Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/DYzIhquY1OxNp-TtvZ8HAz9-RaQ.roa
File: DYzIhquY1OxNp-TtvZ8HAz9-RaQ.roa (raw, json)
Hash identifier: emegERhmq3Q+RvPnhtWbtBr+1W79KveCXFLEK47fF9o=
Subject key identifier: 0D:8C:C8:86:AB:98:D4:EC:4D:A7:E4:ED:BD:9F:07:03:3F:7E:45:A4
Certificate issuer: /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial: 019D19DD0C85C548067C17AE77F745F2D811
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/DYzIhquY1OxNp-TtvZ8HAz9-RaQ.roa
Signing time: Mon 23 Mar 2026 08:43:30 +0000
ROA not before: Mon 23 Mar 2026 08:43:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9127
IP address blocks: 212.72.204.0/23 maxlen: 24
212.72.204.0/24 maxlen: 24
212.72.213.0/24 maxlen: 24
212.72.220.0/24 maxlen: 24
212.72.222.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 08:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:19:dd:0c:85:c5:48:06:7c:17:ae:77:f7:45:f2:d8:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Validity
Not Before: Mar 23 08:43:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0d8cc886ab98d4ec4da7e4edbd9f07033f7e45a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:fc:43:12:c4:48:d4:98:71:74:94:6e:17:29:
a8:88:c7:76:17:d0:cb:bf:b4:e8:41:53:7c:db:f9:
aa:27:b5:fd:54:c8:c2:1d:aa:02:30:c3:ba:e1:6f:
c5:b9:92:18:29:f0:86:6e:9a:b6:a4:20:4e:8b:14:
ba:2a:05:e4:35:9f:0a:0c:09:13:dd:f7:e8:de:a6:
fd:dd:87:72:1e:0d:f0:59:0f:63:c3:01:69:58:2b:
0c:19:ff:38:e3:97:9d:d0:42:17:2f:1f:05:26:30:
34:07:cf:1a:cd:8c:0a:1a:f3:4a:f3:e6:dc:4b:ff:
0b:cf:f5:f1:cb:e6:3a:ca:60:e9:59:78:cd:7a:2b:
74:64:42:b7:41:c4:f7:e4:db:db:35:22:0a:cc:20:
84:92:b9:48:72:a7:ff:44:f5:05:37:71:f9:94:f9:
c2:a1:0e:61:ae:7b:06:f2:62:d0:82:38:45:33:43:
1d:5a:cb:8f:d6:c6:5a:5b:13:b7:de:14:df:4e:99:
fc:13:88:7d:50:d5:f7:06:2f:b6:3b:63:ee:57:b3:
96:bf:3d:d1:db:91:d4:87:9b:f8:18:a1:ec:aa:64:
c1:f6:b6:0f:4e:7e:77:bd:9f:81:19:da:c4:33:fd:
17:a8:e4:d3:70:3b:e0:7f:a4:89:e3:75:25:c4:0c:
d7:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:8C:C8:86:AB:98:D4:EC:4D:A7:E4:ED:BD:9F:07:03:3F:7E:45:A4
X509v3 Authority Key Identifier:
keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/DYzIhquY1OxNp-TtvZ8HAz9-RaQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.72.204.0/23
212.72.213.0/24
212.72.220.0/24
212.72.222.0/23
Signature Algorithm: sha256WithRSAEncryption
59:87:e2:ab:a4:55:8d:11:6b:af:21:4b:18:8f:51:ef:fc:6c:
9d:d6:c7:8e:0f:b3:45:25:8a:b5:22:0a:c5:fe:33:f9:8a:5f:
52:03:6b:f6:e2:2c:88:57:d0:95:02:d2:64:b6:23:ad:eb:fd:
ec:e4:c0:09:97:26:b3:b9:a5:17:9c:ec:7c:74:7f:20:77:dc:
d0:7c:85:6c:b3:97:f1:79:51:74:db:e1:4e:e3:52:74:12:a5:
20:c7:41:d4:0b:7d:0e:48:7b:0e:22:4e:ff:31:b1:dd:c4:7b:
e0:56:22:53:77:c1:35:de:a9:a5:d2:5c:53:bc:7d:1e:97:c8:
15:d8:5d:1a:70:30:f4:b1:e6:7e:9c:ef:11:7a:b4:76:12:12:
09:09:e8:71:ba:43:83:b7:09:58:58:5f:1c:4c:bf:dc:3e:32:
28:ba:63:b0:be:fb:a5:b3:9a:dd:58:3d:20:6b:c6:5b:6f:c3:
7b:cc:91:d0:b3:96:4e:c6:07:ba:be:f6:cf:6e:13:3e:de:f7:
c6:2a:7c:e1:8f:9b:2f:78:c5:6b:e1:0e:a3:8e:1e:95:a0:58:
56:ff:09:ba:7b:a7:e5:06:bb:75:55:2d:59:76:97:f5:ee:dd:
c1:e2:ef:db:ff:69:28:f2:d1:1c:92:b7:64:2d:6e:b0:ba:23:
9f:d7:81:b0
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ0Z3QyFxUgGfBeud/dF8tgRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMzIzMDg0MzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDhjYzg4NmFiOThkNGVjNGRhN2U0ZWRiZDlmMDcwMzNmN2U0NWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PxDEsRI1JhxdJRuFymoiMd2F9DL
v7ToQVN82/mqJ7X9VMjCHaoCMMO64W/FuZIYKfCGbpq2pCBOixS6KgXkNZ8KDAkT
3ffo3qb93YdyHg3wWQ9jwwFpWCsMGf8445ed0EIXLx8FJjA0B88azYwKGvNK8+bc
S/8Lz/Xxy+Y6ymDpWXjNeit0ZEK3QcT35NvbNSIKzCCEkrlIcqf/RPUFN3H5lPnC
oQ5hrnsG8mLQgjhFM0MdWsuP1sZaWxO33hTfTpn8E4h9UNX3Bi+2O2PuV7OWvz3R
25HUh5v4GKHsqmTB9rYPTn53vZ+BGdrEM/0XqOTTcDvgf6SJ43UlxAzXvwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFA2MyIarmNTsTafk7b2fBwM/fkWkMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvRFl6SWhxdVkxT3hOcC1UdHZaOEhBejktUmFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQB1EjMAwQA
1EjVAwQA1EjcAwQB1EjeMA0GCSqGSIb3DQEBCwUAA4IBAQBZh+KrpFWNEWuvIUsY
j1Hv/Gyd1seOD7NFJYq1IgrF/jP5il9SA2v24iyIV9CVAtJktiOt6/3s5MAJlyaz
uaUXnOx8dH8gd9zQfIVss5fxeVF02+FO41J0EqUgx0HUC30OSHsOIk7/MbHdxHvg
ViJTd8E13qml0lxTvH0el8gV2F0acDD0seZ+nO8RerR2EhIJCehxukODtwlYWF8c
TL/cPjIoumOwvvuls5rdWD0ga8Zbb8N7zJHQs5ZOxge6vvbPbhM+3vfGKnzhj5sv
eMVr4Q6jjh6VoFhW/wm6e6flBrt1VS1Zdpf17t3B4u/b/2ko8tEckrdkLW6wuiOf
14Gw
-----END CERTIFICATE-----
Generated at Thu Mar 26 18:33:07 2026 by rpki-client