Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/Bh3T0wrbLTJNrgrFw5i_pM5iRtQ.roa
File: Bh3T0wrbLTJNrgrFw5i_pM5iRtQ.roa (raw, json)
Hash identifier: WA266Ck4o7dnRZpdhoDA7vpztTFIYRX6CCiGAbMsH1Q=
Subject key identifier: 06:1D:D3:D3:0A:DB:2D:32:4D:AE:0A:C5:C3:98:BF:A4:CE:62:46:D4
Certificate issuer: /CN=10543a5197eb2544447e9d36b3ebf14452c777eb
Certificate serial: 019D0ABA870E5C39C371BF0158E792F3BC6A
Authority key identifier: 10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/Bh3T0wrbLTJNrgrFw5i_pM5iRtQ.roa
Signing time: Fri 20 Mar 2026 10:11:29 +0000
ROA not before: Fri 20 Mar 2026 10:11:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 2110
IP address blocks: 78.16.0.0/16 maxlen: 16
185.146.180.0/22 maxlen: 22
185.146.180.0/24 maxlen: 24
192.111.39.0/24 maxlen: 24
193.95.128.0/18 maxlen: 24
193.120.0.0/16 maxlen: 16
193.120.52.0/24 maxlen: 24
193.120.216.0/24 maxlen: 24
193.203.128.0/19 maxlen: 19
194.46.192.0/18 maxlen: 18
194.125.0.0/17 maxlen: 17
194.145.128.0/21 maxlen: 21
194.165.160.0/19 maxlen: 19
212.2.160.0/19 maxlen: 19
213.202.128.0/18 maxlen: 18
2001:7c8::/29 maxlen: 29
2001:7c8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.crl
rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.mft
rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 16:32:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:0a:ba:87:0e:5c:39:c3:71:bf:01:58:e7:92:f3:bc:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=10543a5197eb2544447e9d36b3ebf14452c777eb
Validity
Not Before: Mar 20 10:11:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=061dd3d30adb2d324dae0ac5c398bfa4ce6246d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:c5:be:39:3a:64:e9:55:ce:24:bc:97:14:cd:
98:d9:e8:d7:2e:6a:e5:3c:a8:b1:5d:52:48:08:56:
5c:de:da:cb:e7:f5:4f:14:e5:30:6d:70:25:8c:e7:
d0:7f:8b:01:2a:99:d0:d2:b2:40:0d:41:31:b4:3d:
dc:43:c3:76:2f:11:a2:74:a3:3b:d0:5f:54:43:42:
46:62:ba:46:55:84:ac:2e:06:ad:42:2c:25:e7:c7:
d2:d4:92:f9:7b:cc:f9:d5:83:34:00:10:f4:6d:39:
ed:fc:80:56:07:eb:da:a5:53:6b:13:d8:58:e7:2c:
b2:ad:2d:ed:39:ef:55:4a:f3:b1:6c:19:f7:32:38:
33:f0:d8:aa:61:5c:39:d5:78:9f:21:d0:f6:3d:c8:
f7:66:9d:65:29:3e:83:b5:56:43:0b:5e:bc:9b:ea:
a0:ff:f5:50:ac:b9:ae:1e:fa:f7:2f:76:58:c0:d6:
eb:a9:b0:a1:6e:cf:f1:56:1b:ff:8e:fa:c9:62:51:
1f:f6:ef:56:e8:29:c5:0e:10:3d:e1:bf:01:b6:7a:
36:57:5b:e3:3b:c7:8a:d6:06:98:49:d0:c7:fb:d6:
2a:db:b3:8a:1d:44:36:ed:86:a9:57:e4:ac:6d:28:
fc:10:40:7c:59:c5:56:ca:f1:6f:5b:1f:9b:2e:6c:
db:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:1D:D3:D3:0A:DB:2D:32:4D:AE:0A:C5:C3:98:BF:A4:CE:62:46:D4
X509v3 Authority Key Identifier:
keyid:10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/Bh3T0wrbLTJNrgrFw5i_pM5iRtQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.16.0.0/16
185.146.180.0/22
192.111.39.0/24
193.95.128.0/18
