Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/1ade0c-9aed-437b-8f18-27f2dca47a2c/1/8YWQcFBY2JGN7Y9LDudwmWiUUd0.roa
File: 8YWQcFBY2JGN7Y9LDudwmWiUUd0.roa (raw, json)
Hash identifier: Y71RgVM51ZBYNWL+Un1weGs/ne1SsVfCUFi/XmlLWUg=
Subject key identifier: F1:85:90:70:50:58:D8:91:8D:ED:8F:4B:0E:E7:70:99:68:94:51:DD
Certificate issuer: /CN=39550a9b752c7397f6f69eaa6a80f09ba7f7d82a
Certificate serial: 019B7CEE4DE2677442F8ABFC0A85F84903AC
Authority key identifier: 39:55:0A:9B:75:2C:73:97:F6:F6:9E:AA:6A:80:F0:9B:A7:F7:D8:2A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OVUKm3Usc5f29p6qaoDwm6f32Co.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/96/1ade0c-9aed-437b-8f18-27f2dca47a2c/1/8YWQcFBY2JGN7Y9LDudwmWiUUd0.roa
Signing time: Fri 02 Jan 2026 04:19:10 +0000
ROA not before: Fri 02 Jan 2026 04:19:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 212644
IP address blocks: 188.208.132.0/23 maxlen: 23
188.208.132.0/24 maxlen: 24
188.208.133.0/24 maxlen: 24
2a0d:7000::/32 maxlen: 32
2a0d:7000:132::/48 maxlen: 48
2a0d:7000:133::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/96/1ade0c-9aed-437b-8f18-27f2dca47a2c/1/OVUKm3Usc5f29p6qaoDwm6f32Co.crl
rsync://rpki.ripe.net/repository/DEFAULT/96/1ade0c-9aed-437b-8f18-27f2dca47a2c/1/OVUKm3Usc5f29p6qaoDwm6f32Co.mft
rsync://rpki.ripe.net/repository/DEFAULT/OVUKm3Usc5f29p6qaoDwm6f32Co.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Mar 2026 07:00:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:ee:4d:e2:67:74:42:f8:ab:fc:0a:85:f8:49:03:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=39550a9b752c7397f6f69eaa6a80f09ba7f7d82a
Validity
Not Before: Jan 2 04:19:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f18590705058d8918ded8f4b0ee77099689451dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:b8:74:12:49:fe:be:00:91:d4:28:8e:66:4a:
59:a8:3e:19:3e:18:5b:4d:82:bb:55:de:df:c9:0d:
f3:43:06:e4:36:ca:6a:86:10:b0:2a:01:87:5a:a0:
87:9a:c1:19:c0:e8:dd:e9:87:52:26:1e:87:7c:10:
39:24:e6:8e:58:41:02:d3:16:23:f7:3f:8a:88:4e:
d1:71:63:fa:fb:11:a6:cd:7c:59:4c:e3:96:78:e8:
b8:1d:69:ca:17:02:be:ec:be:d9:48:fc:1d:c9:10:
0c:70:a6:81:a7:b0:bf:af:c7:69:21:ab:16:a6:60:
1a:60:67:f5:c4:85:ee:1f:58:b5:a7:fe:4a:77:62:
69:a4:dc:e7:8d:e8:74:e8:05:56:9b:0e:66:58:3f:
f7:16:32:23:0b:7f:c9:44:b6:85:b8:f1:ac:30:b0:
54:dc:d8:07:04:f3:78:ff:d4:59:62:54:46:a3:9d:
39:ed:c5:c6:a5:eb:16:3c:23:e2:e5:ca:ae:23:79:
29:2a:28:79:d8:de:e2:ce:ad:2d:de:c2:ee:96:06:
58:f1:b4:4e:f7:8c:47:3c:15:39:dc:c3:ef:57:ed:
ab:c4:53:6b:0d:90:90:45:0a:13:cc:4a:7a:6e:ce:
7c:08:f3:1d:b2:19:2b:29:85:eb:a0:3e:32:c4:47:
9a:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:85:90:70:50:58:D8:91:8D:ED:8F:4B:0E:E7:70:99:68:94:51:DD
X509v3 Authority Key Identifier:
keyid:39:55:0A:9B:75:2C:73:97:F6:F6:9E:AA:6A:80:F0:9B:A7:F7:D8:2A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OVUKm3Usc5f29p6qaoDwm6f32Co.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/1ade0c-9aed-437b-8f18-27f2dca47a2c/1/8YWQcFBY2JGN7Y9LDudwmWiUUd0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/96/1ade0c-9aed-437b-8f18-27f2dca47a2c/1/OVUKm3Usc5f29p6qaoDwm6f32Co.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.208.132.0/23
IPv6:
2a0d:7000::/32
Signature Algorithm: sha256WithRSAEncryption
3c:89:e9:58:21:6c:7a:26:3b:73:9e:9c:d0:25:60:0f:6c:dd:
10:51:61:03:1b:ca:32:c1:7d:f8:92:54:ab:41:52:42:ea:3f:
f4:05:a5:59:94:3c:4f:85:f0:10:3a:3a:b5:29:bd:b6:d8:6b:
a7:72:b8:42:d2:80:7a:56:77:88:f9:c9:19:ad:cd:5e:eb:f8:
fb:1a:74:a4:b4:cb:b1:fb:90:8f:1f:19:2a:e8:bd:1c:0e:53:
c0:5d:4a:4c:b9:d6:aa:99:75:f5:6c:91:00:ca:59:c7:75:45:
28:b5:ab:85:ae:ec:f8:6d:f3:71:67:9f:bb:58:a0:cf:28:45:
62:df:5a:46:b6:cb:d8:5e:7f:2a:83:e8:2e:ba:7b:c7:90:24:
cb:b0:96:9c:ae:b0:2e:b7:e2:cb:bd:cc:4b:44:43:ff:02:97:
d5:14:a5:7d:29:df:da:68:21:0e:b8:f7:b5:9f:72:1b:f0:91:
7a:51:83:55:77:d0:8d:e8:45:71:ad:0f:9c:ed:30:90:5b:0b:
8c:3b:b0:07:22:95:b5:17:fa:63:ce:06:90:ed:e1:7e:21:27:
fa:bd:2a:5d:6d:25:c7:8e:16:87:e6:9b:5e:63:75:6a:03:1f:
26:d0:92:5d:01:a0:ce:88:16:4f:c6:0d:3d:bb:a8:0c:a3:1d:
46:d3:47:77
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt87k3iZ3RC+Kv8CoX4SQOsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NTUwYTliNzUyYzczOTdmNmY2OWVhYTZhODBmMDliYTdm
N2Q4MmEwHhcNMjYwMTAyMDQxOTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTg1OTA3MDUwNThkODkxOGRlZDhmNGIwZWU3NzA5OTY4OTQ1MWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbh0Ekn+vgCR1CiOZkpZqD4ZPhhb
TYK7Vd7fyQ3zQwbkNspqhhCwKgGHWqCHmsEZwOjd6YdSJh6HfBA5JOaOWEEC0xYj
9z+KiE7RcWP6+xGmzXxZTOOWeOi4HWnKFwK+7L7ZSPwdyRAMcKaBp7C/r8dpIasW
pmAaYGf1xIXuH1i1p/5Kd2JppNznjeh06AVWmw5mWD/3FjIjC3/JRLaFuPGsMLBU
3NgHBPN4/9RZYlRGo5057cXGpesWPCPi5cquI3kpKih52N7izq0t3sLulgZY8bRO
94xHPBU53MPvV+2rxFNrDZCQRQoTzEp6bs58CPMdshkrKYXroD4yxEeaHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPGFkHBQWNiRje2PSw7ncJlolFHdMB8GA1UdIwQY
MBaAFDlVCpt1LHOX9vaeqmqA8Jun99gqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1ZVS20zVXNjNWYyOXA2cWFvRHdtNmYzMkNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni8xYWRlMGMtOWFlZC00MzdiLThmMTgt
MjdmMmRjYTQ3YTJjLzEvOFlXUWNGQlkySkdON1k5TER1ZHdtV2lVVWQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni8xYWRlMGMtOWFlZC00MzdiLThmMTgtMjdmMmRjYTQ3YTJj
LzEvT1ZVS20zVXNjNWYyOXA2cWFvRHdtNmYzMkNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBvNCEMA0E
AgACMAcDBQAqDXAAMA0GCSqGSIb3DQEBCwUAA4IBAQA8ielYIWx6JjtznpzQJWAP
bN0QUWEDG8oywX34klSrQVJC6j/0BaVZlDxPhfAQOjq1Kb222GuncrhC0oB6VneI
+ckZrc1e6/j7GnSktMux+5CPHxkq6L0cDlPAXUpMudaqmXX1bJEAylnHdUUotauF
ruz4bfNxZ5+7WKDPKEVi31pGtsvYXn8qg+guunvHkCTLsJacrrAut+LLvcxLREP/
ApfVFKV9Kd/aaCEOuPe1n3Ib8JF6UYNVd9CN6EVxrQ+c7TCQWwuMO7AHIpW1F/pj
zgaQ7eF+ISf6vSpdbSXHjhaH5pteY3VqAx8m0JJdAaDOiBZPxg09u6gMox1G00d3
-----END CERTIFICATE-----
Generated at Sat Mar 28 17:33:24 2026 by rpki-client