Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/8b9454-4ca1-462a-84e3-293c4d89c432/1/_ppZcJvhKyMT7u0OoJi2R_ngeSE.roa
File: _ppZcJvhKyMT7u0OoJi2R_ngeSE.roa (raw, json)
Hash identifier: UhX6rrUi7juaS+ftLotvN09V5C7za1f0hNW2nd3JUk0=
Subject key identifier: FE:9A:59:70:9B:E1:2B:23:13:EE:ED:0E:A0:98:B6:47:F9:E0:79:21
Certificate issuer: /CN=0a178bb54933c13a30038720bb4341f9ff2bee3e
Certificate serial: 019B7CEE370B0D20995FF35BFE89691475AC
Authority key identifier: 0A:17:8B:B5:49:33:C1:3A:30:03:87:20:BB:43:41:F9:FF:2B:EE:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CheLtUkzwTowA4cgu0NB-f8r7j4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/8b9454-4ca1-462a-84e3-293c4d89c432/1/_ppZcJvhKyMT7u0OoJi2R_ngeSE.roa
Signing time: Fri 02 Jan 2026 04:19:05 +0000
ROA not before: Fri 02 Jan 2026 04:19:05 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 20917
IP address blocks: 91.232.40.0/22 maxlen: 24
185.22.196.0/22 maxlen: 24
213.163.160.0/19 maxlen: 24
2a00:e80::/32 maxlen: 32
2a04:2000::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7f/8b9454-4ca1-462a-84e3-293c4d89c432/1/CheLtUkzwTowA4cgu0NB-f8r7j4.crl
rsync://rpki.ripe.net/repository/DEFAULT/7f/8b9454-4ca1-462a-84e3-293c4d89c432/1/CheLtUkzwTowA4cgu0NB-f8r7j4.mft
rsync://rpki.ripe.net/repository/DEFAULT/CheLtUkzwTowA4cgu0NB-f8r7j4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 09:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:ee:37:0b:0d:20:99:5f:f3:5b:fe:89:69:14:75:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a178bb54933c13a30038720bb4341f9ff2bee3e
Validity
Not Before: Jan 2 04:19:05 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fe9a59709be12b2313eeed0ea098b647f9e07921
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:04:2f:b1:ea:fd:a8:ca:c2:bf:3a:95:2f:f4:
ff:5d:e0:a5:cc:30:bc:6f:9a:4d:f1:72:d3:bc:c0:
5e:57:fc:7d:29:ca:7d:1c:39:7e:4e:03:3b:c1:da:
f1:e8:8c:40:80:93:b6:a2:fc:14:48:a4:3e:e0:4e:
60:82:12:ac:4c:cb:0e:92:49:6e:e2:62:25:38:e0:
8d:bf:9e:1e:fe:42:2f:80:bb:03:88:99:06:20:b2:
df:90:52:65:83:c6:06:11:45:64:ed:3a:9a:73:7e:
7a:dc:19:6f:15:ac:53:c7:fb:45:56:33:13:6e:3f:
f1:71:2a:67:5d:b7:16:a9:80:36:91:72:e5:b6:1a:
93:cd:1b:c8:9a:0b:96:ed:b6:1f:24:09:42:e1:6e:
2f:cd:8e:61:de:3e:1e:00:ea:ac:f3:39:13:3b:96:
5d:2d:c2:bf:92:be:3c:f1:5b:67:77:12:f9:81:d8:
84:4b:11:bb:f0:cf:62:f0:36:4c:12:6e:30:bb:80:
62:d3:8c:c5:5e:e7:6d:e8:5a:a6:47:31:5a:f8:31:
90:27:75:90:08:d9:92:ab:ab:87:1b:86:f6:a9:25:
59:61:dd:08:fc:50:95:e9:c5:39:1d:32:52:f5:aa:
0c:f8:e2:90:e4:1c:a7:84:37:a9:bb:92:1d:40:e9:
91:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:9A:59:70:9B:E1:2B:23:13:EE:ED:0E:A0:98:B6:47:F9:E0:79:21
X509v3 Authority Key Identifier:
