Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/0an2pQXOSUa9Qv0CDLezuYXP9Rc.roa
File: 0an2pQXOSUa9Qv0CDLezuYXP9Rc.roa (raw, json)
Hash identifier: GI3HMCo+UnX0/WFi5FDffbeewol6/ny0qWi9o7/s4mw=
Subject key identifier: D1:A9:F6:A5:05:CE:49:46:BD:42:FD:02:0C:B7:B3:B9:85:CF:F5:17
Certificate issuer: /CN=a316c7659af1d56bc718faf614f092758f5edc7f
Certificate serial: 019DDF6A26C3F04EE429D0E0E6AF380E41EB
Authority key identifier: A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/0an2pQXOSUa9Qv0CDLezuYXP9Rc.roa
Signing time: Thu 30 Apr 2026 17:22:49 +0000
ROA not before: Thu 30 Apr 2026 17:22:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 206998
IP address blocks: 185.221.85.0/24 maxlen: 24
185.221.86.0/24 maxlen: 24
212.32.0.0/20 maxlen: 24
212.32.4.0/24 maxlen: 24
212.32.5.0/24 maxlen: 24
212.32.8.0/24 maxlen: 24
212.32.9.0/24 maxlen: 24
2a0d:8000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl
rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.mft
rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:df:6a:26:c3:f0:4e:e4:29:d0:e0:e6:af:38:0e:41:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a316c7659af1d56bc718faf614f092758f5edc7f
Validity
Not Before: Apr 30 17:22:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d1a9f6a505ce4946bd42fd020cb7b3b985cff517
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:68:89:32:7a:63:a7:46:d1:7d:e4:39:8b:0f:
83:0d:a6:4f:dc:f2:30:f9:48:92:a1:8a:e4:ac:62:
30:d1:8b:5d:5f:86:9b:f0:5c:ca:cd:99:0a:34:50:
10:5f:f8:a6:7b:36:77:56:54:f3:5a:e1:e0:76:e4:
f3:ff:a8:bd:3d:a9:0d:dd:af:b5:44:00:f0:5f:f3:
34:a6:c7:75:5f:d5:71:11:58:fd:14:31:7e:49:42:
f4:5a:2b:f0:81:99:60:23:74:11:3a:8e:f0:c6:c8:
08:7e:12:fa:0f:b3:3c:c4:77:ba:96:8a:b0:89:c2:
c8:39:82:03:d5:6e:16:69:51:26:b4:3b:a4:67:27:
50:b0:4e:b9:7f:b5:76:87:c7:1e:82:9d:da:d1:94:
dd:da:40:ab:e6:9d:4b:d9:42:2b:9e:7f:74:ee:16:
d1:02:34:ab:e1:a0:47:67:07:a5:3e:34:13:b0:48:
c8:6f:ac:f3:1d:30:10:3a:da:62:73:cb:fd:7c:6b:
72:a5:1a:b1:c6:5e:9f:7e:59:75:01:70:a9:b0:c3:
7e:63:ca:c3:4e:03:83:12:2c:67:0c:5c:c4:a2:ce:
1d:5d:cb:eb:2c:40:9d:56:c1:53:d6:bf:46:d9:53:
65:9f:b4:c6:a1:9f:a6:42:b5:b1:8d:89:9c:1d:5b:
e8:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:A9:F6:A5:05:CE:49:46:BD:42:FD:02:0C:B7:B3:B9:85:CF:F5:17
X509v3 Authority Key Identifier:
keyid:A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/0an2pQXOSUa9Qv0CDLezuYXP9Rc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.221.85.0-185.221.86.255
