Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/k7s9rITgk0btn1r6INnAXUaFzMc.roa
File: k7s9rITgk0btn1r6INnAXUaFzMc.roa (raw, json)
Hash identifier: yz7YliHtvKSe3n4RMh0zhJhN6Myd8y1woKNMQhPpO/U=
Subject key identifier: 93:BB:3D:AC:84:E0:93:46:ED:9F:5A:FA:20:D9:C0:5D:46:85:CC:C7
Certificate issuer: /CN=4b48cf146b4c73d274096d705708d24b729329f8
Certificate serial: 019E1C34187726AF38A6669F4EE3901D0510
Authority key identifier: 4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/k7s9rITgk0btn1r6INnAXUaFzMc.roa
Signing time: Tue 12 May 2026 12:40:36 +0000
ROA not before: Tue 12 May 2026 12:40:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 205467
IP address blocks: 85.12.0.0/22 maxlen: 22
85.12.4.0/22 maxlen: 22
193.138.223.0/24 maxlen: 24
2a01:788:213::/48 maxlen: 48
2a01:788:1001::/48 maxlen: 48
2a01:788:aaaa::/48 maxlen: 48
2a01:788:aaab::/48 maxlen: 48
2a01:788:aaac::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.crl
rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.mft
rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 21:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:1c:34:18:77:26:af:38:a6:66:9f:4e:e3:90:1d:05:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b48cf146b4c73d274096d705708d24b729329f8
Validity
Not Before: May 12 12:40:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=93bb3dac84e09346ed9f5afa20d9c05d4685ccc7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:fc:fd:e3:e4:0f:b0:37:3b:40:40:f1:ee:e3:
56:b5:81:fd:00:b6:d3:05:d3:3a:f3:32:fe:8e:6d:
e8:fa:92:5c:84:cd:29:bb:d5:46:83:12:e4:4c:4b:
17:27:eb:38:88:ea:f6:16:3c:f8:06:dd:41:78:9d:
af:73:22:46:23:92:db:3d:e7:54:95:69:78:00:13:
82:6f:0a:9e:f8:7c:e1:a6:e8:02:31:60:14:25:2a:
6b:24:a7:1e:da:7f:39:55:fc:f6:60:ef:73:e2:a5:
c2:63:24:78:84:80:52:af:c7:69:f1:07:1b:a9:97:
8e:0e:14:89:f0:52:53:61:32:12:d7:eb:a4:5b:0d:
40:64:51:b7:88:56:72:d4:34:0e:0d:e4:71:52:bb:
6c:b1:a3:bd:73:0d:8e:2a:eb:72:b1:ca:3c:3c:fd:
c4:e6:eb:5a:59:ba:5f:b8:ab:b7:6b:70:cb:e2:4b:
ad:c4:c6:3d:de:1f:e0:b7:27:4b:49:f6:37:79:31:
61:eb:f4:52:63:9f:9a:e1:d7:8d:7b:e3:19:4c:af:
ae:8a:21:64:ba:9c:53:7e:d0:40:95:cd:71:61:75:
d1:bf:b8:63:f3:6a:48:8d:16:20:62:b6:a3:db:e3:
27:ca:7f:fe:45:ce:48:13:ed:93:26:27:c4:13:56:
47:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:BB:3D:AC:84:E0:93:46:ED:9F:5A:FA:20:D9:C0:5D:46:85:CC:C7
X509v3 Authority Key Identifier:
keyid:4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/k7s9rITgk0btn1r6INnAXUaFzMc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.12.0.0/21
193.138.223.0/24
