Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/KaWxpKY_T5ErdnjVC8ZTt1lE5bs.roa
File: KaWxpKY_T5ErdnjVC8ZTt1lE5bs.roa (raw, json)
Hash identifier: kPEHRp9KCQjcJt4o+1TM3AIqpk7o02O9jS/MiuCXU/c=
Subject key identifier: 29:A5:B1:A4:A6:3F:4F:91:2B:76:78:D5:0B:C6:53:B7:59:44:E5:BB
Certificate issuer: /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial: 019D19AB9BB06A8B8F0454AB0CA84C74ED82
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/KaWxpKY_T5ErdnjVC8ZTt1lE5bs.roa
Signing time: Mon 23 Mar 2026 07:49:30 +0000
ROA not before: Mon 23 Mar 2026 07:49:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 63199
IP address blocks: 147.90.5.0/24 maxlen: 24
147.90.6.0/24 maxlen: 24
147.90.8.0/24 maxlen: 24
158.173.205.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 19:01:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:19:ab:9b:b0:6a:8b:8f:04:54:ab:0c:a8:4c:74:ed:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
Validity
Not Before: Mar 23 07:49:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=29a5b1a4a63f4f912b7678d50bc653b75944e5bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:39:b9:44:03:85:67:34:57:e8:6a:af:cf:ad:
02:45:f2:9c:b4:b9:01:20:37:be:9d:5c:d6:f0:8f:
cc:76:d2:da:1b:33:5b:fc:b1:22:d9:4e:5d:e6:56:
31:c7:84:64:5d:08:33:e6:27:cc:09:df:a6:3f:ba:
f6:88:16:21:f8:11:63:82:ec:ed:6d:85:eb:d1:a4:
b7:5e:d3:6c:f7:f2:4d:86:da:15:bb:b9:97:4f:5b:
aa:6d:b4:e6:50:84:64:e8:67:e8:14:e9:0f:dd:63:
e5:fb:42:83:e8:ca:9c:9e:66:10:aa:d0:22:63:63:
ad:09:7a:3c:0d:5c:a6:1f:05:5f:50:30:d1:0a:10:
56:1d:78:83:d9:94:60:9a:72:8e:81:5c:d2:3e:1e:
25:da:f6:7a:71:fb:4f:42:33:69:d4:f3:47:76:e7:
1a:32:4a:60:45:6b:87:6a:73:b4:a8:71:9b:51:aa:
d8:04:64:c1:ed:d1:bc:0c:c3:0a:d1:8b:d0:b4:ff:
81:03:30:76:e1:17:8e:1c:d7:0a:a5:e3:74:2d:86:
56:1e:2a:49:74:04:b9:1e:aa:b1:66:6f:6d:67:6a:
44:52:aa:e6:17:32:d0:a5:b8:75:fc:4c:d1:68:d8:
32:92:b7:34:58:4f:da:fd:51:c6:40:0f:db:ed:fb:
39:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:A5:B1:A4:A6:3F:4F:91:2B:76:78:D5:0B:C6:53:B7:59:44:E5:BB
X509v3 Authority Key Identifier:
keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/KaWxpKY_T5ErdnjVC8ZTt1lE5bs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.90.5.0-147.90.6.255
147.90.8.0/24
158.173.205.0/24
Signature Algorithm: sha256WithRSAEncryption
b4:30:da:c4:ab:30:db:d5:7e:22:4a:90:77:74:4e:f2:30:21:
64:26:c9:76:76:cb:66:56:80:f7:a0:46:95:92:28:c6:55:bb:
8a:90:3b:5c:64:d4:59:0f:67:1f:1a:86:72:4b:d3:63:ba:64:
1b:c2:fc:f6:f1:f1:d6:19:ba:09:85:a2:3e:1f:0c:d3:0a:8c:
d4:d6:90:8b:12:56:10:02:5c:c3:92:dc:05:77:11:80:b6:7e:
74:4a:f7:33:d0:13:e2:c3:8c:91:4b:8d:71:75:3f:d8:db:85:
b2:2c:78:22:3a:13:31:56:b0:2b:55:2f:aa:c6:54:3c:b5:ce:
e2:d9:a7:22:69:9b:5f:0a:54:db:e4:38:ac:d9:84:c0:f0:2d:
5d:1b:da:c4:8c:76:5e:18:92:ae:f1:2a:98:80:d4:59:03:86:
96:d5:5e:bf:35:1f:ec:00:90:b3:d5:88:71:d7:af:0e:da:a5:
44:e7:e1:81:18:4e:75:06:07:a3:10:07:ec:25:ee:d3:e3:7d:
5d:d5:16:a0:12:f1:d7:c5:d1:8a:bd:2b:41:b5:40:76:e7:2b:
77:94:db:d8:6c:ed:1c:7e:a0:ec:5b:0e:14:69:96:e7:86:39:
f6:2d:73:49:ff:65:2b:5c:d8:34:ea:49:1f:02:00:95:9a:72:
71:35:7f:8b
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZ0Zq5uwaouPBFSrDKhMdO2CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzIzMDc0OTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWE1YjFhNGE2M2Y0ZjkxMmI3Njc4ZDUwYmM2NTNiNzU5NDRlNWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozm5RAOFZzRX6Gqvz60CRfKctLkB
IDe+nVzW8I/MdtLaGzNb/LEi2U5d5lYxx4RkXQgz5ifMCd+mP7r2iBYh+BFjguzt
bYXr0aS3XtNs9/JNhtoVu7mXT1uqbbTmUIRk6GfoFOkP3WPl+0KD6MqcnmYQqtAi
Y2OtCXo8DVymHwVfUDDRChBWHXiD2ZRgmnKOgVzSPh4l2vZ6cftPQjNp1PNHduca
MkpgRWuHanO0qHGbUarYBGTB7dG8DMMK0YvQtP+BAzB24ReOHNcKpeN0LYZWHipJ
dAS5HqqxZm9tZ2pEUqrmFzLQpbh1/EzRaNgykrc0WE/a/VHGQA/b7fs5tQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFCmlsaSmP0+RK3Z41QvGU7dZROW7MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvS2FXeHBLWV9UNUVyZG5qVkM4WlR0MWxFNWJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBACTWgUD
BACTWgYDBACTWggDBACerc0wDQYJKoZIhvcNAQELBQADggEBALQw2sSrMNvVfiJK
kHd0TvIwIWQmyXZ2y2ZWgPegRpWSKMZVu4qQO1xk1FkPZx8ahnJL02O6ZBvC/Pbx
8dYZugmFoj4fDNMKjNTWkIsSVhACXMOS3AV3EYC2fnRK9zPQE+LDjJFLjXF1P9jb
hbIseCI6EzFWsCtVL6rGVDy1zuLZpyJpm18KVNvkOKzZhMDwLV0b2sSMdl4Ykq7x
KpiA1FkDhpbVXr81H+wAkLPViHHXrw7apUTn4YEYTnUGB6MQB+wl7tPjfV3VFqAS
8dfF0Yq9K0G1QHbnK3eU29hs7Rx+oOxbDhRplueGOfYtc0n/ZStc2DTqSR8CAJWa
cnE1f4s=
-----END CERTIFICATE-----
Generated at Thu Mar 26 05:26:33 2026 by rpki-client