Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/mMPunU6seWJqmCErh0MNyuxIyEc.roa
File: mMPunU6seWJqmCErh0MNyuxIyEc.roa (raw, json)
Hash identifier: ATbO5ZHydIB14HK6SVQr1mlxx0zwGZ0SIRKhGEO4ycs=
Subject key identifier: 98:C3:EE:9D:4E:AC:79:62:6A:98:21:2B:87:43:0D:CA:EC:48:C8:47
Certificate issuer: /CN=e686965509a649c508ab8ab72f7257bef35f7930
Certificate serial: 019E1B1BF236C1561A4E4CD673FAF14947EC
Authority key identifier: E6:86:96:55:09:A6:49:C5:08:AB:8A:B7:2F:72:57:BE:F3:5F:79:30
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5oaWVQmmScUIq4q3L3JXvvNfeTA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/mMPunU6seWJqmCErh0MNyuxIyEc.roa
Signing time: Tue 12 May 2026 07:34:36 +0000
ROA not before: Tue 12 May 2026 07:34:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 216058
IP address blocks: 2.56.204.0/22 maxlen: 22
2.56.204.0/24 maxlen: 24
2.56.205.0/24 maxlen: 24
2.56.206.0/24 maxlen: 24
2.56.207.0/24 maxlen: 24
91.195.254.0/23 maxlen: 24
91.195.254.0/24 maxlen: 24
91.195.255.0/24 maxlen: 24
91.198.108.0/23 maxlen: 24
91.198.108.0/24 maxlen: 24
91.198.109.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/5oaWVQmmScUIq4q3L3JXvvNfeTA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/5oaWVQmmScUIq4q3L3JXvvNfeTA.mft
rsync://rpki.ripe.net/repository/DEFAULT/5oaWVQmmScUIq4q3L3JXvvNfeTA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 16:01:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:1b:1b:f2:36:c1:56:1a:4e:4c:d6:73:fa:f1:49:47:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e686965509a649c508ab8ab72f7257bef35f7930
Validity
Not Before: May 12 07:34:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=98c3ee9d4eac79626a98212b87430dcaec48c847
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:ee:c9:ab:06:d4:37:9c:6d:94:00:c7:69:23:
d4:49:34:8c:19:f8:75:67:11:eb:d1:56:a7:de:f9:
c7:53:9e:9a:85:b6:3e:66:b6:7c:0e:99:82:d2:03:
7a:71:58:ce:08:1a:e3:bc:73:ec:d4:23:a1:c6:eb:
5f:3e:2b:17:88:e5:d6:61:d6:42:72:35:a6:b8:c2:
73:14:88:a1:86:49:0e:47:3d:36:d3:3f:71:8b:1e:
3d:20:f2:56:7d:91:ff:72:0a:cd:37:92:93:a7:25:
e8:3d:a7:d2:cd:7c:4a:68:4e:cb:8b:4f:27:83:c5:
a6:5a:04:da:8c:eb:a3:3c:e1:00:df:20:e2:69:58:
73:30:0f:69:ad:7e:6a:27:ca:9a:c3:b7:78:31:52:
51:31:2a:38:dc:b8:c8:0e:85:c6:58:7f:74:04:1f:
91:24:66:69:58:28:90:03:03:09:8a:eb:62:18:35:
de:24:07:0a:b5:51:65:5e:5a:cf:38:58:33:77:b5:
30:0f:3a:0e:b5:93:e1:af:91:3e:ba:3b:1f:96:88:
f0:05:91:94:60:cd:65:c2:83:25:b1:03:03:3c:97:
14:10:cd:be:28:77:2b:6a:ed:89:d1:1a:69:c1:69:
7b:68:da:d2:14:31:3a:82:6c:2d:5f:3e:18:98:b1:
f6:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:C3:EE:9D:4E:AC:79:62:6A:98:21:2B:87:43:0D:CA:EC:48:C8:47
X509v3 Authority Key Identifier:
keyid:E6:86:96:55:09:A6:49:C5:08:AB:8A:B7:2F:72:57:BE:F3:5F:79:30
