Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/b60b69-2e42-483d-8e71-b7428487ab3d/1/fRMGJKOe0wfDiw0unFc85k7409g.roa
File: fRMGJKOe0wfDiw0unFc85k7409g.roa (raw, json)
Hash identifier: GV5bf/rfa9++OBIl1skLL/HbQ9UpbL8R7W4YlnOIOl0=
Subject key identifier: 7D:13:06:24:A3:9E:D3:07:C3:8B:0D:2E:9C:57:3C:E6:4E:F8:D3:D8
Certificate issuer: /CN=312258ef43360de84c25c26f9fb57ab7e78f9162
Certificate serial: 019B7C123F7704EF38B3BF231A2FE6810FE3
Authority key identifier: 31:22:58:EF:43:36:0D:E8:4C:25:C2:6F:9F:B5:7A:B7:E7:8F:91:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MSJY70M2DehMJcJvn7V6t-ePkWI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/b60b69-2e42-483d-8e71-b7428487ab3d/1/fRMGJKOe0wfDiw0unFc85k7409g.roa
Signing time: Fri 02 Jan 2026 00:18:49 +0000
ROA not before: Fri 02 Jan 2026 00:18:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9115
IP address blocks: 91.136.0.0/17 maxlen: 17
91.136.0.0/24 maxlen: 24
91.136.125.0/24 maxlen: 24
2a01:7f60::/32 maxlen: 32
2a01:7f60:20::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cf/b60b69-2e42-483d-8e71-b7428487ab3d/1/MSJY70M2DehMJcJvn7V6t-ePkWI.crl
rsync://rpki.ripe.net/repository/DEFAULT/cf/b60b69-2e42-483d-8e71-b7428487ab3d/1/MSJY70M2DehMJcJvn7V6t-ePkWI.mft
rsync://rpki.ripe.net/repository/DEFAULT/MSJY70M2DehMJcJvn7V6t-ePkWI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 21:01:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:12:3f:77:04:ef:38:b3:bf:23:1a:2f:e6:81:0f:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=312258ef43360de84c25c26f9fb57ab7e78f9162
Validity
Not Before: Jan 2 00:18:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=7d130624a39ed307c38b0d2e9c573ce64ef8d3d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:07:bb:0b:d3:f7:72:45:d4:9e:5f:1c:a7:e0:
3e:ea:77:e1:3f:b8:07:a0:a2:6e:66:8d:c7:4e:c0:
2d:85:67:cc:11:0e:6a:83:2d:de:34:a0:8e:2d:d0:
47:6b:15:3c:8d:45:6d:d8:dc:44:e4:4f:a6:c2:d8:
fc:e1:28:4a:6e:07:ff:62:c5:6a:ec:2e:ee:66:89:
56:e5:0c:98:0a:f1:8c:47:63:c4:db:b7:df:28:43:
c5:88:b8:e4:00:ac:cc:c6:7a:fe:30:42:39:30:e7:
d3:75:7a:60:01:5f:54:5f:33:15:89:cf:19:1d:7d:
a6:db:99:3f:5f:d7:7b:19:88:e7:f2:7a:d7:3d:02:
f9:c1:ae:04:fd:61:8e:47:0c:1b:03:46:8f:ff:7c:
cb:cc:28:25:01:cc:4e:f7:95:16:7c:fb:98:27:32:
87:1b:0d:ad:5c:21:88:be:39:20:a0:f4:8c:a1:98:
0c:d0:5e:f1:19:c4:6c:2f:68:d2:67:53:43:7d:63:
ad:cf:a8:49:3a:63:bf:c5:ac:00:8d:39:1c:f9:91:
da:4f:8c:e0:78:72:97:86:96:cc:d6:eb:68:ea:cb:
6c:d4:76:37:82:32:91:12:06:32:25:33:dd:4e:5b:
f6:d4:62:aa:32:a3:e4:3c:51:81:96:c3:6d:d9:28:
9e:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:13:06:24:A3:9E:D3:07:C3:8B:0D:2E:9C:57:3C:E6:4E:F8:D3:D8
X509v3 Authority Key Identifier:
keyid:31:22:58:EF:43:36:0D:E8:4C:25:C2:6F:9F:B5:7A:B7:E7:8F:91:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MSJY70M2DehMJcJvn7V6t-ePkWI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/b60b69-2e42-483d-8e71-b7428487ab3d/1/fRMGJKOe0wfDiw0unFc85k7409g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/b60b69-2e42-483d-8e71-b7428487ab3d/1/MSJY70M2DehMJcJvn7V6t-ePkWI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.136.0.0/17
IPv6:
2a01:7f60::/32
Signature Algorithm: sha256WithRSAEncryption
6f:44:f1:d0:c5:ae:f7:49:39:54:14:51:17:b3:d1:6f:04:77:
88:f8:ad:19:25:56:3f:1a:68:a1:18:ce:73:b5:39:f3:99:f7:
8a:28:2f:3b:27:d3:41:85:16:6d:08:0e:06:bd:bd:d7:f6:0a:
8c:66:80:19:c3:87:d8:df:7a:f7:7e:53:ad:7e:fd:01:c1:d6:
77:5b:4a:2d:4a:37:e2:7d:8e:1e:7f:50:44:49:51:0d:39:d2:
a7:1b:1f:4c:08:ea:a1:3a:ba:db:3d:5e:97:8d:10:a1:fd:85:
35:ef:77:8d:ed:e0:d2:46:9f:bf:09:4c:6e:06:55:00:be:e0:
9c:07:4e:91:fb:48:36:ff:14:8e:29:4c:cc:f1:ed:fe:60:ee:
f9:05:99:09:7d:21:75:c6:95:83:d7:e8:a9:29:72:9a:b9:a4:
a9:d5:47:15:df:d2:c6:99:a7:9f:8b:de:3f:68:74:ec:1c:ad:
4a:92:06:51:c8:57:d6:b8:71:48:ad:d9:26:c4:df:ef:3c:96:
f9:9a:1e:f5:eb:3f:27:7b:25:f8:47:97:4d:74:85:60:99:46:
ed:79:95:9a:16:0b:bf:90:29:8a:fe:8f:b0:ae:38:41:f4:f1:
c4:e0:4d:2e:01:0e:1e:e7:c6:25:96:06:c3:55:ed:e8:56:ad:
31:37:3a:09
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt8Ej93BO84s78jGi/mgQ/jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMjI1OGVmNDMzNjBkZTg0YzI1YzI2ZjlmYjU3YWI3ZTc4
ZjkxNjIwHhcNMjYwMTAyMDAxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDEzMDYyNGEzOWVkMzA3YzM4YjBkMmU5YzU3M2NlNjRlZjhkM2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAe7C9P3ckXUnl8cp+A+6nfhP7gH
oKJuZo3HTsAthWfMEQ5qgy3eNKCOLdBHaxU8jUVt2NxE5E+mwtj84ShKbgf/YsVq
7C7uZolW5QyYCvGMR2PE27ffKEPFiLjkAKzMxnr+MEI5MOfTdXpgAV9UXzMVic8Z
HX2m25k/X9d7GYjn8nrXPQL5wa4E/WGORwwbA0aP/3zLzCglAcxO95UWfPuYJzKH
Gw2tXCGIvjkgoPSMoZgM0F7xGcRsL2jSZ1NDfWOtz6hJOmO/xawAjTkc+ZHaT4zg
eHKXhpbM1uto6sts1HY3gjKREgYyJTPdTlv21GKqMqPkPFGBlsNt2SieawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH0TBiSjntMHw4sNLpxXPOZO+NPYMB8GA1UdIwQY
MBaAFDEiWO9DNg3oTCXCb5+1erfnj5FiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVNKWTcwTTJEZWhNSmNKdm43VjZ0LWVQa1dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9iNjBiNjktMmU0Mi00ODNkLThlNzEt
Yjc0Mjg0ODdhYjNkLzEvZlJNR0pLT2Uwd2ZEaXcwdW5GYzg1azc0MDlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9iNjBiNjktMmU0Mi00ODNkLThlNzEtYjc0Mjg0ODdhYjNk
LzEvTVNKWTcwTTJEZWhNSmNKdm43VjZ0LWVQa1dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQHW4gAMA0E
AgACMAcDBQAqAX9gMA0GCSqGSIb3DQEBCwUAA4IBAQBvRPHQxa73STlUFFEXs9Fv
BHeI+K0ZJVY/GmihGM5ztTnzmfeKKC87J9NBhRZtCA4Gvb3X9gqMZoAZw4fY33r3
flOtfv0BwdZ3W0otSjfifY4ef1BESVENOdKnGx9MCOqhOrrbPV6XjRCh/YU173eN
7eDSRp+/CUxuBlUAvuCcB06R+0g2/xSOKUzM8e3+YO75BZkJfSF1xpWD1+ipKXKa
uaSp1UcV39LGmaefi94/aHTsHK1KkgZRyFfWuHFIrdkmxN/vPJb5mh716z8neyX4
R5dNdIVgmUbteZWaFgu/kCmK/o+wrjhB9PHE4E0uAQ4e58YllgbDVe3oVq0xNzoJ
-----END CERTIFICATE-----
Generated at Thu Mar 26 06:16:08 2026 by rpki-client