Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/b01290-d76d-42d8-a234-f9512499e05c/1/L0kBgRXz52GXi0irJBVjrLT4tHI.roa
File: L0kBgRXz52GXi0irJBVjrLT4tHI.roa (raw, json)
Hash identifier: Mr35qbsVY4vBkBo4FFK+ZN/24dqv461UFI1PM3fz13k=
Subject key identifier: 2F:49:01:81:15:F3:E7:61:97:8B:48:AB:24:15:63:AC:B4:F8:B4:72
Certificate issuer: /CN=323ab5ba98bef5d0d9bd0cea031a1fe13777a486
Certificate serial: 019CE115D783127B7F2A00FB92C450E29040
Authority key identifier: 32:3A:B5:BA:98:BE:F5:D0:D9:BD:0C:EA:03:1A:1F:E1:37:77:A4:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Mjq1upi-9dDZvQzqAxof4Td3pIY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/b01290-d76d-42d8-a234-f9512499e05c/1/L0kBgRXz52GXi0irJBVjrLT4tHI.roa
Signing time: Thu 12 Mar 2026 08:07:10 +0000
ROA not before: Thu 12 Mar 2026 08:07:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 38983
IP address blocks: 5.172.216.0/21 maxlen: 24
185.64.192.0/22 maxlen: 24
185.105.200.0/22 maxlen: 22
185.122.152.0/22 maxlen: 22
188.64.48.0/21 maxlen: 21
188.126.96.0/19 maxlen: 24
188.126.108.0/23 maxlen: 23
188.126.112.0/21 maxlen: 22
2a03:8f00::/29 maxlen: 29
2a09:f400::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/b01290-d76d-42d8-a234-f9512499e05c/1/Mjq1upi-9dDZvQzqAxof4Td3pIY.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/b01290-d76d-42d8-a234-f9512499e05c/1/Mjq1upi-9dDZvQzqAxof4Td3pIY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Mjq1upi-9dDZvQzqAxof4Td3pIY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 14:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:e1:15:d7:83:12:7b:7f:2a:00:fb:92:c4:50:e2:90:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=323ab5ba98bef5d0d9bd0cea031a1fe13777a486
Validity
Not Before: Mar 12 08:07:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2f49018115f3e761978b48ab241563acb4f8b472
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:b8:46:4d:4f:ca:77:53:4c:63:b2:8f:1a:21:
44:35:ca:7a:30:0c:57:e8:88:16:61:41:88:a2:3f:
8e:ff:47:74:4b:d5:9c:b0:45:4b:c1:00:71:cb:7b:
9d:a0:f5:da:f0:a7:1b:31:56:d4:0a:10:f2:4a:2a:
7b:bb:b6:62:74:dd:75:19:c8:dc:5f:a2:b5:a1:85:
4e:ee:6b:3f:76:8d:3e:97:6f:3c:23:b0:66:b4:1f:
91:63:15:43:37:e6:56:4f:d6:1b:45:fd:8e:2b:57:
b5:e1:57:5c:47:6c:61:8f:e1:47:c3:7d:f8:0c:96:
bf:29:7d:c4:f2:ab:0a:ab:89:87:2e:9b:ed:26:ed:
c0:9d:61:1f:7b:84:b7:ff:f9:a9:bc:9a:0c:fa:6a:
93:9f:29:c5:76:b8:d8:3c:30:ca:3f:54:cf:db:dd:
94:38:98:f3:70:46:59:b3:c0:eb:de:0f:e1:55:b5:
e3:a8:8a:96:5e:cc:bb:39:04:d5:8b:e0:8f:be:68:
25:77:ad:65:75:e9:4e:59:8d:92:a2:41:b2:ce:2c:
56:1d:3a:16:ed:28:48:16:1b:39:94:71:60:2d:05:
eb:3b:fe:27:7f:69:f1:4d:1e:75:c0:00:af:46:1d:
0b:c2:ca:ed:08:31:26:30:d8:9c:48:b0:d1:7d:26:
fe:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:49:01:81:15:F3:E7:61:97:8B:48:AB:24:15:63:AC:B4:F8:B4:72
X509v3 Authority Key Identifier:
