Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/AFX34QTnP207XVV_8PKrJ8TJVJg.roa
File: AFX34QTnP207XVV_8PKrJ8TJVJg.roa (raw, json)
Hash identifier: hVizqqIjbbc78J/ZubGhAhYsI/9yAoa6vJ1uP6RfMPU=
Subject key identifier: 00:55:F7:E1:04:E7:3F:6D:3B:5D:55:7F:F0:F2:AB:27:C4:C9:54:98
Certificate issuer: /CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Certificate serial: 019CC35FE3B09E2FEA15E0CF4D7258DC1D56
Authority key identifier: 46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/AFX34QTnP207XVV_8PKrJ8TJVJg.roa
Signing time: Fri 06 Mar 2026 13:39:27 +0000
ROA not before: Fri 06 Mar 2026 13:39:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 201512
IP address blocks: 90.156.247.0/24 maxlen: 24
176.101.88.0/24 maxlen: 24
176.101.89.0/24 maxlen: 24
176.101.90.0/24 maxlen: 24
176.101.91.0/24 maxlen: 24
176.101.92.0/24 maxlen: 24
176.101.93.0/24 maxlen: 24
176.101.94.0/24 maxlen: 24
176.101.95.0/24 maxlen: 24
2a03:720:40::/48 maxlen: 48
2a03:720:1040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl
rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 09:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:c3:5f:e3:b0:9e:2f:ea:15:e0:cf:4d:72:58:dc:1d:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Validity
Not Before: Mar 6 13:39:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0055f7e104e73f6d3b5d557ff0f2ab27c4c95498
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:54:27:0f:1c:91:ff:21:9a:26:12:33:5d:bd:
82:93:d8:54:dd:2f:18:b6:c1:7c:75:08:dc:1a:18:
36:ca:95:e4:ce:b0:17:83:a8:c0:a0:1a:3e:91:55:
11:67:d8:fe:97:2f:79:cf:6c:73:b5:fa:0c:2a:f3:
7d:8d:8b:da:8e:26:66:20:cf:77:22:61:f8:0d:0e:
14:18:47:bf:da:a4:5b:d5:11:9b:cf:50:5c:de:52:
9b:85:c5:76:b7:13:5b:83:57:ed:ad:9f:d4:13:24:
2c:54:c6:0c:91:05:0d:bf:ff:13:72:d5:3a:ae:e7:
94:1f:16:74:5d:31:51:d8:70:cb:cd:31:d2:5f:44:
46:dd:d9:92:5d:39:c9:51:33:da:eb:77:53:18:5f:
0f:4a:3e:a7:da:1c:d4:a6:4a:be:07:c3:93:64:51:
11:b9:1d:23:b1:6f:71:e7:dd:31:77:20:9c:d0:9b:
5c:94:15:6a:23:f9:ff:ac:b9:cb:7c:b7:d6:12:ac:
88:6f:06:ca:b0:06:a9:95:74:32:7e:95:e6:28:7a:
07:fb:6b:04:be:7d:33:15:3a:a9:66:2f:79:3c:8d:
4c:be:53:aa:dd:97:28:38:fd:03:88:a2:20:4f:94:
53:45:93:73:25:e6:10:55:52:34:6c:72:65:8a:66:
78:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:55:F7:E1:04:E7:3F:6D:3B:5D:55:7F:F0:F2:AB:27:C4:C9:54:98
X509v3 Authority Key Identifier:
keyid:46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/AFX34QTnP207XVV_8PKrJ8TJVJg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
