Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/908fb1-af29-41ce-b1f8-17123fe37be9/1/uK-XNVHo9tYItPi3LFPZI8WJr_8.roa
File: uK-XNVHo9tYItPi3LFPZI8WJr_8.roa (raw, json)
Hash identifier: vEACxQ0R2A7CfLsvs58jY8ndJKAAaoNlmaFWAMwCX0w=
Subject key identifier: B8:AF:97:35:51:E8:F6:D6:08:B4:F8:B7:2C:53:D9:23:C5:89:AF:FF
Certificate issuer: /CN=d65d79f98e70b22ad7d76a2085aa7b851aa18483
Certificate serial: 019CC2FA429170C5CE3A563C05AF6367E8E6
Authority key identifier: D6:5D:79:F9:8E:70:B2:2A:D7:D7:6A:20:85:AA:7B:85:1A:A1:84:83
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1l15-Y5wsirX12oghap7hRqhhIM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d5/908fb1-af29-41ce-b1f8-17123fe37be9/1/uK-XNVHo9tYItPi3LFPZI8WJr_8.roa
Signing time: Fri 06 Mar 2026 11:48:26 +0000
ROA not before: Fri 06 Mar 2026 11:48:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 212984
IP address blocks: 194.49.96.0/24 maxlen: 24
194.49.97.0/24 maxlen: 24
194.49.98.0/24 maxlen: 24
194.49.99.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d5/908fb1-af29-41ce-b1f8-17123fe37be9/1/1l15-Y5wsirX12oghap7hRqhhIM.crl
rsync://rpki.ripe.net/repository/DEFAULT/d5/908fb1-af29-41ce-b1f8-17123fe37be9/1/1l15-Y5wsirX12oghap7hRqhhIM.mft
rsync://rpki.ripe.net/repository/DEFAULT/1l15-Y5wsirX12oghap7hRqhhIM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 16:32:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:c2:fa:42:91:70:c5:ce:3a:56:3c:05:af:63:67:e8:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d65d79f98e70b22ad7d76a2085aa7b851aa18483
Validity
Not Before: Mar 6 11:48:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b8af973551e8f6d608b4f8b72c53d923c589afff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:a7:f7:f4:e4:e3:0b:96:9f:5e:38:22:41:67:
92:07:08:0f:b4:b8:e9:b1:b3:0d:c6:dc:4f:1c:a2:
22:33:fc:f2:8c:ea:c4:9d:b7:52:bb:8e:26:66:f4:
be:f8:29:b6:74:1a:75:4d:83:c0:a2:14:01:22:63:
75:21:fc:49:52:02:01:5a:88:a4:e8:2c:3f:da:88:
ad:91:b4:4c:2c:7f:fa:21:27:d0:43:47:2e:fe:ec:
07:5f:09:2d:a0:a3:2a:18:7f:fb:99:2a:f8:03:41:
c6:a5:5d:b8:a9:db:ea:10:93:22:0a:43:95:41:7f:
08:70:49:dd:85:98:71:7d:a2:b9:cb:7f:d6:5f:09:
81:00:57:60:5d:d1:2b:a1:c9:23:80:60:ab:45:8d:
99:2a:c1:24:cb:f2:61:c4:e5:73:b5:80:f7:07:46:
bf:42:39:f3:0e:ca:08:35:93:c1:af:fc:f6:93:07:
3d:6d:5b:cc:b2:f1:2b:f3:a1:f2:54:f7:b8:e0:b3:
c5:6a:69:6a:f2:13:ea:20:f7:5a:c8:b0:35:7f:9d:
76:13:0a:ea:ec:ba:8c:56:65:8b:63:79:03:06:cf:
90:67:23:bc:d6:6b:68:98:b4:41:54:b5:9a:20:b5:
ff:00:01:4a:4c:09:84:3f:da:a9:0a:59:c2:c4:84:
e7:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:AF:97:35:51:E8:F6:D6:08:B4:F8:B7:2C:53:D9:23:C5:89:AF:FF
X509v3 Authority Key Identifier:
keyid:D6:5D:79:F9:8E:70:B2:2A:D7:D7:6A:20:85:AA:7B:85:1A:A1:84:83
