Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/99n1Nj9JWOBlph-qyEOq1kwsmVA.roa
File: 99n1Nj9JWOBlph-qyEOq1kwsmVA.roa (raw, json)
Hash identifier: hrSybeByET9wVr2vMj/IPydJCZJ5FMbnEfA7G/SOUtk=
Subject key identifier: F7:D9:F5:36:3F:49:58:E0:65:A6:1F:AA:C8:43:AA:D6:4C:2C:99:50
Certificate issuer: /CN=b85b0c8a75893a4f8e1ef0d9a4d41478d8b33278
Certificate serial: 019D1B4FF7627B925CAFD05A2D7DF734EF8C
Authority key identifier: B8:5B:0C:8A:75:89:3A:4F:8E:1E:F0:D9:A4:D4:14:78:D8:B3:32:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uFsMinWJOk-OHvDZpNQUeNizMng.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/99n1Nj9JWOBlph-qyEOq1kwsmVA.roa
Signing time: Mon 23 Mar 2026 15:28:38 +0000
ROA not before: Mon 23 Mar 2026 15:28:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 62033
IP address blocks: 45.132.34.0/24 maxlen: 24
87.121.134.0/24 maxlen: 24
87.121.135.0/24 maxlen: 24
91.92.248.0/24 maxlen: 24
91.92.249.0/24 maxlen: 24
185.127.129.0/24 maxlen: 24
216.176.232.0/22 maxlen: 22
2a10:5d80:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/uFsMinWJOk-OHvDZpNQUeNizMng.crl
rsync://rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/uFsMinWJOk-OHvDZpNQUeNizMng.mft
rsync://rpki.ripe.net/repository/DEFAULT/uFsMinWJOk-OHvDZpNQUeNizMng.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 12:01:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:1b:4f:f7:62:7b:92:5c:af:d0:5a:2d:7d:f7:34:ef:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b85b0c8a75893a4f8e1ef0d9a4d41478d8b33278
Validity
Not Before: Mar 23 15:28:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f7d9f5363f4958e065a61faac843aad64c2c9950
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:57:2f:28:e6:6a:d4:4c:29:ac:70:10:97:21:
3c:b1:00:9f:59:ef:32:35:69:84:d7:43:07:8c:fa:
36:c1:b3:ac:c6:79:76:08:65:8c:52:a0:14:d4:4f:
fb:71:a2:73:6f:60:22:a1:92:06:3d:e5:86:02:ad:
9c:c8:b5:a3:d0:65:3a:b6:b4:d2:43:eb:98:6f:5f:
15:1f:97:84:d9:01:72:40:11:7e:d7:85:50:96:71:
bf:f4:be:41:aa:f8:34:9c:9f:e4:22:cb:0e:94:05:
eb:9e:f1:17:da:20:27:14:7f:a7:a0:89:ed:76:55:
17:25:a1:0c:8a:8b:6b:08:9e:bb:5d:ab:51:1e:30:
67:6b:bd:14:d7:13:be:ac:86:1d:63:17:35:1e:87:
3a:dc:9f:79:2b:6a:02:b2:15:d5:b1:2f:c4:ca:fe:
11:56:00:7d:ec:c5:39:99:3c:7e:57:ae:70:69:aa:
95:20:29:6e:5f:dc:97:a9:1c:81:dd:bc:a0:a8:e3:
38:db:68:bf:ed:eb:10:f4:50:f7:ea:2c:52:0e:78:
53:36:ed:c5:45:b7:65:6d:23:33:bd:20:e8:52:f8:
13:cb:70:a9:82:78:d5:5b:13:05:10:1e:01:71:c1:
7f:9b:97:d9:34:45:22:86:ac:8b:e3:09:7d:04:0c:
d7:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:D9:F5:36:3F:49:58:E0:65:A6:1F:AA:C8:43:AA:D6:4C:2C:99:50
X509v3 Authority Key Identifier:
keyid:B8:5B:0C:8A:75:89:3A:4F:8E:1E:F0:D9:A4:D4:14:78:D8:B3:32:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uFsMinWJOk-OHvDZpNQUeNizMng.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/99n1Nj9JWOBlph-qyEOq1kwsmVA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/8819e2-c4e3-4bce-a61c-305d41d53a65/1/uFsMinWJOk-OHvDZpNQUeNizMng.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.132.34.0/24
