Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/9L-xdmzq1vPbVIZE4LGH9lfQdfU.roa
File: 9L-xdmzq1vPbVIZE4LGH9lfQdfU.roa (raw, json)
Hash identifier: ZFDBKyJNyXJjvUoWiLr0+Z4nHsDCkp8D5fnifpB0xFw=
Subject key identifier: F4:BF:B1:76:6C:EA:D6:F3:DB:54:86:44:E0:B1:87:F6:57:D0:75:F5
Certificate issuer: /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial: 019CDC400FEFDAADEF9210525D14A519D40C
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/9L-xdmzq1vPbVIZE4LGH9lfQdfU.roa
Signing time: Wed 11 Mar 2026 09:35:11 +0000
ROA not before: Wed 11 Mar 2026 09:35:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 140224
IP address blocks: 2.58.244.0/22 maxlen: 24
2.58.248.0/24 maxlen: 24
5.183.116.0/24 maxlen: 24
5.183.120.0/22 maxlen: 24
45.8.32.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:dc:40:0f:ef:da:ad:ef:92:10:52:5d:14:a5:19:d4:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Validity
Not Before: Mar 11 09:35:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f4bfb1766cead6f3db548644e0b187f657d075f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:f6:76:22:78:9e:77:94:d5:5c:85:4b:ff:50:
a4:20:02:c3:68:61:51:30:26:04:60:ac:12:79:45:
79:18:7d:be:de:b3:95:92:2f:63:a2:90:a7:b1:ff:
b6:ac:af:2c:91:74:e9:8f:15:b6:44:80:85:5b:13:
c4:78:1f:9f:56:02:9d:e5:b0:a4:c6:fd:7b:01:ad:
92:bb:1a:4f:e0:af:b9:41:42:4c:fe:c1:fa:a9:ce:
45:e3:0b:b1:5b:29:93:72:fc:ac:ce:81:49:f7:77:
e0:ae:e3:2e:f5:22:46:2c:4b:df:15:39:d8:63:39:
fc:e6:57:9f:6f:df:56:14:5c:21:cd:5e:65:52:e3:
ab:1f:d7:c6:b1:88:7f:89:e5:51:3f:44:92:2e:a4:
63:8a:04:e1:b1:7b:24:fa:27:ac:a1:c2:de:e0:57:
ee:92:42:5d:35:d7:25:65:be:2e:99:f9:c4:b0:5c:
8a:8c:57:c7:36:0f:43:c9:28:c7:db:df:39:d3:3d:
8f:9a:6c:9c:cd:65:28:82:35:a3:73:d4:b6:1f:59:
ef:9f:42:d6:f8:25:48:c4:ac:83:44:6b:0f:78:fb:
a7:65:74:3d:54:42:63:94:37:92:24:d8:03:18:be:
63:4f:24:c4:70:75:81:68:9b:97:67:c6:a2:59:0b:
52:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:BF:B1:76:6C:EA:D6:F3:DB:54:86:44:E0:B1:87:F6:57:D0:75:F5
X509v3 Authority Key Identifier:
keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/9L-xdmzq1vPbVIZE4LGH9lfQdfU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.244.0-2.58.248.255
5.183.116.0/24
5.183.120.0/22
45.8.32.0/22
Signature Algorithm: sha256WithRSAEncryption
97:79:37:93:ed:7b:e8:e9:22:b2:19:2f:c5:36:d6:9f:5c:0a:
fb:fa:cd:38:9f:d4:81:eb:29:b7:95:05:98:1a:5e:b5:46:b3:
54:af:dd:21:75:37:c3:d6:d8:3a:e0:2d:85:d0:f3:80:7a:ee:
fc:40:33:24:da:b8:a1:1c:b2:be:2b:a8:5f:a7:01:88:0e:38:
bc:24:7e:e4:f3:2d:d9:2c:9f:63:cb:17:85:ba:75:e3:6a:e0:
86:84:54:7f:e7:ee:aa:c4:6a:d8:ed:35:74:0f:3d:ae:b2:3d:
45:c5:d0:c9:2b:90:24:0a:77:5e:28:35:8d:5e:95:49:58:54:
81:ae:09:f7:dd:14:cd:3e:aa:23:e7:1e:a0:5d:9c:2f:af:ce:
0d:90:d0:71:0c:27:28:ab:e3:22:49:64:5e:8a:cc:4f:e5:5e:
cc:66:6c:27:56:f0:56:ee:97:26:1e:6c:85:c7:16:9c:10:97:
92:49:65:55:29:a5:a2:5d:d7:67:0b:f3:28:a8:21:29:01:8a:
b6:0d:75:d5:f4:ff:0d:05:9a:c3:9d:52:22:d0:51:6b:95:7a:
db:79:e1:4d:1a:53:69:d0:ad:3e:fe:15:fd:a0:4d:ea:73:57:
60:0a:c0:35:e6:fb:cf:3f:9a:8a:63:07:4d:6c:18:c7:cd:1e:
fd:00:2c:48
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZzcQA/v2q3vkhBSXRSlGdQMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjYwMzExMDkzNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGJmYjE3NjZjZWFkNmYzZGI1NDg2NDRlMGIxODdmNjU3ZDA3NWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPZ2Inied5TVXIVL/1CkIALDaGFR
MCYEYKwSeUV5GH2+3rOVki9jopCnsf+2rK8skXTpjxW2RICFWxPEeB+fVgKd5bCk
xv17Aa2SuxpP4K+5QUJM/sH6qc5F4wuxWymTcvyszoFJ93fgruMu9SJGLEvfFTnY
Yzn85lefb99WFFwhzV5lUuOrH9fGsYh/ieVRP0SSLqRjigThsXsk+iesocLe4Ffu
kkJdNdclZb4umfnEsFyKjFfHNg9DySjH29850z2PmmyczWUogjWjc9S2H1nvn0LW
+CVIxKyDRGsPePunZXQ9VEJjlDeSJNgDGL5jTyTEcHWBaJuXZ8aiWQtSdwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFPS/sXZs6tbz21SGROCxh/ZX0HX1MB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvOUwteGRtenExdlBiVklaRTRMR0g5bGZRZGZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBAICOvQD
BAACOvgDBAAFt3QDBAIFt3gDBAItCCAwDQYJKoZIhvcNAQELBQADggEBAJd5N5Pt
e+jpIrIZL8U21p9cCvv6zTif1IHrKbeVBZgaXrVGs1Sv3SF1N8PW2DrgLYXQ84B6
7vxAMyTauKEcsr4rqF+nAYgOOLwkfuTzLdksn2PLF4W6deNq4IaEVH/n7qrEatjt
NXQPPa6yPUXF0MkrkCQKd14oNY1elUlYVIGuCffdFM0+qiPnHqBdnC+vzg2Q0HEM
Jyir4yJJZF6KzE/lXsxmbCdW8FbulyYebIXHFpwQl5JJZVUppaJd12cL8yioISkB
irYNddX0/w0FmsOdUiLQUWuVett54U0aU2nQrT7+Ff2gTepzV2AKwDXm+88/mopj
B01sGMfNHv0ALEg=
-----END CERTIFICATE-----
Generated at Thu Mar 26 11:47:19 2026 by rpki-client