Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/kfIkh8JRl0CLg8N2X34fKzfAAIY.roa
File: kfIkh8JRl0CLg8N2X34fKzfAAIY.roa (raw, json)
Hash identifier: LNo3ChQs7isxQdfvX/1Vp1a9WnepBnzSUSjWncB8U/c=
Subject key identifier: 91:F2:24:87:C2:51:97:40:8B:83:C3:76:5F:7E:1F:2B:37:C0:00:86
Certificate issuer: /CN=21df245ead9980d2b39533782f65d7566d0462d1
Certificate serial: 019CBEE028546A50B770C285436F117833E4
Authority key identifier: 21:DF:24:5E:AD:99:80:D2:B3:95:33:78:2F:65:D7:56:6D:04:62:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/kfIkh8JRl0CLg8N2X34fKzfAAIY.roa
Signing time: Thu 05 Mar 2026 16:41:27 +0000
ROA not before: Thu 05 Mar 2026 16:41:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213468
IP address blocks: 5.61.88.0/22 maxlen: 22
185.218.194.0/24 maxlen: 24
185.218.195.0/24 maxlen: 24
2a10:f2c0:aaa8::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.crl
rsync://rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:be:e0:28:54:6a:50:b7:70:c2:85:43:6f:11:78:33:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21df245ead9980d2b39533782f65d7566d0462d1
Validity
Not Before: Mar 5 16:41:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=91f22487c25197408b83c3765f7e1f2b37c00086
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:43:99:77:2a:7f:2e:7c:e1:b7:77:46:5d:5f:
b7:7a:4a:47:45:a7:df:23:ff:42:9d:11:61:6d:86:
f1:2a:58:56:78:77:5d:de:63:eb:05:76:fb:82:3f:
0f:4e:b4:48:55:21:50:ec:e2:82:c5:52:91:72:9b:
71:f1:44:56:f7:1f:85:3f:3a:06:4e:d7:a6:dc:b9:
87:2f:26:6f:99:e8:93:43:1c:99:be:18:05:e6:05:
e6:eb:fd:0e:18:87:53:20:0a:ca:a7:93:10:0e:d9:
88:f7:e3:cc:2d:1c:63:48:2b:59:36:39:33:62:f3:
34:6c:b3:f6:d1:c8:68:f1:1f:83:10:12:45:fc:4f:
43:02:7a:52:7e:7e:8b:52:a6:0b:84:3e:62:c4:cd:
19:17:76:bc:f4:4f:c4:4f:e9:57:10:df:08:a8:32:
a9:2f:e3:6e:49:7c:17:4d:7d:34:8c:66:92:ba:bf:
36:7b:9b:b9:8f:eb:13:3d:5a:91:29:55:97:e3:e6:
cb:3c:06:dc:59:af:9b:d5:3b:0e:69:9f:a7:b6:cd:
8d:75:29:d8:1f:9e:c9:97:4c:08:4a:ce:ff:aa:00:
82:3b:16:ed:aa:73:01:46:c7:cc:75:c7:8f:9d:92:
e1:36:f8:73:05:b2:e3:a8:84:6b:e6:48:64:c4:a3:
e7:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:F2:24:87:C2:51:97:40:8B:83:C3:76:5F:7E:1F:2B:37:C0:00:86
X509v3 Authority Key Identifier:
keyid:21:DF:24:5E:AD:99:80:D2:B3:95:33:78:2F:65:D7:56:6D:04:62:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/kfIkh8JRl0CLg8N2X34fKzfAAIY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/df7d6a-4592-400b-ade4-0ec5235d4e9f/1/Id8kXq2ZgNKzlTN4L2XXVm0EYtE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.61.88.0/22
185.218.194.0/23
IPv6:
2a10:f2c0:aaa8::/48
