Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/568728-4c56-4a8f-afb3-c44f9d7ffdf6/1/aK1p0V03sENOzaLlc1KewA9CT3U.roa
File: aK1p0V03sENOzaLlc1KewA9CT3U.roa (raw, json)
Hash identifier: f8RzDUWHRQzJBmXmb26p8Bvk4LyHwBeyt5E3IMhySvM=
Subject key identifier: 68:AD:69:D1:5D:37:B0:43:4E:CD:A2:E5:73:52:9E:C0:0F:42:4F:75
Certificate issuer: /CN=597218c925e76e1e9809875f7ed1afa97ef6f79d
Certificate serial: 019BE670CC79ADB1CEAF05767B24CA8329D6
Authority key identifier: 59:72:18:C9:25:E7:6E:1E:98:09:87:5F:7E:D1:AF:A9:7E:F6:F7:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WXIYySXnbh6YCYdfftGvqX72950.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/74/568728-4c56-4a8f-afb3-c44f9d7ffdf6/1/aK1p0V03sENOzaLlc1KewA9CT3U.roa
Signing time: Thu 22 Jan 2026 16:01:50 +0000
ROA not before: Thu 22 Jan 2026 16:01:50 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213677
IP address blocks: 81.127.0.0/17 maxlen: 24
81.127.128.0/18 maxlen: 24
185.57.20.0/22 maxlen: 24
185.57.20.0/24 maxlen: 24
185.57.21.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/74/568728-4c56-4a8f-afb3-c44f9d7ffdf6/1/WXIYySXnbh6YCYdfftGvqX72950.crl
rsync://rpki.ripe.net/repository/DEFAULT/74/568728-4c56-4a8f-afb3-c44f9d7ffdf6/1/WXIYySXnbh6YCYdfftGvqX72950.mft
rsync://rpki.ripe.net/repository/DEFAULT/WXIYySXnbh6YCYdfftGvqX72950.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 20:56:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:e6:70:cc:79:ad:b1:ce:af:05:76:7b:24:ca:83:29:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=597218c925e76e1e9809875f7ed1afa97ef6f79d
Validity
Not Before: Jan 22 16:01:50 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=68ad69d15d37b0434ecda2e573529ec00f424f75
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:1b:0c:d4:d7:46:f3:bb:19:3f:d3:5e:01:60:
db:77:77:b0:12:91:22:2c:74:af:48:1f:21:71:6d:
74:0a:7f:91:03:82:af:cb:c2:19:c6:8a:fe:6b:bf:
4f:ec:32:34:7d:54:0f:01:06:57:b7:ab:eb:0e:40:
d2:4d:de:63:88:bd:89:61:4a:9f:f4:41:6c:35:58:
07:e8:75:f1:5f:71:47:b5:19:11:2c:66:a1:a3:f6:
d8:80:be:f5:5c:97:77:19:50:cd:26:ea:2c:4c:9f:
f7:06:20:50:53:fe:a7:ba:d9:af:f2:b6:ee:3b:63:
64:d9:58:48:6f:fc:24:fa:21:36:29:11:de:69:53:
c1:a9:c4:d9:c1:5d:a1:36:30:e6:09:f1:f0:18:5d:
c7:c3:79:7c:c5:20:4f:92:43:61:84:3f:2b:42:06:
c9:0f:e8:b5:ff:a0:eb:8e:06:bc:d8:b9:5c:6a:4c:
3e:0a:9e:c0:c3:30:af:af:3c:c0:7e:8d:25:9d:76:
91:9e:e7:e6:d4:49:41:2d:21:7c:7f:60:56:1c:59:
89:bd:78:18:5e:45:85:2e:a2:22:1b:a9:d3:aa:93:
89:da:c5:9d:85:7b:f9:47:0f:3a:48:3e:9b:7e:45:
b9:90:df:89:02:de:94:41:56:bb:1f:75:ce:fd:db:
61:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:AD:69:D1:5D:37:B0:43:4E:CD:A2:E5:73:52:9E:C0:0F:42:4F:75
X509v3 Authority Key Identifier:
