Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/U6lvwZ-kOAVlnlNDxMG6dHokpmg.roa
File: U6lvwZ-kOAVlnlNDxMG6dHokpmg.roa (raw, json)
Hash identifier: WhRsgaG77rZRe4xl1BrSPZQONFa87BNP4gIPvkc/1s8=
Subject key identifier: 53:A9:6F:C1:9F:A4:38:05:65:9E:53:43:C4:C1:BA:74:7A:24:A6:68
Certificate issuer: /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial: 019CD6B9538320C2C06C9A4E8898196BB733
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/U6lvwZ-kOAVlnlNDxMG6dHokpmg.roa
Signing time: Tue 10 Mar 2026 07:49:55 +0000
ROA not before: Tue 10 Mar 2026 07:49:55 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9304
IP address blocks: 109.204.104.0/21 maxlen: 24
212.134.38.0/24 maxlen: 24
212.134.45.0/24 maxlen: 24
212.134.59.0/24 maxlen: 24
212.134.116.0/22 maxlen: 24
212.134.158.0/24 maxlen: 24
212.135.134.0/24 maxlen: 24
212.135.149.0/24 maxlen: 24
212.135.152.0/24 maxlen: 24
212.135.159.0/24 maxlen: 24
212.135.253.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Mar 2026 04:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:d6:b9:53:83:20:c2:c0:6c:9a:4e:88:98:19:6b:b7:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e20b034e2c497b1884488def106972704765029
Validity
Not Before: Mar 10 07:49:55 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=53a96fc19fa43805659e5343c4c1ba747a24a668
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:79:2e:16:a4:91:fe:e3:10:c3:89:a5:db:20:
65:94:3d:f8:af:2b:95:c7:6a:9b:b8:8b:9a:1f:b3:
d7:df:5e:a7:73:de:91:39:3e:02:e4:e6:1c:ea:f4:
dc:81:c1:9a:df:20:59:3b:4a:24:8a:91:08:44:bd:
d8:5b:f7:f9:c0:68:d6:48:02:d2:c2:9f:2c:0f:2c:
2a:c7:dc:ad:1b:df:d1:2f:49:d5:ae:7e:fa:f3:84:
04:ef:47:e7:d1:21:93:5d:5c:c0:f4:95:10:50:51:
f9:ec:0c:9c:d2:12:a4:41:3d:dc:be:98:00:e2:a3:
b2:00:d5:b7:8a:c5:fe:47:24:55:59:2b:b8:d5:f7:
5a:26:f5:9c:55:6a:d0:ce:8a:57:80:af:68:d3:ba:
34:47:0a:2d:54:eb:8e:93:f3:68:f7:c0:24:e8:b9:
1f:0e:68:a7:2b:0d:96:72:41:38:0e:85:0f:ef:44:
6a:1b:f3:11:79:db:dc:fd:6e:d9:31:1e:f2:69:af:
4b:b9:53:15:7b:46:ef:de:9c:6b:d4:bb:fa:18:c0:
4a:61:c8:5b:e0:f8:35:01:4f:97:75:ad:91:dc:91:
07:f7:a4:53:16:79:e8:96:cb:6b:90:8d:7b:49:6a:
a5:25:cd:e7:9b:84:a4:f8:13:a5:99:82:ea:32:e2:
d0:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:A9:6F:C1:9F:A4:38:05:65:9E:53:43:C4:C1:BA:74:7A:24:A6:68
X509v3 Authority Key Identifier:
keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/U6lvwZ-kOAVlnlNDxMG6dHokpmg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.204.104.0/21