Signature Algorithm: sha256WithRSAEncryption
a2:75:8d:89:73:e6:2f:f1:2b:90:23:86:1f:9f:04:2b:53:c4:
f2:81:5c:73:7b:34:88:5e:b0:cf:27:f8:07:8f:dc:33:2f:a2:
03:48:26:ae:5f:fd:0a:e7:91:b2:05:90:7c:52:d1:aa:f7:fe:
15:de:f1:34:58:ad:d7:19:31:58:02:cd:b0:f3:2d:48:6b:c2:
98:f8:4c:ee:c4:27:34:4d:10:32:75:1f:7c:de:80:78:c3:76:
49:a2:05:e6:16:3e:53:80:1e:73:fb:72:c2:c0:17:73:d2:ea:
bc:48:cb:60:dd:00:27:63:5f:04:69:8d:75:45:ec:db:04:97:
67:d1:d5:ec:34:5f:6a:cb:43:48:35:5d:8d:bb:c1:d5:76:74:
d6:3a:d6:2b:d0:4d:5b:c2:cd:35:ea:aa:a3:31:98:ee:be:7a:
6d:4c:d7:47:77:68:78:d4:b8:f9:57:a5:c2:87:83:a8:ea:a2:
d0:c6:ae:7f:6a:cc:0b:48:27:cf:75:05:e9:86:80:b2:ac:63:
a3:a0:2b:d5:41:c9:fb:af:f5:46:c5:a4:66:fa:31:a3:e3:dd:
09:e9:b3:6d:aa:13:52:ef:2d:01:42:f9:fc:88:4d:9c:04:1b:
6b:31:33:78:4c:9f:78:13:f7:f5:5f:15:4f:e6:37:ef:a5:51:
54:2b:2a:e4
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZy+4ChUalC3cMKFQ28ReDPkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxZGYyNDVlYWQ5OTgwZDJiMzk1MzM3ODJmNjVkNzU2NmQw
NDYyZDEwHhcNMjYwMzA1MTY0MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWYyMjQ4N2MyNTE5NzQwOGI4M2MzNzY1ZjdlMWYyYjM3YzAwMDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUOZdyp/Lnzht3dGXV+3ekpHRaff
I/9CnRFhbYbxKlhWeHdd3mPrBXb7gj8PTrRIVSFQ7OKCxVKRcptx8URW9x+FPzoG
Ttem3LmHLyZvmeiTQxyZvhgF5gXm6/0OGIdTIArKp5MQDtmI9+PMLRxjSCtZNjkz
YvM0bLP20cho8R+DEBJF/E9DAnpSfn6LUqYLhD5ixM0ZF3a89E/ET+lXEN8IqDKp
L+NuSXwXTX00jGaSur82e5u5j+sTPVqRKVWX4+bLPAbcWa+b1TsOaZ+nts2NdSnY
H57Jl0wISs7/qgCCOxbtqnMBRsfMdcePnZLhNvhzBbLjqIRr5khkxKPnzwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJHyJIfCUZdAi4PDdl9+Hys3wACGMB8GA1UdIwQY
MBaAFCHfJF6tmYDSs5UzeC9l11ZtBGLRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWQ4a1hxMlpnTkt6bFRONEwyWFhWbTBFWXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9kZjdkNmEtNDU5Mi00MDBiLWFkZTQt
MGVjNTIzNWQ0ZTlmLzEva2ZJa2g4SlJsMENMZzhOMlgzNGZLemZBQUlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9kZjdkNmEtNDU5Mi00MDBiLWFkZTQtMGVjNTIzNWQ0ZTlm
LzEvSWQ4a1hxMlpnTkt6bFRONEwyWFhWbTBFWXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQCBT1YAwQB
udrCMA8EAgACMAkDBwAqEPLAqqgwDQYJKoZIhvcNAQELBQADggEBAKJ1jYlz5i/x
K5Ajhh+fBCtTxPKBXHN7NIhesM8n+AeP3DMvogNIJq5f/QrnkbIFkHxS0ar3/hXe
8TRYrdcZMVgCzbDzLUhrwpj4TO7EJzRNEDJ1H3zegHjDdkmiBeYWPlOAHnP7csLA
F3PS6rxIy2DdACdjXwRpjXVF7NsEl2fR1ew0X2rLQ0g1XY27wdV2dNY61ivQTVvC
zTXqqqMxmO6+em1M10d3aHjUuPlXpcKHg6jqotDGrn9qzAtIJ891BemGgLKsY6Og
K9VByfuv9UbFpGb6MaPj3Qnps22qE1LvLQFC+fyITZwEG2sxM3hMn3gT9/VfFU/m
N++lUVQrKuQ=
-----END CERTIFICATE-----
Generated at Thu Mar 26 11:42:29 2026 by rpki-client