Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/opsbT1mZiajN6yKjwmpQed2xKN0.roa
File: opsbT1mZiajN6yKjwmpQed2xKN0.roa (raw, json)
Hash identifier: hfDxL07Rn37mmDA9+6FxaXHlpTPNLOMYJcCFIz8V60Q=
Subject key identifier: A2:9B:1B:4F:59:99:89:A8:CD:EB:22:A3:C2:6A:50:79:DD:B1:28:DD
Certificate issuer: /CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Certificate serial: 019E07B535E399F86275ABF788BC71CB91C9
Authority key identifier: BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/opsbT1mZiajN6yKjwmpQed2xKN0.roa
Signing time: Fri 08 May 2026 13:09:36 +0000
ROA not before: Fri 08 May 2026 13:09:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 197695
IP address blocks: 79.174.77.0/24 maxlen: 24
79.174.78.0/23 maxlen: 24
79.174.80.0/21 maxlen: 24
79.174.88.0/21 maxlen: 24
89.104.64.0/21 maxlen: 24
89.104.74.0/24 maxlen: 24
89.104.94.0/24 maxlen: 24
89.111.152.0/22 maxlen: 24
89.111.168.0/21 maxlen: 24
168.222.142.0/23 maxlen: 24
195.24.71.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.mft
rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 23:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:07:b5:35:e3:99:f8:62:75:ab:f7:88:bc:71:cb:91:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Validity
Not Before: May 8 13:09:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a29b1b4f599989a8cdeb22a3c26a5079ddb128dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:b4:95:33:3b:59:a4:21:f1:02:46:68:d8:bd:
d7:6d:5b:9e:de:61:16:20:b4:cd:4d:d1:51:d8:53:
2a:74:4b:29:93:27:6d:d6:5a:9e:58:9d:fa:44:2d:
6b:45:55:a8:02:da:e5:8d:01:d4:74:80:05:59:16:
51:47:df:58:7c:01:e4:6a:b6:ce:c9:bc:b9:c6:d9:
90:a5:e6:b3:2a:b4:11:c9:36:c9:27:6a:43:34:6a:
e1:e7:f8:7b:2b:24:99:7b:70:9f:36:72:d5:fe:a1:
84:97:fa:b8:91:19:54:d0:af:8e:40:f5:4c:b3:e1:
66:9f:9c:aa:1a:19:84:69:84:87:96:47:a2:37:94:
85:b9:d6:24:db:22:df:75:1f:58:dc:dd:5d:01:a8:
5e:c9:bd:82:c6:c6:8e:a5:17:3d:a2:26:2e:f9:89:
f5:97:3d:49:4f:ff:1c:6b:c2:36:6c:eb:66:40:66:
cf:9c:d3:f9:6e:76:ec:37:24:69:12:37:5d:67:c9:
dd:0e:1d:62:3f:e0:1b:8b:01:13:75:fc:b1:db:cf:
9f:3b:90:d3:92:3d:4e:4d:87:37:0b:8f:79:ae:a8:
7d:23:c3:26:88:c6:b5:6c:0f:cf:34:17:72:87:4e:
25:61:33:8d:27:09:c3:5f:aa:e7:b3:22:15:ea:18:
04:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:9B:1B:4F:59:99:89:A8:CD:EB:22:A3:C2:6A:50:79:DD:B1:28:DD
X509v3 Authority Key Identifier:
keyid:BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/opsbT1mZiajN6yKjwmpQed2xKN0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.174.77.0-79.174.95.255
89.104.64.0/21
