Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/bdc45b-096a-493a-92d2-1a1ead2cd2b1/1/2mB-NqQhQaEIu7D3l1xNbmz8ydQ.roa
File: 2mB-NqQhQaEIu7D3l1xNbmz8ydQ.roa (raw, json)
Hash identifier: 6eVwGi3CeHQX5H/cbCCHg94we//hX46hLSe/Q7qSglM=
Subject key identifier: DA:60:7E:36:A4:21:41:A1:08:BB:B0:F7:97:5C:4D:6E:6C:FC:C9:D4
Certificate issuer: /CN=e9c3d42f3b2921ba7418f382032d6b35c7159b88
Certificate serial: 019D0BA449D4BB378969A301713A611FBC89
Authority key identifier: E9:C3:D4:2F:3B:29:21:BA:74:18:F3:82:03:2D:6B:35:C7:15:9B:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6cPULzspIbp0GPOCAy1rNccVm4g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/bdc45b-096a-493a-92d2-1a1ead2cd2b1/1/2mB-NqQhQaEIu7D3l1xNbmz8ydQ.roa
Signing time: Fri 20 Mar 2026 14:26:49 +0000
ROA not before: Fri 20 Mar 2026 14:26:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 206882
IP address blocks: 91.205.4.0/22 maxlen: 24
91.206.194.0/23 maxlen: 24
91.206.194.0/24 maxlen: 24
91.206.195.0/24 maxlen: 24
103.198.80.0/23 maxlen: 24
193.135.112.0/22 maxlen: 24
193.238.120.0/22 maxlen: 24
194.187.128.0/22 maxlen: 24
194.187.128.0/23 maxlen: 23
194.187.130.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7f/bdc45b-096a-493a-92d2-1a1ead2cd2b1/1/6cPULzspIbp0GPOCAy1rNccVm4g.crl
rsync://rpki.ripe.net/repository/DEFAULT/7f/bdc45b-096a-493a-92d2-1a1ead2cd2b1/1/6cPULzspIbp0GPOCAy1rNccVm4g.mft
rsync://rpki.ripe.net/repository/DEFAULT/6cPULzspIbp0GPOCAy1rNccVm4g.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:0b:a4:49:d4:bb:37:89:69:a3:01:71:3a:61:1f:bc:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e9c3d42f3b2921ba7418f382032d6b35c7159b88
Validity
Not Before: Mar 20 14:26:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=da607e36a42141a108bbb0f7975c4d6e6cfcc9d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:9e:2c:20:82:69:7b:31:82:e0:e0:93:2a:55:
c1:ed:01:13:e8:e4:4a:86:4b:2c:ab:4b:1c:8a:cb:
38:88:fb:3e:e0:43:0f:a8:4d:0a:08:a5:30:ab:c6:
99:34:5c:dd:54:ba:51:f2:b3:53:64:ca:11:2d:87:
88:8c:e3:8b:aa:e2:74:3a:cc:cf:33:53:bd:6f:56:
e2:97:fc:a7:86:ed:b4:6c:b8:29:61:89:81:41:ac:
5b:b9:8f:18:4a:de:d1:0c:70:fb:da:c2:e6:d5:53:
65:a1:70:84:07:68:07:d4:85:ba:d3:2c:28:ec:8a:
a6:9d:fc:c4:92:94:53:92:e2:75:79:53:f1:81:14:
e1:b5:2e:7d:dc:cd:9e:19:34:98:79:a7:ab:f1:9a:
48:08:42:89:67:d6:cb:aa:f3:59:97:7e:2d:fe:52:
03:96:7b:0d:fd:ca:f0:57:67:96:5f:83:b5:55:2b:
2f:9d:b5:2e:67:be:70:4f:6b:dc:1c:4f:b5:c0:cb:
b3:ed:2f:a5:67:14:3f:35:a2:88:5d:d6:90:10:fb:
af:d7:c4:09:77:26:57:97:bf:5a:d6:52:bd:f4:73:
6c:90:c2:80:ef:da:06:fc:0f:9b:c4:14:c3:8f:91:
22:7b:fe:5e:1b:49:49:77:c9:9c:4c:aa:4e:b1:c1:
fd:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:60:7E:36:A4:21:41:A1:08:BB:B0:F7:97:5C:4D:6E:6C:FC:C9:D4
X509v3 Authority Key Identifier:
keyid:E9:C3:D4:2F:3B:29:21:BA:74:18:F3:82:03:2D:6B:35:C7:15:9B:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6cPULzspIbp0GPOCAy1rNccVm4g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/bdc45b-096a-493a-92d2-1a1ead2cd2b1/1/2mB-NqQhQaEIu7D3l1xNbmz8ydQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/bdc45b-096a-493a-92d2-1a1ead2cd2b1/1/6cPULzspIbp0GPOCAy1rNccVm4g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.205.4.0/22
91.206.194.0/23
103.198.80.0/23
193.135.112.0/22
193.238.120.0/22
194.187.128.0/22
Signature Algorithm: sha256WithRSAEncryption
13:98:8e:1c:9c:e0:da:36:24:b2:25:d2:55:ab:ba:86:10:5e:
0b:52:50:57:fc:95:ca:c9:a9:76:ae:8e:f0:a7:ee:e2:68:03:
40:84:02:fe:0b:37:f0:31:89:58:ed:3a:b3:74:62:ae:08:e0:
2c:4a:76:58:56:47:ba:37:40:9d:52:f8:87:5b:5f:c9:50:e5:
c4:01:69:d6:b0:8e:9c:3d:a6:3e:f9:f6:2f:9e:98:c8:98:2d:
e9:fe:0e:b4:da:05:3e:41:06:88:09:78:83:a4:1f:05:e6:c8:
6d:b6:17:20:3a:f8:76:cd:c3:f3:44:d0:c1:3c:90:14:16:ec:
a5:1f:d4:74:9e:ad:c9:ea:32:6f:5e:da:a0:58:c7:67:5e:1e:
35:28:92:39:f2:9f:69:11:02:88:f0:19:dc:8e:72:cf:27:96:
07:1f:6e:c3:63:be:1c:b1:9d:ab:08:1f:01:d8:d1:6f:0a:fc:
ca:f0:8a:fc:f1:68:64:d2:53:ce:39:d0:e5:f0:4b:97:64:8d:
a6:33:e2:06:00:5b:aa:f9:ae:93:66:4b:53:0f:0b:52:cf:f1:
82:c2:0d:db:c6:00:d9:77:b0:2a:f5:a6:5d:78:c6:aa:ed:6c:
83:58:a1:ab:60:d6:ed:f3:b9:79:80:82:49:01:39:c2:3a:77:
03:4b:b2:9f
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ0LpEnUuzeJaaMBcTphH7yJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YzNkNDJmM2IyOTIxYmE3NDE4ZjM4MjAzMmQ2YjM1Yzcx
NTliODgwHhcNMjYwMzIwMTQyNjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTYwN2UzNmE0MjE0MWExMDhiYmIwZjc5NzVjNGQ2ZTZjZmNjOWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZ4sIIJpezGC4OCTKlXB7QET6ORK
hkssq0sciss4iPs+4EMPqE0KCKUwq8aZNFzdVLpR8rNTZMoRLYeIjOOLquJ0OszP
M1O9b1bil/ynhu20bLgpYYmBQaxbuY8YSt7RDHD72sLm1VNloXCEB2gH1IW60ywo
7IqmnfzEkpRTkuJ1eVPxgRThtS593M2eGTSYeaer8ZpICEKJZ9bLqvNZl34t/lID
lnsN/crwV2eWX4O1VSsvnbUuZ75wT2vcHE+1wMuz7S+lZxQ/NaKIXdaQEPuv18QJ
dyZXl79a1lK99HNskMKA79oG/A+bxBTDj5Eie/5eG0lJd8mcTKpOscH9FQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNpgfjakIUGhCLuw95dcTW5s/MnUMB8GA1UdIwQY
MBaAFOnD1C87KSG6dBjzggMtazXHFZuIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmNQVUx6c3BJYnAwR1BPQ0F5MXJOY2NWbTRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9iZGM0NWItMDk2YS00OTNhLTkyZDIt
MWExZWFkMmNkMmIxLzEvMm1CLU5xUWhRYUVJdTdEM2wxeE5ibXo4eWRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9iZGM0NWItMDk2YS00OTNhLTkyZDItMWExZWFkMmNkMmIx
LzEvNmNQVUx6c3BJYnAwR1BPQ0F5MXJOY2NWbTRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCW80EAwQB
W87CAwQBZ8ZQAwQCwYdwAwQCwe54AwQCwruAMA0GCSqGSIb3DQEBCwUAA4IBAQAT
mI4cnODaNiSyJdJVq7qGEF4LUlBX/JXKyal2ro7wp+7iaANAhAL+CzfwMYlY7Tqz
dGKuCOAsSnZYVke6N0CdUviHW1/JUOXEAWnWsI6cPaY++fYvnpjImC3p/g602gU+
QQaICXiDpB8F5shtthcgOvh2zcPzRNDBPJAUFuylH9R0nq3J6jJvXtqgWMdnXh41
KJI58p9pEQKI8BncjnLPJ5YHH27DY74csZ2rCB8B2NFvCvzK8Ir88Whk0lPOOdDl
8EuXZI2mM+IGAFuq+a6TZktTDwtSz/GCwg3bxgDZd7Aq9aZdeMaq7WyDWKGrYNbt
87l5gIJJATnCOncDS7Kf
-----END CERTIFICATE-----
Generated at Thu Mar 26 11:08:20 2026 by rpki-client