90.156.247.0/24
176.101.88.0/21
IPv6:
2a03:720:40::/48
2a03:720:1040::/48
Signature Algorithm: sha256WithRSAEncryption
ac:6e:86:87:c0:3d:bb:86:cf:0d:be:3d:ee:fe:14:12:e5:99:
b1:11:e5:57:c8:40:eb:1a:b5:40:1b:e5:a0:3c:8d:ba:fa:ad:
2c:1e:84:73:e4:3a:a8:5d:5f:96:be:9f:a3:8a:23:5a:ee:15:
14:67:c0:52:e0:fc:59:e0:b4:6f:56:a2:1b:af:d0:92:7f:04:
8b:d4:20:f7:d3:f5:8f:bf:ee:d3:cf:91:77:a8:fb:f0:60:47:
76:dc:93:cd:ca:df:0d:b7:f2:3f:ea:00:cf:d4:4c:6f:8b:39:
56:84:44:cd:c4:e1:57:9f:13:21:1f:9a:34:51:4a:b5:f5:5d:
98:7f:4c:db:eb:5d:bc:a8:86:90:6d:7e:af:9a:62:a6:b6:19:
b3:f3:45:10:5c:f3:7f:f3:43:12:0f:18:2f:60:46:57:e5:d8:
f5:7f:8b:ae:62:31:2d:32:7b:e7:88:22:52:b8:b9:bb:6d:59:
59:b8:cb:db:d1:b8:a7:8d:f6:ea:76:f3:59:11:e5:87:ce:67:
25:44:da:09:4a:6b:aa:ae:6a:98:9f:7e:58:9c:ec:39:47:2b:
c7:59:2b:fd:fa:66:c5:82:a9:80:36:a7:d2:9a:06:dc:a3:e8:
01:65:e1:c1:4f:04:be:4f:ff:34:75:57:44:ad:06:17:8b:51:
43:7c:a8:40
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZzDX+Owni/qFeDPTXJY3B1WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YmEzZjgwMDM5YjllNzg0Y2ZiMjRiZjJjN2RkYjI0ZTE5
MDBhNzYwHhcNMjYwMzA2MTMzOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDU1ZjdlMTA0ZTczZjZkM2I1ZDU1N2ZmMGYyYWIyN2M0Yzk1NDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslQnDxyR/yGaJhIzXb2Ck9hU3S8Y
tsF8dQjcGhg2ypXkzrAXg6jAoBo+kVURZ9j+ly95z2xztfoMKvN9jYvajiZmIM93
ImH4DQ4UGEe/2qRb1RGbz1Bc3lKbhcV2txNbg1ftrZ/UEyQsVMYMkQUNv/8TctU6
rueUHxZ0XTFR2HDLzTHSX0RG3dmSXTnJUTPa63dTGF8PSj6n2hzUpkq+B8OTZFER
uR0jsW9x590xdyCc0JtclBVqI/n/rLnLfLfWEqyIbwbKsAaplXQyfpXmKHoH+2sE
vn0zFTqpZi95PI1MvlOq3ZcoOP0DiKIgT5RTRZNzJeYQVVI0bHJlimZ47wIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFABV9+EE5z9tO11Vf/DyqyfEyVSYMB8GA1UdIwQY
MBaAFEa6P4ADm554TPskvyx92yThkAp2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWIt
ODlhY2UzODIyMGZiLzEvQUZYMzRRVG5QMjA3WFZWXzhQS3JKOFRKVkpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWItODlhY2UzODIyMGZi
LzEvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjASBAIAATAMAwQAWpz3AwQD
sGVYMBgEAgACMBIDBwAqAwcgAEADBwAqAwcgEEAwDQYJKoZIhvcNAQELBQADggEB
AKxuhofAPbuGzw2+Pe7+FBLlmbER5VfIQOsatUAb5aA8jbr6rSwehHPkOqhdX5a+
n6OKI1ruFRRnwFLg/FngtG9Wohuv0JJ/BIvUIPfT9Y+/7tPPkXeo+/BgR3bck83K
3w238j/qAM/UTG+LOVaERM3E4VefEyEfmjRRSrX1XZh/TNvrXbyohpBtfq+aYqa2
GbPzRRBc83/zQxIPGC9gRlfl2PV/i65iMS0ye+eIIlK4ubttWVm4y9vRuKeN9up2
81kR5YfOZyVE2glKa6quapifflic7DlHK8dZK/36ZsWCqYA2p9KaBtyj6AFl4cFP
BL5P/zR1V0StBheLUUN8qEA=
-----END CERTIFICATE-----
Generated at Thu Mar 26 15:32:35 2026 by rpki-client