89.104.74.0/24
89.104.94.0/24
89.111.152.0/22
89.111.168.0/21
168.222.142.0/23
195.24.71.0/24
Signature Algorithm: sha256WithRSAEncryption
a2:fa:55:eb:a0:d3:5d:fe:c8:55:5b:c6:73:28:96:d6:26:b2:
2e:09:4f:74:f4:9f:53:42:16:6e:5a:f1:9d:74:18:92:a0:3f:
af:d8:09:76:f5:1e:34:09:32:b8:f3:aa:e5:1a:03:51:f2:40:
0f:e6:4c:51:37:1c:6a:a3:60:3c:cd:4e:21:ca:b9:73:b2:41:
59:46:b9:62:8c:88:0f:53:d4:81:e4:ae:4e:ef:a5:82:2a:a6:
d8:62:8b:c3:1d:64:bc:bb:45:36:6e:26:db:59:3b:b7:d4:4d:
ab:92:af:77:7e:c1:7c:2c:fa:19:19:01:5d:40:dd:07:95:90:
d7:3e:7d:4a:d1:e9:e4:39:28:77:7d:60:f0:e2:5e:9d:f6:bf:
ae:43:56:69:70:11:03:de:16:37:fa:b4:6b:5b:c6:4c:64:f4:
1a:d8:52:16:07:c2:cf:49:89:45:a6:b0:14:36:40:55:ce:50:
4f:03:56:06:4f:ad:9c:db:46:c0:67:22:64:ab:ac:1e:99:c9:
a6:ab:9c:a3:1c:ab:3d:82:77:04:e9:db:ea:b4:64:b1:a8:b5:
e0:70:18:9f:08:db:a4:f4:3d:e8:90:72:24:73:d8:5d:20:cf:
50:9f:ba:e9:6c:2b:fe:4f:df:e9:16:99:da:fb:fb:25:15:1d:
c0:95:88:f0
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZ4HtTXjmfhidav3iLxxy5HJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmFkMjNlMTFjZjBkMjRhNDc3NTk0ZWJhMDlmOTlhY2M2
ZjFmZmYwHhcNMjYwNTA4MTMwOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjliMWI0ZjU5OTk4OWE4Y2RlYjIyYTNjMjZhNTA3OWRkYjEyOGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA27SVMztZpCHxAkZo2L3XbVue3mEW
ILTNTdFR2FMqdEspkydt1lqeWJ36RC1rRVWoAtrljQHUdIAFWRZRR99YfAHkarbO
yby5xtmQpeazKrQRyTbJJ2pDNGrh5/h7KySZe3CfNnLV/qGEl/q4kRlU0K+OQPVM
s+Fmn5yqGhmEaYSHlkeiN5SFudYk2yLfdR9Y3N1dAaheyb2CxsaOpRc9oiYu+Yn1
lz1JT/8ca8I2bOtmQGbPnNP5bnbsNyRpEjddZ8ndDh1iP+AbiwETdfyx28+fO5DT
kj1OTYc3C495rqh9I8MmiMa1bA/PNBdyh04lYTONJwnDX6rnsyIV6hgEMQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFKKbG09ZmYmozesio8JqUHndsSjdMB8GA1UdIwQY
MBaAFL360j4Rzw0kpHdZTroJ+ZrMbx//MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEt
NGY0ZTcxZTMyMDg0LzEvb3BzYlQxbVppYWpONnlLandtcFFlZDJ4S04wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEtNGY0ZTcxZTMyMDg0
LzEvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4MAwDBABPrk0D
BAVPrkADBANZaEADBABZaEoDBABZaF4DBAJZb5gDBANZb6gDBAGo3o4DBADDGEcw
DQYJKoZIhvcNAQELBQADggEBAKL6Veug013+yFVbxnMoltYmsi4JT3T0n1NCFm5a
8Z10GJKgP6/YCXb1HjQJMrjzquUaA1HyQA/mTFE3HGqjYDzNTiHKuXOyQVlGuWKM
iA9T1IHkrk7vpYIqpthii8MdZLy7RTZuJttZO7fUTauSr3d+wXws+hkZAV1A3QeV
kNc+fUrR6eQ5KHd9YPDiXp32v65DVmlwEQPeFjf6tGtbxkxk9BrYUhYHws9JiUWm
sBQ2QFXOUE8DVgZPrZzbRsBnImSrrB6ZyaarnKMcqz2CdwTp2+q0ZLGoteBwGJ8I
26T0PeiQciRz2F0gz1CfuulsK/5P3+kWmdr7+yUVHcCViPA=
-----END CERTIFICATE-----
Generated at Wed May 13 08:25:10 2026 by rpki-client