Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/51519c-1e93-44a9-ac70-7e242674defc/1/SPz2rFTEb-eYf1B5B0X4hMlLB6c.roa
File: SPz2rFTEb-eYf1B5B0X4hMlLB6c.roa (raw, json)
Hash identifier: TFR/CByQTCa7JUwD+ZC4TVDsRbIrDuQPNxLGIxqBjU4=
Subject key identifier: 48:FC:F6:AC:54:C4:6F:E7:98:7F:50:79:07:45:F8:84:C9:4B:07:A7
Certificate issuer: /CN=17b8beb555dafa82c3d6aa336909ae5ade35a83d
Certificate serial: 019CDC3251FB4E12EDCBC10843F6257AAE4D
Authority key identifier: 17:B8:BE:B5:55:DA:FA:82:C3:D6:AA:33:69:09:AE:5A:DE:35:A8:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/F7i-tVXa-oLD1qozaQmuWt41qD0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/51519c-1e93-44a9-ac70-7e242674defc/1/SPz2rFTEb-eYf1B5B0X4hMlLB6c.roa
Signing time: Wed 11 Mar 2026 09:20:11 +0000
ROA not before: Wed 11 Mar 2026 09:20:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 199250
IP address blocks: 91.200.68.0/24 maxlen: 24
91.200.69.0/24 maxlen: 24
185.21.36.0/22 maxlen: 24
185.21.37.0/24 maxlen: 24
185.21.38.0/24 maxlen: 24
185.21.39.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5f/51519c-1e93-44a9-ac70-7e242674defc/1/F7i-tVXa-oLD1qozaQmuWt41qD0.crl
rsync://rpki.ripe.net/repository/DEFAULT/5f/51519c-1e93-44a9-ac70-7e242674defc/1/F7i-tVXa-oLD1qozaQmuWt41qD0.mft
rsync://rpki.ripe.net/repository/DEFAULT/F7i-tVXa-oLD1qozaQmuWt41qD0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:dc:32:51:fb:4e:12:ed:cb:c1:08:43:f6:25:7a:ae:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=17b8beb555dafa82c3d6aa336909ae5ade35a83d
Validity
Not Before: Mar 11 09:20:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=48fcf6ac54c46fe7987f50790745f884c94b07a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:32:cb:d2:ac:08:eb:1d:07:f2:4f:21:e2:f9:
cf:27:7a:f9:46:3e:30:e3:38:4f:d3:7a:da:ea:33:
45:ec:47:38:22:cc:13:73:10:91:c7:a3:ce:c9:b4:
a0:d7:5b:cd:31:d1:c2:b1:1a:20:e8:bc:d8:cc:c1:
89:85:aa:94:de:3d:74:b1:33:1f:7f:2a:81:0d:5d:
11:fc:8c:b4:84:c9:da:16:cf:19:61:5d:2f:13:81:
60:e5:5a:ea:cd:6c:84:25:64:1d:ca:fd:23:99:f3:
ae:f2:cd:b1:41:fe:4c:5f:a0:57:e9:bf:01:47:73:
db:38:b8:ab:a5:4e:7c:03:2d:96:09:fe:a6:ad:ca:
b7:1b:2a:aa:c1:12:8b:a5:14:31:c8:bc:dd:d8:f1:
4c:c3:42:75:5b:c5:5c:b6:f1:ca:53:dd:8e:e7:74:
bd:2c:12:23:47:26:83:23:c0:92:25:20:60:3a:c7:
a5:22:83:b3:37:e0:28:db:86:40:50:1b:bd:fd:55:
1a:1f:6c:b2:db:f4:f4:ae:53:a9:73:7a:65:d7:1f:
e1:5e:4c:40:91:82:55:57:ea:2d:6f:0d:fa:96:9d:
8d:81:83:17:6e:03:91:20:10:3c:a1:3e:00:13:00:
d3:c7:94:eb:e3:82:75:8a:24:6c:27:28:2f:d4:16:
8a:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:FC:F6:AC:54:C4:6F:E7:98:7F:50:79:07:45:F8:84:C9:4B:07:A7
X509v3 Authority Key Identifier:
keyid:17:B8:BE:B5:55:DA:FA:82:C3:D6:AA:33:69:09:AE:5A:DE:35:A8:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F7i-tVXa-oLD1qozaQmuWt41qD0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/51519c-1e93-44a9-ac70-7e242674defc/1/SPz2rFTEb-eYf1B5B0X4hMlLB6c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/51519c-1e93-44a9-ac70-7e242674defc/1/F7i-tVXa-oLD1qozaQmuWt41qD0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.200.68.0/23
185.21.36.0/22
Signature Algorithm: sha256WithRSAEncryption
7b:85:4a:a2:f4:33:bc:b1:10:66:b8:99:cd:b9:44:c7:3d:7c:
64:0a:64:9c:37:f3:5d:75:a1:34:ea:1c:b5:b8:5a:9b:35:9a:
a0:0c:2a:86:fb:3e:61:ad:b1:b6:ab:54:aa:c2:7c:ed:cd:98:
fe:d8:a2:e6:a8:9d:f4:a0:ac:1a:28:fc:9d:5f:8b:1f:6a:95:
a7:3e:c6:24:2d:b0:27:25:0c:e9:71:76:da:50:42:8c:41:79:
c7:11:ca:5f:be:ad:46:7e:29:ac:d0:b0:e8:98:02:e8:21:91:
83:63:96:dc:92:00:92:b1:2e:a0:0c:a1:cb:c4:c3:fd:b1:eb:
e5:d6:64:71:58:3b:ff:43:b1:38:6a:1b:9c:1b:ca:1a:0c:46:
43:84:7b:e1:8e:14:ca:cd:e1:20:2d:cc:0f:cc:26:93:3b:f6:
b4:94:56:41:81:a1:05:66:49:ca:39:a1:35:07:a7:eb:56:34:
2c:d7:a9:74:e8:b0:d9:9a:bb:f2:3e:8f:98:1e:64:f0:16:c9:
bb:b7:96:e1:79:ce:d9:27:39:21:58:b0:a5:65:39:f7:8e:00:
b4:fa:a1:6d:c4:20:6b:f6:f6:3b:e4:61:c4:2c:87:1d:2c:94:
f3:b3:80:d1:1c:a2:1f:9a:b9:39:be:9f:2c:c5:1b:39:66:32:
c1:1d:89:b8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzcMlH7ThLty8EIQ/Yleq5NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YjhiZWI1NTVkYWZhODJjM2Q2YWEzMzY5MDlhZTVhZGUz
NWE4M2QwHhcNMjYwMzExMDkyMDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGZjZjZhYzU0YzQ2ZmU3OTg3ZjUwNzkwNzQ1Zjg4NGM5NGIwN2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjLL0qwI6x0H8k8h4vnPJ3r5Rj4w
4zhP03ra6jNF7Ec4IswTcxCRx6POybSg11vNMdHCsRog6LzYzMGJhaqU3j10sTMf
fyqBDV0R/Iy0hMnaFs8ZYV0vE4Fg5VrqzWyEJWQdyv0jmfOu8s2xQf5MX6BX6b8B
R3PbOLirpU58Ay2WCf6mrcq3GyqqwRKLpRQxyLzd2PFMw0J1W8VctvHKU92O53S9
LBIjRyaDI8CSJSBgOselIoOzN+Ao24ZAUBu9/VUaH2yy2/T0rlOpc3pl1x/hXkxA
kYJVV+otbw36lp2NgYMXbgORIBA8oT4AEwDTx5Tr44J1iiRsJygv1BaKIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEj89qxUxG/nmH9QeQdF+ITJSwenMB8GA1UdIwQY
MBaAFBe4vrVV2vqCw9aqM2kJrlreNag9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjdpLXRWWGEtb0xEMXFvemFRbXVXdDQxcUQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi81MTUxOWMtMWU5My00NGE5LWFjNzAt
N2UyNDI2NzRkZWZjLzEvU1B6MnJGVEViLWVZZjFCNUIwWDRoTWxMQjZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi81MTUxOWMtMWU5My00NGE5LWFjNzAtN2UyNDI2NzRkZWZj
LzEvRjdpLXRWWGEtb0xEMXFvemFRbXVXdDQxcUQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW8hEAwQC
uRUkMA0GCSqGSIb3DQEBCwUAA4IBAQB7hUqi9DO8sRBmuJnNuUTHPXxkCmScN/Nd
daE06hy1uFqbNZqgDCqG+z5hrbG2q1SqwnztzZj+2KLmqJ30oKwaKPydX4sfapWn
PsYkLbAnJQzpcXbaUEKMQXnHEcpfvq1Gfims0LDomALoIZGDY5bckgCSsS6gDKHL
xMP9sevl1mRxWDv/Q7E4ahucG8oaDEZDhHvhjhTKzeEgLcwPzCaTO/a0lFZBgaEF
ZknKOaE1B6frVjQs16l06LDZmrvyPo+YHmTwFsm7t5bhec7ZJzkhWLClZTn3jgC0
+qFtxCBr9vY75GHELIcdLJTzs4DRHKIfmrk5vp8sxRs5ZjLBHYm4
-----END CERTIFICATE-----
Generated at Thu Mar 26 05:46:52 2026 by rpki-client