193.120.0.0/16
193.203.128.0/19
194.46.192.0/18
194.125.0.0/17
194.145.128.0/21
194.165.160.0/19
212.2.160.0/19
213.202.128.0/18
IPv6:
2001:7c8::/29
Signature Algorithm: sha256WithRSAEncryption
7a:ba:56:05:e9:58:e9:a1:bf:f5:24:98:e8:a0:9f:45:dc:8b:
e8:64:13:8a:c2:8d:88:b0:67:06:d2:ef:4b:71:58:64:30:95:
e9:e1:cc:bd:55:ad:1c:f2:7b:8e:85:ff:d8:3b:22:39:b7:50:
ba:a6:32:b5:a4:bc:16:e8:20:40:12:f7:9f:bc:ae:1e:09:35:
80:c6:c3:d6:2f:dd:ee:96:96:84:c1:87:d6:08:9f:59:10:6c:
56:b0:9b:31:3f:f6:ec:9e:12:e7:59:2b:c3:89:8f:57:f1:03:
9a:e7:fd:21:b1:b0:ef:63:40:b4:8e:d3:02:ba:b0:f1:19:7f:
a8:2d:7b:f9:5e:ae:46:1e:97:f0:ed:2b:5f:2d:e8:e9:3a:6c:
a9:f6:af:43:cf:46:4a:7e:da:97:30:1f:b3:26:a2:cc:fd:1a:
c4:a7:2f:5b:e5:c5:68:d3:e1:9a:54:f7:ab:53:f2:5d:60:22:
60:88:ca:a8:52:c1:a3:de:d2:67:84:8a:8d:a3:9f:f7:d3:f8:
48:28:6b:a9:5c:71:56:56:1c:c5:c2:2d:0c:10:44:4f:6d:6b:
4b:1f:d3:be:a1:14:8f:c3:0f:ec:43:9c:ff:2f:ad:c8:d1:f8:
2c:94:8b:7f:fa:e7:c2:5e:1e:e6:79:29:e5:dd:f6:83:a7:50:
e0:7f:16:c3
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAZ0KuocOXDnDcb8BWOeS87xqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTQzYTUxOTdlYjI1NDQ0NDdlOWQzNmIzZWJmMTQ0NTJj
Nzc3ZWIwHhcNMjYwMzIwMTAxMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjFkZDNkMzBhZGIyZDMyNGRhZTBhYzVjMzk4YmZhNGNlNjI0NmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcW+OTpk6VXOJLyXFM2Y2ejXLmrl
PKixXVJICFZc3trL5/VPFOUwbXAljOfQf4sBKpnQ0rJADUExtD3cQ8N2LxGidKM7
0F9UQ0JGYrpGVYSsLgatQiwl58fS1JL5e8z51YM0ABD0bTnt/IBWB+vapVNrE9hY
5yyyrS3tOe9VSvOxbBn3Mjgz8NiqYVw51XifIdD2Pcj3Zp1lKT6DtVZDC168m+qg
//VQrLmuHvr3L3ZYwNbrqbChbs/xVhv/jvrJYlEf9u9W6CnFDhA94b8Btno2V1vj
O8eK1gaYSdDH+9Yq27OKHUQ27YapV+SsbSj8EEB8WcVWyvFvWx+bLmzbWQIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFAYd09MK2y0yTa4KxcOYv6TOYkbUMB8GA1UdIwQY
MBaAFBBUOlGX6yVERH6dNrPr8URSx3frMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZRNlVaZnJKVVJFZnAwMnMtdnhSRkxIZC1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8xYmU3YmMtYjY0Mi00YTBkLThlNmIt
ZjdlMGM1ZTI3MDJlLzEvQmgzVDB3cmJMVEpOcmdyRnc1aV9wTTVpUnRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8xYmU3YmMtYjY0Mi00YTBkLThlNmItZjdlMGM1ZTI3MDJl
LzEvRUZRNlVaZnJKVVJFZnAwMnMtdnhSRkxIZC1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBMBAIAATBGAwMAThADBAK5
krQDBADAbycDBAbBX4ADAwDBeAMEBcHLgAMEBsIuwAMEB8J9AAMEA8KRgAMEBcKl
oAMEBdQCoAMEBtXKgDANBAIAAjAHAwUDIAEHyDANBgkqhkiG9w0BAQsFAAOCAQEA
erpWBelY6aG/9SSY6KCfRdyL6GQTisKNiLBnBtLvS3FYZDCV6eHMvVWtHPJ7joX/
2DsiObdQuqYytaS8FuggQBL3n7yuHgk1gMbD1i/d7paWhMGH1gifWRBsVrCbMT/2
7J4S51krw4mPV/EDmuf9IbGw72NAtI7TArqw8Rl/qC17+V6uRh6X8O0rXy3o6Tps
qfavQ89GSn7alzAfsyaizP0axKcvW+XFaNPhmlT3q1PyXWAiYIjKqFLBo97SZ4SK
jaOf99P4SChrqVxxVlYcxcItDBBET21rSx/TvqEUj8MP7EOc/y+tyNH4LJSLf/rn
wl4e5nkp5d32g6dQ4H8Www==
-----END CERTIFICATE-----
Generated at Fri Mar 27 02:30:45 2026 by rpki-client