keyid:0A:17:8B:B5:49:33:C1:3A:30:03:87:20:BB:43:41:F9:FF:2B:EE:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CheLtUkzwTowA4cgu0NB-f8r7j4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/8b9454-4ca1-462a-84e3-293c4d89c432/1/_ppZcJvhKyMT7u0OoJi2R_ngeSE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/8b9454-4ca1-462a-84e3-293c4d89c432/1/CheLtUkzwTowA4cgu0NB-f8r7j4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.232.40.0/22
185.22.196.0/22
213.163.160.0/19
IPv6:
2a00:e80::/32
2a04:2000::/29
Signature Algorithm: sha256WithRSAEncryption
64:a8:ce:65:0d:9b:f6:b5:ea:cf:01:c2:e3:7e:ed:10:38:e4:
6c:71:da:f4:1d:b0:07:48:fd:9c:82:0a:f0:96:6a:fa:ab:07:
e4:43:07:19:b1:91:5a:18:e3:0b:da:e5:53:fd:66:9b:78:a3:
77:a8:89:49:63:24:08:3c:2b:35:6d:91:12:2c:a0:36:8f:2e:
31:db:05:f8:c3:85:19:03:63:ae:5b:02:33:31:1e:f5:77:25:
f4:ad:ef:73:8b:d8:45:44:e9:4a:b1:85:5a:7d:27:bf:45:fc:
39:da:95:3b:2f:06:01:35:83:66:77:4c:4b:c9:7f:22:74:ec:
71:50:bc:dc:fe:58:40:47:a2:23:6f:a0:85:b2:c9:e7:2a:a0:
04:54:1d:ce:b3:7d:79:80:a9:89:b6:a0:f6:28:c6:42:74:0a:
64:d3:9b:71:a6:92:f8:04:aa:1c:b3:d6:48:1e:d6:f9:b3:8e:
c6:49:9c:3a:24:5c:64:6e:24:29:9a:eb:34:5d:48:4b:d5:b9:
e3:09:df:93:1f:e5:f5:e3:75:18:80:29:ad:50:fa:81:99:b7:
0d:9f:46:de:46:c6:26:80:4f:3d:0a:eb:bb:fa:21:a6:56:9c:
35:6d:7a:1d:31:e4:dd:95:da:1c:69:82:a6:fb:a6:93:3f:b3:
b9:a6:6d:03
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZt87jcLDSCZX/Nb/olpFHWsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMTc4YmI1NDkzM2MxM2EzMDAzODcyMGJiNDM0MWY5ZmYy
YmVlM2UwHhcNMjYwMTAyMDQxOTA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTlhNTk3MDliZTEyYjIzMTNlZWVkMGVhMDk4YjY0N2Y5ZTA3OTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQQvser9qMrCvzqVL/T/XeClzDC8
b5pN8XLTvMBeV/x9Kcp9HDl+TgM7wdrx6IxAgJO2ovwUSKQ+4E5gghKsTMsOkklu
4mIlOOCNv54e/kIvgLsDiJkGILLfkFJlg8YGEUVk7Tqac3563BlvFaxTx/tFVjMT
bj/xcSpnXbcWqYA2kXLlthqTzRvImguW7bYfJAlC4W4vzY5h3j4eAOqs8zkTO5Zd
LcK/kr488VtndxL5gdiESxG78M9i8DZMEm4wu4Bi04zFXudt6FqmRzFa+DGQJ3WQ
CNmSq6uHG4b2qSVZYd0I/FCV6cU5HTJS9aoM+OKQ5BynhDepu5IdQOmR1wIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFP6aWXCb4SsjE+7tDqCYtkf54HkhMB8GA1UdIwQY
MBaAFAoXi7VJM8E6MAOHILtDQfn/K+4+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2hlTHRVa3p3VG93QTRjZ3UwTkItZjhyN2o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi84Yjk0NTQtNGNhMS00NjJhLTg0ZTMt
MjkzYzRkODljNDMyLzEvX3BwWmNKdmhLeU1UN3UwT29KaTJSX25nZVNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi84Yjk0NTQtNGNhMS00NjJhLTg0ZTMtMjkzYzRkODljNDMy
LzEvQ2hlTHRVa3p3VG93QTRjZ3UwTkItZjhyN2o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQCW+goAwQC
uRbEAwQF1aOgMBQEAgACMA4DBQAqAA6AAwUDKgQgADANBgkqhkiG9w0BAQsFAAOC
AQEAZKjOZQ2b9rXqzwHC437tEDjkbHHa9B2wB0j9nIIK8JZq+qsH5EMHGbGRWhjj
C9rlU/1mm3ijd6iJSWMkCDwrNW2REiygNo8uMdsF+MOFGQNjrlsCMzEe9Xcl9K3v
c4vYRUTpSrGFWn0nv0X8OdqVOy8GATWDZndMS8l/InTscVC83P5YQEeiI2+ghbLJ
5yqgBFQdzrN9eYCpibag9ijGQnQKZNObcaaS+ASqHLPWSB7W+bOOxkmcOiRcZG4k
KZrrNF1IS9W54wnfkx/l9eN1GIAprVD6gZm3DZ9G3kbGJoBPPQrru/ohplacNW16
HTHk3ZXaHGmCpvumkz+zuaZtAw==
-----END CERTIFICATE-----
Generated at Thu Mar 26 17:18:44 2026 by rpki-client