Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BCi7r1y5GoIL4u28Gca_VLGXDVE.roa
File: BCi7r1y5GoIL4u28Gca_VLGXDVE.roa (raw, json)
Hash identifier: pxyg6W8ZwrSFdeKSLi6hvgKqT1sY03vUwTsHoEDGZjA=
Subject key identifier: 04:28:BB:AF:5C:B9:1A:82:0B:E2:ED:BC:19:C6:BF:54:B1:97:0D:51
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019D0B411EE5317E1569A693025E53FB6CB1
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BCi7r1y5GoIL4u28Gca_VLGXDVE.roa
Signing time: Fri 20 Mar 2026 12:38:30 +0000
ROA not before: Fri 20 Mar 2026 12:38:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 401776
IP address blocks: 82.152.122.0/24 maxlen: 24
82.152.205.0/24 maxlen: 24
82.153.10.0/24 maxlen: 24
82.153.109.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 16:32:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:0b:41:1e:e5:31:7e:15:69:a6:93:02:5e:53:fb:6c:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Mar 20 12:38:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0428bbaf5cb91a820be2edbc19c6bf54b1970d51
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:92:11:f4:e4:ae:60:93:c1:01:83:90:9e:70:
e2:bb:df:47:ea:ff:34:b3:87:f8:00:a5:3b:33:30:
cc:27:ae:26:24:5d:41:fd:3e:a8:46:df:31:56:87:
15:50:2d:20:e7:e2:b8:82:72:2d:fd:f9:11:74:b5:
68:8b:b4:e2:74:e1:5a:85:47:a5:36:70:cd:df:8a:
5c:e4:d5:14:56:47:ad:f2:5d:f6:c3:7d:87:73:1a:
4a:02:fc:4e:c8:46:8b:17:e3:a4:dd:f8:10:bf:48:
c8:eb:29:cd:19:a6:cf:4f:8a:d1:55:71:29:02:8d:
06:60:99:c3:76:37:41:97:3d:90:97:8d:36:6d:09:
1c:81:fd:96:a6:76:3f:64:43:30:12:fc:52:3f:77:
87:f4:d6:09:6d:70:fb:2d:20:2a:24:2e:2e:ca:8c:
d4:3c:5c:78:7a:47:92:a3:a1:94:84:40:3b:ed:bf:
8d:81:0a:47:0b:0b:a1:4b:fa:af:b6:c2:19:30:e8:
4e:4f:0c:5b:0b:fa:5d:73:13:8b:1d:44:25:a5:e5:
ea:61:0f:b4:d3:1a:02:62:bf:e6:32:28:99:a3:67:
26:fe:6d:49:c3:0f:6c:4e:31:bf:15:3b:f4:e0:50:
c0:59:30:9f:bd:c2:70:50:cc:87:e4:33:a0:a3:42:
50:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:28:BB:AF:5C:B9:1A:82:0B:E2:ED:BC:19:C6:BF:54:B1:97:0D:51
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BCi7r1y5GoIL4u28Gca_VLGXDVE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.122.0/24
82.152.205.0/24
82.153.10.0/24
82.153.109.0/24
Signature Algorithm: sha256WithRSAEncryption
5c:36:f2:11:c6:8a:dd:3d:84:ce:8d:68:49:32:66:c4:21:c1:
dd:9e:e3:66:6f:2d:7c:bc:12:4d:b2:1d:80:45:44:ad:8e:85:
53:54:39:13:10:b1:e1:40:9c:14:ca:91:59:5d:95:34:36:82:
25:fc:ba:b4:22:51:01:5e:15:14:40:20:38:10:f9:32:d5:9d:
44:f3:e7:91:ab:f2:78:cb:af:ee:c6:a8:8b:cb:6d:01:d7:fc:
0d:e5:01:18:b4:ce:6f:eb:dc:69:47:23:5d:08:f6:98:a2:9d:
ca:cd:72:33:48:f9:d2:37:58:e1:55:db:37:e2:03:64:eb:53:
5b:81:c6:a8:45:8b:29:38:11:bc:06:0d:3b:e7:1d:a5:61:e3:
06:92:30:9e:42:54:f0:99:fd:2e:49:47:8b:43:62:84:3b:c9:
4a:29:41:88:b6:b5:15:94:8a:88:68:e0:63:eb:7f:2b:45:c9:
f2:29:79:df:7c:96:39:12:cc:32:42:56:5f:36:f7:f7:87:1b:
cc:5d:2c:fc:15:d8:91:76:8d:9e:d1:f3:f0:54:1e:4a:e4:5b:
4c:e1:3a:35:96:4e:05:f7:de:08:9d:60:e1:f8:2f:fc:1a:0a:
30:6d:20:00:c5:ad:a7:f4:11:4e:c9:2b:02:54:10:6c:03:6a:
62:c8:2f:9d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ0LQR7lMX4VaaaTAl5T+2yxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzIwMTIzODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDI4YmJhZjVjYjkxYTgyMGJlMmVkYmMxOWM2YmY1NGIxOTcwZDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZIR9OSuYJPBAYOQnnDiu99H6v80
s4f4AKU7MzDMJ64mJF1B/T6oRt8xVocVUC0g5+K4gnIt/fkRdLVoi7TidOFahUel
NnDN34pc5NUUVket8l32w32HcxpKAvxOyEaLF+Ok3fgQv0jI6ynNGabPT4rRVXEp
Ao0GYJnDdjdBlz2Ql402bQkcgf2WpnY/ZEMwEvxSP3eH9NYJbXD7LSAqJC4uyozU
PFx4ekeSo6GUhEA77b+NgQpHCwuhS/qvtsIZMOhOTwxbC/pdcxOLHUQlpeXqYQ+0
0xoCYr/mMiiZo2cm/m1Jww9sTjG/FTv04FDAWTCfvcJwUMyH5DOgo0JQ/QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFAQou69cuRqCC+LtvBnGv1Sxlw1RMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQkNpN3IxeTVHb0lMNHUyOEdjYV9WTEdYRFZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUph6AwQA
UpjNAwQAUpkKAwQAUpltMA0GCSqGSIb3DQEBCwUAA4IBAQBcNvIRxordPYTOjWhJ
MmbEIcHdnuNmby18vBJNsh2ARUStjoVTVDkTELHhQJwUypFZXZU0NoIl/Lq0IlEB
XhUUQCA4EPky1Z1E8+eRq/J4y6/uxqiLy20B1/wN5QEYtM5v69xpRyNdCPaYop3K
zXIzSPnSN1jhVds34gNk61NbgcaoRYspOBG8Bg075x2lYeMGkjCeQlTwmf0uSUeL
Q2KEO8lKKUGItrUVlIqIaOBj638rRcnyKXnffJY5EswyQlZfNvf3hxvMXSz8FdiR
do2e0fPwVB5K5FtM4To1lk4F994InWDh+C/8GgowbSAAxa2n9BFOySsCVBBsA2pi
yC+d
-----END CERTIFICATE-----
Generated at Fri Mar 27 00:07:16 2026 by rpki-client