Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-2xqoDYgl8RF6v_l5lTGJW8hf7U.roa
File: 1-2xqoDYgl8RF6v_l5lTGJW8hf7U.roa (raw, json)
Hash identifier: QHHnR+xGdv5KHMivxndoczMMMP4pEVs2J1YXmmfVbu8=
Subject key identifier: FB:6C:6A:A0:36:20:97:C4:45:EA:FF:E5:E6:54:C6:25:6F:21:7F:B5
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019E1C22B67CAF817DB05F463E597736CD2C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-2xqoDYgl8RF6v_l5lTGJW8hf7U.roa
Signing time: Tue 12 May 2026 12:21:37 +0000
ROA not before: Tue 12 May 2026 12:21:37 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 214962
IP address blocks: 81.168.110.0/24 maxlen: 24
82.152.234.0/24 maxlen: 24
89.213.6.0/24 maxlen: 24
109.176.83.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 21:00:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:1c:22:b6:7c:af:81:7d:b0:5f:46:3e:59:77:36:cd:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: May 12 12:21:37 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fb6c6aa0362097c445eaffe5e654c6256f217fb5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:42:d0:34:6c:d7:8d:64:ac:01:b4:33:e4:00:
5e:1d:5b:54:d9:bc:8d:27:1a:13:b9:7d:39:94:75:
b9:2e:22:ef:95:15:8d:43:97:10:7b:f5:59:dd:d4:
2e:15:5d:04:e6:88:01:fc:0c:f0:b2:bd:b7:57:5c:
54:81:8b:a3:f4:88:78:e0:ae:6b:23:fb:83:aa:58:
b5:11:f8:a5:4f:30:01:3d:e5:99:c0:7e:20:55:c8:
eb:fd:24:fc:7f:4e:62:9e:51:29:95:e5:a3:28:33:
6b:34:25:0c:d5:be:a3:71:4f:1f:72:ee:5c:d5:d7:
d8:f9:a9:9d:74:3c:25:5e:67:9b:70:f8:82:4a:80:
af:57:17:a4:0f:fd:64:b9:89:18:fc:0f:c0:87:53:
01:45:77:66:e7:08:c3:68:11:28:52:c2:fc:01:e0:
dd:6b:54:2e:da:0d:32:c1:3e:21:b0:2d:07:27:17:
19:e3:ea:fb:4c:57:12:39:67:ef:c7:f1:77:a9:de:
f8:7d:7c:1e:19:83:70:88:fc:d8:84:82:1d:d8:a6:
9e:b5:1f:f6:0b:cf:44:71:18:0c:6b:2f:18:04:51:
0f:c5:39:6f:1b:83:6e:d2:90:c1:37:17:93:6e:64:
87:7a:09:45:b9:1f:d7:52:00:83:95:3e:b8:53:99:
6b:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:6C:6A:A0:36:20:97:C4:45:EA:FF:E5:E6:54:C6:25:6F:21:7F:B5
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-2xqoDYgl8RF6v_l5lTGJW8hf7U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.110.0/24
82.152.234.0/24
89.213.6.0/24
109.176.83.0/24
Signature Algorithm: sha256WithRSAEncryption
9e:e4:3c:d2:4a:8d:fa:5b:c0:d3:84:db:ce:ed:a8:b5:21:56:
85:5f:08:cc:20:a4:34:b9:06:a5:6d:5b:5e:44:05:85:64:62:
bf:1d:73:97:e4:44:76:aa:2e:32:d6:33:42:17:15:87:a1:e3:
21:03:88:8a:a0:c1:05:22:3a:98:8b:3e:53:d5:6c:3d:f6:8a:
d4:33:d9:4b:be:6c:37:0f:32:9e:72:d3:52:ff:64:d7:f9:f9:
b2:85:cc:0b:31:5c:2d:0c:4e:80:d4:1a:94:f4:1a:ab:9f:7c:
da:a9:f4:71:da:f5:26:24:39:5c:7c:66:29:38:21:02:15:c2:
dd:e7:25:af:82:35:46:f3:2c:cb:e6:fb:bb:25:5f:df:f9:e0:
1d:b5:90:aa:c9:93:90:eb:e4:04:22:96:2e:1d:36:c8:a2:79:
0d:b9:45:2e:13:3f:6f:cf:3b:28:e9:55:b3:0c:1a:32:48:0e:
26:9f:e5:26:a1:35:71:36:76:f5:91:80:51:ab:1e:85:51:df:
e1:4d:88:21:69:de:fb:1b:4c:eb:65:b7:9a:01:ee:90:04:db:
7d:a3:9f:95:42:d5:67:e3:28:fb:90:b0:b3:16:f2:5c:a1:83:
20:8e:5e:31:9f:16:63:2c:bb:3c:ee:29:fc:91:dc:08:95:4d:
2a:3f:19:3f
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZ4cIrZ8r4F9sF9GPll3Ns0sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTEyMTIyMTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjZjNmFhMDM2MjA5N2M0NDVlYWZmZTVlNjU0YzYyNTZmMjE3ZmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ELQNGzXjWSsAbQz5ABeHVtU2byN
JxoTuX05lHW5LiLvlRWNQ5cQe/VZ3dQuFV0E5ogB/Azwsr23V1xUgYuj9Ih44K5r
I/uDqli1EfilTzABPeWZwH4gVcjr/ST8f05inlEpleWjKDNrNCUM1b6jcU8fcu5c
1dfY+amddDwlXmebcPiCSoCvVxekD/1kuYkY/A/Ah1MBRXdm5wjDaBEoUsL8AeDd
a1Qu2g0ywT4hsC0HJxcZ4+r7TFcSOWfvx/F3qd74fXweGYNwiPzYhIId2KaetR/2
C89EcRgMay8YBFEPxTlvG4Nu0pDBNxeTbmSHeglFuR/XUgCDlT64U5lrvQIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFPtsaqA2IJfERer/5eZUxiVvIX+1MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMS0yeHFvRFlnbDhSRjZ2X2w1bFRHSlc4aGY3VS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGEvNDlkYzAwLTk3ZTItNDYyOC1hZTM5LTQxMjI4ZTM5ZmY3
Yy8xL1A5TU5pbjRTX0h2Mkxnd1NIbnpDSnQ2bE81cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAxBggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAFGobgME
AFKY6gMEAFnVBgMEAG2wUzANBgkqhkiG9w0BAQsFAAOCAQEAnuQ80kqN+lvA04Tb
zu2otSFWhV8IzCCkNLkGpW1bXkQFhWRivx1zl+REdqouMtYzQhcVh6HjIQOIiqDB
BSI6mIs+U9VsPfaK1DPZS75sNw8ynnLTUv9k1/n5soXMCzFcLQxOgNQalPQaq598
2qn0cdr1JiQ5XHxmKTghAhXC3eclr4I1RvMsy+b7uyVf3/ngHbWQqsmTkOvkBCKW
Lh02yKJ5DblFLhM/b887KOlVswwaMkgOJp/lJqE1cTZ29ZGAUasehVHf4U2IIWne
+xtM62W3mgHukATbfaOflULVZ+Mo+5CwsxbyXKGDII5eMZ8WYyy7PO4p/JHcCJVN
Kj8ZPw==
-----END CERTIFICATE-----
Generated at Wed May 13 03:59:17 2026 by rpki-client