Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/KPzLPauPpQiWYae418r6m1gMbQ8.roa
File: KPzLPauPpQiWYae418r6m1gMbQ8.roa (raw, json)
Hash identifier: bMOA8c/Peua3MiHOsLdKNKZDG/6LBfAeWjPvZ8O4vDE=
Subject key identifier: 28:FC:CB:3D:AB:8F:A5:08:96:61:A7:B8:D7:CA:FA:9B:58:0C:6D:0F
Certificate issuer: /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial: 019E1AC68AD035377BDDF374A9A25A22CFDD
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/KPzLPauPpQiWYae418r6m1gMbQ8.roa
Signing time: Tue 12 May 2026 06:01:19 +0000
ROA not before: Tue 12 May 2026 06:01:19 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 41745
IP address blocks: 193.68.88.0/24 maxlen: 24
193.68.89.0/24 maxlen: 24
213.21.237.0/24 maxlen: 24
213.21.240.0/24 maxlen: 24
213.21.248.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:1a:c6:8a:d0:35:37:7b:dd:f3:74:a9:a2:5a:22:cf:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Validity
Not Before: May 12 06:01:19 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=28fccb3dab8fa5089661a7b8d7cafa9b580c6d0f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:18:10:eb:ec:81:c1:bd:3d:6d:bf:10:31:6b:
71:ae:cc:b9:6b:9f:cd:35:6b:5f:eb:79:9c:2a:27:
63:38:99:5a:e7:75:ab:ef:19:e4:96:ac:e5:b3:6a:
4e:a0:1c:67:c9:4a:da:3d:af:dc:1e:92:57:6d:ca:
dd:72:3b:c8:0c:3e:54:82:51:db:eb:58:f6:ed:c8:
3d:7c:b8:d0:d7:90:fd:79:2b:54:9e:68:ab:e1:99:
3c:43:df:fb:56:db:e9:eb:b1:30:0b:0d:18:38:49:
ac:41:94:9b:71:02:68:b3:0d:b6:32:4c:94:20:b9:
21:7a:94:14:41:7c:ca:e8:fc:bc:a2:8d:c7:28:2c:
31:12:62:13:34:4f:a4:ac:78:25:6b:c5:e6:f3:a4:
61:19:9b:30:7d:3e:03:44:ce:c7:b5:69:94:63:de:
c2:c5:69:bc:f6:68:ee:e0:dc:fe:03:e5:20:6d:a1:
65:d1:54:6c:11:23:e1:d7:a8:0d:3e:6c:cb:d5:2d:
f8:cb:46:0c:02:a8:0d:04:38:00:f6:61:ed:2e:d4:
57:df:84:28:bc:5d:1f:38:8f:89:3b:36:9f:d7:2b:
82:6c:80:89:98:47:64:d2:be:07:54:a7:bd:16:96:
18:4e:41:db:2e:4e:5a:58:a5:5c:71:4f:57:5d:0d:
f5:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:FC:CB:3D:AB:8F:A5:08:96:61:A7:B8:D7:CA:FA:9B:58:0C:6D:0F
X509v3 Authority Key Identifier:
keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/KPzLPauPpQiWYae418r6m1gMbQ8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.68.88.0/23
213.21.237.0/24
213.21.240.0/24
213.21.248.0/24
Signature Algorithm: sha256WithRSAEncryption
3f:3c:9d:24:05:5d:48:5c:43:82:78:87:e4:8b:c8:8d:ea:59:
35:6e:06:37:28:27:4f:cf:d4:16:b8:9f:93:1c:93:af:de:19:
01:3d:ac:ba:ed:05:fa:9d:13:c0:3b:74:9d:42:b5:ae:78:60:
6d:88:ec:ec:fd:de:14:c8:c4:b2:48:fe:ab:05:c9:eb:e3:10:
6d:29:f8:af:05:56:8b:0a:92:9a:b9:4e:15:d5:98:0a:c3:bd:
86:33:61:c8:8e:33:0f:b9:3d:d8:c9:f6:0a:62:26:fa:8d:25:
cb:85:02:f6:1f:c9:0c:68:5f:8a:2f:0f:ca:a4:5a:bc:12:66:
39:aa:2f:20:6e:6a:5a:00:2d:de:f7:b1:94:ad:0c:52:1f:c8:
a3:35:6b:68:c7:23:e4:a2:25:20:86:2d:d7:ce:5f:1b:df:24:
a5:87:f2:92:33:e0:2c:18:0d:d6:7a:0f:f5:a5:11:71:4a:da:
8f:91:15:41:4d:74:a5:b9:c5:92:f4:0f:90:cf:55:39:07:cb:
9f:ba:7d:f8:5d:a5:15:f1:59:7e:6b:51:33:90:93:9d:f6:42:
c0:08:c7:42:83:6a:ce:8e:66:49:b4:dc:5e:2f:78:ef:3c:28:
e7:34:5f:38:11:14:d0:a8:bf:fd:55:24:1b:54:c0:e6:04:5a:
25:fb:ce:d0
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ4axorQNTd73fN0qaJaIs/dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjYwNTEyMDYwMTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGZjY2IzZGFiOGZhNTA4OTY2MWE3YjhkN2NhZmE5YjU4MGM2ZDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBgQ6+yBwb09bb8QMWtxrsy5a5/N
NWtf63mcKidjOJla53Wr7xnklqzls2pOoBxnyUraPa/cHpJXbcrdcjvIDD5UglHb
61j27cg9fLjQ15D9eStUnmir4Zk8Q9/7Vtvp67EwCw0YOEmsQZSbcQJosw22MkyU
ILkhepQUQXzK6Py8oo3HKCwxEmITNE+krHgla8Xm86RhGZswfT4DRM7HtWmUY97C
xWm89mju4Nz+A+UgbaFl0VRsESPh16gNPmzL1S34y0YMAqgNBDgA9mHtLtRX34Qo
vF0fOI+JOzaf1yuCbICJmEdk0r4HVKe9FpYYTkHbLk5aWKVccU9XXQ31LQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCj8yz2rj6UIlmGnuNfK+ptYDG0PMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvS1B6TFBhdVBwUWlXWWFlNDE4cjZtMWdNYlE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBwURYAwQA
1RXtAwQA1RXwAwQA1RX4MA0GCSqGSIb3DQEBCwUAA4IBAQA/PJ0kBV1IXEOCeIfk
i8iN6lk1bgY3KCdPz9QWuJ+THJOv3hkBPay67QX6nRPAO3SdQrWueGBtiOzs/d4U
yMSySP6rBcnr4xBtKfivBVaLCpKauU4V1ZgKw72GM2HIjjMPuT3YyfYKYib6jSXL
hQL2H8kMaF+KLw/KpFq8EmY5qi8gbmpaAC3e97GUrQxSH8ijNWtoxyPkoiUghi3X
zl8b3ySlh/KSM+AsGA3Weg/1pRFxStqPkRVBTXSlucWS9A+Qz1U5B8ufun34XaUV
8Vl+a1EzkJOd9kLACMdCg2rOjmZJtNxeL3jvPCjnNF84ERTQqL/9VSQbVMDmBFol
+87Q
-----END CERTIFICATE-----
Generated at Wed May 13 00:43:33 2026 by rpki-client