Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/iYmfX-Xr2WV-ryyeYGg2faUJK3c.roa
File: iYmfX-Xr2WV-ryyeYGg2faUJK3c.roa (raw, json)
Hash identifier: 42KCUZzyT040surN1C17Y5tix8TWbmapzOCWog8iRSA=
Subject key identifier: 89:89:9F:5F:E5:EB:D9:65:7E:AF:2C:9E:60:68:36:7D:A5:09:2B:77
Certificate issuer: /CN=c44db8b0983acf97a3255152c2ea592adae7735b
Certificate serial: 019D1A36C30CB177B81A13B094E2303D631E
Authority key identifier: C4:4D:B8:B0:98:3A:CF:97:A3:25:51:52:C2:EA:59:2A:DA:E7:73:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xE24sJg6z5ejJVFSwupZKtrnc1s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/iYmfX-Xr2WV-ryyeYGg2faUJK3c.roa
Signing time: Mon 23 Mar 2026 10:21:29 +0000
ROA not before: Mon 23 Mar 2026 10:21:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 63911
IP address blocks: 81.85.128.0/19 maxlen: 24
85.136.16.0/20 maxlen: 24
85.136.48.0/20 maxlen: 24
85.136.84.0/22 maxlen: 24
85.136.120.0/21 maxlen: 24
85.136.144.0/21 maxlen: 24
85.136.212.0/22 maxlen: 24
85.136.216.0/22 maxlen: 22
85.136.220.0/22 maxlen: 24
85.137.4.0/22 maxlen: 24
85.137.8.0/22 maxlen: 24
85.137.12.0/22 maxlen: 24
85.137.32.0/20 maxlen: 24
85.137.64.0/20 maxlen: 24
85.137.96.0/20 maxlen: 24
165.217.112.0/20 maxlen: 24
213.18.224.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/xE24sJg6z5ejJVFSwupZKtrnc1s.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/xE24sJg6z5ejJVFSwupZKtrnc1s.mft
rsync://rpki.ripe.net/repository/DEFAULT/xE24sJg6z5ejJVFSwupZKtrnc1s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 09:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:1a:36:c3:0c:b1:77:b8:1a:13:b0:94:e2:30:3d:63:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c44db8b0983acf97a3255152c2ea592adae7735b
Validity
Not Before: Mar 23 10:21:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=89899f5fe5ebd9657eaf2c9e6068367da5092b77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:9e:43:15:e6:71:b0:3b:a5:17:ab:57:5a:08:
9b:4b:62:7b:8e:13:7e:79:8a:eb:62:ee:95:c9:15:
19:06:a1:f0:bc:bb:ab:78:2f:58:d8:2b:63:e7:93:
19:88:09:d7:df:4b:84:6d:2c:19:4b:e2:0c:ad:e7:
33:ca:24:23:b7:bf:de:96:29:bd:e3:5a:69:f2:49:
e1:f1:16:1c:f2:73:1a:a4:71:2f:57:af:5f:03:a7:
f9:e6:c4:d0:29:d8:ab:7b:23:c1:ee:bb:e3:be:17:
14:18:ed:d4:92:92:f0:32:01:c6:98:3d:a2:57:24:
55:40:39:a7:df:e6:76:eb:a6:97:2c:1f:f5:91:00:
e1:23:f9:a1:66:cc:03:64:39:e7:49:83:59:b4:a8:
f3:70:8f:fc:53:9b:2a:7c:91:89:e2:ef:ac:c3:d8:
68:29:9f:26:a8:bd:99:81:a1:b5:30:71:77:0b:2b:
8e:ab:98:74:81:bf:76:c6:cd:12:d3:5d:7f:db:3b:
78:02:5f:83:14:56:93:36:4f:67:df:4d:01:23:96:
ef:ec:f5:db:a6:42:80:b3:60:13:86:e6:fe:01:ab:
a9:1e:cf:46:41:1f:09:d8:05:3b:7d:1d:23:93:16:
ab:18:7b:59:35:da:1f:c1:b2:c9:00:5c:8a:8f:47:
9b:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:89:9F:5F:E5:EB:D9:65:7E:AF:2C:9E:60:68:36:7D:A5:09:2B:77
X509v3 Authority Key Identifier:
keyid:C4:4D:B8:B0:98:3A:CF:97:A3:25:51:52:C2:EA:59:2A:DA:E7:73:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xE24sJg6z5ejJVFSwupZKtrnc1s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/iYmfX-Xr2WV-ryyeYGg2faUJK3c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/xE24sJg6z5ejJVFSwupZKtrnc1s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.85.128.0/19