keyid:59:72:18:C9:25:E7:6E:1E:98:09:87:5F:7E:D1:AF:A9:7E:F6:F7:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXIYySXnbh6YCYdfftGvqX72950.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/568728-4c56-4a8f-afb3-c44f9d7ffdf6/1/aK1p0V03sENOzaLlc1KewA9CT3U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/74/568728-4c56-4a8f-afb3-c44f9d7ffdf6/1/WXIYySXnbh6YCYdfftGvqX72950.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.127.0.0-81.127.191.255
185.57.20.0/22
Signature Algorithm: sha256WithRSAEncryption
70:4a:ad:ec:47:74:d5:c2:34:c0:28:4a:4a:99:8d:e9:e3:63:
ae:19:c5:1a:f0:d0:47:b6:2c:1e:ee:bb:62:f9:a4:01:fb:ef:
75:9f:a1:23:bb:d6:ff:a5:82:64:73:b3:64:91:61:48:5d:31:
fa:f3:8e:11:83:84:4b:04:9a:47:05:dd:99:81:b6:c7:21:8e:
34:8d:2d:c7:2d:c2:08:b2:7d:30:2c:19:39:34:f9:4b:fd:98:
01:f1:c1:13:82:d3:52:82:1e:6d:2f:68:4a:46:82:c0:ff:25:
a9:2f:63:07:a7:25:d3:a7:05:8b:7d:58:c9:38:af:c8:14:69:
f3:91:01:30:e9:a5:aa:07:ea:43:5b:99:20:28:27:de:46:4b:
e1:0b:4f:4d:39:1d:b7:36:ef:dd:81:89:f7:d5:61:a2:89:a8:
55:93:0f:9e:40:ce:79:24:b0:d1:9c:9c:08:e4:50:ee:a6:ce:
9c:bf:56:eb:26:d9:ae:19:9a:f9:c4:10:10:a7:fa:fd:9f:90:
c0:c9:16:40:73:04:0c:16:1a:45:22:0c:54:d5:0d:3e:53:d6:
4b:6f:e2:0b:fa:4f:f9:12:21:d6:cb:81:bb:87:36:7c:73:ee:
bf:82:46:c6:5e:4e:af:9f:af:4e:f5:dc:f8:c0:5c:64:e3:f1:
d4:b5:f7:6f
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZvmcMx5rbHOrwV2eyTKgynWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NzIxOGM5MjVlNzZlMWU5ODA5ODc1ZjdlZDFhZmE5N2Vm
NmY3OWQwHhcNMjYwMTIyMTYwMTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGFkNjlkMTVkMzdiMDQzNGVjZGEyZTU3MzUyOWVjMDBmNDI0Zjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRsM1NdG87sZP9NeAWDbd3ewEpEi
LHSvSB8hcW10Cn+RA4Kvy8IZxor+a79P7DI0fVQPAQZXt6vrDkDSTd5jiL2JYUqf
9EFsNVgH6HXxX3FHtRkRLGaho/bYgL71XJd3GVDNJuosTJ/3BiBQU/6nutmv8rbu
O2Nk2VhIb/wk+iE2KRHeaVPBqcTZwV2hNjDmCfHwGF3Hw3l8xSBPkkNhhD8rQgbJ
D+i1/6Drjga82Llcakw+Cp7AwzCvrzzAfo0lnXaRnufm1ElBLSF8f2BWHFmJvXgY
XkWFLqIiG6nTqpOJ2sWdhXv5Rw86SD6bfkW5kN+JAt6UQVa7H3XO/dthLwIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFGitadFdN7BDTs2i5XNSnsAPQk91MB8GA1UdIwQY
MBaAFFlyGMkl524emAmHX37Rr6l+9vedMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hJWXlTWG5iaDZZQ1lkZmZ0R3ZxWDcyOTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC81Njg3MjgtNGM1Ni00YThmLWFmYjMt
YzQ0ZjlkN2ZmZGY2LzEvYUsxcDBWMDNzRU5PemFMbGMxS2V3QTlDVDNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC81Njg3MjgtNGM1Ni00YThmLWFmYjMtYzQ0ZjlkN2ZmZGY2
LzEvV1hJWXlTWG5iaDZZQ1lkZmZ0R3ZxWDcyOTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATMAsDAwBRfwME
BlF/gAMEArk5FDANBgkqhkiG9w0BAQsFAAOCAQEAcEqt7Ed01cI0wChKSpmN6eNj
rhnFGvDQR7YsHu67YvmkAfvvdZ+hI7vW/6WCZHOzZJFhSF0x+vOOEYOESwSaRwXd
mYG2xyGONI0txy3CCLJ9MCwZOTT5S/2YAfHBE4LTUoIebS9oSkaCwP8lqS9jB6cl
06cFi31YyTivyBRp85EBMOmlqgfqQ1uZICgn3kZL4QtPTTkdtzbv3YGJ99Vhoomo
VZMPnkDOeSSw0ZycCORQ7qbOnL9W6ybZrhma+cQQEKf6/Z+QwMkWQHMEDBYaRSIM
VNUNPlPWS2/iC/pP+RIh1suBu4c2fHPuv4JGxl5Or5+vTvXc+MBcZOPx1LX3bw==
-----END CERTIFICATE-----
Generated at Fri Mar 27 05:14:28 2026 by rpki-client