Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/2nDiBaC4EkoA5IpokADTZHJ3ZU0.roa
File: 2nDiBaC4EkoA5IpokADTZHJ3ZU0.roa (raw, json)
Hash identifier: f+ZQUnaX+ZUTEwgkC4X7B5uVZ6rymlt6mA9APiH1krM=
Subject key identifier: DA:70:E2:05:A0:B8:12:4A:00:E4:8A:68:90:00:D3:64:72:77:65:4D
Certificate issuer: /CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
Certificate serial: 019E030B5D1CD0CE9D119B51D91CC5D5D669
Authority key identifier: F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/2nDiBaC4EkoA5IpokADTZHJ3ZU0.roa
Signing time: Thu 07 May 2026 15:25:36 +0000
ROA not before: Thu 07 May 2026 15:25:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202468
IP address blocks: 95.38.176.0/20 maxlen: 20
95.38.176.0/23 maxlen: 23
95.38.178.0/23 maxlen: 23
95.38.180.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.mft
rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 20:10:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:03:0b:5d:1c:d0:ce:9d:11:9b:51:d9:1c:c5:d5:d6:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
Validity
Not Before: May 7 15:25:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=da70e205a0b8124a00e48a689000d3647277654d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:11:4f:cc:e0:b0:3d:86:ae:7b:e0:a5:89:23:
ad:c6:bf:f3:9d:1c:ef:2f:25:e8:47:ba:84:7b:aa:
34:60:6e:09:ef:76:33:e8:15:6a:2c:30:f8:91:d4:
34:92:46:21:08:03:30:ec:27:d1:c8:b3:c6:ae:13:
97:63:a9:ad:04:0d:2a:ef:d5:ad:bb:76:c5:ed:0b:
32:80:b7:40:17:60:19:1d:a1:1a:5b:5a:95:e5:43:
be:e9:ff:33:4e:76:9a:26:1e:5e:a9:5e:89:c7:99:
aa:70:9f:63:b1:00:df:10:06:e9:36:b4:86:c1:26:
f7:09:26:2e:21:13:88:8f:40:8f:f7:0d:7d:13:2c:
01:7a:f8:15:cf:fa:27:3a:33:7f:a8:96:57:35:f7:
c0:49:3b:bf:21:8f:d3:3e:84:62:78:7a:0c:09:f1:
75:a3:61:bc:c8:47:03:dc:0f:78:c5:08:e5:b3:67:
8a:83:6a:63:56:f6:ea:90:53:b8:35:0a:6e:e8:14:
28:d9:12:1d:47:07:5c:d1:4b:3e:d4:f7:9e:1a:23:
2f:e4:50:3a:e9:2d:e5:6e:5c:71:06:0b:ba:10:55:
11:26:f0:6c:c2:c2:7b:f6:46:6c:be:a6:e3:90:ba:
3c:59:13:19:2f:db:b8:ae:9f:92:72:63:8e:28:37:
1f:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:70:E2:05:A0:B8:12:4A:00:E4:8A:68:90:00:D3:64:72:77:65:4D
X509v3 Authority Key Identifier:
keyid:F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/2nDiBaC4EkoA5IpokADTZHJ3ZU0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.38.176.0/20
Signature Algorithm: sha256WithRSAEncryption
91:1e:aa:96:04:17:eb:72:32:af:83:bd:72:c8:da:55:51:15:
13:3f:2d:1f:a3:ae:12:54:19:5c:bf:7f:8c:30:f1:dc:e0:b4:
25:72:3f:f1:e1:aa:8b:d4:d9:e4:8c:0a:97:8f:97:f7:31:b9:
c4:d0:d0:47:07:31:cc:5f:17:84:54:f1:27:13:e1:66:f1:c2:
30:3d:5f:bf:41:0e:0e:0b:d4:4f:91:e0:ed:a2:fb:36:9d:46:
34:d4:20:25:cf:71:13:f0:78:09:89:5c:72:93:6e:99:94:ca:
31:0f:e8:c2:42:37:80:89:62:2a:05:09:14:86:eb:98:2f:8e:
65:08:81:65:4e:ea:cf:92:84:24:9f:ff:5f:ae:2c:5d:a6:2a:
36:ac:d1:a6:91:9a:ee:f7:d6:b2:d7:a5:a1:98:f8:5b:75:65:
a8:fc:1e:1f:14:90:be:54:78:26:59:3e:ee:5f:7f:23:d6:28:
c3:c0:5b:67:83:d0:f9:1d:1b:48:f2:e6:c1:3f:db:6c:6f:35:
3f:7b:cd:2c:ab:3f:c0:15:b3:51:f7:41:77:73:2e:bf:71:f9:
96:0b:03:d9:e2:bc:ad:5e:32:a7:17:c0:a2:7b:13:80:50:92:
ab:f5:a6:0a:d8:d0:fa:bd:50:97:c8:0d:45:8b:67:f5:03:99:
5b:60:3a:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4DC10c0M6dEZtR2RzF1dZpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzEwNDA0MTY5MWRjMzg0ZjNiMWE4Y2RmOTVjOTY2Mjhl
YTZkYWYwHhcNMjYwNTA3MTUyNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTcwZTIwNWEwYjgxMjRhMDBlNDhhNjg5MDAwZDM2NDcyNzc2NTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhFPzOCwPYaue+CliSOtxr/znRzv
LyXoR7qEe6o0YG4J73Yz6BVqLDD4kdQ0kkYhCAMw7CfRyLPGrhOXY6mtBA0q79Wt
u3bF7QsygLdAF2AZHaEaW1qV5UO+6f8zTnaaJh5eqV6Jx5mqcJ9jsQDfEAbpNrSG
wSb3CSYuIROIj0CP9w19EywBevgVz/onOjN/qJZXNffASTu/IY/TPoRieHoMCfF1
o2G8yEcD3A94xQjls2eKg2pjVvbqkFO4NQpu6BQo2RIdRwdc0Us+1PeeGiMv5FA6
6S3lblxxBgu6EFURJvBswsJ79kZsvqbjkLo8WRMZL9u4rp+ScmOOKDcf+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpw4gWguBJKAOSKaJAA02Ryd2VNMB8GA1UdIwQY
MBaAFPDBBAQWkdw4TzsajN+VyWYo6m2vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQt
NjkxNDIyMzExNzI5LzEvMm5EaUJhQzRFa29BNUlwb2tBRFRaSEozWlUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQtNjkxNDIyMzExNzI5
LzEvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEXyawMA0G
CSqGSIb3DQEBCwUAA4IBAQCRHqqWBBfrcjKvg71yyNpVURUTPy0fo64SVBlcv3+M
MPHc4LQlcj/x4aqL1NnkjAqXj5f3MbnE0NBHBzHMXxeEVPEnE+Fm8cIwPV+/QQ4O
C9RPkeDtovs2nUY01CAlz3ET8HgJiVxyk26ZlMoxD+jCQjeAiWIqBQkUhuuYL45l
CIFlTurPkoQkn/9frixdpio2rNGmkZru99ay16WhmPhbdWWo/B4fFJC+VHgmWT7u
X38j1ijDwFtng9D5HRtI8ubBP9tsbzU/e80sqz/AFbNR90F3cy6/cfmWCwPZ4ryt
XjKnF8CiexOAUJKr9aYK2ND6vVCXyA1Fi2f1A5lbYDq+
-----END CERTIFICATE-----
Generated at Wed May 13 02:59:27 2026 by rpki-client