Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/836431-b90d-4a98-be2c-955f5cb09893/1/Erb818ffjnKFyiFLXrdFbiFYOSI.roa
File: Erb818ffjnKFyiFLXrdFbiFYOSI.roa (raw, json)
Hash identifier: Olz1fwb3G3mD1eaDlk7aaaY6S5htT2DXXobUdGYkCz4=
Subject key identifier: 12:B6:FC:D7:C7:DF:8E:72:85:CA:21:4B:5E:B7:45:6E:21:58:39:22
Certificate issuer: /CN=b7871f290fff0e04260c6753e387c9efb75be296
Certificate serial: 019B77596972FAD6025CDECEA17ACD2E894B
Authority key identifier: B7:87:1F:29:0F:FF:0E:04:26:0C:67:53:E3:87:C9:EF:B7:5B:E2:96
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/t4cfKQ__DgQmDGdT44fJ77db4pY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/43/836431-b90d-4a98-be2c-955f5cb09893/1/Erb818ffjnKFyiFLXrdFbiFYOSI.roa
Signing time: Thu 01 Jan 2026 02:18:27 +0000
ROA not before: Thu 01 Jan 2026 02:18:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 51346
IP address blocks: 89.104.121.0/24 maxlen: 24
91.218.160.0/22 maxlen: 22
91.218.160.0/24 maxlen: 24
91.218.161.0/24 maxlen: 24
91.218.162.0/24 maxlen: 24
91.218.163.0/24 maxlen: 24
185.177.0.0/22 maxlen: 22
185.177.0.0/24 maxlen: 24
185.177.1.0/24 maxlen: 24
185.177.2.0/24 maxlen: 24
2a0a:2980::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/43/836431-b90d-4a98-be2c-955f5cb09893/1/t4cfKQ__DgQmDGdT44fJ77db4pY.crl
rsync://rpki.ripe.net/repository/DEFAULT/43/836431-b90d-4a98-be2c-955f5cb09893/1/t4cfKQ__DgQmDGdT44fJ77db4pY.mft
rsync://rpki.ripe.net/repository/DEFAULT/t4cfKQ__DgQmDGdT44fJ77db4pY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 11:01:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:77:59:69:72:fa:d6:02:5c:de:ce:a1:7a:cd:2e:89:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b7871f290fff0e04260c6753e387c9efb75be296
Validity
Not Before: Jan 1 02:18:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=12b6fcd7c7df8e7285ca214b5eb7456e21583922
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:82:1b:d3:b7:81:6d:97:0a:12:b9:6e:f2:25:
a7:b9:90:6c:ab:25:1f:35:9c:85:72:2e:0f:56:10:
f3:3c:e6:25:49:da:67:c7:48:fb:e6:d5:44:88:d5:
15:90:42:f3:19:52:d2:0c:89:8f:37:ba:ed:7c:e2:
16:f4:6c:2c:ba:e8:f7:18:be:b7:3c:99:f1:41:3c:
5f:80:84:0a:e2:c7:ed:5f:81:b3:3e:c3:9a:7c:2f:
20:4e:b0:22:aa:f7:29:40:22:d2:83:ec:49:81:fd:
c8:d3:42:a6:9a:93:94:b6:51:5a:a1:4e:49:0b:0f:
65:6c:6c:57:d4:e9:f1:80:32:45:7a:5a:68:9f:07:
fe:08:d0:dd:06:1a:b2:cb:dc:80:27:da:61:20:42:
cb:3c:6f:2a:7e:2f:b9:41:2d:0f:c4:c6:5c:21:94:
6e:6e:40:81:fd:a3:72:e3:da:a8:8a:ca:c7:b2:5a:
96:0f:ee:b3:1f:18:ae:d2:53:1c:e9:2c:0a:24:15:
46:2d:f9:7b:98:5f:18:eb:d8:f4:e0:dc:39:b8:61:
09:e5:19:4a:dd:6c:e3:61:29:4d:be:3b:1b:aa:c1:
a9:c8:c5:37:1d:36:8b:95:a9:32:76:92:32:6d:86:
14:78:88:26:7c:f2:c6:6b:fa:c8:60:1a:d2:2b:9b:
9b:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:B6:FC:D7:C7:DF:8E:72:85:CA:21:4B:5E:B7:45:6E:21:58:39:22
X509v3 Authority Key Identifier:
keyid:B7:87:1F:29:0F:FF:0E:04:26:0C:67:53:E3:87:C9:EF:B7:5B:E2:96
