Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/bZwoK81zuxGi2G9X1qgk4iSNx3g.roa
File: bZwoK81zuxGi2G9X1qgk4iSNx3g.roa (raw, json)
Hash identifier: dPpJ67SvgOVz0s7ktnLlDsBfdNzlyXGXd70CftWD+Gk=
Subject key identifier: 6D:9C:28:2B:CD:73:BB:11:A2:D8:6F:57:D6:A8:24:E2:24:8D:C7:78
Certificate issuer: /CN=f0c113413d0df5b8fa069011eeb109f067b5579a
Certificate serial: 019CE6B50C9766166CC3E83A4B7D19C209D2
Authority key identifier: F0:C1:13:41:3D:0D:F5:B8:FA:06:90:11:EE:B1:09:F0:67:B5:57:9A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/bZwoK81zuxGi2G9X1qgk4iSNx3g.roa
Signing time: Fri 13 Mar 2026 10:19:10 +0000
ROA not before: Fri 13 Mar 2026 10:19:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 58172
IP address blocks: 85.116.176.0/24 maxlen: 24
85.116.177.0/24 maxlen: 24
85.116.178.0/24 maxlen: 24
85.116.179.0/24 maxlen: 24
85.116.180.0/24 maxlen: 24
85.116.181.0/24 maxlen: 24
85.116.183.0/24 maxlen: 24
85.116.184.0/24 maxlen: 24
85.116.185.0/24 maxlen: 24
85.116.186.0/23 maxlen: 23
85.116.188.0/23 maxlen: 23
85.116.188.0/24 maxlen: 24
85.116.189.0/24 maxlen: 24
85.116.190.0/24 maxlen: 24
85.116.191.0/24 maxlen: 24
91.132.148.0/24 maxlen: 24
91.132.149.0/24 maxlen: 24
91.132.150.0/24 maxlen: 24
91.132.151.0/24 maxlen: 24
91.239.101.0/24 maxlen: 24
128.127.96.0/24 maxlen: 24
128.127.97.0/24 maxlen: 24
128.127.98.0/24 maxlen: 24
128.127.99.0/24 maxlen: 24
128.127.100.0/24 maxlen: 24
128.127.101.0/24 maxlen: 24
128.127.102.0/24 maxlen: 24
128.127.103.0/24 maxlen: 24
178.20.176.0/24 maxlen: 24
178.20.177.0/24 maxlen: 24
178.20.178.0/24 maxlen: 24
178.20.179.0/24 maxlen: 24
178.20.180.0/24 maxlen: 24
178.20.181.0/24 maxlen: 24
178.20.182.0/24 maxlen: 24
178.20.183.0/24 maxlen: 24
2a04:3b00::/36 maxlen: 36
2a04:3b00:100::/48 maxlen: 48
2a04:3b00:1000::/37 maxlen: 37
2a04:3b00:1800::/37 maxlen: 37
2a04:3b00:2000::/37 maxlen: 37
2a04:3b00:2800::/37 maxlen: 37
2a04:3b00:3000::/37 maxlen: 37
2a04:3b00:3800::/37 maxlen: 37
2a04:3b00:4000::/37 maxlen: 37
2a04:3b00:4800::/37 maxlen: 37
2a04:3b00:5000::/37 maxlen: 37
2a04:3b00:5800::/37 maxlen: 37
2a04:3b00:6000::/37 maxlen: 37
2a04:3b00:6800::/37 maxlen: 37
2a04:3b00:7000::/37 maxlen: 37
2a04:3b00:7800::/37 maxlen: 37
2a04:3b00:8000::/37 maxlen: 37
2a04:3b00:8800::/37 maxlen: 37
2a04:3b00:9000::/37 maxlen: 37
2a04:3b00:9800::/37 maxlen: 37
2a04:3b00:a000::/37 maxlen: 37
