Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/786d4c-ff95-4ef4-ba12-6843265887ce/1/n8S8bVaGcAN3VgdpkFafYARJWFg.roa
File: n8S8bVaGcAN3VgdpkFafYARJWFg.roa (raw, json)
Hash identifier: +lLrY2ENdazX4r0ywKff6R/dv1MoLjZqWxtS/7RQhF4=
Subject key identifier: 9F:C4:BC:6D:56:86:70:03:77:56:07:69:90:56:9F:60:04:49:58:58
Certificate issuer: /CN=eb035fdbaf38cc466f3167a00d9a38b18d291952
Certificate serial: 019DFDAFFE208AE7BD3F84FA6524ED1C1C61
Authority key identifier: EB:03:5F:DB:AF:38:CC:46:6F:31:67:A0:0D:9A:38:B1:8D:29:19:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6wNf2684zEZvMWegDZo4sY0pGVI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a4/786d4c-ff95-4ef4-ba12-6843265887ce/1/n8S8bVaGcAN3VgdpkFafYARJWFg.roa
Signing time: Wed 06 May 2026 14:27:42 +0000
ROA not before: Wed 06 May 2026 14:27:42 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 206446
IP address blocks: 94.154.123.0/24 maxlen: 24
185.185.132.0/24 maxlen: 24
185.185.133.0/24 maxlen: 24
185.185.134.0/24 maxlen: 24
185.185.135.0/24 maxlen: 24
195.211.24.0/24 maxlen: 24
195.211.25.0/24 maxlen: 24
195.211.27.0/24 maxlen: 24
2a0a:a140::/48 maxlen: 48
2a0a:a141::/48 maxlen: 48
2a0a:a142::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a4/786d4c-ff95-4ef4-ba12-6843265887ce/1/6wNf2684zEZvMWegDZo4sY0pGVI.crl
rsync://rpki.ripe.net/repository/DEFAULT/a4/786d4c-ff95-4ef4-ba12-6843265887ce/1/6wNf2684zEZvMWegDZo4sY0pGVI.mft
rsync://rpki.ripe.net/repository/DEFAULT/6wNf2684zEZvMWegDZo4sY0pGVI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:00:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:fd:af:fe:20:8a:e7:bd:3f:84:fa:65:24:ed:1c:1c:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eb035fdbaf38cc466f3167a00d9a38b18d291952
Validity
Not Before: May 6 14:27:42 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9fc4bc6d568670037756076990569f6004495858
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:99:73:f2:44:b1:a1:45:10:35:b6:ee:94:d3:
a3:03:14:fe:a3:47:9d:d4:da:67:76:cb:41:c5:bf:
4b:04:87:38:e5:5f:2c:71:a4:60:76:3b:64:70:f4:
8a:86:73:3b:4e:2a:88:bd:d8:47:b0:3c:31:45:84:
db:16:85:54:c7:f0:31:95:d5:18:0e:99:e3:71:cb:
f6:da:4c:88:77:2f:d0:62:a1:20:ba:09:5b:f6:6d:
01:ad:c6:fd:01:14:2f:da:dc:cb:d7:01:6c:f6:df:
6c:2d:3b:f2:e7:50:e4:90:1c:93:56:31:5d:fe:1e:
31:f4:37:94:ac:41:d8:51:96:0b:2f:f9:67:25:c1:
d7:ef:5e:be:36:7f:52:9e:8b:3c:f5:4a:8b:b6:0e:
f5:96:ae:5d:e1:34:f1:d7:1f:d7:72:49:fe:c2:be:
42:0f:05:b0:f9:15:dd:fa:20:b5:ee:dd:4c:62:65:
ef:b3:06:10:00:7a:88:d6:18:00:12:1c:57:58:6d:
b1:f5:89:bd:4d:6f:af:4a:aa:35:8b:80:78:35:12:
1f:a5:d3:1c:4a:62:d7:40:21:8c:40:b4:b4:b3:b1:
96:39:53:36:89:21:d9:d4:3b:c3:37:27:3e:34:84:
f7:06:3c:78:a5:42:c3:a3:29:13:77:e4:0b:8d:dc:
59:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:C4:BC:6D:56:86:70:03:77:56:07:69:90:56:9F:60:04:49:58:58
X509v3 Authority Key Identifier:
keyid:EB:03:5F:DB:AF:38:CC:46:6F:31:67:A0:0D:9A:38:B1:8D:29:19:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6wNf2684zEZvMWegDZo4sY0pGVI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/786d4c-ff95-4ef4-ba12-6843265887ce/1/n8S8bVaGcAN3VgdpkFafYARJWFg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/786d4c-ff95-4ef4-ba12-6843265887ce/1/6wNf2684zEZvMWegDZo4sY0pGVI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.154.123.0/24
185.185.132.0/22
195.211.24.0/23
195.211.27.0/24
IPv6:
2a0a:a140::/48
2a0a:a141::/48
2a0a:a142::/48
Signature Algorithm: sha256WithRSAEncryption
7a:53:07:c1:fc:53:e7:c1:db:3f:b3:98:80:97:3c:6f:54:25:
76:de:86:3b:31:4d:86:56:4a:a6:f4:11:a9:7b:b8:8f:33:79:
4f:80:ef:27:e1:3c:91:98:84:c7:6d:27:75:61:2c:57:49:05:
c5:01:30:98:b8:9b:d5:f0:91:8c:8c:b0:f7:33:2a:f8:fc:df:
04:ec:fe:e6:65:d7:d4:1f:13:a7:80:20:0c:66:2b:d4:79:43:
38:f7:db:3c:49:f8:5d:75:b1:91:bb:63:3a:c6:c5:c1:6d:e8:
8a:c7:9b:d8:54:bf:eb:23:48:33:04:cb:de:ac:eb:7e:e2:e0:
3e:b1:93:b1:cf:2a:5b:23:3b:00:b0:4c:15:06:b9:01:a0:00:
6d:89:68:88:05:74:ac:83:f2:21:49:b0:71:c3:74:cf:fe:9c:
11:b4:28:44:03:4f:45:20:56:76:8f:e5:c3:91:4e:1e:af:c8:
0b:cc:39:61:8b:d8:0d:67:67:52:b7:63:03:8a:a9:ed:f6:e1:
4a:25:cc:16:e4:2a:25:53:4a:89:44:89:fc:10:22:a0:7a:48:
0f:71:75:47:0c:77:e7:18:61:7f:d1:16:83:a2:0f:b3:22:d8:
9f:40:55:b9:68:a8:8f:2d:ae:53:e5:a8:ad:35:e4:4b:2b:56:
c2:9b:ef:23
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZ39r/4giue9P4T6ZSTtHBxhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMDM1ZmRiYWYzOGNjNDY2ZjMxNjdhMDBkOWEzOGIxOGQy
OTE5NTIwHhcNMjYwNTA2MTQyNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmM0YmM2ZDU2ODY3MDAzNzc1NjA3Njk5MDU2OWY2MDA0NDk1ODU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05lz8kSxoUUQNbbulNOjAxT+o0ed
1NpndstBxb9LBIc45V8scaRgdjtkcPSKhnM7TiqIvdhHsDwxRYTbFoVUx/AxldUY
Dpnjccv22kyIdy/QYqEguglb9m0Brcb9ARQv2tzL1wFs9t9sLTvy51DkkByTVjFd
/h4x9DeUrEHYUZYLL/lnJcHX716+Nn9Snos89UqLtg71lq5d4TTx1x/Xckn+wr5C
DwWw+RXd+iC17t1MYmXvswYQAHqI1hgAEhxXWG2x9Ym9TW+vSqo1i4B4NRIfpdMc
SmLXQCGMQLS0s7GWOVM2iSHZ1DvDNyc+NIT3Bjx4pULDoykTd+QLjdxZ+wIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFJ/EvG1WhnADd1YHaZBWn2AESVhYMB8GA1UdIwQY
MBaAFOsDX9uvOMxGbzFnoA2aOLGNKRlSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNndOZjI2ODR6RVp2TVdlZ0RabzRzWTBwR1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC83ODZkNGMtZmY5NS00ZWY0LWJhMTIt
Njg0MzI2NTg4N2NlLzEvbjhTOGJWYUdjQU4zVmdkcGtGYWZZQVJKV0ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC83ODZkNGMtZmY5NS00ZWY0LWJhMTItNjg0MzI2NTg4N2Nl
LzEvNndOZjI2ODR6RVp2TVdlZ0RabzRzWTBwR1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAeBAIAATAYAwQAXpp7AwQC
ubmEAwQBw9MYAwQAw9MbMCEEAgACMBsDBwAqCqFAAAADBwAqCqFBAAADBwAqCqFC
AAAwDQYJKoZIhvcNAQELBQADggEBAHpTB8H8U+fB2z+zmICXPG9UJXbehjsxTYZW
Sqb0Eal7uI8zeU+A7yfhPJGYhMdtJ3VhLFdJBcUBMJi4m9XwkYyMsPczKvj83wTs
/uZl19QfE6eAIAxmK9R5Qzj32zxJ+F11sZG7YzrGxcFt6IrHm9hUv+sjSDMEy96s
637i4D6xk7HPKlsjOwCwTBUGuQGgAG2JaIgFdKyD8iFJsHHDdM/+nBG0KEQDT0Ug
VnaP5cORTh6vyAvMOWGL2A1nZ1K3YwOKqe324UolzBbkKiVTSolEifwQIqB6SA9x
dUcMd+cYYX/RFoOiD7Mi2J9AVbloqI8trlPlqK015EsrVsKb7yM=
-----END CERTIFICATE-----
Generated at Tue May 12 21:42:29 2026 by rpki-client