IPv6:
2a01:788:213::/48
2a01:788:1001::/48
2a01:788:aaaa::-2a01:788:aaac:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
b7:e1:e7:41:c7:17:10:aa:a4:c8:63:99:74:3a:48:9f:54:20:
6f:83:d9:9a:9c:bf:84:c4:a1:ec:31:42:bc:2e:2b:d7:16:7b:
eb:9f:68:58:62:7f:b5:06:e7:de:6e:ce:af:fd:28:9c:60:e1:
2b:01:61:f8:cc:ee:ee:9c:69:50:d9:40:4c:97:58:76:bd:ba:
1a:93:b0:f5:23:e8:cf:58:f5:bf:7c:49:76:76:17:78:9a:87:
63:62:89:b7:12:95:3d:5d:5c:79:b8:ad:b9:3c:c3:0d:1b:d5:
1f:04:1a:12:e4:1c:47:28:0d:79:d0:06:2e:36:a8:89:f8:1e:
45:15:76:ac:54:69:03:5d:65:be:73:7a:c6:fd:ef:1d:0d:8a:
76:4f:2d:18:b4:fa:28:d2:3b:23:aa:00:c9:33:d5:71:69:6c:
14:2f:29:d2:93:0d:b9:6f:8c:1d:f6:68:65:d6:7e:b2:3d:e4:
3a:e7:20:ff:6f:b6:39:93:12:2b:30:b4:68:62:ba:d7:a4:41:
db:0c:3f:ba:e3:13:21:a2:bf:88:c7:e8:5c:39:a7:6e:b5:07:
52:0d:db:8a:c2:53:a2:cb:81:31:f5:52:fe:eb:bc:de:be:f5:
67:77:b6:5d:3a:01:aa:eb:5d:40:d8:c5:03:cb:a1:8f:8d:94:
43:77:2c:31
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZ4cNBh3Jq84pmafTuOQHQUQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNDhjZjE0NmI0YzczZDI3NDA5NmQ3MDU3MDhkMjRiNzI5
MzI5ZjgwHhcNMjYwNTEyMTI0MDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2JiM2RhYzg0ZTA5MzQ2ZWQ5ZjVhZmEyMGQ5YzA1ZDQ2ODVjY2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/z94+QPsDc7QEDx7uNWtYH9ALbT
BdM68zL+jm3o+pJchM0pu9VGgxLkTEsXJ+s4iOr2Fjz4Bt1BeJ2vcyJGI5LbPedU
lWl4ABOCbwqe+HzhpugCMWAUJSprJKce2n85Vfz2YO9z4qXCYyR4hIBSr8dp8Qcb
qZeODhSJ8FJTYTIS1+ukWw1AZFG3iFZy1DQODeRxUrtssaO9cw2OKutysco8PP3E
5utaWbpfuKu3a3DL4kutxMY93h/gtydLSfY3eTFh6/RSY5+a4deNe+MZTK+uiiFk
upxTftBAlc1xYXXRv7hj82pIjRYgYraj2+Mnyn/+Rc5IE+2TJifEE1ZHLwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFJO7PayE4JNG7Z9a+iDZwF1GhczHMB8GA1UdIwQY
MBaAFEtIzxRrTHPSdAltcFcI0ktykyn4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMt
NjRhNmEwNWI5OTA1LzEvazdzOXJJVGdrMGJ0bjFyNklObkFYVWFGek1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMtNjRhNmEwNWI5OTA1
LzEvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjASBAIAATAMAwQDVQwAAwQA
wYrfMCwEAgACMCYDBwAqAQeIAhMDBwAqAQeIEAEwEgMHASoBB4iqqgMHACoBB4iq
rDANBgkqhkiG9w0BAQsFAAOCAQEAt+HnQccXEKqkyGOZdDpIn1Qgb4PZmpy/hMSh
7DFCvC4r1xZ7659oWGJ/tQbn3m7Or/0onGDhKwFh+Mzu7pxpUNlATJdYdr26GpOw
9SPoz1j1v3xJdnYXeJqHY2KJtxKVPV1cebituTzDDRvVHwQaEuQcRygNedAGLjao
ifgeRRV2rFRpA11lvnN6xv3vHQ2Kdk8tGLT6KNI7I6oAyTPVcWlsFC8p0pMNuW+M
HfZoZdZ+sj3kOucg/2+2OZMSKzC0aGK616RB2ww/uuMTIaK/iMfoXDmnbrUHUg3b
isJTosuBMfVS/uu83r71Z3e2XToBqutdQNjFA8uhj42UQ3csMQ==
-----END CERTIFICATE-----
Generated at Wed May 13 06:58:11 2026 by rpki-client