Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/819089-473b-463f-b87b-4253950f1155/1/IBEMSBQMUEmyoGfT9mnmlgVNZhU.roa
File: IBEMSBQMUEmyoGfT9mnmlgVNZhU.roa (raw, json)
Hash identifier: SbS7D44DDA57I288AbbBNyIpLwW/oby6dFq63a7XwRE=
Subject key identifier: 20:11:0C:48:14:0C:50:49:B2:A0:67:D3:F6:69:E6:96:05:4D:66:15
Certificate issuer: /CN=da96b5bdafb28332dafe847ced14f7a5fad45e69
Certificate serial: 019CF65805ED1BC5B5DF5A89F203053E19F5
Authority key identifier: DA:96:B5:BD:AF:B2:83:32:DA:FE:84:7C:ED:14:F7:A5:FA:D4:5E:69
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2pa1va-ygzLa_oR87RT3pfrUXmk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/819089-473b-463f-b87b-4253950f1155/1/IBEMSBQMUEmyoGfT9mnmlgVNZhU.roa
Signing time: Mon 16 Mar 2026 11:11:29 +0000
ROA not before: Mon 16 Mar 2026 11:11:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 204296
IP address blocks: 185.254.60.0/23 maxlen: 24
185.254.62.0/24 maxlen: 24
185.254.63.0/24 maxlen: 24
2a0c:4840::/29 maxlen: 29
2a0c:4847:ffff::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5d/819089-473b-463f-b87b-4253950f1155/1/2pa1va-ygzLa_oR87RT3pfrUXmk.crl
rsync://rpki.ripe.net/repository/DEFAULT/5d/819089-473b-463f-b87b-4253950f1155/1/2pa1va-ygzLa_oR87RT3pfrUXmk.mft
rsync://rpki.ripe.net/repository/DEFAULT/2pa1va-ygzLa_oR87RT3pfrUXmk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Mar 2026 04:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:f6:58:05:ed:1b:c5:b5:df:5a:89:f2:03:05:3e:19:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da96b5bdafb28332dafe847ced14f7a5fad45e69
Validity
Not Before: Mar 16 11:11:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=20110c48140c5049b2a067d3f669e696054d6615
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:5e:2f:d7:78:4b:d6:ae:4c:68:f2:fe:42:cd:
4e:d2:d9:47:eb:09:01:45:21:13:54:a4:4e:c9:7b:
90:39:96:ac:19:b6:10:4d:4d:6d:25:e6:e9:f3:cf:
20:a4:9a:1b:4c:bd:0b:c2:54:51:ff:b3:66:16:93:
f0:87:a5:84:89:15:7e:3c:21:ac:22:ce:c2:8e:45:
e7:00:71:87:17:81:d7:d3:1f:0b:84:08:76:e2:25:
01:f5:4f:dc:e7:e3:8d:08:86:02:1e:4c:8e:3d:b0:
31:a6:ae:d1:ee:8e:7b:55:60:3b:9d:cc:69:ff:99:
ef:e5:f7:cb:b6:27:7e:41:8d:67:48:e4:e6:9f:88:
87:de:95:cd:c3:c8:9e:ef:73:7a:68:ec:ee:58:36:
f7:a0:22:f5:11:8c:e5:bd:69:b5:4f:a8:cf:28:c7:
af:c5:56:a4:a5:67:fe:de:c9:e0:84:88:92:9f:76:
0d:b2:09:2c:28:78:83:34:f3:e8:51:a2:bd:87:fa:
27:50:dd:db:16:95:c2:d9:4e:3f:5a:95:49:a3:1d:
6d:33:68:a3:da:2d:c3:73:bf:fa:36:c1:ac:cb:df:
6c:44:5c:81:69:b0:f7:e1:54:97:21:2e:60:33:75:
f3:3a:3e:cb:36:30:ca:74:c2:f4:0e:3e:ee:77:74:
e0:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:11:0C:48:14:0C:50:49:B2:A0:67:D3:F6:69:E6:96:05:4D:66:15
X509v3 Authority Key Identifier:
keyid:DA:96:B5:BD:AF:B2:83:32:DA:FE:84:7C:ED:14:F7:A5:FA:D4:5E:69
