Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/9BFT_iiOEcnUCsp5lUiNTuxhoII.roa
File: 9BFT_iiOEcnUCsp5lUiNTuxhoII.roa (raw, json)
Hash identifier: p2uyfo6IXywxFslGuRbKlLwB1oqDtey483BU7zC02qU=
Subject key identifier: F4:11:53:FE:28:8E:11:C9:D4:0A:CA:79:95:48:8D:4E:EC:61:A0:82
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 019E0C1694C4D9173DF0F3FAFF9F76E22A74
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/9BFT_iiOEcnUCsp5lUiNTuxhoII.roa
Signing time: Sat 09 May 2026 09:34:26 +0000
ROA not before: Sat 09 May 2026 09:34:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 212477
IP address blocks: 45.123.41.0/24 maxlen: 32
45.123.42.0/23 maxlen: 32
45.129.134.0/23 maxlen: 24
45.141.200.0/23 maxlen: 32
45.141.202.0/24 maxlen: 32
45.141.203.0/24 maxlen: 32
84.245.18.0/24 maxlen: 24
84.245.29.0/24 maxlen: 24
87.101.2.0/24 maxlen: 24
89.47.89.0/24 maxlen: 32
91.190.100.0/24 maxlen: 32
92.114.107.0/24 maxlen: 32
185.9.55.0/24 maxlen: 32
185.35.136.0/23 maxlen: 32
185.35.138.0/24 maxlen: 32
185.35.139.0/24 maxlen: 32
188.212.133.0/24 maxlen: 32
188.241.214.0/24 maxlen: 32
2a0b:64c0::/32 maxlen: 128
2a10:6c02::/32 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:0c:16:94:c4:d9:17:3d:f0:f3:fa:ff:9f:76:e2:2a:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 9 09:34:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f41153fe288e11c9d40aca7995488d4eec61a082
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:0b:9a:de:4c:fa:15:d5:0c:19:e9:d9:6d:0a:
f2:d9:19:f1:41:95:7e:4b:fb:a8:a0:41:d5:79:c8:
a0:b1:75:54:a6:e1:ed:5e:c2:b2:3c:20:b8:69:db:
33:1c:3d:fb:db:ed:1d:79:32:e6:e4:49:cd:ce:3f:
00:42:3d:f5:c0:3d:68:13:94:b9:60:30:af:63:20:
39:85:71:e7:1e:15:d6:a6:20:8f:95:64:66:2b:55:
f9:3c:cf:07:78:cc:4f:b8:7c:34:6f:5a:48:bd:0a:
fb:3d:4b:50:21:aa:3f:76:ac:26:d9:b7:61:cc:34:
50:d7:44:22:f4:a6:a4:42:c1:7f:e4:5b:4c:b8:74:
c0:24:5c:84:e2:7a:57:02:d0:e0:0a:5e:a6:7a:09:
b9:e9:a5:6e:07:70:19:f6:9a:be:64:34:91:e0:0b:
8a:ed:d1:50:13:ca:35:d5:c7:80:7f:07:c8:03:b8:
25:bf:4b:4b:a8:21:c9:59:a9:8d:6d:70:a2:3d:68:
a6:a4:33:9a:7d:83:60:d1:c0:ac:b3:b8:61:33:13:
23:b2:16:b5:83:12:5b:f8:bc:7a:fe:2c:06:a0:23:
07:43:e2:ed:69:b1:69:24:5b:65:e5:61:75:8b:8e:
e0:d3:0a:45:d9:f0:e8:6f:b4:9d:ec:73:d3:33:73:
55:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:11:53:FE:28:8E:11:C9:D4:0A:CA:79:95:48:8D:4E:EC:61:A0:82
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/9BFT_iiOEcnUCsp5lUiNTuxhoII.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.123.41.0-45.123.43.255
45.129.134.0/23
