Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/FhwS6oj1IU2dmxLLYCr_Dh9nNPg.roa
File: FhwS6oj1IU2dmxLLYCr_Dh9nNPg.roa (raw, json)
Hash identifier: gw4ySzsoHkhiHwNr6SgUSv5IRZbxDqYLsZYznQCEK64=
Subject key identifier: 16:1C:12:EA:88:F5:21:4D:9D:9B:12:CB:60:2A:FF:0E:1F:67:34:F8
Certificate issuer: /CN=dfb1f6e00153a4918611b14b6b03f6812ed88a43
Certificate serial: 019D05D700367C303AB722BE05A81A27A733
Authority key identifier: DF:B1:F6:E0:01:53:A4:91:86:11:B1:4B:6B:03:F6:81:2E:D8:8A:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/37H24AFTpJGGEbFLawP2gS7YikM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/FhwS6oj1IU2dmxLLYCr_Dh9nNPg.roa
Signing time: Thu 19 Mar 2026 11:24:29 +0000
ROA not before: Thu 19 Mar 2026 11:24:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 204057
IP address blocks: 116.204.153.0/24 maxlen: 24
178.23.189.0/24 maxlen: 24
185.255.96.0/24 maxlen: 24
185.255.97.0/24 maxlen: 24
217.28.140.0/24 maxlen: 24
2a0d:6240::/32 maxlen: 32
2a0d:6241::/32 maxlen: 32
2a0d:6242::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/37H24AFTpJGGEbFLawP2gS7YikM.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/37H24AFTpJGGEbFLawP2gS7YikM.mft
rsync://rpki.ripe.net/repository/DEFAULT/37H24AFTpJGGEbFLawP2gS7YikM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 05:01:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:05:d7:00:36:7c:30:3a:b7:22:be:05:a8:1a:27:a7:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dfb1f6e00153a4918611b14b6b03f6812ed88a43
Validity
Not Before: Mar 19 11:24:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=161c12ea88f5214d9d9b12cb602aff0e1f6734f8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:ab:d4:3f:81:a7:55:be:18:1f:4f:c2:d6:9f:
24:cd:69:30:fc:44:f9:37:d6:6c:5a:31:77:7d:df:
5a:39:46:ea:69:d6:27:08:e1:7a:35:4e:d4:15:e4:
39:6a:e4:8c:43:3b:fc:c8:de:4d:51:fa:c6:59:3b:
5b:8b:0c:05:88:ae:7b:00:53:8a:8c:1c:8e:c1:e3:
92:ff:dc:3c:86:22:cd:1d:45:eb:6f:96:18:f5:f3:
7d:1a:5f:d6:f1:8e:80:55:10:64:1a:4c:0e:3a:bd:
6d:4e:8f:9a:ea:a3:6f:de:df:c8:83:22:08:8d:0e:
61:fd:e8:fa:c2:f9:b5:73:87:94:6c:9f:e6:c9:f5:
f5:e4:7e:ad:01:b6:e8:27:7d:68:6d:89:b0:ad:6b:
04:5e:e0:20:50:ae:1f:54:4a:93:a8:4e:ec:6d:3a:
41:e6:5c:f8:51:04:5f:68:67:01:ea:20:62:8b:45:
47:a9:cd:01:e4:bc:5d:8a:95:1e:d2:90:c5:48:72:
ed:fd:2e:70:7d:14:88:ab:48:1f:2b:45:75:0b:32:
bd:12:af:ee:b8:5c:c5:d9:ea:ba:3b:a6:cc:2c:0d:
4e:d9:1b:98:da:5a:61:b1:82:22:57:eb:e2:2f:e2:
1a:69:a9:d1:1f:27:91:23:ea:05:a6:f6:65:d6:fc:
7b:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:1C:12:EA:88:F5:21:4D:9D:9B:12:CB:60:2A:FF:0E:1F:67:34:F8
X509v3 Authority Key Identifier:
keyid:DF:B1:F6:E0:01:53:A4:91:86:11:B1:4B:6B:03:F6:81:2E:D8:8A:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/37H24AFTpJGGEbFLawP2gS7YikM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/FhwS6oj1IU2dmxLLYCr_Dh9nNPg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/37H24AFTpJGGEbFLawP2gS7YikM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
