Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/26kO9P_Wdou5wIIAxf-kyVsvQbI.roa
File: 26kO9P_Wdou5wIIAxf-kyVsvQbI.roa (raw, json)
Hash identifier: ++eqX5X4g+zHc9p/OwRXuSCgRUZWXsuqA3Viisyrnv4=
Subject key identifier: DB:A9:0E:F4:FF:D6:76:8B:B9:C0:82:00:C5:FF:A4:C9:5B:2F:41:B2
Certificate issuer: /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial: 019E16F0718CA913F816AAD533018B67ADCF
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/26kO9P_Wdou5wIIAxf-kyVsvQbI.roa
Signing time: Mon 11 May 2026 12:08:36 +0000
ROA not before: Mon 11 May 2026 12:08:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 834
IP address blocks: 109.229.216.0/23 maxlen: 24
109.229.218.0/24 maxlen: 24
109.229.223.0/24 maxlen: 24
213.110.68.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:16:f0:71:8c:a9:13:f8:16:aa:d5:33:01:8b:67:ad:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Validity
Not Before: May 11 12:08:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=dba90ef4ffd6768bb9c08200c5ffa4c95b2f41b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:ef:7a:5c:8a:18:31:03:db:50:8c:35:9a:c3:
df:73:d8:1d:2e:be:f6:71:86:20:8e:41:d2:6c:a7:
ab:3d:c1:03:17:20:2b:da:f6:af:12:8e:b5:9c:64:
1d:ee:ef:52:23:f7:47:3c:97:ee:ec:68:29:42:c9:
c4:85:90:96:49:b5:5b:15:40:b0:24:ee:a9:77:04:
da:f8:96:97:ea:29:da:a5:f9:6c:83:58:28:25:da:
75:5e:53:ec:6d:8b:fb:a9:b7:a9:47:85:6f:12:63:
cf:69:a2:5f:0c:d1:8a:a4:78:05:f6:38:cd:17:77:
cf:a2:1f:70:a2:13:7c:5d:9a:60:de:c8:3e:f1:c3:
a8:d9:d5:af:9a:bc:dc:c9:f4:f0:02:ca:c6:bc:1e:
f8:be:c0:6e:7c:da:0f:2f:9a:4f:58:8c:21:ef:d8:
78:8c:f5:e5:db:9b:f5:ca:83:24:f4:1d:17:90:9e:
8f:c3:4b:31:b7:eb:c6:1e:84:e0:8a:7f:a5:27:23:
a2:6e:eb:a6:01:e8:c0:83:fb:62:8a:08:e0:fc:34:
cd:bc:4c:b9:40:c7:37:2c:a1:6a:73:b7:c9:93:0d:
6a:94:58:4a:0c:0e:e4:f7:76:b8:a3:07:58:44:b9:
bb:39:60:7e:01:1f:74:46:bd:03:5b:0e:e9:b2:bc:
26:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:A9:0E:F4:FF:D6:76:8B:B9:C0:82:00:C5:FF:A4:C9:5B:2F:41:B2
X509v3 Authority Key Identifier:
keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/26kO9P_Wdou5wIIAxf-kyVsvQbI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.229.216.0-109.229.218.255
109.229.223.0/24
213.110.68.0/22
Signature Algorithm: sha256WithRSAEncryption
84:7e:fb:e2:5b:e0:45:d5:65:06:4f:e0:55:9f:70:5a:5f:13:
48:2f:36:45:68:5f:32:55:23:7c:fb:b9:7a:96:4d:3b:0d:1b:
89:b7:6b:ef:71:58:d3:a2:07:0f:7e:67:c3:02:80:a4:27:36:
37:59:44:98:5c:79:2d:b3:36:5c:d0:1b:2c:4e:ed:77:67:06:
8a:8f:39:dd:32:75:f4:14:db:f6:e7:a3:46:ac:82:02:5b:23:
c5:90:af:d6:9a:72:70:6b:38:73:b1:4f:c8:58:29:06:dd:b3:
1e:56:fd:81:73:58:6d:a7:24:e7:9f:e9:74:04:50:b5:20:72:
9c:8c:74:35:75:38:8b:75:2c:e2:ca:63:4a:3c:42:a3:94:1f:
97:38:dc:aa:74:e1:49:dc:45:ba:e3:6d:f7:f9:2f:58:f3:c3:
20:c3:d8:4c:10:e0:69:77:58:de:fb:46:e3:e1:e7:60:fe:34:
2a:2b:ff:52:f4:64:a3:d3:ea:0b:12:95:52:da:c4:77:6f:68:
40:02:2d:85:81:c2:d5:a3:47:71:9a:bc:ee:87:b0:9b:03:d0:
fc:ef:7b:61:97:08:e3:63:8c:8a:cf:ae:cf:06:9e:ee:1b:39:
9a:d5:84:f0:2a:a7:bd:3a:29:9b:73:89:18:7b:4e:a0:89:d5:
39:f9:c1:b0
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZ4W8HGMqRP4FqrVMwGLZ63PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwNTExMTIwODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmE5MGVmNGZmZDY3NjhiYjljMDgyMDBjNWZmYTRjOTViMmY0MWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+96XIoYMQPbUIw1msPfc9gdLr72
cYYgjkHSbKerPcEDFyAr2vavEo61nGQd7u9SI/dHPJfu7GgpQsnEhZCWSbVbFUCw
JO6pdwTa+JaX6inapflsg1goJdp1XlPsbYv7qbepR4VvEmPPaaJfDNGKpHgF9jjN
F3fPoh9wohN8XZpg3sg+8cOo2dWvmrzcyfTwAsrGvB74vsBufNoPL5pPWIwh79h4
jPXl25v1yoMk9B0XkJ6Pw0sxt+vGHoTgin+lJyOibuumAejAg/tiigjg/DTNvEy5
QMc3LKFqc7fJkw1qlFhKDA7k93a4owdYRLm7OWB+AR90Rr0DWw7psrwmqQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFNupDvT/1naLucCCAMX/pMlbL0GyMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvMjZrTzlQX1dkb3U1d0lJQXhmLWt5VnN2UWJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBANt5dgD
BABt5doDBABt5d8DBALVbkQwDQYJKoZIhvcNAQELBQADggEBAIR+++Jb4EXVZQZP
4FWfcFpfE0gvNkVoXzJVI3z7uXqWTTsNG4m3a+9xWNOiBw9+Z8MCgKQnNjdZRJhc
eS2zNlzQGyxO7XdnBoqPOd0ydfQU2/bno0asggJbI8WQr9aacnBrOHOxT8hYKQbd
sx5W/YFzWG2nJOef6XQEULUgcpyMdDV1OIt1LOLKY0o8QqOUH5c43Kp04UncRbrj
bff5L1jzwyDD2EwQ4Gl3WN77RuPh52D+NCor/1L0ZKPT6gsSlVLaxHdvaEACLYWB
wtWjR3GavO6HsJsD0Pzve2GXCONjjIrPrs8Gnu4bOZrVhPAqp706KZtziRh7TqCJ
1Tn5wbA=
-----END CERTIFICATE-----
Generated at Tue May 12 22:32:52 2026 by rpki-client