Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/ba1c97-0e56-4840-b613-b361a2c457c4/1/i19szVZhRKN0uM8PI30DBqNVBcc.roa
File: i19szVZhRKN0uM8PI30DBqNVBcc.roa (raw, json)
Hash identifier: BxpnJWWpyzAJHpDXAkgY/3s3l/OZgniCap33rZlXUMY=
Subject key identifier: 8B:5F:6C:CD:56:61:44:A3:74:B8:CF:0F:23:7D:03:06:A3:55:05:C7
Certificate issuer: /CN=e5f985a94025448914deaa1742207304392513dd
Certificate serial: 019B7DCB5EFBF114A7C775431AC411C7FECA
Authority key identifier: E5:F9:85:A9:40:25:44:89:14:DE:AA:17:42:20:73:04:39:25:13:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5fmFqUAlRIkU3qoXQiBzBDklE90.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/ba1c97-0e56-4840-b613-b361a2c457c4/1/i19szVZhRKN0uM8PI30DBqNVBcc.roa
Signing time: Fri 02 Jan 2026 08:20:38 +0000
ROA not before: Fri 02 Jan 2026 08:20:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 212547
IP address blocks: 185.220.4.0/22 maxlen: 22
185.220.4.0/24 maxlen: 24
185.220.5.0/24 maxlen: 24
2a0b:ed40::/29 maxlen: 29
2a0b:ed40::/32 maxlen: 32
2a0b:ed41::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6a/ba1c97-0e56-4840-b613-b361a2c457c4/1/5fmFqUAlRIkU3qoXQiBzBDklE90.crl
rsync://rpki.ripe.net/repository/DEFAULT/6a/ba1c97-0e56-4840-b613-b361a2c457c4/1/5fmFqUAlRIkU3qoXQiBzBDklE90.mft
rsync://rpki.ripe.net/repository/DEFAULT/5fmFqUAlRIkU3qoXQiBzBDklE90.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 14:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7d:cb:5e:fb:f1:14:a7:c7:75:43:1a:c4:11:c7:fe:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e5f985a94025448914deaa1742207304392513dd
Validity
Not Before: Jan 2 08:20:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8b5f6ccd566144a374b8cf0f237d0306a35505c7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:87:7b:1c:c4:31:cc:aa:f2:2a:5d:2c:5e:af:
b8:4f:6c:bd:aa:23:f8:d1:0d:26:69:dd:e0:73:44:
8b:13:4a:90:5e:0d:e3:64:11:18:74:ed:cf:19:78:
05:72:09:50:ee:59:1f:ce:61:f9:0e:d4:0b:31:69:
ae:45:62:31:d6:9c:28:45:ba:f9:98:24:77:11:75:
8d:1a:4f:e5:57:b5:2d:a5:22:e0:64:ac:ef:d4:d6:
7a:30:7c:2d:b9:94:e1:5f:ad:8e:4c:4e:72:f4:24:
78:55:47:57:1a:bf:8c:47:19:bf:66:d3:ed:29:84:
6f:a0:4b:cb:f0:68:e2:1e:8b:f3:28:7b:cd:31:a2:
66:a8:6f:b8:d1:72:77:24:92:50:65:b1:f8:ab:56:
1a:35:23:1a:a4:04:5e:95:f8:fc:10:84:5c:9c:4b:
bb:06:e9:d5:60:06:c5:8a:6f:d4:91:ec:eb:f6:1f:
57:be:fd:19:97:da:38:d7:d8:b5:79:11:b7:b3:ab:
9c:c2:5a:fd:73:37:95:a0:2d:ed:4f:35:af:59:74:
1a:7c:03:b1:83:25:03:ee:01:a4:7d:a9:d3:6f:02:
8e:74:54:8b:f8:95:6f:56:9f:03:d7:29:82:60:83:
ce:4f:44:19:f6:98:1d:6b:4f:fc:b5:df:33:b5:f4:
c6:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:5F:6C:CD:56:61:44:A3:74:B8:CF:0F:23:7D:03:06:A3:55:05:C7
X509v3 Authority Key Identifier:
keyid:E5:F9:85:A9:40:25:44:89:14:DE:AA:17:42:20:73:04:39:25:13:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5fmFqUAlRIkU3qoXQiBzBDklE90.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/ba1c97-0e56-4840-b613-b361a2c457c4/1/i19szVZhRKN0uM8PI30DBqNVBcc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/ba1c97-0e56-4840-b613-b361a2c457c4/1/5fmFqUAlRIkU3qoXQiBzBDklE90.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.220.4.0/22
IPv6:
2a0b:ed40::/29
Signature Algorithm: sha256WithRSAEncryption
47:00:52:ca:67:8c:b5:9b:ca:ea:9a:85:2e:d0:09:91:8b:37:
88:20:d7:53:3d:53:ad:f8:2e:60:1a:72:c3:53:2c:02:ae:38:
2f:6e:ca:4c:44:01:f5:ec:54:76:1f:d1:91:3c:23:55:5c:28:
26:e5:93:c7:80:74:c6:49:76:79:50:53:ea:64:c2:3c:1e:66:
b9:65:00:f9:21:38:b3:99:8c:80:0a:7b:c9:d9:c3:4d:77:9d:
47:55:c8:bf:8d:ca:56:c6:88:10:34:c4:9f:4b:8a:99:4a:e7:
83:07:32:68:3a:84:47:4a:18:77:21:60:be:b4:75:3b:6e:e3:
61:e5:7a:25:b9:6c:81:27:43:40:5b:84:46:d0:1c:87:61:89:
25:ad:b7:0f:07:d9:6b:68:bd:35:6c:19:3c:05:7d:e2:e7:aa:
64:1b:7a:65:9a:c9:4f:83:97:37:cc:1a:5d:62:af:3a:a0:7b:
4b:76:66:99:56:10:09:fd:cf:a2:72:4e:a1:3d:7d:22:d8:2b:
31:78:8d:10:bc:b7:38:dc:c2:5d:97:b6:17:f3:88:ab:7f:1b:
3a:73:b2:c6:3b:d5:f3:02:40:8d:e3:01:c1:be:23:6c:2c:c6:
b9:0e:40:66:78:72:b3:55:93:1d:9d:d5:38:14:25:ae:3e:8f:
07:57:54:53
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt9y1778RSnx3VDGsQRx/7KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1Zjk4NWE5NDAyNTQ0ODkxNGRlYWExNzQyMjA3MzA0Mzky
NTEzZGQwHhcNMjYwMTAyMDgyMDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjVmNmNjZDU2NjE0NGEzNzRiOGNmMGYyMzdkMDMwNmEzNTUwNWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Id7HMQxzKryKl0sXq+4T2y9qiP4
0Q0mad3gc0SLE0qQXg3jZBEYdO3PGXgFcglQ7lkfzmH5DtQLMWmuRWIx1pwoRbr5
mCR3EXWNGk/lV7UtpSLgZKzv1NZ6MHwtuZThX62OTE5y9CR4VUdXGr+MRxm/ZtPt
KYRvoEvL8GjiHovzKHvNMaJmqG+40XJ3JJJQZbH4q1YaNSMapARelfj8EIRcnEu7
BunVYAbFim/Ukezr9h9Xvv0Zl9o419i1eRG3s6ucwlr9czeVoC3tTzWvWXQafAOx
gyUD7gGkfanTbwKOdFSL+JVvVp8D1ymCYIPOT0QZ9pgda0/8td8ztfTG3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFItfbM1WYUSjdLjPDyN9AwajVQXHMB8GA1UdIwQY
MBaAFOX5halAJUSJFN6qF0IgcwQ5JRPdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWZtRnFVQWxSSWtVM3FvWFFpQnpCRGtsRTkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9iYTFjOTctMGU1Ni00ODQwLWI2MTMt
YjM2MWEyYzQ1N2M0LzEvaTE5c3pWWmhSS04wdU04UEkzMERCcU5WQmNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9iYTFjOTctMGU1Ni00ODQwLWI2MTMtYjM2MWEyYzQ1N2M0
LzEvNWZtRnFVQWxSSWtVM3FvWFFpQnpCRGtsRTkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudwEMA0E
AgACMAcDBQMqC+1AMA0GCSqGSIb3DQEBCwUAA4IBAQBHAFLKZ4y1m8rqmoUu0AmR
izeIINdTPVOt+C5gGnLDUywCrjgvbspMRAH17FR2H9GRPCNVXCgm5ZPHgHTGSXZ5
UFPqZMI8Hma5ZQD5ITizmYyACnvJ2cNNd51HVci/jcpWxogQNMSfS4qZSueDBzJo
OoRHShh3IWC+tHU7buNh5XoluWyBJ0NAW4RG0ByHYYklrbcPB9lraL01bBk8BX3i
56pkG3plmslPg5c3zBpdYq86oHtLdmaZVhAJ/c+ick6hPX0i2CsxeI0QvLc43MJd
l7YX84irfxs6c7LGO9XzAkCN4wHBviNsLMa5DkBmeHKzVZMdndU4FCWuPo8HV1RT
-----END CERTIFICATE-----
Generated at Thu Mar 26 21:31:22 2026 by rpki-client