Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/gKb0H_UIBgTewShefHz0BLEG1HY.roa
File: gKb0H_UIBgTewShefHz0BLEG1HY.roa (raw, json)
Hash identifier: Su7Y+GLvwUdO+snDQk0pWcX0rwHEJQV1+KuO0/Q9c9Q=
Subject key identifier: 80:A6:F4:1F:F5:08:06:04:DE:C1:28:5E:7C:7C:F4:04:B1:06:D4:76
Certificate issuer: /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial: 019DD777DC9E86482D171C80D1F4E360397B
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/gKb0H_UIBgTewShefHz0BLEG1HY.roa
Signing time: Wed 29 Apr 2026 04:20:49 +0000
ROA not before: Wed 29 Apr 2026 04:20:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 5650
IP address blocks: 89.125.40.0/21 maxlen: 21
89.125.141.0/24 maxlen: 24
89.125.164.0/24 maxlen: 24
89.125.184.0/24 maxlen: 24
89.125.224.0/20 maxlen: 20
167.17.44.0/23 maxlen: 23
206.245.136.0/21 maxlen: 21
208.123.184.0/24 maxlen: 24
208.123.186.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:d7:77:dc:9e:86:48:2d:17:1c:80:d1:f4:e3:60:39:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Validity
Not Before: Apr 29 04:20:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=80a6f41ff5080604dec1285e7c7cf404b106d476
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:7e:f3:c6:ee:30:ca:44:a8:eb:0f:d1:2d:04:
c1:26:3d:c8:35:a7:af:60:36:d2:66:32:2e:6a:2b:
a1:1c:7a:8c:74:b1:50:41:42:1a:c3:c6:5b:bd:93:
90:e1:07:11:22:70:5c:df:eb:24:da:14:f3:fd:7e:
fa:c0:93:5c:8a:e4:0d:4f:d6:2f:3c:81:55:ff:fe:
73:1e:5a:0a:91:e7:06:22:23:e3:53:af:1b:a0:b4:
94:15:bd:23:c9:cb:10:f1:47:e3:a9:b4:c4:e8:e5:
df:29:d2:2c:0b:ac:5d:f7:13:4c:3c:92:e9:cc:7e:
a6:55:6e:02:5a:ac:0d:71:7e:02:a8:af:34:01:b7:
fc:cc:90:14:ab:7d:57:5c:3a:3f:07:52:5e:f0:75:
e3:55:bb:9d:96:90:7d:c2:fb:21:7b:b5:16:da:1d:
46:50:85:8d:b1:e1:63:c4:d8:1a:19:11:45:fa:53:
6f:c1:16:8a:f7:3b:c4:65:4e:e7:c7:55:49:ed:68:
c5:26:62:43:0f:fd:9a:b1:ac:2f:28:f5:f6:2c:a5:
3c:10:c5:20:14:5e:a6:79:98:42:03:34:79:74:7f:
3b:95:ba:c1:55:e4:0f:73:5d:79:b6:8c:20:bc:cd:
65:85:9b:d5:40:76:f2:1d:49:4d:ab:96:fa:91:0d:
d2:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:A6:F4:1F:F5:08:06:04:DE:C1:28:5E:7C:7C:F4:04:B1:06:D4:76
X509v3 Authority Key Identifier:
keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/gKb0H_UIBgTewShefHz0BLEG1HY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.125.40.0/21
89.125.141.0/24
89.125.164.0/24