116.204.153.0/24
178.23.189.0/24
185.255.96.0/23
217.28.140.0/24
IPv6:
2a0d:6240::-2a0d:6242:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
4b:f2:0f:91:7e:ea:e0:e3:b1:e7:0e:6e:bf:a6:42:76:c4:a8:
ed:fe:2d:08:72:61:66:2f:dc:86:2b:23:79:ba:2d:39:bd:43:
c6:2c:50:d7:36:d9:13:fb:fd:7e:34:69:7d:8f:77:55:95:24:
d7:1b:0b:04:79:1b:79:76:00:77:47:88:d9:d9:13:3e:15:bb:
b5:a4:b7:a7:c1:d8:73:a0:cc:37:7b:65:3b:0f:49:8c:63:fd:
c9:4f:06:ee:ab:0a:ac:ed:9f:56:36:81:7b:38:7b:56:46:cf:
dc:69:50:13:36:b3:5f:47:dd:da:72:02:96:d1:73:3f:c9:25:
61:b5:ba:00:d9:c5:c2:9d:86:08:0d:c8:03:41:1d:1f:f3:0a:
aa:56:1a:d7:04:fe:b3:d6:3c:3b:88:54:16:e4:2c:8a:3a:60:
5c:7c:00:03:bb:58:44:62:b2:a6:22:8e:a8:09:f8:00:3b:2b:
29:2f:15:63:f1:94:9d:89:39:4f:7c:0a:63:ef:5e:12:61:7a:
06:7f:f4:2b:a3:38:17:ce:96:36:5a:71:74:96:2d:d3:63:a6:
38:b5:cb:ca:49:6c:70:fe:48:96:87:8f:e8:17:bd:ca:2d:f0:
8e:d1:14:b8:2b:57:3e:50:0a:46:32:35:a0:94:b9:1d:6d:a7:
cc:96:fd:fb
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZ0F1wA2fDA6tyK+BagaJ6czMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYjFmNmUwMDE1M2E0OTE4NjExYjE0YjZiMDNmNjgxMmVk
ODhhNDMwHhcNMjYwMzE5MTEyNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjFjMTJlYTg4ZjUyMTRkOWQ5YjEyY2I2MDJhZmYwZTFmNjczNGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqvUP4GnVb4YH0/C1p8kzWkw/ET5
N9ZsWjF3fd9aOUbqadYnCOF6NU7UFeQ5auSMQzv8yN5NUfrGWTtbiwwFiK57AFOK
jByOweOS/9w8hiLNHUXrb5YY9fN9Gl/W8Y6AVRBkGkwOOr1tTo+a6qNv3t/IgyII
jQ5h/ej6wvm1c4eUbJ/myfX15H6tAbboJ31obYmwrWsEXuAgUK4fVEqTqE7sbTpB
5lz4UQRfaGcB6iBii0VHqc0B5LxdipUe0pDFSHLt/S5wfRSIq0gfK0V1CzK9Eq/u
uFzF2eq6O6bMLA1O2RuY2lphsYIiV+viL+IaaanRHyeRI+oFpvZl1vx7jQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFBYcEuqI9SFNnZsSy2Aq/w4fZzT4MB8GA1UdIwQY
MBaAFN+x9uABU6SRhhGxS2sD9oEu2IpDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzdIMjRBRlRwSkdHRWJGTGF3UDJnUzdZaWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS81Mzc5ZTUtM2Q4NS00MWIxLTlkNzEt
ODEwNjI3ZmIyNjcxLzEvRmh3UzZvajFJVTJkbXhMTFlDcl9EaDluTlBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS81Mzc5ZTUtM2Q4NS00MWIxLTlkNzEtODEwNjI3ZmIyNjcx
LzEvMzdIMjRBRlRwSkdHRWJGTGF3UDJnUzdZaWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAeBAIAATAYAwQAdMyZAwQA
she9AwQBuf9gAwQA2RyMMBYEAgACMBAwDgMFBioNYkADBQAqDWJCMA0GCSqGSIb3
DQEBCwUAA4IBAQBL8g+Rfurg47HnDm6/pkJ2xKjt/i0IcmFmL9yGKyN5ui05vUPG
LFDXNtkT+/1+NGl9j3dVlSTXGwsEeRt5dgB3R4jZ2RM+Fbu1pLenwdhzoMw3e2U7
D0mMY/3JTwbuqwqs7Z9WNoF7OHtWRs/caVATNrNfR93acgKW0XM/ySVhtboA2cXC
nYYIDcgDQR0f8wqqVhrXBP6z1jw7iFQW5CyKOmBcfAADu1hEYrKmIo6oCfgAOysp
LxVj8ZSdiTlPfApj714SYXoGf/QrozgXzpY2WnF0li3TY6Y4tcvKSWxw/kiWh4/o
F73KLfCO0RS4K1c+UApGMjWglLkdbafMlv37
-----END CERTIFICATE-----
Generated at Thu Mar 26 13:07:24 2026 by rpki-client