Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a07834-5fa3-4b40-bb9e-75e3cbb04b60/1/MnaK4RFMKFqvcy9LYy8dOLSmUhE.roa
File: MnaK4RFMKFqvcy9LYy8dOLSmUhE.roa (raw, json)
Hash identifier: JFebODicpWznSO2Mn/DWAEOUW3TbJ4875G8KS9D1Pkw=
Subject key identifier: 32:76:8A:E1:11:4C:28:5A:AF:73:2F:4B:63:2F:1D:38:B4:A6:52:11
Certificate issuer: /CN=072f815e7c1607d0bd3b399fba9a353fec544315
Certificate serial: 019DAB0200E8FEFE24C80DB28934B3D35409
Authority key identifier: 07:2F:81:5E:7C:16:07:D0:BD:3B:39:9F:BA:9A:35:3F:EC:54:43:15
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/By-BXnwWB9C9Ozmfupo1P-xUQxU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/a07834-5fa3-4b40-bb9e-75e3cbb04b60/1/MnaK4RFMKFqvcy9LYy8dOLSmUhE.roa
Signing time: Mon 20 Apr 2026 13:08:48 +0000
ROA not before: Mon 20 Apr 2026 13:08:48 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 5091
IP address blocks: 65.87.144.0/24 maxlen: 24
194.34.152.0/24 maxlen: 24
194.34.153.0/24 maxlen: 24
2a0c:ecc0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c8/a07834-5fa3-4b40-bb9e-75e3cbb04b60/1/By-BXnwWB9C9Ozmfupo1P-xUQxU.crl
rsync://rpki.ripe.net/repository/DEFAULT/c8/a07834-5fa3-4b40-bb9e-75e3cbb04b60/1/By-BXnwWB9C9Ozmfupo1P-xUQxU.mft
rsync://rpki.ripe.net/repository/DEFAULT/By-BXnwWB9C9Ozmfupo1P-xUQxU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 23:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:ab:02:00:e8:fe:fe:24:c8:0d:b2:89:34:b3:d3:54:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=072f815e7c1607d0bd3b399fba9a353fec544315
Validity
Not Before: Apr 20 13:08:48 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=32768ae1114c285aaf732f4b632f1d38b4a65211
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:a7:44:14:66:bc:fa:b2:6d:da:80:24:15:5e:
ce:ae:e9:95:76:e2:4c:f1:8d:25:49:f2:d4:b0:47:
82:70:e1:de:e9:ac:f7:9e:30:2f:6b:22:67:34:d0:
f4:3d:a4:83:14:f5:8d:d2:7d:60:4e:b2:58:e1:81:
3c:2d:f2:c8:05:4a:1a:2e:49:7d:a3:72:a5:41:e2:
45:ae:6c:e0:a6:07:41:1e:1a:66:91:00:9e:49:7d:
05:2e:ba:b0:aa:2a:d8:88:90:7c:81:59:26:52:35:
9f:57:36:b5:36:83:3f:15:ec:50:37:d4:10:f1:69:
df:0d:85:82:7c:d1:66:b8:d0:e6:1a:f7:50:6b:fd:
02:f3:16:96:8f:db:17:4d:f4:cc:b5:45:e4:6f:b7:
e2:ef:03:73:71:14:89:dc:91:6a:83:6b:b5:0a:75:
af:c4:ce:8f:78:96:81:e2:11:c6:5f:1e:1b:f3:83:
af:68:c3:7e:4d:f6:b2:cf:62:79:28:2a:34:32:88:
32:35:85:3b:a1:f4:e1:dc:b0:1e:a4:c2:16:38:cb:
58:6a:9d:da:fb:46:c7:25:e8:9d:e5:76:0d:ac:6b:
13:da:44:b7:17:c1:ed:33:1a:a4:9c:20:b6:8f:b8:
fb:ed:f9:ce:fb:80:0f:db:35:bd:03:ae:62:d9:32:
50:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:76:8A:E1:11:4C:28:5A:AF:73:2F:4B:63:2F:1D:38:B4:A6:52:11
X509v3 Authority Key Identifier:
keyid:07:2F:81:5E:7C:16:07:D0:BD:3B:39:9F:BA:9A:35:3F:EC:54:43:15