keyid:32:3A:B5:BA:98:BE:F5:D0:D9:BD:0C:EA:03:1A:1F:E1:37:77:A4:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mjq1upi-9dDZvQzqAxof4Td3pIY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/b01290-d76d-42d8-a234-f9512499e05c/1/L0kBgRXz52GXi0irJBVjrLT4tHI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/b01290-d76d-42d8-a234-f9512499e05c/1/Mjq1upi-9dDZvQzqAxof4Td3pIY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.172.216.0/21
185.64.192.0/22
185.105.200.0/22
185.122.152.0/22
188.64.48.0/21
188.126.96.0/19
IPv6:
2a03:8f00::/29
2a09:f400::/29
Signature Algorithm: sha256WithRSAEncryption
2c:c3:50:c6:8a:3e:8f:00:44:94:30:fa:26:0d:19:0a:ab:15:
19:48:ac:a1:04:73:b0:5e:fa:8f:eb:fe:7a:64:06:f2:75:95:
14:44:63:45:30:e4:b0:c3:37:6b:a1:72:4c:6b:3c:2a:09:28:
7c:bc:24:33:5f:13:41:5b:fa:2e:d2:39:55:95:4c:de:94:cb:
c2:6c:f5:b2:31:3a:ad:05:4c:8a:37:ee:63:36:ef:ad:f7:65:
47:c6:9e:14:6e:ac:4e:0f:65:fc:b1:d7:36:df:ce:51:1d:78:
01:f0:66:5e:49:e2:70:b0:d7:8f:f0:b8:3b:58:c6:93:05:fe:
bf:11:46:bf:c9:b6:6e:ee:84:b6:59:a7:d9:8b:9d:1d:e1:f3:
8e:07:18:dc:e8:be:6c:cc:07:7c:b0:72:40:cc:6c:7e:9a:b3:
c1:c7:c4:64:75:90:1f:c8:f6:3f:2a:05:2e:ea:4f:26:f7:87:
41:b3:6a:c8:2d:51:6f:00:4a:2e:33:96:da:b4:bb:51:01:d6:
2b:ce:ef:fa:df:bf:f1:2c:7d:db:37:c9:c6:09:be:ae:09:32:
67:d5:37:c9:bf:01:06:f3:87:4e:1d:61:88:ef:cc:9f:45:dd:
00:2d:c6:de:c0:44:86:ed:39:23:ce:74:d7:04:50:4f:bf:46:
22:4d:54:30
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZzhFdeDEnt/KgD7ksRQ4pBAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyM2FiNWJhOThiZWY1ZDBkOWJkMGNlYTAzMWExZmUxMzc3
N2E0ODYwHhcNMjYwMzEyMDgwNzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjQ5MDE4MTE1ZjNlNzYxOTc4YjQ4YWIyNDE1NjNhY2I0ZjhiNDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7hGTU/Kd1NMY7KPGiFENcp6MAxX
6IgWYUGIoj+O/0d0S9WcsEVLwQBxy3udoPXa8KcbMVbUChDySip7u7ZidN11Gcjc
X6K1oYVO7ms/do0+l288I7BmtB+RYxVDN+ZWT9YbRf2OK1e14VdcR2xhj+FHw334
DJa/KX3E8qsKq4mHLpvtJu3AnWEfe4S3//mpvJoM+mqTnynFdrjYPDDKP1TP292U
OJjzcEZZs8Dr3g/hVbXjqIqWXsy7OQTVi+CPvmgld61ldelOWY2SokGyzixWHToW
7ShIFhs5lHFgLQXrO/4nf2nxTR51wACvRh0LwsrtCDEmMNicSLDRfSb+wQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFC9JAYEV8+dhl4tIqyQVY6y0+LRyMB8GA1UdIwQY
MBaAFDI6tbqYvvXQ2b0M6gMaH+E3d6SGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWpxMXVwaS05ZERadlF6cUF4b2Y0VGQzcElZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9iMDEyOTAtZDc2ZC00MmQ4LWEyMzQt
Zjk1MTI0OTllMDVjLzEvTDBrQmdSWHo1MkdYaTBpckpCVmpyTFQ0dEhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9iMDEyOTAtZDc2ZC00MmQ4LWEyMzQtZjk1MTI0OTllMDVj
LzEvTWpxMXVwaS05ZERadlF6cUF4b2Y0VGQzcElZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQDBazYAwQC
uUDAAwQCuWnIAwQCuXqYAwQDvEAwAwQFvH5gMBQEAgACMA4DBQMqA48AAwUDKgn0
ADANBgkqhkiG9w0BAQsFAAOCAQEALMNQxoo+jwBElDD6Jg0ZCqsVGUisoQRzsF76
j+v+emQG8nWVFERjRTDksMM3a6FyTGs8KgkofLwkM18TQVv6LtI5VZVM3pTLwmz1
sjE6rQVMijfuYzbvrfdlR8aeFG6sTg9l/LHXNt/OUR14AfBmXknicLDXj/C4O1jG
kwX+vxFGv8m2bu6Etlmn2YudHeHzjgcY3Oi+bMwHfLByQMxsfpqzwcfEZHWQH8j2
PyoFLupPJveHQbNqyC1RbwBKLjOW2rS7UQHWK87v+t+/8Sx92zfJxgm+rgkyZ9U3
yb8BBvOHTh1hiO/Mn0XdAC3G3sBEhu05I8501wRQT79GIk1UMA==
-----END CERTIFICATE-----
Generated at Thu Mar 26 22:07:43 2026 by rpki-client