87.121.134.0/23
91.92.248.0/23
185.127.129.0/24
216.176.232.0/22
IPv6:
2a10:5d80:1::/48
Signature Algorithm: sha256WithRSAEncryption
6a:eb:df:a9:af:00:a5:69:7b:a9:ff:91:35:ea:3f:1a:20:e8:
2e:af:94:95:5e:7e:54:bd:7c:13:1f:49:4d:71:b5:ab:be:df:
ba:71:5a:ab:f7:23:52:34:79:84:ad:b9:ca:cf:06:8a:52:80:
3d:6d:00:59:0c:7f:8a:1c:59:43:df:25:80:08:a7:68:64:8e:
f8:a8:ad:e4:51:8a:b0:35:0f:c1:11:1a:a1:34:8f:07:5c:aa:
bd:03:ae:ec:a9:4e:5e:d2:8d:af:d6:b5:b3:65:47:0a:c9:ea:
89:91:7a:2d:30:02:e1:e6:4c:8d:25:9d:f5:6c:a7:31:f7:7d:
15:29:51:36:57:29:3e:d9:4d:1b:42:ae:d1:64:f4:87:77:c3:
f6:d9:1b:c6:e0:f5:f5:6e:65:b4:a6:62:6d:ba:ae:73:5c:30:
4b:b3:f9:f9:27:2d:b5:cc:a8:10:7e:c1:45:e1:b8:30:9a:b0:
e8:51:5e:94:5d:03:df:e2:a9:36:95:9d:f7:93:ff:99:3e:9a:
82:d3:6d:80:af:72:e3:72:a0:8e:65:4e:1a:a4:3c:f0:98:88:
91:95:9c:d1:c2:2e:c4:cf:19:0a:74:e8:62:a8:dd:59:ed:19:
e4:e9:36:31:0c:54:2c:00:8b:18:20:90:63:e5:60:3d:b5:94:
5a:bc:93:bb
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZ0bT/die5Jcr9BaLX33NO+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NWIwYzhhNzU4OTNhNGY4ZTFlZjBkOWE0ZDQxNDc4ZDhi
MzMyNzgwHhcNMjYwMzIzMTUyODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2Q5ZjUzNjNmNDk1OGUwNjVhNjFmYWFjODQzYWFkNjRjMmM5OTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7lcvKOZq1EwprHAQlyE8sQCfWe8y
NWmE10MHjPo2wbOsxnl2CGWMUqAU1E/7caJzb2AioZIGPeWGAq2cyLWj0GU6trTS
Q+uYb18VH5eE2QFyQBF+14VQlnG/9L5Bqvg0nJ/kIssOlAXrnvEX2iAnFH+noInt
dlUXJaEMiotrCJ67XatRHjBna70U1xO+rIYdYxc1Hoc63J95K2oCshXVsS/Eyv4R
VgB97MU5mTx+V65waaqVICluX9yXqRyB3bygqOM422i/7esQ9FD36ixSDnhTNu3F
RbdlbSMzvSDoUvgTy3CpgnjVWxMFEB4BccF/m5fZNEUihqyL4wl9BAzXCwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFPfZ9TY/SVjgZaYfqshDqtZMLJlQMB8GA1UdIwQY
MBaAFLhbDIp1iTpPjh7w2aTUFHjYszJ4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUZzTWluV0pPay1PSHZEWnBOUVVlTml6TW5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC84ODE5ZTItYzRlMy00YmNlLWE2MWMt
MzA1ZDQxZDUzYTY1LzEvOTluMU5qOUpXT0JscGgtcXlFT3Exa3dzbVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC84ODE5ZTItYzRlMy00YmNlLWE2MWMtMzA1ZDQxZDUzYTY1
LzEvdUZzTWluV0pPay1PSHZEWnBOUVVlTml6TW5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQALYQiAwQB
V3mGAwQBW1z4AwQAuX+BAwQC2LDoMA8EAgACMAkDBwAqEF2AAAEwDQYJKoZIhvcN
AQELBQADggEBAGrr36mvAKVpe6n/kTXqPxog6C6vlJVeflS9fBMfSU1xtau+37px
Wqv3I1I0eYStucrPBopSgD1tAFkMf4ocWUPfJYAIp2hkjvioreRRirA1D8ERGqE0
jwdcqr0DruypTl7Sja/WtbNlRwrJ6omRei0wAuHmTI0lnfVspzH3fRUpUTZXKT7Z
TRtCrtFk9Id3w/bZG8bg9fVuZbSmYm26rnNcMEuz+fknLbXMqBB+wUXhuDCasOhR
XpRdA9/iqTaVnfeT/5k+moLTbYCvcuNyoI5lThqkPPCYiJGVnNHCLsTPGQp06GKo
3VntGeTpNjEMVCwAixggkGPlYD21lFq8k7s=
-----END CERTIFICATE-----
Generated at Wed Mar 25 23:01:16 2026 by rpki-client