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t4cfKQ__DgQmDGdT44fJ77db4pY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/836431-b90d-4a98-be2c-955f5cb09893/1/Erb818ffjnKFyiFLXrdFbiFYOSI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/43/836431-b90d-4a98-be2c-955f5cb09893/1/t4cfKQ__DgQmDGdT44fJ77db4pY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.104.121.0/24
91.218.160.0/22
185.177.0.0/22
IPv6:
2a0a:2980::/29
Signature Algorithm: sha256WithRSAEncryption
a5:4f:1b:5c:2d:68:48:cc:e7:bd:af:6d:3c:0a:8b:11:a6:ea:
5a:4e:57:f7:f0:b7:4a:41:d4:76:f1:9e:e6:86:c0:6e:e3:d8:
6e:79:dd:ed:29:1e:c2:53:eb:fb:7a:90:66:ec:c4:aa:07:1b:
97:57:79:42:04:9b:9d:07:0e:ea:6f:bd:7d:45:03:60:e3:b1:
85:ab:05:7c:28:c2:c2:c3:4a:f2:f2:f9:7d:65:c0:cd:72:b3:
97:39:de:16:e2:60:e2:c4:f3:e9:09:49:8f:cf:d0:97:37:94:
49:fb:89:c3:33:34:16:7f:af:f9:57:a3:6c:e1:26:5b:a5:fd:
b9:f4:e9:5d:f6:89:53:c2:ac:8a:e4:ef:3c:a0:a7:e3:9a:d2:
82:31:69:3d:77:17:7d:88:d6:1b:89:04:c7:9c:11:c8:4d:ce:
4f:ee:91:d1:8f:ca:08:12:1c:0d:9c:c4:51:db:86:5e:6f:21:
8c:3d:2f:ff:82:cb:75:8a:5c:3b:1d:22:e1:4f:47:e9:25:d2:
5f:4e:57:c3:e0:44:33:16:05:94:f6:b1:bb:5f:16:42:cc:bf:
69:d4:fa:c4:47:bd:7e:72:be:78:e9:c0:25:46:11:c4:cd:b3:
16:60:5f:96:5d:56:56:ce:8e:0e:bc:a2:d9:df:e3:43:b6:d1:
78:66:e2:36
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZt3WWly+tYCXN7OoXrNLolLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3ODcxZjI5MGZmZjBlMDQyNjBjNjc1M2UzODdjOWVmYjc1
YmUyOTYwHhcNMjYwMTAxMDIxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmI2ZmNkN2M3ZGY4ZTcyODVjYTIxNGI1ZWI3NDU2ZTIxNTgzOTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IIb07eBbZcKErlu8iWnuZBsqyUf
NZyFci4PVhDzPOYlSdpnx0j75tVEiNUVkELzGVLSDImPN7rtfOIW9Gwsuuj3GL63
PJnxQTxfgIQK4sftX4GzPsOafC8gTrAiqvcpQCLSg+xJgf3I00KmmpOUtlFaoU5J
Cw9lbGxX1OnxgDJFelponwf+CNDdBhqyy9yAJ9phIELLPG8qfi+5QS0PxMZcIZRu
bkCB/aNy49qoisrHslqWD+6zHxiu0lMc6SwKJBVGLfl7mF8Y69j04Nw5uGEJ5RlK
3WzjYSlNvjsbqsGpyMU3HTaLlakydpIybYYUeIgmfPLGa/rIYBrSK5ublQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFBK2/NfH345yhcohS163RW4hWDkiMB8GA1UdIwQY
MBaAFLeHHykP/w4EJgxnU+OHye+3W+KWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDRjZktRX19EZ1FtREdkVDQ0Zko3N2RiNHBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My84MzY0MzEtYjkwZC00YTk4LWJlMmMt
OTU1ZjVjYjA5ODkzLzEvRXJiODE4ZmZqbktGeWlGTFhyZEZiaUZZT1NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My84MzY0MzEtYjkwZC00YTk4LWJlMmMtOTU1ZjVjYjA5ODkz
LzEvdDRjZktRX19EZ1FtREdkVDQ0Zko3N2RiNHBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAWWh5AwQC
W9qgAwQCubEAMA0EAgACMAcDBQMqCimAMA0GCSqGSIb3DQEBCwUAA4IBAQClTxtc
LWhIzOe9r208CosRpupaTlf38LdKQdR28Z7mhsBu49hued3tKR7CU+v7epBm7MSq
BxuXV3lCBJudBw7qb719RQNg47GFqwV8KMLCw0ry8vl9ZcDNcrOXOd4W4mDixPPp
CUmPz9CXN5RJ+4nDMzQWf6/5V6Ns4SZbpf259Old9olTwqyK5O88oKfjmtKCMWk9
dxd9iNYbiQTHnBHITc5P7pHRj8oIEhwNnMRR24ZebyGMPS//gst1ilw7HSLhT0fp
JdJfTlfD4EQzFgWU9rG7XxZCzL9p1PrER71+cr546cAlRhHEzbMWYF+WXVZWzo4O
vKLZ3+NDttF4ZuI2
-----END CERTIFICATE-----
Generated at Thu Mar 26 22:30:22 2026 by rpki-client