Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/1-bX4q69pD6P9iDL_MBjXApDUUoA.roa
File: 1-bX4q69pD6P9iDL_MBjXApDUUoA.roa (raw, json)
Hash identifier: Kde578ne8/gKQezBhfcD4rTCARaf5d1vuhecNygX/Nk=
Subject key identifier: F9:B5:F8:AB:AF:69:0F:A3:FD:88:32:FF:30:18:D7:02:90:D4:52:80
Certificate issuer: /CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Certificate serial: 019CDDC9BA13D95029A768873CD46C70D667
Authority key identifier: 0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/1-bX4q69pD6P9iDL_MBjXApDUUoA.roa
Signing time: Wed 11 Mar 2026 16:45:10 +0000
ROA not before: Wed 11 Mar 2026 16:45:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 207193
IP address blocks: 159.151.196.0/24 maxlen: 24
192.109.146.0/24 maxlen: 24
2a07:8145::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl
rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.mft
rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 22:01:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:dd:c9:ba:13:d9:50:29:a7:68:87:3c:d4:6c:70:d6:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Validity
Not Before: Mar 11 16:45:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f9b5f8abaf690fa3fd8832ff3018d70290d45280
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:80:5c:27:50:46:7b:51:f8:79:5e:ed:26:14:
9e:0d:ad:44:14:02:d0:19:ee:10:1d:14:b5:7d:b2:
4e:2d:b4:58:6f:c6:de:42:bf:ab:9f:b8:54:ce:ca:
89:35:d1:ce:79:11:ae:11:97:d5:df:bf:af:bb:b7:
5e:ed:18:b3:1f:57:ae:53:12:a1:d4:11:a0:ef:cb:
ad:13:bc:29:a5:00:7a:91:7c:be:f9:a4:2f:36:7f:
6e:d5:da:89:d6:ba:23:a0:9d:4d:4a:2f:b2:10:b5:
f3:10:2b:4d:27:95:06:01:4f:1f:db:d1:75:0d:d1:
56:96:a0:38:77:5c:25:63:82:66:14:db:5e:18:2a:
87:85:f3:11:d7:30:7c:39:00:e8:d1:c0:20:a5:00:
27:d6:c1:06:8c:3f:99:59:b1:28:ae:c0:82:38:c8:
1c:13:8a:a4:8d:af:30:95:61:3a:68:96:82:03:49:
fb:ef:2c:06:61:52:e8:60:d7:16:fe:c0:9c:cf:de:
4d:fc:cc:dd:41:66:0b:59:0c:b5:c4:27:93:6b:56:
a6:ce:63:d7:92:fb:1a:da:f1:5f:61:e0:d1:ef:cb:
c1:fc:94:ed:20:a4:76:c6:f9:8e:a4:ad:e9:9c:9e:
99:8b:48:7c:eb:2d:96:1e:05:e8:08:89:d5:5e:7e:
92:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:B5:F8:AB:AF:69:0F:A3:FD:88:32:FF:30:18:D7:02:90:D4:52:80
X509v3 Authority Key Identifier:
keyid:0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/1-bX4q69pD6P9iDL_MBjXApDUUoA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.151.196.0/24
192.109.146.0/24
IPv6:
2a07:8145::/36
Signature Algorithm: sha256WithRSAEncryption