212.32.0.0/20
IPv6:
2a0d:8000::/48
Signature Algorithm: sha256WithRSAEncryption
79:75:2d:d9:50:62:af:bf:8d:34:c5:ed:d5:03:e9:d4:14:d0:
7e:68:66:16:40:86:cb:95:9a:be:0d:57:54:07:8c:51:bf:e7:
4c:b1:b1:4e:5a:ab:0f:cb:2f:b4:f5:6f:3c:33:73:92:f4:83:
b4:ec:3a:ad:13:e2:d8:a1:61:76:50:4c:90:ff:64:69:0a:7d:
fd:e9:dd:95:cf:bd:2b:40:6f:64:ba:1c:d6:22:31:25:4f:0d:
1d:ea:1d:47:06:89:86:67:4b:88:37:81:79:7f:d9:4e:33:02:
be:9a:7f:ba:9c:65:11:ce:e0:d8:1a:d2:52:3c:c7:91:d9:fd:
00:de:78:7b:d6:2b:08:e4:ac:06:9c:04:11:df:c2:38:dc:98:
89:06:1f:01:97:15:24:2c:79:f8:d4:ba:7a:10:c8:51:79:3b:
29:cc:b5:0e:0c:f7:59:76:27:09:44:2b:91:09:76:3e:de:5a:
9d:57:08:dd:e5:ac:25:42:e5:54:4b:64:9e:af:dd:24:65:6d:
a4:39:16:0b:cc:fc:d8:d6:f1:ca:f3:d3:08:a8:fa:fe:af:3c:
25:72:00:a1:48:98:08:42:2c:e8:ee:97:91:25:f2:c4:a7:cb:
0c:3c:d6:4f:c3:cd:ce:13:0d:c6:1a:c4:09:30:0b:8b:bc:9d:
48:f9:8c:14
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAZ3faibD8E7kKdDg5q84DkHrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMTZjNzY1OWFmMWQ1NmJjNzE4ZmFmNjE0ZjA5Mjc1OGY1
ZWRjN2YwHhcNMjYwNDMwMTcyMjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWE5ZjZhNTA1Y2U0OTQ2YmQ0MmZkMDIwY2I3YjNiOTg1Y2ZmNTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2iJMnpjp0bRfeQ5iw+DDaZP3PIw
+UiSoYrkrGIw0YtdX4ab8FzKzZkKNFAQX/imezZ3VlTzWuHgduTz/6i9PakN3a+1
RADwX/M0psd1X9VxEVj9FDF+SUL0WivwgZlgI3QROo7wxsgIfhL6D7M8xHe6loqw
icLIOYID1W4WaVEmtDukZydQsE65f7V2h8cegp3a0ZTd2kCr5p1L2UIrnn907hbR
AjSr4aBHZwelPjQTsEjIb6zzHTAQOtpic8v9fGtypRqxxl6ffll1AXCpsMN+Y8rD
TgODEixnDFzEos4dXcvrLECdVsFT1r9G2VNln7TGoZ+mQrWxjYmcHVvouwIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFNGp9qUFzklGvUL9Agy3s7mFz/UXMB8GA1UdIwQY
MBaAFKMWx2Wa8dVrxxj69hTwknWPXtx/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUt
MzY4N2M4MThlZGU1LzEvMGFuMnBRWE9TVWE5UXYwQ0RMZXp1WVhQOVJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUtMzY4N2M4MThlZGU1
LzEvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTAaBAIAATAUMAwDBAC53VUD
BAC53VYDBATUIAAwDwQCAAIwCQMHACoNgAAAADANBgkqhkiG9w0BAQsFAAOCAQEA
eXUt2VBir7+NNMXt1QPp1BTQfmhmFkCGy5Wavg1XVAeMUb/nTLGxTlqrD8svtPVv
PDNzkvSDtOw6rRPi2KFhdlBMkP9kaQp9/endlc+9K0BvZLoc1iIxJU8NHeodRwaJ
hmdLiDeBeX/ZTjMCvpp/upxlEc7g2BrSUjzHkdn9AN54e9YrCOSsBpwEEd/CONyY
iQYfAZcVJCx5+NS6ehDIUXk7Kcy1Dgz3WXYnCUQrkQl2Pt5anVcI3eWsJULlVEtk
nq/dJGVtpDkWC8z82NbxyvPTCKj6/q88JXIAoUiYCEIs6O6XkSXyxKfLDDzWT8PN
zhMNxhrECTALi7ydSPmMFA==
-----END CERTIFICATE-----
Generated at Wed May 13 00:34:53 2026 by rpki-client