89.125.184.0/24
89.125.224.0/20
167.17.44.0/23
206.245.136.0/21
208.123.184.0/24
208.123.186.0/24
Signature Algorithm: sha256WithRSAEncryption
40:24:25:2f:ca:ea:68:0c:2c:cc:e6:8d:23:b1:29:d2:6f:49:
fc:e0:c5:c2:e4:f1:63:6e:98:30:b5:c4:5d:e9:cb:da:00:e1:
3c:9b:8d:5e:52:ef:cb:7d:3d:4b:fd:8f:61:2c:ce:d3:73:b4:
8d:0f:17:a1:1b:54:15:df:5e:5c:c8:60:0c:23:d3:f0:fc:9f:
8b:07:a0:e7:8a:54:3a:da:a3:f4:0c:05:bc:47:5d:5e:20:b6:
82:9b:78:c3:cf:19:85:a2:b3:42:f5:20:8f:26:33:6d:28:25:
c3:13:75:e0:3f:b6:cf:17:90:db:18:9f:5e:56:16:ab:0d:5d:
9c:33:7c:64:44:9d:2c:83:6c:de:e3:cb:73:8d:f5:d1:02:7c:
d9:02:96:38:f3:b2:a9:79:ef:b3:64:f7:40:9b:ab:71:0c:07:
94:e8:31:7e:5c:dc:ac:99:ef:94:15:95:bd:dd:22:28:5a:b0:
40:0d:3e:0a:d0:aa:c8:e1:d6:21:32:5f:36:6a:14:a1:e6:ce:
c3:a1:da:e3:9b:4b:fc:bf:92:73:c6:5a:c4:53:ec:0f:7a:7f:
12:5b:7c:b9:4a:68:72:6e:63:e1:32:db:b5:88:8b:cd:fe:92:
8e:15:24:03:29:0a:3a:8a:8e:c8:16:62:1e:1f:3e:c4:94:7a:
47:69:dc:54
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZ3Xd9yehkgtFxyA0fTjYDl7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDI5MDQyMDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGE2ZjQxZmY1MDgwNjA0ZGVjMTI4NWU3YzdjZjQwNGIxMDZkNDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtH7zxu4wykSo6w/RLQTBJj3INaev
YDbSZjIuaiuhHHqMdLFQQUIaw8ZbvZOQ4QcRInBc3+sk2hTz/X76wJNciuQNT9Yv
PIFV//5zHloKkecGIiPjU68boLSUFb0jycsQ8UfjqbTE6OXfKdIsC6xd9xNMPJLp
zH6mVW4CWqwNcX4CqK80Abf8zJAUq31XXDo/B1Je8HXjVbudlpB9wvshe7UW2h1G
UIWNseFjxNgaGRFF+lNvwRaK9zvEZU7nx1VJ7WjFJmJDD/2asawvKPX2LKU8EMUg
FF6meZhCAzR5dH87lbrBVeQPc115towgvM1lhZvVQHbyHUlNq5b6kQ3SfwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFICm9B/1CAYE3sEoXnx89ASxBtR2MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvZ0tiMEhfVUlCZ1Rld1NoZWZIejBCTEVHMUhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQDWX0oAwQA
WX2NAwQAWX2kAwQAWX24AwQEWX3gAwQBpxEsAwQDzvWIAwQA0Hu4AwQA0Hu6MA0G
CSqGSIb3DQEBCwUAA4IBAQBAJCUvyupoDCzM5o0jsSnSb0n84MXC5PFjbpgwtcRd
6cvaAOE8m41eUu/LfT1L/Y9hLM7Tc7SNDxehG1QV315cyGAMI9Pw/J+LB6DnilQ6
2qP0DAW8R11eILaCm3jDzxmForNC9SCPJjNtKCXDE3XgP7bPF5DbGJ9eVharDV2c
M3xkRJ0sg2ze48tzjfXRAnzZApY487Kpee+zZPdAm6txDAeU6DF+XNysme+UFZW9
3SIoWrBADT4K0KrI4dYhMl82ahSh5s7Dodrjm0v8v5JzxlrEU+wPen8SW3y5Smhy
bmPhMtu1iIvN/pKOFSQDKQo6io7IFmIeHz7ElHpHadxU
-----END CERTIFICATE-----
Generated at Tue May 12 22:05:52 2026 by rpki-client