212.134.38.0/24
212.134.45.0/24
212.134.59.0/24
212.134.116.0/22
212.134.158.0/24
212.135.134.0/24
212.135.149.0/24
212.135.152.0/24
212.135.159.0/24
212.135.253.0/24
Signature Algorithm: sha256WithRSAEncryption
c3:49:99:01:68:b6:54:5b:c5:66:8a:7b:6e:d6:98:87:13:4f:
ee:39:ac:1f:17:c9:4e:ca:a1:b8:e3:a1:69:f7:e8:55:bb:36:
58:cc:9e:6d:4d:d0:2a:37:fd:7b:7c:cc:4b:4b:eb:41:b4:70:
72:2c:a2:5d:21:a1:04:88:e5:78:22:42:5b:d4:2d:05:ab:9a:
d8:5d:38:60:63:3d:a3:54:44:ea:5d:71:f4:b3:3f:bc:25:dc:
44:e2:97:d7:02:44:e3:38:4a:04:9c:fc:bc:a8:53:fa:df:8b:
44:98:1f:ee:82:4e:fa:89:00:3b:38:a1:8e:9c:9f:ee:e3:bf:
67:9d:2d:8d:5d:6f:09:99:c1:f0:4f:e7:3f:8e:83:ad:11:88:
22:18:0b:48:92:ff:32:c1:69:39:5f:32:c2:9a:f5:82:48:64:
3d:27:bd:3b:bd:ff:00:e1:57:84:53:0e:0f:6c:5c:78:17:50:
d7:ef:82:e8:05:ee:05:f7:37:11:00:b7:a2:98:b2:0f:b9:f2:
bc:ec:ed:22:38:99:be:bf:6e:6f:69:8f:1e:b8:ef:c8:45:f7:
e7:90:7f:f8:84:ac:23:38:8b:34:0a:20:56:df:8e:43:06:84:
c2:13:3b:ec:88:59:8f:a1:52:05:21:89:85:83:aa:0e:40:dd:
de:72:7c:b4
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZzWuVODIMLAbJpOiJgZa7czMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMzEwMDc0OTU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2E5NmZjMTlmYTQzODA1NjU5ZTUzNDNjNGMxYmE3NDdhMjRhNjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnkuFqSR/uMQw4ml2yBllD34ryuV
x2qbuIuaH7PX316nc96ROT4C5OYc6vTcgcGa3yBZO0okipEIRL3YW/f5wGjWSALS
wp8sDywqx9ytG9/RL0nVrn7684QE70fn0SGTXVzA9JUQUFH57Ayc0hKkQT3cvpgA
4qOyANW3isX+RyRVWSu41fdaJvWcVWrQzopXgK9o07o0RwotVOuOk/No98Ak6Lkf
DminKw2WckE4DoUP70RqG/MRedvc/W7ZMR7yaa9LuVMVe0bv3pxr1Lv6GMBKYchb
4Pg1AU+Xda2R3JEH96RTFnnolstrkI17SWqlJc3nm4Sk+BOlmYLqMuLQ3QIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFFOpb8GfpDgFZZ5TQ8TBunR6JKZoMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvVTZsdndaLWtPQVZsbmxORHhNRzZkSG9rcG1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQDbcxoAwQA
1IYmAwQA1IYtAwQA1IY7AwQC1IZ0AwQA1IaeAwQA1IeGAwQA1IeVAwQA1IeYAwQA
1IefAwQA1If9MA0GCSqGSIb3DQEBCwUAA4IBAQDDSZkBaLZUW8Vmintu1piHE0/u
OawfF8lOyqG446Fp9+hVuzZYzJ5tTdAqN/17fMxLS+tBtHByLKJdIaEEiOV4IkJb
1C0Fq5rYXThgYz2jVETqXXH0sz+8JdxE4pfXAkTjOEoEnPy8qFP634tEmB/ugk76
iQA7OKGOnJ/u479nnS2NXW8JmcHwT+c/joOtEYgiGAtIkv8ywWk5XzLCmvWCSGQ9
J707vf8A4VeEUw4PbFx4F1DX74LoBe4F9zcRALeimLIPufK87O0iOJm+v25vaY8e
uO/IRffnkH/4hKwjOIs0CiBW345DBoTCEzvsiFmPoVIFIYmFg6oOQN3ecny0
-----END CERTIFICATE-----
Generated at Sat Mar 28 12:14:31 2026 by rpki-client