2a04:3b01::/44 maxlen: 44
2a04:3b01:800::/44 maxlen: 44
2a04:3b01:1800::/44 maxlen: 44
2a04:3b01:2800::/44 maxlen: 44
2a04:3b01:6000::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.mft
rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 13:00:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:e6:b5:0c:97:66:16:6c:c3:e8:3a:4b:7d:19:c2:09:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0c113413d0df5b8fa069011eeb109f067b5579a
Validity
Not Before: Mar 13 10:19:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6d9c282bcd73bb11a2d86f57d6a824e2248dc778
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:1e:64:02:e3:f9:ae:a2:30:41:2a:76:d6:c9:
db:35:30:7d:64:b6:a2:a2:71:df:3e:62:c7:c2:18:
05:44:7f:38:a4:e4:16:a8:9c:7b:f5:c4:88:ee:72:
bc:19:af:a9:01:97:f0:0e:3e:65:9a:98:eb:b5:f0:
9e:df:72:1e:8b:c5:2e:0e:53:f1:d5:dc:40:ae:d5:
1a:91:75:bb:71:5e:08:c6:8b:60:67:2f:7d:ff:8c:
40:3c:3d:9e:e9:4e:4c:99:7e:5c:54:3b:85:03:c6:
94:7c:ba:7d:1d:67:70:83:d1:f7:76:0d:43:06:bd:
cc:3e:03:05:63:79:2b:0f:9a:33:99:41:6e:1a:9c:
be:6b:ca:31:ac:05:47:ba:0a:03:23:7f:e3:43:17:
98:a4:91:20:36:0a:68:a6:e4:00:81:7c:93:7d:f8:
a5:ab:f3:4a:5b:7a:48:ab:ad:c2:26:7a:7a:f3:ff:
f0:4e:af:03:97:42:1b:9f:06:e5:e5:7b:92:9e:0d:
b7:0e:49:47:ec:3d:de:82:39:ee:78:e2:d0:24:36:
ee:42:13:6a:1d:29:10:dc:0f:49:56:26:f7:53:be:
40:63:8d:20:93:e9:b5:62:37:c3:2e:ca:4e:8b:ac:
50:8b:9c:a8:d5:4e:f9:c9:09:78:cf:19:29:26:3d:
84:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:9C:28:2B:CD:73:BB:11:A2:D8:6F:57:D6:A8:24:E2:24:8D:C7:78
X509v3 Authority Key Identifier:
keyid:F0:C1:13:41:3D:0D:F5:B8:FA:06:90:11:EE:B1:09:F0:67:B5:57:9A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/bZwoK81zuxGi2G9X1qgk4iSNx3g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.116.176.0-85.116.181.255
85.116.183.0-85.116.191.255
91.132.148.0/22
91.239.101.0/24
128.127.96.0/21
178.20.176.0/21
IPv6:
2a04:3b00::-2a04:3b00:a7ff:ffff:ffff:ffff:ffff:ffff
2a04:3b01::/44
2a04:3b01:800::/44
2a04:3b01:1800::/44
2a04:3b01:2800::/44
2a04:3b01:6000::/44
Signature Algorithm: sha256WithRSAEncryption
73:9a:3f:6a:78:bf:a3:47:ee:80:13:9d:16:a5:b9:9b:2c:08:
a9:b0:7c:93:1e:77:15:08:b0:a0:3a:f9:a6:11:fd:47:76:c2:
a6:98:14:3b:38:66:3d:de:f7:71:63:81:21:b0:85:09:fb:ce:
be:96:3d:cc:f2:d5:0f:78:e9:aa:bf:ab:58:06:a9:31:27:50:
61:fa:9d:d4:96:51:f0:67:dc:d5:d3:17:8d:c2:35:56:53:bc:
fd:f4:f7:7e:cd:a8:8b:2f:da:3e:05:f7:90:7b:20:bc:ee:33:
