Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/bAQWAvcm3T6rfyaf7ljIBvlFtAM.roa
File: bAQWAvcm3T6rfyaf7ljIBvlFtAM.roa (raw, json)
Hash identifier: 2DAvyPmgh36vWxZnNmX769qlQ+GKNipPDNKBhtCFjHA=
Subject key identifier: 6C:04:16:02:F7:26:DD:3E:AB:7F:26:9F:EE:58:C8:06:F9:45:B4:03
Certificate issuer: /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial: 019D0D858FA059DF8FABE084A2C514C99DC5
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/bAQWAvcm3T6rfyaf7ljIBvlFtAM.roa
Signing time: Fri 20 Mar 2026 23:12:30 +0000
ROA not before: Fri 20 Mar 2026 23:12:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 54702
IP address blocks: 147.78.204.0/24 maxlen: 24
185.161.191.0/24 maxlen: 24
185.208.155.0/24 maxlen: 24
185.253.123.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 15:17:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:0d:85:8f:a0:59:df:8f:ab:e0:84:a2:c5:14:c9:9d:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Validity
Not Before: Mar 20 23:12:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6c041602f726dd3eab7f269fee58c806f945b403
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:6d:26:2a:87:1a:74:3b:46:c1:be:cd:37:3f:
65:86:f4:1c:54:e8:6f:72:94:44:c5:e3:ff:fa:65:
70:02:d9:f1:86:c2:cb:06:fd:a0:38:7b:76:a8:0f:
96:52:f5:17:7e:55:4e:86:20:b9:ab:31:b2:21:cc:
31:a7:9e:32:33:0b:f9:ee:6b:65:a9:c3:41:67:fb:
4e:ba:6d:73:4f:b2:cd:89:93:73:da:3b:0a:4b:c4:
10:0f:c3:44:19:82:0b:93:91:a7:10:30:4d:83:99:
52:e1:16:8b:ed:ca:1f:93:bf:60:f2:df:a1:10:96:
bd:e5:d9:56:d3:5a:fe:c1:cb:64:ca:15:61:9b:8f:
4c:92:70:13:11:eb:80:04:62:51:4e:e4:d0:21:5d:
c1:8e:f2:4b:1b:93:43:a7:45:99:df:69:73:4e:0b:
92:9f:ca:88:35:c8:19:8d:66:6e:f4:87:70:f0:5f:
a9:ff:a7:e9:55:28:64:3d:9e:5d:92:9e:5a:3e:06:
05:f3:e5:62:69:9d:bc:d1:9b:2e:59:8d:56:3e:3d:
24:35:ad:d5:61:dd:2c:a9:58:2d:2c:bc:a9:91:ac:
85:92:cd:68:df:14:e8:41:85:78:c3:c8:29:70:6a:
a3:c2:f3:b6:b5:54:93:df:b1:02:82:85:ce:29:f4:
4f:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:04:16:02:F7:26:DD:3E:AB:7F:26:9F:EE:58:C8:06:F9:45:B4:03
X509v3 Authority Key Identifier:
keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/bAQWAvcm3T6rfyaf7ljIBvlFtAM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.78.204.0/24
185.161.191.0/24
185.208.155.0/24
185.253.123.0/24
Signature Algorithm: sha256WithRSAEncryption
76:b0:63:00:68:d8:06:f4:85:37:72:51:0b:40:3e:da:3b:50:
5e:4f:3c:71:cf:2c:fb:36:e7:91:a1:b1:ec:24:a8:1a:a7:ca:
d8:9e:03:75:f8:6e:11:f5:0f:ad:53:b0:a9:86:a5:9a:83:3b:
02:7f:78:9a:cc:37:9e:9d:51:2a:25:93:48:a5:fb:54:a9:60:
9b:26:f5:27:b0:32:b2:43:1f:e7:f9:4a:22:05:14:0a:86:80:
ca:2d:45:d8:4f:86:ce:b0:1d:26:b6:46:39:19:73:ec:a0:fa:
df:14:21:9d:01:c3:4f:69:5c:9a:52:ab:aa:7f:8d:78:5f:ea:
f5:54:3c:87:b6:80:4c:57:27:6b:dd:49:0f:61:22:99:6c:ff:
5a:b7:51:79:94:a2:f3:ab:b7:68:00:0c:ef:f1:e4:99:92:ab:
6d:f0:be:bd:c0:f6:2f:a7:2d:5e:93:96:77:2e:a8:2a:7b:f0:
46:64:35:35:a0:8a:5a:db:a8:b8:af:11:48:cb:bb:c1:1d:65:
13:10:6d:a2:fb:54:79:de:0d:78:74:92:26:ab:7a:d5:28:5d:
e9:e9:36:1e:0e:f4:1b:25:18:c7:55:6f:b5:fb:85:67:d6:75:
01:90:21:e2:48:cc:86:dd:82:7a:bd:0e:18:49:3b:9f:8e:43:
a2:ae:11:71
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ0NhY+gWd+Pq+CEosUUyZ3FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjYwMzIwMjMxMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzA0MTYwMmY3MjZkZDNlYWI3ZjI2OWZlZTU4YzgwNmY5NDViNDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzW0mKocadDtGwb7NNz9lhvQcVOhv
cpRExeP/+mVwAtnxhsLLBv2gOHt2qA+WUvUXflVOhiC5qzGyIcwxp54yMwv57mtl
qcNBZ/tOum1zT7LNiZNz2jsKS8QQD8NEGYILk5GnEDBNg5lS4RaL7cofk79g8t+h
EJa95dlW01r+wctkyhVhm49MknATEeuABGJRTuTQIV3BjvJLG5NDp0WZ32lzTguS
n8qINcgZjWZu9Idw8F+p/6fpVShkPZ5dkp5aPgYF8+ViaZ280ZsuWY1WPj0kNa3V
Yd0sqVgtLLypkayFks1o3xToQYV4w8gpcGqjwvO2tVST37ECgoXOKfRP4wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGwEFgL3Jt0+q38mn+5YyAb5RbQDMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvYkFRV0F2Y20zVDZyZnlhZjdsaklCdmxGdEFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAk07MAwQA
uaG/AwQAudCbAwQAuf17MA0GCSqGSIb3DQEBCwUAA4IBAQB2sGMAaNgG9IU3clEL
QD7aO1BeTzxxzyz7NueRobHsJKgap8rYngN1+G4R9Q+tU7CphqWagzsCf3iazDee
nVEqJZNIpftUqWCbJvUnsDKyQx/n+UoiBRQKhoDKLUXYT4bOsB0mtkY5GXPsoPrf
FCGdAcNPaVyaUquqf414X+r1VDyHtoBMVydr3UkPYSKZbP9at1F5lKLzq7doAAzv
8eSZkqtt8L69wPYvpy1ek5Z3Lqgqe/BGZDU1oIpa26i4rxFIy7vBHWUTEG2i+1R5
3g14dJImq3rVKF3p6TYeDvQbJRjHVW+1+4Vn1nUBkCHiSMyG3YJ6vQ4YSTufjkOi
rhFx
-----END CERTIFICATE-----
Generated at Wed Mar 25 23:02:07 2026 by rpki-client