85.136.16.0/20
85.136.48.0/20
85.136.84.0/22
85.136.120.0/21
85.136.144.0/21
85.136.212.0-85.136.223.255
85.137.4.0-85.137.15.255
85.137.32.0/20
85.137.64.0/20
85.137.96.0/20
165.217.112.0/20
213.18.224.0/20
Signature Algorithm: sha256WithRSAEncryption
70:21:d3:a9:b2:3e:0b:e5:07:71:0c:85:a6:09:42:01:aa:c4:
cf:8e:70:91:4e:14:22:38:25:8d:8b:a0:c1:a4:3e:6c:52:32:
62:5f:f0:27:6d:7d:cc:49:8b:1a:3e:a9:7a:22:2e:36:be:4a:
e8:8b:a9:e2:cc:f5:e8:d6:24:81:d2:6b:0d:c0:9e:80:2a:93:
38:3e:01:04:c1:c0:7f:41:ba:d8:a1:e9:c8:e0:4a:9f:c7:60:
ad:dc:5d:44:a6:39:f4:ed:70:2b:0b:c9:ab:4b:5f:9c:70:68:
f4:dc:7e:07:95:e5:c7:9d:fa:c0:f0:76:1f:c0:a1:0e:3a:b6:
db:2b:b9:57:5f:4e:7b:db:1d:ef:08:fb:97:41:0f:95:24:be:
b5:b4:bc:46:e7:5d:9b:4b:00:ad:b2:d2:59:47:01:4b:4c:38:
e7:77:cd:1f:db:a1:3b:89:5e:24:5e:82:8e:20:d6:a2:ff:d8:
97:10:27:63:1e:cf:ed:50:8e:34:40:3b:1f:14:51:c4:f7:11:
85:be:21:b3:10:e8:c6:3e:a7:a2:5b:d4:2b:48:40:e7:3d:bd:
9e:25:d9:18:11:03:d0:de:d7:76:d7:db:ee:da:c8:28:07:f1:
09:86:90:2f:b8:4a:c1:ca:5a:b3:b4:4d:8b:f8:ee:5f:1e:39:
81:45:90:0c
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAZ0aNsMMsXe4GhOwlOIwPWMeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NGRiOGIwOTgzYWNmOTdhMzI1NTE1MmMyZWE1OTJhZGFl
NzczNWIwHhcNMjYwMzIzMTAyMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTg5OWY1ZmU1ZWJkOTY1N2VhZjJjOWU2MDY4MzY3ZGE1MDkyYjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArp5DFeZxsDulF6tXWgibS2J7jhN+
eYrrYu6VyRUZBqHwvLureC9Y2Ctj55MZiAnX30uEbSwZS+IMreczyiQjt7/elim9
41pp8knh8RYc8nMapHEvV69fA6f55sTQKdireyPB7rvjvhcUGO3UkpLwMgHGmD2i
VyRVQDmn3+Z266aXLB/1kQDhI/mhZswDZDnnSYNZtKjzcI/8U5sqfJGJ4u+sw9ho
KZ8mqL2ZgaG1MHF3CyuOq5h0gb92xs0S011/2zt4Al+DFFaTNk9n300BI5bv7PXb
pkKAs2AThub+AaupHs9GQR8J2AU7fR0jkxarGHtZNdofwbLJAFyKj0eblQIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFImJn1/l69llfq8snmBoNn2lCSt3MB8GA1UdIwQY
MBaAFMRNuLCYOs+XoyVRUsLqWSra53NbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEUyNHNKZzZ6NWVqSlZGU3d1cFpLdHJuYzFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC80Mzc4OTctYWY1OC00OTU5LThlNzYt
ZWVkZDk0ZWMxMjhjLzEvaVltZlgtWHIyV1Ytcnl5ZVlHZzJmYVVKSzNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC80Mzc4OTctYWY1OC00OTU5LThlNzYtZWVkZDk0ZWMxMjhj
LzEveEUyNHNKZzZ6NWVqSlZGU3d1cFpLdHJuYzFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeAwQFUVWAAwQE
VYgQAwQEVYgwAwQCVYhUAwQDVYh4AwQDVYiQMAwDBAJViNQDBAVViMAwDAMEAlWJ
BAMEBFWJAAMEBFWJIAMEBFWJQAMEBFWJYAMEBKXZcAMEBNUS4DANBgkqhkiG9w0B
AQsFAAOCAQEAcCHTqbI+C+UHcQyFpglCAarEz45wkU4UIjgljYugwaQ+bFIyYl/w
J219zEmLGj6peiIuNr5K6Iup4sz16NYkgdJrDcCegCqTOD4BBMHAf0G62KHpyOBK
n8dgrdxdRKY59O1wKwvJq0tfnHBo9Nx+B5Xlx536wPB2H8ChDjq22yu5V19Oe9sd
7wj7l0EPlSS+tbS8Ruddm0sArbLSWUcBS0w453fNH9uhO4leJF6CjiDWov/YlxAn
Yx7P7VCONEA7HxRRxPcRhb4hsxDoxj6nolvUK0hA5z29niXZGBED0N7Xdtfb7trI
KAfxCYaQL7hKwcpas7RNi/juXx45gUWQDA==
-----END CERTIFICATE-----
Generated at Thu Mar 26 14:01:55 2026 by rpki-client