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1l15-Y5wsirX12oghap7hRqhhIM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/908fb1-af29-41ce-b1f8-17123fe37be9/1/uK-XNVHo9tYItPi3LFPZI8WJr_8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/908fb1-af29-41ce-b1f8-17123fe37be9/1/1l15-Y5wsirX12oghap7hRqhhIM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.49.96.0/22
Signature Algorithm: sha256WithRSAEncryption
81:19:ba:ac:bb:5c:3a:cd:a6:6b:5a:e4:32:71:91:59:ff:52:
57:99:12:5c:29:52:1c:96:cd:1a:67:9f:ee:f9:b1:ee:02:b1:
17:fc:0d:21:db:bd:37:1b:b8:91:82:1b:c6:3c:1d:f8:55:f0:
30:7a:19:f9:c7:76:59:89:28:9a:29:3a:db:7a:f8:fe:2d:81:
2b:39:e9:e7:45:be:03:c1:2e:1a:f7:a0:c0:59:c8:31:42:72:
ca:03:6e:e3:8f:f3:cb:5a:6d:ae:1d:2f:04:26:d5:23:30:93:
57:57:0c:6a:31:e1:d4:49:f1:2c:dc:26:51:b5:1b:4e:d2:73:
be:c8:5e:92:80:10:73:cd:d0:02:d2:f0:c3:22:90:59:77:ab:
f5:d7:a6:66:86:b6:28:67:58:d7:20:e9:03:57:15:f1:80:9c:
cb:7a:1b:d8:b3:1b:3e:eb:ef:a7:e3:6c:bf:68:0d:63:bb:d3:
f0:4c:db:f2:88:76:a6:95:11:a7:3b:79:69:6f:8f:9f:09:3a:
0d:ef:66:0c:c3:81:d9:52:4a:af:02:b2:ea:bd:5a:55:a2:7c:
f8:da:0e:54:f8:8b:d4:c8:ef:4d:a0:7e:11:32:62:68:bd:8b:
d6:35:0d:11:45:c8:62:2e:d4:a6:2b:4c:f2:6e:48:8c:82:7d:
10:84:2a:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzC+kKRcMXOOlY8Ba9jZ+jmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NWQ3OWY5OGU3MGIyMmFkN2Q3NmEyMDg1YWE3Yjg1MWFh
MTg0ODMwHhcNMjYwMzA2MTE0ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGFmOTczNTUxZThmNmQ2MDhiNGY4YjcyYzUzZDkyM2M1ODlhZmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Kf39OTjC5afXjgiQWeSBwgPtLjp
sbMNxtxPHKIiM/zyjOrEnbdSu44mZvS++Cm2dBp1TYPAohQBImN1IfxJUgIBWoik
6Cw/2oitkbRMLH/6ISfQQ0cu/uwHXwktoKMqGH/7mSr4A0HGpV24qdvqEJMiCkOV
QX8IcEndhZhxfaK5y3/WXwmBAFdgXdErockjgGCrRY2ZKsEky/JhxOVztYD3B0a/
QjnzDsoINZPBr/z2kwc9bVvMsvEr86HyVPe44LPFamlq8hPqIPdayLA1f512Ewrq
7LqMVmWLY3kDBs+QZyO81mtomLRBVLWaILX/AAFKTAmEP9qpClnCxITnGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLivlzVR6PbWCLT4tyxT2SPFia//MB8GA1UdIwQY
MBaAFNZdefmOcLIq19dqIIWqe4UaoYSDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWwxNS1ZNXdzaXJYMTJvZ2hhcDdoUnFoaElNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS85MDhmYjEtYWYyOS00MWNlLWIxZjgt
MTcxMjNmZTM3YmU5LzEvdUstWE5WSG85dFlJdFBpM0xGUFpJOFdKcl84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS85MDhmYjEtYWYyOS00MWNlLWIxZjgtMTcxMjNmZTM3YmU5
LzEvMWwxNS1ZNXdzaXJYMTJvZ2hhcDdoUnFoaElNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjFgMA0G
CSqGSIb3DQEBCwUAA4IBAQCBGbqsu1w6zaZrWuQycZFZ/1JXmRJcKVIcls0aZ5/u
+bHuArEX/A0h2703G7iRghvGPB34VfAwehn5x3ZZiSiaKTrbevj+LYErOennRb4D
wS4a96DAWcgxQnLKA27jj/PLWm2uHS8EJtUjMJNXVwxqMeHUSfEs3CZRtRtO0nO+
yF6SgBBzzdAC0vDDIpBZd6v116ZmhrYoZ1jXIOkDVxXxgJzLehvYsxs+6++n42y/
aA1ju9PwTNvyiHamlRGnO3lpb4+fCToN72YMw4HZUkqvArLqvVpVonz42g5U+IvU
yO9NoH4RMmJovYvWNQ0RRchiLtSmK0zybkiMgn0QhCpZ
-----END CERTIFICATE-----
Generated at Fri Mar 27 01:33:50 2026 by rpki-client