45.141.200.0/22
84.245.18.0/24
84.245.29.0/24
87.101.2.0/24
89.47.89.0/24
91.190.100.0/24
92.114.107.0/24
185.9.55.0/24
185.35.136.0/22
188.212.133.0/24
188.241.214.0/24
IPv6:
2a0b:64c0::/32
2a10:6c02::/32
Signature Algorithm: sha256WithRSAEncryption
87:fe:62:1b:cf:b7:36:00:f3:22:21:7b:b8:4d:53:47:54:50:
c2:c9:33:74:6b:ef:59:32:eb:9e:98:5b:ca:9b:b9:7d:f8:7d:
04:3a:56:3a:c5:00:05:7d:d1:5b:b2:65:11:b0:70:93:d5:9d:
03:ec:8e:46:2f:c3:f0:9d:97:c6:d4:71:71:cc:b6:ef:48:0a:
1c:c7:66:9c:1f:9d:8d:dc:48:90:a2:ad:fc:5f:03:29:be:34:
ae:b3:7b:ef:00:87:03:e9:6d:0d:8d:dd:cd:3e:28:a4:cf:c5:
c9:7d:86:ac:f0:e6:4c:7c:ff:d6:ff:22:87:16:39:ff:06:cd:
d8:95:54:84:d6:af:fc:3e:db:cb:cf:bf:f1:cb:26:e5:a6:08:
61:93:29:1f:ca:49:f0:f1:36:46:f2:37:1d:ee:a0:44:1e:d2:
cb:c0:10:98:2e:a7:7d:31:fe:d9:cd:5f:2d:61:e4:e6:ad:26:
83:f5:84:df:2c:0d:e1:74:a8:17:b6:54:76:85:95:07:08:9f:
18:a2:29:85:6f:28:de:94:69:7d:dd:56:09:24:8f:38:a4:e0:
8b:da:0d:99:4a:50:a3:63:3f:dc:14:8e:54:25:dc:40:56:e6:
b1:fa:b8:12:5e:a0:0a:5e:ea:f2:4a:91:ed:ce:ec:79:04:56:
e3:d4:bc:a5
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgISAZ4MFpTE2Rc98PP6/5924ip0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwNTA5MDkzNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDExNTNmZTI4OGUxMWM5ZDQwYWNhNzk5NTQ4OGQ0ZWVjNjFhMDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQua3kz6FdUMGenZbQry2RnxQZV+
S/uooEHVecigsXVUpuHtXsKyPCC4adszHD372+0deTLm5EnNzj8AQj31wD1oE5S5
YDCvYyA5hXHnHhXWpiCPlWRmK1X5PM8HeMxPuHw0b1pIvQr7PUtQIao/dqwm2bdh
zDRQ10Qi9KakQsF/5FtMuHTAJFyE4npXAtDgCl6megm56aVuB3AZ9pq+ZDSR4AuK
7dFQE8o11ceAfwfIA7glv0tLqCHJWamNbXCiPWimpDOafYNg0cCss7hhMxMjsha1
gxJb+Lx6/iwGoCMHQ+LtabFpJFtl5WF1i47g0wpF2fDob7Sd7HPTM3NVoQIDAQAB
o4ICcDCCAmwwHQYDVR0OBBYEFPQRU/4ojhHJ1ArKeZVIjU7sYaCCMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvOUJGVF9paU9FY25VQ3NwNWxVaU5UdXhob0lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGFBggrBgEFBQcBBwEB/wR2MHQwXAQCAAEwVjAMAwQALXsp
AwQCLXsoAwQBLYGGAwQCLY3IAwQAVPUSAwQAVPUdAwQAV2UCAwQAWS9ZAwQAW75k
AwQAXHJrAwQAuQk3AwQCuSOIAwQAvNSFAwQAvPHWMBQEAgACMA4DBQAqC2TAAwUA
KhBsAjANBgkqhkiG9w0BAQsFAAOCAQEAh/5iG8+3NgDzIiF7uE1TR1RQwskzdGvv
WTLrnphbypu5ffh9BDpWOsUABX3RW7JlEbBwk9WdA+yORi/D8J2XxtRxccy270gK
HMdmnB+djdxIkKKt/F8DKb40rrN77wCHA+ltDY3dzT4opM/FyX2GrPDmTHz/1v8i
hxY5/wbN2JVUhNav/D7by8+/8csm5aYIYZMpH8pJ8PE2RvI3He6gRB7Sy8AQmC6n
fTH+2c1fLWHk5q0mg/WE3ywN4XSoF7ZUdoWVBwifGKIphW8o3pRpfd1WCSSPOKTg
i9oNmUpQo2M/3BSOVCXcQFbmsfq4El6gCl7q8kqR7c7seQRW49S8pQ==
-----END CERTIFICATE-----
Generated at Wed May 13 01:35:43 2026 by rpki-client