Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/8eTvO2TZdJIMeT5I77o8e5hLDyI.roa
File: 8eTvO2TZdJIMeT5I77o8e5hLDyI.roa (raw, json)
Hash identifier: RW0q4KTs9SZCv80GUyltUUK1ZfZgWc4IG8Rp/qHyA3g=
Subject key identifier: F1:E4:EF:3B:64:D9:74:92:0C:79:3E:48:EF:BA:3C:7B:98:4B:0F:22
Certificate issuer: /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial: 019CDC9F9BC949A5ED1BDD620D8E2A2A0813
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/8eTvO2TZdJIMeT5I77o8e5hLDyI.roa
Signing time: Wed 11 Mar 2026 11:19:33 +0000
ROA not before: Wed 11 Mar 2026 11:19:33 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 208905
IP address blocks: 85.155.88.0/24 maxlen: 24
85.155.89.0/24 maxlen: 24
213.137.92.0/24 maxlen: 24
213.137.93.0/24 maxlen: 24
213.137.94.0/24 maxlen: 24
213.137.95.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 09:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:dc:9f:9b:c9:49:a5:ed:1b:dd:62:0d:8e:2a:2a:08:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
Validity
Not Before: Mar 11 11:19:33 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f1e4ef3b64d974920c793e48efba3c7b984b0f22
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:39:24:7e:f7:1e:2b:5e:94:f9:9e:7e:f2:24:
96:d0:86:19:3d:9f:9f:43:53:c7:7b:49:a8:d4:85:
39:0e:60:8a:4e:1f:71:78:6b:4a:2e:7a:b2:2a:a7:
ae:34:e0:ed:ee:0f:bc:0b:28:9b:61:0a:96:e4:c4:
5b:d7:2a:47:38:d5:62:24:2d:5e:f2:3c:1a:8f:47:
89:2f:f0:42:02:6f:ed:2f:e5:73:ba:40:a3:e0:87:
43:24:20:8c:e0:eb:13:e6:82:02:e7:22:1d:a7:9a:
0a:cc:43:53:0f:e2:35:09:6d:25:77:d4:99:49:81:
0b:71:b8:d0:36:6f:15:b0:ce:4e:52:7d:91:c7:6e:
10:f7:b4:b2:95:7f:5f:5d:b6:fc:73:4a:ae:86:b4:
7f:70:cf:a4:c4:00:78:69:6e:45:1e:3c:13:00:e7:
f0:8f:b8:3d:8e:8e:f4:51:f3:79:2d:db:7a:11:d1:
70:03:f8:a7:19:5b:f4:1c:1b:53:ad:04:3b:0d:95:
a7:ee:a4:bc:2d:9a:c2:2d:f1:4d:56:1a:65:05:e3:
bd:4d:09:25:d0:b7:ed:48:c4:ff:a8:65:1e:45:f6:
ba:80:64:e9:2b:c1:db:11:8c:25:6a:5f:12:6f:7c:
83:8d:96:de:f5:06:90:e2:db:60:c5:8d:75:9a:90:
a6:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:E4:EF:3B:64:D9:74:92:0C:79:3E:48:EF:BA:3C:7B:98:4B:0F:22
X509v3 Authority Key Identifier:
keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/8eTvO2TZdJIMeT5I77o8e5hLDyI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.155.88.0/23
213.137.92.0/22
Signature Algorithm: sha256WithRSAEncryption
3e:6d:bc:90:b7:6b:33:ee:28:69:14:33:36:83:1e:25:a6:f7:
5e:da:3f:aa:37:18:3d:7d:b0:6a:11:3a:7c:ed:3b:d0:66:65:
36:60:4d:2f:6a:ac:fb:86:22:d1:fb:77:36:4b:b1:b8:73:e9:
96:b4:95:a7:98:1a:a7:1e:71:ba:04:0e:20:25:c3:56:f7:4a:
ec:85:53:d5:c0:49:e5:7e:91:33:1d:48:e5:a4:ed:9a:3d:1f:
3e:05:5e:f6:b6:38:72:3f:1b:24:1c:37:a7:2b:a1:94:10:a2:
a4:33:f0:68:64:5e:a3:92:ea:4d:3d:aa:07:c4:7c:7d:35:eb:
ca:94:69:94:4d:f0:d5:ee:72:05:e6:a7:c4:57:b7:6f:45:20:
37:47:45:de:9a:d6:34:29:77:0f:0e:2b:69:14:36:a8:1f:2e:
15:0f:48:71:c7:58:78:1a:31:78:7b:20:3b:ab:7f:e2:73:db:
5d:e6:ae:cf:f0:12:d5:da:36:4b:f2:12:3d:04:55:67:dc:fc:
2f:37:0a:95:11:5d:d6:86:a5:60:f9:18:5a:f5:1b:33:72:5f:
6d:91:e9:78:64:e8:28:e6:75:0f:c2:a7:82:06:2f:0f:26:a3:
1c:6d:38:ea:5d:4f:2b:e9:ea:e1:df:f2:d8:37:ef:a7:23:a5:
dc:3b:eb:5c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzcn5vJSaXtG91iDY4qKggTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjYwMzExMTExOTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWU0ZWYzYjY0ZDk3NDkyMGM3OTNlNDhlZmJhM2M3Yjk4NGIwZjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzkkfvceK16U+Z5+8iSW0IYZPZ+f
Q1PHe0mo1IU5DmCKTh9xeGtKLnqyKqeuNODt7g+8CyibYQqW5MRb1ypHONViJC1e
8jwaj0eJL/BCAm/tL+VzukCj4IdDJCCM4OsT5oIC5yIdp5oKzENTD+I1CW0ld9SZ
SYELcbjQNm8VsM5OUn2Rx24Q97SylX9fXbb8c0quhrR/cM+kxAB4aW5FHjwTAOfw
j7g9jo70UfN5Ldt6EdFwA/inGVv0HBtTrQQ7DZWn7qS8LZrCLfFNVhplBeO9TQkl
0LftSMT/qGUeRfa6gGTpK8HbEYwlal8Sb3yDjZbe9QaQ4ttgxY11mpCmWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPHk7ztk2XSSDHk+SO+6PHuYSw8iMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvOGVUdk8yVFpkSklNZVQ1STc3bzhlNWhMRHlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVZtYAwQC
1YlcMA0GCSqGSIb3DQEBCwUAA4IBAQA+bbyQt2sz7ihpFDM2gx4lpvde2j+qNxg9
fbBqETp87TvQZmU2YE0vaqz7hiLR+3c2S7G4c+mWtJWnmBqnHnG6BA4gJcNW90rs
hVPVwEnlfpEzHUjlpO2aPR8+BV72tjhyPxskHDenK6GUEKKkM/BoZF6jkupNPaoH
xHx9NevKlGmUTfDV7nIF5qfEV7dvRSA3R0XemtY0KXcPDitpFDaoHy4VD0hxx1h4
GjF4eyA7q3/ic9td5q7P8BLV2jZL8hI9BFVn3PwvNwqVEV3WhqVg+Rha9Rszcl9t
kel4ZOgo5nUPwqeCBi8PJqMcbTjqXU8r6erh3/LYN++nI6XcO+tc
-----END CERTIFICATE-----
Generated at Thu Mar 26 17:33:29 2026 by rpki-client