0c:b5:9a:0b:11:78:0b:82:59:6a:36:02:c1:2c:75:2b:db:d5:
2b:4a:3e:d2:a7:0b:ab:42:fe:ff:d6:f9:57:ea:00:ec:ff:20:
cc:4b:91:90:eb:37:b5:86:3a:d2:c7:54:79:23:03:8f:4c:6c:
06:87:ac:38:c1:36:74:73:1c:ad:74:6c:33:dd:1a:77:6f:4c:
f0:9f:e4:be:89:dc:fe:f6:4e:cf:0b:2c:72:0f:e7:3f:e9:ec:
70:25:41:21:f4:95:a4:be:08:a0:62:0b:93:9f:e7:ff:b5:de:
f3:6d:18:ba:1b:dc:e2:84:9d:bf:76:c5:6c:03:76:27:3e:7d:
90:18:ff:eb:7b:12:ab:80:2f:4d:c9:1d:43:11:4a:a5:b8:e7:
54:74:09:8f:f3:2a:2e:ec:67:43:a3:0f:76:9c:93:c7:5e:8d:
9b:f6:b9:81:06:5a:88:85:e3:64:ec:09:31:23:01:ce:c8:a5:
3f:2f:e3:32:ed:6e:39:80:21:f6:6c:f2:2f:cf:9a:af:4c:c0:
9a:43:e7:fc:cb:93:c0:56:4b:bb:38:87:64:91:55:68:e6:78:
5e:79:ee:41:88:df:74:7c:b5:64:e0:61:1d:8f:b6:5c:25:28:
ad:81:26:40:cc:8a:b6:62:5c:16:9c:b3:ab:58:0a:eb:5b:34:
42:b7:5e:f8
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZzdyboT2VApp2iHPNRscNZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzdkODA3ZDRmN2NkZDNlMGFmZTRhYmM4ZWU1YTg4MGM2
MDkwZjEwHhcNMjYwMzExMTY0NTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWI1ZjhhYmFmNjkwZmEzZmQ4ODMyZmYzMDE4ZDcwMjkwZDQ1MjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIBcJ1BGe1H4eV7tJhSeDa1EFALQ
Ge4QHRS1fbJOLbRYb8beQr+rn7hUzsqJNdHOeRGuEZfV37+vu7de7RizH1euUxKh
1BGg78utE7wppQB6kXy++aQvNn9u1dqJ1rojoJ1NSi+yELXzECtNJ5UGAU8f29F1
DdFWlqA4d1wlY4JmFNteGCqHhfMR1zB8OQDo0cAgpQAn1sEGjD+ZWbEorsCCOMgc
E4qkja8wlWE6aJaCA0n77ywGYVLoYNcW/sCcz95N/MzdQWYLWQy1xCeTa1amzmPX
kvsa2vFfYeDR78vB/JTtIKR2xvmOpK3pnJ6Zi0h86y2WHgXoCInVXn6SJwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFPm1+KuvaQ+j/Ygy/zAY1wKQ1FKAMB8GA1UdIwQY
MBaAFAo32AfU983T4K/kq8juWogMYJDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjkt
ODAwZWRhMmNmYjM2LzEvMS1iWDRxNjlwRDZQOWlETF9NQmpYQXBEVVVvQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODgvYmMyNjhkLTYxZjAtNDcxZi1hYWI5LTgwMGVkYTJjZmIz
Ni8xL0NqZllCOVQzemRQZ3ItU3J5TzVhaUF4Z2tQRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA1BggrBgEFBQcBBwEB/wQmMCQwEgQCAAEwDAMEAJ+XxAME
AMBtkjAOBAIAAjAIAwYEKgeBRQAwDQYJKoZIhvcNAQELBQADggEBAAy1mgsReAuC
WWo2AsEsdSvb1StKPtKnC6tC/v/W+VfqAOz/IMxLkZDrN7WGOtLHVHkjA49MbAaH
rDjBNnRzHK10bDPdGndvTPCf5L6J3P72Ts8LLHIP5z/p7HAlQSH0laS+CKBiC5Of
5/+13vNtGLob3OKEnb92xWwDdic+fZAY/+t7EquAL03JHUMRSqW451R0CY/zKi7s
Z0OjD3ack8dejZv2uYEGWoiF42TsCTEjAc7IpT8v4zLtbjmAIfZs8i/Pmq9MwJpD
5/zLk8BWS7s4h2SRVWjmeF557kGI33R8tWTgYR2PtlwlKK2BJkDMirZiXBacs6tY
CutbNEK3Xvg=
-----END CERTIFICATE-----
Generated at Thu Mar 26 09:43:02 2026 by rpki-client