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/By-BXnwWB9C9Ozmfupo1P-xUQxU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a07834-5fa3-4b40-bb9e-75e3cbb04b60/1/MnaK4RFMKFqvcy9LYy8dOLSmUhE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a07834-5fa3-4b40-bb9e-75e3cbb04b60/1/By-BXnwWB9C9Ozmfupo1P-xUQxU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
65.87.144.0/24
194.34.152.0/23
IPv6:
2a0c:ecc0::/48
Signature Algorithm: sha256WithRSAEncryption
50:80:a2:20:78:bd:c1:36:8b:0c:78:91:9d:c9:89:59:b2:64:
7b:f6:0d:48:17:a3:fc:12:4a:ab:26:8d:b6:4c:07:5f:9b:36:
fe:08:7d:5e:d7:dc:e9:2f:8f:d1:be:56:59:3c:5c:82:36:35:
88:e6:d5:76:69:50:33:1a:2e:dc:96:f9:2d:d7:5c:69:11:11:
e4:d2:e4:ad:6b:4d:c4:a5:af:da:02:00:7f:d0:50:14:5b:2a:
e7:ab:08:b2:c8:25:a0:b2:16:72:8f:75:0c:1c:44:ad:46:88:
3c:cf:1b:ef:1d:9d:39:36:97:6f:04:c1:81:6a:41:ef:ce:c8:
08:31:65:b2:ea:38:14:87:ce:67:3e:38:da:25:80:87:6a:46:
5e:6c:61:d9:95:cb:a6:b1:51:13:22:9f:55:d5:b0:a6:c6:b7:
17:07:99:af:92:e5:b7:40:7d:28:81:e9:97:db:c4:8c:ba:dc:
61:b2:22:92:27:19:33:83:c1:64:4b:7c:44:78:5f:4e:b8:af:
f9:12:4b:45:ab:c1:58:1a:9a:0e:3b:11:3a:47:8a:89:bf:cf:
a5:16:30:b2:ba:42:9d:ff:ba:48:2e:2d:0e:9b:f3:26:f8:39:
6d:f3:90:3d:d2:72:b9:08:21:d4:6a:7c:22:c8:c4:c8:e0:40:
16:e5:78:54
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ2rAgDo/v4kyA2yiTSz01QJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MmY4MTVlN2MxNjA3ZDBiZDNiMzk5ZmJhOWEzNTNmZWM1
NDQzMTUwHhcNMjYwNDIwMTMwODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjc2OGFlMTExNGMyODVhYWY3MzJmNGI2MzJmMWQzOGI0YTY1MjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqdEFGa8+rJt2oAkFV7OrumVduJM
8Y0lSfLUsEeCcOHe6az3njAvayJnNND0PaSDFPWN0n1gTrJY4YE8LfLIBUoaLkl9
o3KlQeJFrmzgpgdBHhpmkQCeSX0FLrqwqirYiJB8gVkmUjWfVza1NoM/FexQN9QQ
8WnfDYWCfNFmuNDmGvdQa/0C8xaWj9sXTfTMtUXkb7fi7wNzcRSJ3JFqg2u1CnWv
xM6PeJaB4hHGXx4b84OvaMN+Tfayz2J5KCo0MogyNYU7ofTh3LAepMIWOMtYap3a
+0bHJeid5XYNrGsT2kS3F8HtMxqknCC2j7j77fnO+4AP2zW9A65i2TJQ7wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFDJ2iuERTChar3MvS2MvHTi0plIRMB8GA1UdIwQY
MBaAFAcvgV58FgfQvTs5n7qaNT/sVEMVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnktQlhud1dCOUM5T3ptZnVwbzFQLXhVUXhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hMDc4MzQtNWZhMy00YjQwLWJiOWUt
NzVlM2NiYjA0YjYwLzEvTW5hSzRSRk1LRnF2Y3k5TFl5OGRPTFNtVWhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hMDc4MzQtNWZhMy00YjQwLWJiOWUtNzVlM2NiYjA0YjYw
LzEvQnktQlhud1dCOUM5T3ptZnVwbzFQLXhVUXhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAQVeQAwQB
wiKYMA8EAgACMAkDBwAqDOzAAAAwDQYJKoZIhvcNAQELBQADggEBAFCAoiB4vcE2
iwx4kZ3JiVmyZHv2DUgXo/wSSqsmjbZMB1+bNv4IfV7X3Okvj9G+Vlk8XII2NYjm
1XZpUDMaLtyW+S3XXGkREeTS5K1rTcSlr9oCAH/QUBRbKuerCLLIJaCyFnKPdQwc
RK1GiDzPG+8dnTk2l28EwYFqQe/OyAgxZbLqOBSHzmc+ONolgIdqRl5sYdmVy6ax
URMin1XVsKbGtxcHma+S5bdAfSiB6ZfbxIy63GGyIpInGTODwWRLfER4X064r/kS
S0WrwVgamg47ETpHiom/z6UWMLK6Qp3/ukguLQ6b8yb4OW3zkD3ScrkIIdRqfCLI
xMjgQBbleFQ=
-----END CERTIFICATE-----
Generated at Wed May 13 07:46:43 2026 by rpki-client