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5oaWVQmmScUIq4q3L3JXvvNfeTA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/mMPunU6seWJqmCErh0MNyuxIyEc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/5oaWVQmmScUIq4q3L3JXvvNfeTA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.204.0/22
91.195.254.0/23
91.198.108.0/23
Signature Algorithm: sha256WithRSAEncryption
29:95:47:c1:bc:c9:32:bb:c0:50:db:a3:ac:32:93:b3:a3:9a:
78:c6:1a:dc:de:e7:fc:d7:1e:f7:c6:8b:54:a6:4a:c4:3b:fe:
d3:8d:18:5d:19:22:17:70:dd:4b:ef:44:c0:1d:b5:65:b0:38:
6f:5d:d5:33:60:fc:b8:30:49:c0:9b:b6:51:49:71:2c:4d:f8:
e7:f3:be:16:68:78:35:5a:32:18:3b:86:7a:e3:6a:dd:37:86:
6f:2e:49:c1:a4:1b:fb:04:3e:68:ee:03:d1:a7:bb:ca:df:78:
f7:19:23:8f:93:07:e1:77:56:53:2a:4a:ae:c0:5b:6a:9e:fe:
27:3e:37:bd:9d:e3:b1:da:b3:09:c5:59:9c:7f:9f:d0:e6:24:
33:98:67:d4:1d:4b:2d:ab:e2:2b:20:a0:a1:d0:7c:81:6e:95:
38:42:1e:4d:86:b1:42:92:25:b7:7e:b6:1a:a8:ec:00:bd:63:
91:64:f7:68:9b:4e:78:3f:48:95:ae:0d:c1:19:f5:9f:e5:8c:
96:13:46:d1:f3:8e:fd:a7:c3:52:cb:d5:58:a7:b3:ec:e6:e6:
a3:01:1b:22:f5:d5:e1:93:cc:45:42:15:78:7f:70:7d:a4:22:
34:ad:c5:ed:04:f7:38:4a:fb:5c:be:f6:eb:dd:24:28:7c:e9:
4a:08:c6:a7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ4bG/I2wVYaTkzWc/rxSUfsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2ODY5NjU1MDlhNjQ5YzUwOGFiOGFiNzJmNzI1N2JlZjM1
Zjc5MzAwHhcNMjYwNTEyMDczNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGMzZWU5ZDRlYWM3OTYyNmE5ODIxMmI4NzQzMGRjYWVjNDhjODQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlu7JqwbUN5xtlADHaSPUSTSMGfh1
ZxHr0Van3vnHU56ahbY+ZrZ8DpmC0gN6cVjOCBrjvHPs1COhxutfPisXiOXWYdZC
cjWmuMJzFIihhkkORz020z9xix49IPJWfZH/cgrNN5KTpyXoPafSzXxKaE7Li08n
g8WmWgTajOujPOEA3yDiaVhzMA9prX5qJ8qaw7d4MVJRMSo43LjIDoXGWH90BB+R
JGZpWCiQAwMJiutiGDXeJAcKtVFlXlrPOFgzd7UwDzoOtZPhr5E+ujsflojwBZGU
YM1lwoMlsQMDPJcUEM2+KHcrau2J0RppwWl7aNrSFDE6gmwtXz4YmLH2YQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJjD7p1OrHliapghK4dDDcrsSMhHMB8GA1UdIwQY
MBaAFOaGllUJpknFCKuKty9yV77zX3kwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNW9hV1ZRbW1TY1VJcTRxM0wzSlh2dk5mZVRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82OGJmZjYtN2IyYy00ZWNmLTgwMDYt
ZWQxNGFmNmRiODg4LzEvbU1QdW5VNnNlV0pxbUNFcmgwTU55dXhJeUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82OGJmZjYtN2IyYy00ZWNmLTgwMDYtZWQxNGFmNmRiODg4
LzEvNW9hV1ZRbW1TY1VJcTRxM0wzSlh2dk5mZVRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCAjjMAwQB
W8P+AwQBW8ZsMA0GCSqGSIb3DQEBCwUAA4IBAQAplUfBvMkyu8BQ26OsMpOzo5p4
xhrc3uf81x73xotUpkrEO/7TjRhdGSIXcN1L70TAHbVlsDhvXdUzYPy4MEnAm7ZR
SXEsTfjn874WaHg1WjIYO4Z642rdN4ZvLknBpBv7BD5o7gPRp7vK33j3GSOPkwfh
d1ZTKkquwFtqnv4nPje9neOx2rMJxVmcf5/Q5iQzmGfUHUstq+IrIKCh0HyBbpU4
Qh5NhrFCkiW3frYaqOwAvWORZPdom054P0iVrg3BGfWf5YyWE0bR8479p8NSy9VY
p7Ps5uajARsi9dXhk8xFQhV4f3B9pCI0rcXtBPc4Svtcvvbr3SQofOlKCMan
-----END CERTIFICATE-----
Generated at Wed May 13 02:47:08 2026 by rpki-client