Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/Av4AEb3AIMSJrm9oqXNHYRa1IvY.roa
File: Av4AEb3AIMSJrm9oqXNHYRa1IvY.roa (raw, json)
Hash identifier: b9S9sSQ039Hfar43NcPA4QYcrUjHPUS2YNtOtXh620E=
Subject key identifier: 02:FE:00:11:BD:C0:20:C4:89:AE:6F:68:A9:73:47:61:16:B5:22:F6
Certificate issuer: /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial: 019D0B7BB417FBAA9945CE752FEFBF126867
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/Av4AEb3AIMSJrm9oqXNHYRa1IvY.roa
Signing time: Fri 20 Mar 2026 13:42:29 +0000
ROA not before: Fri 20 Mar 2026 13:42:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 6079
IP address blocks: 89.28.200.0/24 maxlen: 24
89.28.201.0/24 maxlen: 24
89.28.203.0/24 maxlen: 24
89.28.204.0/24 maxlen: 24
89.28.206.0/24 maxlen: 24
89.28.207.0/24 maxlen: 24
152.89.193.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 19:01:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:0b:7b:b4:17:fb:aa:99:45:ce:75:2f:ef:bf:12:68:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
Validity
Not Before: Mar 20 13:42:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=02fe0011bdc020c489ae6f68a973476116b522f6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:d3:e6:c4:bc:a8:41:a0:8a:56:fe:8d:c7:46:
ea:68:84:ae:fb:a6:88:90:2c:bc:1d:64:b4:08:e9:
7f:5f:aa:8f:1f:ca:e4:f6:68:1c:e6:2e:54:7c:b2:
7a:03:b7:de:10:13:26:13:4a:c1:df:b7:64:a4:7a:
5b:62:1b:46:14:d0:cf:3e:1d:e6:57:fb:7b:0a:d3:
a0:3f:fa:dc:bd:3c:a6:47:26:f3:d9:f6:4c:c6:a9:
c8:4d:b1:27:f6:4d:20:47:16:00:73:88:aa:1d:dd:
c8:12:e3:22:c3:ab:7f:6b:a2:0a:44:35:e7:31:0c:
86:04:17:56:e9:51:00:a7:5f:6f:a5:ce:37:d3:76:
69:11:05:b0:97:e4:3c:ed:57:75:d1:3c:c3:30:74:
47:9e:5e:f3:b0:2e:a1:6c:9f:0f:c6:0a:53:ed:96:
52:9a:22:3f:9f:c1:8f:af:38:1a:c0:c3:e5:b5:37:
90:04:17:4c:7d:57:9b:0e:ff:7c:21:02:b9:6c:6c:
9a:fa:c5:2b:53:84:d9:15:ee:11:20:00:d9:a1:2b:
1e:34:67:f4:73:0b:49:5c:d8:2a:38:4c:6e:34:16:
41:f8:b5:ee:4e:b8:2b:9f:83:f4:30:1e:25:d0:a4:
af:00:71:24:ce:31:e1:0c:1f:b6:b1:04:05:9b:99:
c7:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:FE:00:11:BD:C0:20:C4:89:AE:6F:68:A9:73:47:61:16:B5:22:F6
X509v3 Authority Key Identifier:
keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/Av4AEb3AIMSJrm9oqXNHYRa1IvY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.28.200.0/23
89.28.203.0-89.28.204.255
89.28.206.0/23
152.89.193.0/24
Signature Algorithm: sha256WithRSAEncryption
a4:77:aa:fc:4d:56:1e:a3:ab:02:81:0b:cc:62:e1:95:42:c8:
51:ac:19:0b:51:ce:3d:0a:06:d4:b5:ac:03:ca:71:a6:96:3a:
fb:64:30:db:0f:e5:84:86:88:d2:8b:1a:33:22:00:e0:13:53:
9e:fc:cf:db:29:5c:9a:bd:78:59:cd:3b:d1:94:d5:43:13:36:
15:c7:58:35:f4:2c:72:a9:fe:91:40:96:eb:b3:a0:a1:b1:36:
8f:c7:66:6d:36:a9:37:ae:8a:74:f9:c6:c7:c5:da:9b:48:ee:
cf:14:3e:6c:12:2c:2b:30:50:7d:d0:61:68:af:fa:9d:5d:8b:
6a:60:82:9b:4a:b3:2e:31:fe:71:e7:fa:c0:2c:5e:7d:95:c0:
5d:00:b4:f9:7f:8a:0f:81:3b:ef:9e:43:5a:3c:fe:a3:c4:c6:
c8:ae:3b:59:26:d9:bb:91:28:79:e2:5d:40:37:36:c0:0f:d2:
93:f7:1c:a0:96:da:34:d1:59:3c:cd:a4:90:1c:dc:82:2b:61:
82:90:97:16:12:8b:8a:c1:23:34:a5:f7:26:2a:80:b8:24:17:
ee:48:c9:36:7e:64:f9:2c:73:87:c0:fd:e9:47:13:6d:2c:d5:
9d:16:8e:de:00:f2:ef:53:09:7f:ea:f8:22:6a:c9:ef:48:9f:
b9:c2:20:6e
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ0Le7QX+6qZRc51L++/EmhnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwMzIwMTM0MjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmZlMDAxMWJkYzAyMGM0ODlhZTZmNjhhOTczNDc2MTE2YjUyMmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9PmxLyoQaCKVv6Nx0bqaISu+6aI
kCy8HWS0COl/X6qPH8rk9mgc5i5UfLJ6A7feEBMmE0rB37dkpHpbYhtGFNDPPh3m
V/t7CtOgP/rcvTymRybz2fZMxqnITbEn9k0gRxYAc4iqHd3IEuMiw6t/a6IKRDXn
MQyGBBdW6VEAp19vpc4303ZpEQWwl+Q87Vd10TzDMHRHnl7zsC6hbJ8PxgpT7ZZS
miI/n8GPrzgawMPltTeQBBdMfVebDv98IQK5bGya+sUrU4TZFe4RIADZoSseNGf0
cwtJXNgqOExuNBZB+LXuTrgrn4P0MB4l0KSvAHEkzjHhDB+2sQQFm5nHCQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFAL+ABG9wCDEia5vaKlzR2EWtSL2MB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvQXY0QUViM0FJTVNKcm05b3FYTkhZUmExSXZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQBWRzIMAwD
BABZHMsDBABZHMwDBAFZHM4DBACYWcEwDQYJKoZIhvcNAQELBQADggEBAKR3qvxN
Vh6jqwKBC8xi4ZVCyFGsGQtRzj0KBtS1rAPKcaaWOvtkMNsP5YSGiNKLGjMiAOAT
U578z9spXJq9eFnNO9GU1UMTNhXHWDX0LHKp/pFAluuzoKGxNo/HZm02qTeuinT5
xsfF2ptI7s8UPmwSLCswUH3QYWiv+p1di2pggptKsy4x/nHn+sAsXn2VwF0AtPl/
ig+BO++eQ1o8/qPExsiuO1km2buRKHniXUA3NsAP0pP3HKCW2jTRWTzNpJAc3IIr
YYKQlxYSi4rBIzSl9yYqgLgkF+5IyTZ+ZPksc4fA/elHE20s1Z0Wjt4A8u9TCX/q
+CJqye9In7nCIG4=
-----END CERTIFICATE-----
Generated at Thu Mar 26 06:37:05 2026 by rpki-client