Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/3b5110-5167-48e0-8597-61d7333f8570/1/KWWsY3yI72ioCOq7Ehofgc0rEjc.roa
File: KWWsY3yI72ioCOq7Ehofgc0rEjc.roa (raw, json)
Hash identifier: DKEhqLA1Q4tgERt0qIwT8m3BK6uRcKG/np3muRhMq5Q=
Subject key identifier: 29:65:AC:63:7C:88:EF:68:A8:08:EA:BB:12:1A:1F:81:CD:2B:12:37
Certificate issuer: /CN=fbcd0233808570e31ffb2fcde1b877071cbc6603
Certificate serial: 019D1FDD6F1DB30979F09E60F7A090B6631E
Authority key identifier: FB:CD:02:33:80:85:70:E3:1F:FB:2F:CD:E1:B8:77:07:1C:BC:66:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-80CM4CFcOMf-y_N4bh3Bxy8ZgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/3b5110-5167-48e0-8597-61d7333f8570/1/KWWsY3yI72ioCOq7Ehofgc0rEjc.roa
Signing time: Tue 24 Mar 2026 12:41:38 +0000
ROA not before: Tue 24 Mar 2026 12:41:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 207203
IP address blocks: 45.153.140.0/22 maxlen: 22
45.156.240.0/22 maxlen: 22
45.156.240.0/24 maxlen: 24
185.39.172.0/22 maxlen: 22
185.82.120.0/22 maxlen: 22
185.238.32.0/22 maxlen: 22
193.228.81.0/24 maxlen: 24
193.228.82.0/23 maxlen: 23
2a04:7700::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2d/3b5110-5167-48e0-8597-61d7333f8570/1/1-80CM4CFcOMf-y_N4bh3Bxy8ZgM.crl
rsync://rpki.ripe.net/repository/DEFAULT/2d/3b5110-5167-48e0-8597-61d7333f8570/1/1-80CM4CFcOMf-y_N4bh3Bxy8ZgM.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-80CM4CFcOMf-y_N4bh3Bxy8ZgM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 16:32:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:1f:dd:6f:1d:b3:09:79:f0:9e:60:f7:a0:90:b6:63:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbcd0233808570e31ffb2fcde1b877071cbc6603
Validity
Not Before: Mar 24 12:41:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2965ac637c88ef68a808eabb121a1f81cd2b1237
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:ad:d8:6c:d9:a0:8a:85:57:af:54:1c:e4:2a:
f7:ac:cc:e4:72:f8:2e:94:e3:22:fa:f6:34:60:2c:
23:99:20:c0:85:cf:b2:e0:4f:3b:a4:84:62:4a:de:
49:82:2e:c2:cb:9f:48:38:a0:d7:f9:73:81:66:67:
5a:3f:b5:e1:db:52:39:0d:c1:2e:7a:b1:dd:f3:a7:
36:a6:b5:15:e8:6a:ab:29:f5:dd:25:6a:6f:84:c7:
ad:5a:93:30:72:ce:8a:24:6c:b0:64:16:22:60:15:
7d:8f:ae:a2:cd:06:d5:59:dc:e6:d2:ea:83:a8:c6:
46:63:de:64:fb:10:a1:1b:56:f8:a4:e0:b0:5c:b1:
4e:3d:b3:13:a7:64:c0:51:f3:e2:de:7b:fd:ea:34:
60:b6:fa:0c:bd:23:02:66:d8:bc:5e:b9:55:4a:4d:
70:ae:2f:18:20:a2:ab:4d:9b:db:77:bc:7e:ff:0e:
18:d7:f2:a6:e1:94:bd:ae:99:9e:9f:d0:91:c9:ca:
48:43:a4:f1:3c:90:c7:59:f3:a4:a4:4d:d8:94:d5:
f8:c7:94:58:83:ac:dd:00:07:22:d5:e6:f8:23:10:
07:c3:e7:54:15:53:8a:a5:dd:bf:69:3e:f7:81:66:
d6:02:eb:63:e1:00:f7:16:42:49:75:23:47:57:a8:
7a:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:65:AC:63:7C:88:EF:68:A8:08:EA:BB:12:1A:1F:81:CD:2B:12:37
X509v3 Authority Key Identifier:
keyid:FB:CD:02:33:80:85:70:E3:1F:FB:2F:CD:E1:B8:77:07:1C:BC:66:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-80CM4CFcOMf-y_N4bh3Bxy8ZgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/3b5110-5167-48e0-8597-61d7333f8570/1/KWWsY3yI72ioCOq7Ehofgc0rEjc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/3b5110-5167-48e0-8597-61d7333f8570/1/1-80CM4CFcOMf-y_N4bh3Bxy8ZgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.153.140.0/22
45.156.240.0/22
185.39.172.0/22
185.82.120.0/22
185.238.32.0/22
193.228.81.0-193.228.83.255
IPv6:
2a04:7700::/29
Signature Algorithm: sha256WithRSAEncryption
5e:4d:22:ed:32:61:e6:0e:ae:5c:ea:66:cf:87:5f:a4:4d:bc:
68:a1:d1:a3:c9:09:57:89:f1:0e:87:2d:e8:26:f3:e4:d0:a8:
94:98:3f:c6:ee:a7:a2:e8:fe:a7:5c:30:36:0a:70:18:39:1a:
aa:19:b1:4f:1a:92:06:04:ac:df:a5:b8:3f:2c:cb:78:c9:80:
ff:d9:0d:40:e5:19:e0:7a:6e:e2:ff:4b:79:67:6d:4a:a0:f0:
bc:c5:83:a8:0e:0d:bb:25:86:eb:73:e4:cc:58:26:a4:60:b2:
7c:30:fb:a9:bd:9b:cd:e9:ee:c6:93:90:39:77:1c:b1:ae:46:
4b:34:39:41:54:b0:62:60:c5:3a:67:f7:1a:94:41:76:2a:07:
1f:69:0b:fa:21:12:42:9d:b2:0f:c1:24:d6:67:ea:0d:c2:29:
88:a6:a4:f6:34:b1:2f:d8:4b:09:03:3c:b8:b2:f6:83:20:72:
27:47:ca:50:7e:39:16:ac:3e:e1:1a:0f:54:da:7b:a8:f0:53:
bf:c2:4d:de:35:72:1a:21:ca:cd:21:7b:de:0e:96:63:b5:ee:
cf:91:a5:6e:a4:84:51:15:39:94:96:23:b4:aa:70:e1:d5:e4:
65:5f:63:70:ca:91:a9:03:d3:4d:7e:93:0c:af:08:8e:3c:8a:
2a:77:8d:01
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAZ0f3W8dswl58J5g96CQtmMeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiY2QwMjMzODA4NTcwZTMxZmZiMmZjZGUxYjg3NzA3MWNi
YzY2MDMwHhcNMjYwMzI0MTI0MTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTY1YWM2MzdjODhlZjY4YTgwOGVhYmIxMjFhMWY4MWNkMmIxMjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu63YbNmgioVXr1Qc5Cr3rMzkcvgu
lOMi+vY0YCwjmSDAhc+y4E87pIRiSt5Jgi7Cy59IOKDX+XOBZmdaP7Xh21I5DcEu
erHd86c2prUV6GqrKfXdJWpvhMetWpMwcs6KJGywZBYiYBV9j66izQbVWdzm0uqD
qMZGY95k+xChG1b4pOCwXLFOPbMTp2TAUfPi3nv96jRgtvoMvSMCZti8XrlVSk1w
ri8YIKKrTZvbd7x+/w4Y1/Km4ZS9rpmen9CRycpIQ6TxPJDHWfOkpE3YlNX4x5RY
g6zdAAci1eb4IxAHw+dUFVOKpd2/aT73gWbWAutj4QD3FkJJdSNHV6h69QIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFCllrGN8iO9oqAjquxIaH4HNKxI3MB8GA1UdIwQY
MBaAFPvNAjOAhXDjH/svzeG4dwccvGYDMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS04MENNNENGY09NZi15X040YmgzQnh5OFpnTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQvM2I1MTEwLTUxNjctNDhlMC04NTk3
LTYxZDczMzNmODU3MC8xL0tXV3NZM3lJNzJpb0NPcTdFaG9mZ2MwckVqYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmQvM2I1MTEwLTUxNjctNDhlMC04NTk3LTYxZDczMzNmODU3
MC8xLzEtODBDTTRDRmNPTWYteV9ONGJoM0J4eThaZ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwVAYIKwYBBQUHAQcBAf8ERTBDMDIEAgABMCwDBAItmYwD
BAItnPADBAK5J6wDBAK5UngDBAK57iAwDAMEAMHkUQMEAsHkUDANBAIAAjAHAwUD
KgR3ADANBgkqhkiG9w0BAQsFAAOCAQEAXk0i7TJh5g6uXOpmz4dfpE28aKHRo8kJ
V4nxDoct6Cbz5NColJg/xu6nouj+p1wwNgpwGDkaqhmxTxqSBgSs36W4PyzLeMmA
/9kNQOUZ4Hpu4v9LeWdtSqDwvMWDqA4NuyWG63PkzFgmpGCyfDD7qb2bzenuxpOQ
OXccsa5GSzQ5QVSwYmDFOmf3GpRBdioHH2kL+iESQp2yD8Ek1mfqDcIpiKak9jSx
L9hLCQM8uLL2gyByJ0fKUH45Fqw+4RoPVNp7qPBTv8JN3jVyGiHKzSF73g6WY7Xu
z5GlbqSEURU5lJYjtKpw4dXkZV9jcMqRqQPTTX6TDK8IjjyKKneNAQ==
-----END CERTIFICATE-----
Generated at Thu Mar 26 20:20:35 2026 by rpki-client