Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/hmBEwDfNsgQJXsCkTi9ZdT6JOK0.roa
File: hmBEwDfNsgQJXsCkTi9ZdT6JOK0.roa (raw, json)
Hash identifier: OYhNhVAgD1Uf0yD97y8eebk4Qh9oNeKcwL7vw0aPd0o=
Subject key identifier: 86:60:44:C0:37:CD:B2:04:09:5E:C0:A4:4E:2F:59:75:3E:89:38:AD
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 019DD7A861E361DE6A1E19ECC1B5E5FD2A8A
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/hmBEwDfNsgQJXsCkTi9ZdT6JOK0.roa
Signing time: Wed 29 Apr 2026 05:13:49 +0000
ROA not before: Wed 29 Apr 2026 05:13:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 2860
IP address blocks: 84.245.16.0/23 maxlen: 24
84.245.22.0/23 maxlen: 24
87.101.0.0/23 maxlen: 24
185.135.142.0/23 maxlen: 24
185.227.74.0/23 maxlen: 24
185.238.8.0/22 maxlen: 24
217.19.20.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 18:01:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:d7:a8:61:e3:61:de:6a:1e:19:ec:c1:b5:e5:fd:2a:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 29 05:13:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=866044c037cdb204095ec0a44e2f59753e8938ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:88:7f:22:16:4f:b2:2f:96:a6:82:0b:ab:a8:
37:e5:b7:08:d8:29:c8:8f:92:b6:a7:a9:c0:0b:c2:
c1:23:b4:e2:da:51:43:f9:e8:b4:34:58:8d:b2:bf:
2a:d0:64:ee:25:02:a5:c5:60:85:a4:95:2b:3b:84:
db:87:90:44:d8:64:4a:c0:46:5b:ad:f6:4f:e4:a4:
79:c8:46:23:3d:38:0d:a6:3c:02:c6:f3:42:f3:e2:
5a:5d:43:db:6e:03:b7:a7:04:6a:c0:5c:dd:c1:b0:
33:53:16:9e:96:69:c0:f0:db:8c:98:06:45:b3:77:
32:15:a1:54:9b:e3:3e:5e:c3:dd:12:b7:eb:c9:88:
e7:13:96:95:af:f1:f8:b2:45:99:58:3f:7e:21:42:
71:d5:d1:29:a9:7a:92:b0:74:a6:34:55:47:38:6b:
48:c9:4f:a0:92:1d:a2:85:bc:53:6e:ca:80:c4:71:
01:33:92:bd:05:b2:09:13:34:7c:fd:07:a1:fd:18:
1a:80:44:77:79:56:78:37:51:d6:b6:de:43:4c:ca:
b1:3e:ac:64:31:de:4b:78:b3:ce:d2:32:34:d5:10:
51:ec:66:b1:79:55:16:bf:49:f1:a5:08:0a:e6:14:
81:29:e1:ed:fe:ba:fe:09:24:40:1b:a8:b4:f9:da:
46:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:60:44:C0:37:CD:B2:04:09:5E:C0:A4:4E:2F:59:75:3E:89:38:AD
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/hmBEwDfNsgQJXsCkTi9ZdT6JOK0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.245.16.0/23
84.245.22.0/23
87.101.0.0/23
185.135.142.0/23
185.227.74.0/23
185.238.8.0/22
217.19.20.0/22
Signature Algorithm: sha256WithRSAEncryption
1a:cd:50:08:86:f2:79:b4:1c:de:44:ee:03:8e:08:e6:4c:9f:
81:01:6a:dc:13:28:10:6e:5f:36:29:e5:fa:86:d6:5c:66:50:
88:31:3d:2b:85:20:c2:7b:94:9b:f3:8b:75:d4:56:87:11:dc:
cb:aa:0f:b8:7d:48:02:e8:2b:c9:29:5a:d4:43:12:37:5a:4c:
36:5a:39:f2:77:d7:2c:ba:72:a5:52:17:1c:56:fb:f9:0b:bc:
63:1b:40:42:8f:53:3e:b9:53:34:6a:d4:f4:06:9b:37:e4:60:
f0:26:60:3b:ea:77:dd:b4:5a:34:c9:00:49:57:1d:1c:ac:74:
d3:73:87:e9:1f:67:eb:b3:1b:0b:c8:d6:1f:45:df:c7:73:7e:
de:a7:f5:47:1f:53:dd:d0:2c:8c:20:a1:7c:0e:ff:ba:74:e5:
13:3e:51:ee:5f:ff:15:8b:6b:95:fd:54:6f:dc:2c:ab:b4:a1:
fd:85:64:f5:03:eb:a4:8f:86:c1:c1:d4:7c:e2:9d:78:9b:0f:
d1:f5:66:03:20:bd:2c:b9:5e:6e:37:68:7a:0b:85:84:3d:a2:
d5:1e:ec:48:3f:90:d7:7f:be:fc:c1:a6:03:49:e9:72:6e:70:
97:9e:5f:bc:14:f2:6d:02:22:39:e2:64:54:07:b0:db:83:f3:
a0:c3:bd:a3
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZ3XqGHjYd5qHhnswbXl/SqKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwNDI5MDUxMzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjYwNDRjMDM3Y2RiMjA0MDk1ZWMwYTQ0ZTJmNTk3NTNlODkzOGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Yh/IhZPsi+WpoILq6g35bcI2CnI
j5K2p6nAC8LBI7Ti2lFD+ei0NFiNsr8q0GTuJQKlxWCFpJUrO4Tbh5BE2GRKwEZb
rfZP5KR5yEYjPTgNpjwCxvNC8+JaXUPbbgO3pwRqwFzdwbAzUxaelmnA8NuMmAZF
s3cyFaFUm+M+XsPdErfryYjnE5aVr/H4skWZWD9+IUJx1dEpqXqSsHSmNFVHOGtI
yU+gkh2ihbxTbsqAxHEBM5K9BbIJEzR8/Qeh/RgagER3eVZ4N1HWtt5DTMqxPqxk
Md5LeLPO0jI01RBR7GaxeVUWv0nxpQgK5hSBKeHt/rr+CSRAG6i0+dpGLwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFIZgRMA3zbIECV7ApE4vWXU+iTitMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvaG1CRXdEZk5zZ1FKWHNDa1RpOVpkVDZKT0swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBVPUQAwQB
VPUWAwQBV2UAAwQBuYeOAwQBueNKAwQCue4IAwQC2RMUMA0GCSqGSIb3DQEBCwUA
A4IBAQAazVAIhvJ5tBzeRO4DjgjmTJ+BAWrcEygQbl82KeX6htZcZlCIMT0rhSDC
e5Sb84t11FaHEdzLqg+4fUgC6CvJKVrUQxI3Wkw2Wjnyd9csunKlUhccVvv5C7xj
G0BCj1M+uVM0atT0Bps35GDwJmA76nfdtFo0yQBJVx0crHTTc4fpH2frsxsLyNYf
Rd/Hc37ep/VHH1Pd0CyMIKF8Dv+6dOUTPlHuX/8Vi2uV/VRv3CyrtKH9hWT1A+uk
j4bBwdR84p14mw/R9WYDIL0suV5uN2h6C4WEPaLVHuxIP5DXf778waYDSelybnCX
nl+8FPJtAiI54mRUB7Dbg/Ogw72j
-----END CERTIFICATE-----
Generated at Wed May 13 04:55:08 2026 by rpki-client