Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/icFgcPIuVEwDXoSkl0ySM_0s_10.roa
File: icFgcPIuVEwDXoSkl0ySM_0s_10.roa (raw, json)
Hash identifier: m6BnteEoReQBu4GAYUMJxfQIRVgJC4sSvXHdkUa3NjE=
Subject key identifier: 89:C1:60:70:F2:2E:54:4C:03:5E:84:A4:97:4C:92:33:FD:2C:FF:5D
Certificate issuer: /CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
Certificate serial: 019D014D32B22FC26BC81577615E22A48E81
Authority key identifier: 30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/icFgcPIuVEwDXoSkl0ySM_0s_10.roa
Signing time: Wed 18 Mar 2026 14:15:29 +0000
ROA not before: Wed 18 Mar 2026 14:15:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 203596
IP address blocks: 91.213.223.0/24 maxlen: 24
91.216.15.0/24 maxlen: 24
91.216.39.0/24 maxlen: 24
185.14.176.0/24 maxlen: 24
185.14.178.0/24 maxlen: 24
185.122.100.0/22 maxlen: 24
185.222.88.0/22 maxlen: 24
2a06:a400::/29 maxlen: 29
2a06:a400:20::/44 maxlen: 48
2a06:a400:22::/48 maxlen: 48
2a06:a401::/32 maxlen: 48
2a06:a402::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.mft
rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:01:4d:32:b2:2f:c2:6b:c8:15:77:61:5e:22:a4:8e:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
Validity
Not Before: Mar 18 14:15:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=89c16070f22e544c035e84a4974c9233fd2cff5d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:52:a3:d0:d1:ed:68:a9:55:5a:62:14:12:c6:
0b:78:13:de:42:07:3c:86:e0:15:77:ab:41:ce:fb:
9f:06:a7:5e:8d:e2:4b:a1:f8:4d:57:c3:89:9d:fb:
92:60:fa:f9:e5:7c:b0:c8:9d:48:e9:6b:cf:94:cb:
fd:3c:91:03:41:f8:ba:0d:78:75:a8:d5:e3:2d:1a:
26:0c:de:2f:7e:72:cd:db:0a:e6:9c:d5:95:cd:f9:
59:d5:6f:e5:f6:2f:3c:dd:ca:d3:31:fb:4f:68:e8:
c2:25:61:dd:1b:e1:f0:19:b3:7b:55:d3:40:96:be:
b2:1d:6d:4a:e0:7b:e8:32:48:ab:bc:3f:25:19:1e:
1a:a1:8e:03:c1:67:1c:b7:d5:32:11:c9:15:94:88:
ee:6d:99:49:c1:48:08:00:e8:15:3a:0c:19:87:41:
00:5c:a8:e1:70:fd:90:09:16:04:9c:e5:4c:1e:9a:
0a:05:7f:0c:92:e9:5a:be:01:01:44:e3:cb:2f:6b:
f5:5d:26:81:04:34:62:dd:1f:43:6b:9b:91:02:2c:
43:36:5d:4a:fc:9b:ce:0c:2d:2e:73:60:37:ef:5e:
25:ee:d0:4f:34:d1:3b:62:d7:57:49:e2:7b:58:32:
0c:f3:c4:c0:06:d3:35:f6:ff:e1:ce:ab:ad:41:da:
24:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:C1:60:70:F2:2E:54:4C:03:5E:84:A4:97:4C:92:33:FD:2C:FF:5D
X509v3 Authority Key Identifier:
keyid:30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/icFgcPIuVEwDXoSkl0ySM_0s_10.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.213.223.0/24
91.216.15.0/24
91.216.39.0/24