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2pa1va-ygzLa_oR87RT3pfrUXmk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/819089-473b-463f-b87b-4253950f1155/1/IBEMSBQMUEmyoGfT9mnmlgVNZhU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/819089-473b-463f-b87b-4253950f1155/1/2pa1va-ygzLa_oR87RT3pfrUXmk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.254.60.0/22
IPv6:
2a0c:4840::/29
Signature Algorithm: sha256WithRSAEncryption
8b:77:51:b2:1f:c5:9c:6b:92:5f:70:d7:cf:54:10:fb:65:09:
ae:2e:39:3b:3e:b7:08:c5:2b:55:bb:7d:34:06:69:cd:8f:6a:
ba:e1:20:c4:b3:75:3f:15:fe:60:57:eb:bf:e2:7b:50:09:f9:
4c:e3:e7:6b:5e:84:f1:4d:08:64:92:9b:0f:55:bd:cd:0a:fc:
b7:72:9b:db:b2:fe:68:6a:c4:97:3c:8d:fd:01:5c:ca:c3:88:
1e:33:8d:01:26:47:b6:f8:f9:3f:41:04:0a:26:b7:74:29:e8:
ef:6d:e7:0d:a3:87:05:23:ad:90:d6:fd:4b:63:19:50:7f:48:
07:31:41:eb:5c:41:60:e0:8a:91:c6:f9:b4:da:24:08:50:ae:
cc:5b:24:b8:9e:1f:70:0b:2e:af:cb:a0:3c:fc:ed:04:47:4e:
f8:94:d0:ab:18:2f:5f:3f:15:21:88:ea:97:15:e7:73:62:14:
1f:1c:5f:7c:3c:4f:2f:5a:7b:bb:82:63:df:65:9a:72:72:f5:
18:ae:ad:c8:39:7d:6c:81:17:a6:b2:20:fc:78:07:fc:5b:26:
98:b3:23:a5:69:a2:19:f3:2f:b9:51:d2:cc:19:34:6f:1d:98:
20:bb:92:99:68:3a:95:6d:1b:f2:fb:82:5b:d1:19:34:d2:16:
8d:d6:e3:df
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZz2WAXtG8W131qJ8gMFPhn1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOTZiNWJkYWZiMjgzMzJkYWZlODQ3Y2VkMTRmN2E1ZmFk
NDVlNjkwHhcNMjYwMzE2MTExMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDExMGM0ODE0MGM1MDQ5YjJhMDY3ZDNmNjY5ZTY5NjA1NGQ2NjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA514v13hL1q5MaPL+Qs1O0tlH6wkB
RSETVKROyXuQOZasGbYQTU1tJebp888gpJobTL0LwlRR/7NmFpPwh6WEiRV+PCGs
Is7CjkXnAHGHF4HX0x8LhAh24iUB9U/c5+ONCIYCHkyOPbAxpq7R7o57VWA7ncxp
/5nv5ffLtid+QY1nSOTmn4iH3pXNw8ie73N6aOzuWDb3oCL1EYzlvWm1T6jPKMev
xVakpWf+3snghIiSn3YNsgksKHiDNPPoUaK9h/onUN3bFpXC2U4/WpVJox1tM2ij
2i3Dc7/6NsGsy99sRFyBabD34VSXIS5gM3XzOj7LNjDKdML0Dj7ud3TgBQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCARDEgUDFBJsqBn0/Zp5pYFTWYVMB8GA1UdIwQY
MBaAFNqWtb2vsoMy2v6EfO0U96X61F5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnBhMXZhLXlnekxhX29SODdSVDNwZnJVWG1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC84MTkwODktNDczYi00NjNmLWI4N2It
NDI1Mzk1MGYxMTU1LzEvSUJFTVNCUU1VRW15b0dmVDltbm1sZ1ZOWmhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC84MTkwODktNDczYi00NjNmLWI4N2ItNDI1Mzk1MGYxMTU1
LzEvMnBhMXZhLXlnekxhX29SODdSVDNwZnJVWG1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuf48MA0E
AgACMAcDBQMqDEhAMA0GCSqGSIb3DQEBCwUAA4IBAQCLd1GyH8Wca5JfcNfPVBD7
ZQmuLjk7PrcIxStVu300BmnNj2q64SDEs3U/Ff5gV+u/4ntQCflM4+drXoTxTQhk
kpsPVb3NCvy3cpvbsv5oasSXPI39AVzKw4geM40BJke2+Pk/QQQKJrd0KejvbecN
o4cFI62Q1v1LYxlQf0gHMUHrXEFg4IqRxvm02iQIUK7MWyS4nh9wCy6vy6A8/O0E
R074lNCrGC9fPxUhiOqXFedzYhQfHF98PE8vWnu7gmPfZZpycvUYrq3IOX1sgRem
siD8eAf8WyaYsyOlaaIZ8y+5UdLMGTRvHZggu5KZaDqVbRvy+4Jb0Rk00haN1uPf
-----END CERTIFICATE-----
Generated at Sat Mar 28 14:48:35 2026 by rpki-client