b5:ea:36:5d:13:72:78:32:09:ff:e2:18:07:81:24:ed:59:a1:
60:84:e0:39:4b:fb:9d:01:0c:83:f4:6c:58:a7:48:19:3d:79:
39:b8:89:73:b2:61:23:7d:92:2d:0c:5a:17:11:11:6e:95:04:
a9:fe:83:33:7a:d7:e3:6c:d2:0b:dc:71:0a:b1:c5:64:c9:03:
5a:87:b1:47:60:71:fc:22:f3:fc:4f:57:34:49:ea:6f:3e:c7:
ed:23:67:d3:30:59:3b:7d:33:98:c6:e4:43:d9:e3:21:79:79:
f6:30:31:22:29:58:6c:e1:f4:6c:c3:48:19:8b:52:36:50:8f:
ff:bc:38:93:c1:23:61:c2:42:7b:c9:e6:e4:a7:01:07:b8:8e:
39:b7:e9:5c
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZzmtQyXZhZsw+g6S30ZwgnSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzExMzQxM2QwZGY1YjhmYTA2OTAxMWVlYjEwOWYwNjdi
NTU3OWEwHhcNMjYwMzEzMTAxOTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDljMjgyYmNkNzNiYjExYTJkODZmNTdkNmE4MjRlMjI0OGRjNzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwh5kAuP5rqIwQSp21snbNTB9ZLai
onHfPmLHwhgFRH84pOQWqJx79cSI7nK8Ga+pAZfwDj5lmpjrtfCe33Iei8UuDlPx
1dxArtUakXW7cV4IxotgZy99/4xAPD2e6U5MmX5cVDuFA8aUfLp9HWdwg9H3dg1D
Br3MPgMFY3krD5ozmUFuGpy+a8oxrAVHugoDI3/jQxeYpJEgNgpopuQAgXyTffil
q/NKW3pIq63CJnp68//wTq8Dl0Ibnwbl5XuSng23DklH7D3egjnueOLQJDbuQhNq
HSkQ3A9JVib3U75AY40gk+m1YjfDLspOi6xQi5yo1U75yQl4zxkpJj2EmQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFG2cKCvNc7sRothvV9aoJOIkjcd4MB8GA1UdIwQY
MBaAFPDBE0E9DfW4+gaQEe6xCfBntVeaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1FVFFUME45Ymo2QnBBUjdyRUo4R2UxVjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9jMTA0YzYtOWI2NS00ZDQ2LTllNDUt
NTAyNjFiMTE5MTZiLzEvYlp3b0s4MXp1eEdpMkc5WDFxZ2s0aVNOeDNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9jMTA0YzYtOWI2NS00ZDQ2LTllNDUtNTAyNjFiMTE5MTZi
LzEvOE1FVFFUME45Ymo2QnBBUjdyRUo4R2UxVjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGUBggrBgEFBQcBBwEB/wSBhDCBgTA6BAIAATA0MAwDBARV
dLADBAFVdLQwDAMEAFV0twMEBlV0gAMEAluElAMEAFvvZQMEA4B/YAMEA7IUsDBD
BAIAAjA9MA4DBAAqBDsDBgMqBDsAoAMHBCoEOwEAAAMHBCoEOwEIAAMHBCoEOwEY
AAMHBCoEOwEoAAMHBCoEOwFgADANBgkqhkiG9w0BAQsFAAOCAQEAc5o/ani/o0fu
gBOdFqW5mywIqbB8kx53FQiwoDr5phH9R3bCppgUOzhmPd73cWOBIbCFCfvOvpY9
zPLVD3jpqr+rWAapMSdQYfqd1JZR8Gfc1dMXjcI1VlO8/fT3fs2oiy/aPgX3kHsg
vO4zteo2XRNyeDIJ/+IYB4Ek7VmhYITgOUv7nQEMg/RsWKdIGT15ObiJc7JhI32S
LQxaFxERbpUEqf6DM3rX42zSC9xxCrHFZMkDWoexR2Bx/CLz/E9XNEnqbz7H7SNn
0zBZO30zmMbkQ9njIXl59jAxIilYbOH0bMNIGYtSNlCP/7w4k8EjYcJCe8nm5KcB
B7iOObfpXA==
-----END CERTIFICATE-----
Generated at Thu Mar 26 21:27:58 2026 by rpki-client