185.14.176.0/24
185.14.178.0/24
185.122.100.0/22
185.222.88.0/22
IPv6:
2a06:a400::/29
Signature Algorithm: sha256WithRSAEncryption
82:90:6c:de:37:f0:54:59:8f:08:35:3c:ba:44:d4:9a:b6:55:
b6:b1:ef:26:c1:ab:ce:42:a4:58:6a:d3:06:4a:9a:0e:68:cb:
70:9f:06:f3:66:de:e9:b7:d6:0a:51:9b:ef:b2:ce:be:d2:7b:
b7:b3:70:89:57:3f:43:9f:aa:10:cd:21:6d:75:fc:8e:6f:28:
62:5a:cc:ab:71:37:19:06:cb:b5:3b:ce:69:28:16:52:1a:8a:
a0:38:a6:0f:b8:10:20:55:b4:2f:01:b0:ea:38:4a:e0:99:fa:
e4:43:d0:0f:c9:ac:15:5e:2e:31:9a:ab:cb:64:f1:0e:a3:79:
ce:97:9f:f9:df:fa:b9:4c:ee:6b:5b:d4:bc:da:73:75:16:e0:
32:b7:7c:39:b3:9b:0e:ee:65:b1:58:93:16:32:18:a2:ed:44:
70:6d:50:4a:32:c9:8d:2c:cc:b1:ef:7f:d6:df:76:1c:fd:d3:
c7:78:7f:64:cc:55:38:03:3f:aa:cc:19:77:ad:bc:7d:80:32:
be:f4:33:aa:ec:90:18:6e:ab:e6:ab:44:3a:4c:85:e1:89:6b:
c7:65:fe:c0:80:31:ce:e8:ab:fe:83:6c:00:8d:24:6b:c3:fa:
8c:b6:ed:99:3c:84:a8:b9:bf:2e:fb:79:38:2d:01:54:83:a7:
53:f9:72:cc
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZ0BTTKyL8JryBV3YV4ipI6BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZjFiYTYxMTFjOGYxZDNmMzdjMWI3YzFhNWVkNzM3NDAy
MTkyZjIwHhcNMjYwMzE4MTQxNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWMxNjA3MGYyMmU1NDRjMDM1ZTg0YTQ5NzRjOTIzM2ZkMmNmZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVKj0NHtaKlVWmIUEsYLeBPeQgc8
huAVd6tBzvufBqdejeJLofhNV8OJnfuSYPr55XywyJ1I6WvPlMv9PJEDQfi6DXh1
qNXjLRomDN4vfnLN2wrmnNWVzflZ1W/l9i883crTMftPaOjCJWHdG+HwGbN7VdNA
lr6yHW1K4HvoMkirvD8lGR4aoY4DwWcct9UyEckVlIjubZlJwUgIAOgVOgwZh0EA
XKjhcP2QCRYEnOVMHpoKBX8MkulavgEBROPLL2v1XSaBBDRi3R9Da5uRAixDNl1K
/JvODC0uc2A3714l7tBPNNE7YtdXSeJ7WDIM88TABtM19v/hzqutQdokYwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFInBYHDyLlRMA16EpJdMkjP9LP9dMB8GA1UdIwQY
MBaAFDDxumERyPHT83wbfBpe1zdAIZLyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQt
YzMzMDE4NjMzZDMzLzEvaWNGZ2NQSXVWRXdEWG9Ta2wweVNNXzBzXzEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQtYzMzMDE4NjMzZDMz
LzEvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQAW9XfAwQA
W9gPAwQAW9gnAwQAuQ6wAwQAuQ6yAwQCuXpkAwQCud5YMA0EAgACMAcDBQMqBqQA
MA0GCSqGSIb3DQEBCwUAA4IBAQCCkGzeN/BUWY8INTy6RNSatlW2se8mwavOQqRY
atMGSpoOaMtwnwbzZt7pt9YKUZvvss6+0nu3s3CJVz9Dn6oQzSFtdfyObyhiWsyr
cTcZBsu1O85pKBZSGoqgOKYPuBAgVbQvAbDqOErgmfrkQ9APyawVXi4xmqvLZPEO
o3nOl5/53/q5TO5rW9S82nN1FuAyt3w5s5sO7mWxWJMWMhii7URwbVBKMsmNLMyx
73/W33Yc/dPHeH9kzFU4Az+qzBl3rbx9gDK+9DOq7JAYbqvmq0Q6TIXhiWvHZf7A
gDHO6Kv+g2wAjSRrw/qMtu2ZPISoub8u+3k4LQFUg6dT+XLM
-----END CERTIFICATE-----
Generated at Thu Mar 26 11:01:07 2026 by rpki-client