:7b:d9:dd:b0:
1d:b3:69:ab:26:7f:4e:2c:ab:18:e4:c9:61:8e:e3:a8:b9:20:
b4:d0:e4:63:c9:e7:53:47:29:12:97:99:7c:42:52:32:4a:bc:
95:d2:19:a3:be:02:48:37:04:65:bf:5d:37:19:1c:a3:77:e9:
62:c3:38:a2:47:55:98:dc:41:de:17:72:f0:a6:dc:b3:d3:69:
0a:b6:98:43:b6:b9:f6:da:3c:68:48:31:8d:e0:7c:d5:7c:e5:
af:fe:1b:b0:b1:4e:fb:1d:44:bb:c9:9d:75:45:3d:a4:67:b6:
6b:72:c0:85:bc:3c:ae:53:67:64:5c:91:b6:41:c1:4f:56:b1:
ff:fc:66:78:d2:00:12:0c:2a:bd:66:ab:be:1d:f8:73:a3:88:
5e:08:d4:48:f6:c1:32:38:93:9a:bb:fc:8c:d1:97:d4:58:a9:
90:0e:56:6f
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZt+OHagsDgFJ4A/kO1oH3TCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYjkxNmIzYjJlOTU3ZDE4NTAzMmNkYjQ5OTk3NmEwMGVi
YTQ5NzUwHhcNMjYwMTAyMTAxOTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODVjNWE3ZDc4NjE3Y2I2OTZmYTBhNDZkMTBhN2NjNWFlOGY1ZjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKhDnbgpfdxmt3V+BVwDeKx/8Mnu
mfuV5Or2+h1Z7aM3SeDirBDpPMmOqJejfhmaeodFHtrh2yiirH9C4OTiut1T+wXD
26HDzVpZTkYyRS84cUaAcOWEl9ygLDuRQ6ekcRSYnccyBHcm+/e1ihl8CE/MZg0c
Fx5gJdVkNNZXj3T0vJfhZ8OrJnXB+pVe5lzDHI37inPX0yNTcKwSIxl1yVwy2PnZ
y6i3IlKOT6yjjDo/loFaTx92MqP5gUvMZbOl9YfhGh+e2161plvEHgk6f2eQftwg
5DUi5j3CVQAE4HlsnUmzPpbQ0l/cycygp4MGwlU7Kc6ph65Ra/+mASbcOwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFChcWn14YXy2lvoKRtEKfMWuj18ZMB8GA1UdIwQY
MBaAFAK5FrOy6VfRhQMs20mZdqAOukl1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXJrV3M3THBWOUdGQXl6YlNabDJvQTY2U1hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy83MjJhODEtZjczNy00N2MzLTg2MzQt
MDE5OTNhZTBmNjM0LzEvS0Z4YWZYaGhmTGFXLWdwRzBRcDh4YTZQWHhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy83MjJhODEtZjczNy00N2MzLTg2MzQtMDE5OTNhZTBmNjM0
LzEvQXJrV3M3THBWOUdGQXl6YlNabDJvQTY2U1hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDBWUYAwQF
sjkAAwQCuTnsAwQCuUM0AwQEvEQQMA0EAgACMAcDBQMqBN6AMA0GCSqGSIb3DQEB
CwUAA4IBAQBdwzuopYnPQYTcakUQlLKCe3ms2cI2z01PWxmOqu3eBqpf/YEv+dKg
sm4Ln7qfN1gyxPBao9MLc8Eehcak1DKDDCmSWTyClGjtncjiUlwywo3/BCwIMHvZ
3bAds2mrJn9OLKsY5MlhjuOouSC00ORjyedTRykSl5l8QlIySryV0hmjvgJINwRl
v103GRyjd+liwziiR1WY3EHeF3Lwptyz02kKtphDtrn22jxoSDGN4HzVfOWv/huw
sU77HUS7yZ11RT2kZ7ZrcsCFvDyuU2dkXJG2QcFPVrH//GZ40gASDCq9Zqu+Hfhz
o4heCNRI9sEyOJOau/yM0ZfUWKmQDlZv
-----END CERTIFICATE-----
Generated at Thu Mar 26 21:09:01 2026 by rpki-client