Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/jR5kew6fzKC8LrRELsfEF_xqPY0.roa
File: jR5kew6fzKC8LrRELsfEF_xqPY0.roa (raw, json)
Hash identifier: DyIyP/D8JiwLk+A9TgA7HGYw8hICN7TzEhZyhCtBhvA=
Subject key identifier: 8D:1E:64:7B:0E:9F:CC:A0:BC:2E:B4:44:2E:C7:C4:17:FC:6A:3D:8D
Certificate issuer: /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial: 019CD854B4E7580384B89AD70F6F280E73BD
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/jR5kew6fzKC8LrRELsfEF_xqPY0.roa
Signing time: Tue 10 Mar 2026 15:19:15 +0000
ROA not before: Tue 10 Mar 2026 15:19:15 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 52053
IP address blocks: 185.236.8.0/24 maxlen: 24
185.255.112.0/24 maxlen: 24
185.255.114.0/24 maxlen: 24
193.38.250.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 15:17:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:d8:54:b4:e7:58:03:84:b8:9a:d7:0f:6f:28:0e:73:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Validity
Not Before: Mar 10 15:19:15 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8d1e647b0e9fcca0bc2eb4442ec7c417fc6a3d8d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:be:95:d0:85:0c:24:36:71:c8:61:35:98:ec:
c0:86:54:7b:3e:29:0a:b3:23:39:b0:6c:a9:71:64:
7e:e4:e7:96:d2:25:ac:d4:12:37:73:14:71:d2:21:
a9:84:ee:8f:3b:3c:d4:b3:51:49:33:dc:05:5d:47:
f5:a3:28:7f:ce:46:eb:0c:b9:84:d7:3f:c6:22:4a:
2d:29:32:c3:fd:97:a8:f1:ba:6c:2d:56:ab:22:e2:
db:f1:7c:ad:7f:3e:27:0c:c1:1e:bb:95:2d:d5:47:
aa:61:fc:a4:cd:99:61:a6:0d:87:ef:05:df:5a:da:
f7:c1:63:75:78:37:80:e7:6b:b1:5f:e0:aa:ad:8e:
e0:cb:66:22:bd:47:f9:37:9f:a4:ad:b0:bd:14:9c:
48:b6:2d:a8:24:66:49:24:4b:cc:66:0b:85:f5:38:
ea:73:7b:87:27:fc:f1:dd:7f:5c:59:d9:5d:61:7c:
2a:86:92:de:af:24:b4:ea:cc:19:19:37:c3:ea:e4:
4f:6f:bd:b0:57:66:34:e6:e0:13:98:f0:05:3d:ff:
d8:be:65:77:48:62:f2:e0:6e:bd:81:c0:50:eb:2d:
8c:e2:af:52:73:b1:87:f3:5e:ad:46:6b:7a:03:1b:
32:69:e8:17:23:e3:03:bf:c8:4b:e2:29:bf:d6:c9:
67:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:1E:64:7B:0E:9F:CC:A0:BC:2E:B4:44:2E:C7:C4:17:FC:6A:3D:8D
X509v3 Authority Key Identifier:
keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/jR5kew6fzKC8LrRELsfEF_xqPY0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.236.8.0/24
185.255.112.0/24
185.255.114.0/24
193.38.250.0/24
Signature Algorithm: sha256WithRSAEncryption
8a:39:f7:80:09:44:e1:51:5a:19:64:55:d9:dc:1b:b5:b7:cd:
96:dd:c5:c0:f4:71:55:86:21:de:ff:6e:62:1d:a6:da:7a:0a:
e4:74:0e:3f:a5:b7:44:53:b9:6d:33:c0:ac:4a:c9:c5:97:92:
f4:02:87:2d:3e:40:ec:c6:eb:f8:aa:a0:71:8d:58:8d:e8:e9:
98:93:8d:bb:db:8a:3b:3a:02:97:8d:e3:f8:1c:96:40:37:74:
fd:6a:dc:d2:f2:5e:88:5b:87:c8:ad:4c:a5:4f:63:2a:53:3e:
01:f7:b5:ee:98:54:8e:f0:5f:90:02:f7:91:fa:42:0f:a7:85:
29:89:b9:a0:09:b8:ef:0c:cd:cb:d7:2b:d5:15:18:b7:59:42:
2a:cf:a5:4a:b2:57:f5:3c:8d:f9:c0:c1:02:6a:45:11:fc:f8:
e1:77:d3:b4:ea:2d:78:61:23:6b:7a:83:19:c3:cd:7f:39:39:
7e:d6:2b:ff:44:64:b0:20:73:d1:6e:d4:94:7a:b7:3d:4b:5a:
fa:ce:cf:68:06:0e:0b:71:d4:88:15:93:11:8e:f2:e0:4a:17:
d3:86:f6:a3:91:29:96:b0:2e:cf:6a:d2:29:ff:35:d9:1f:9b:
31:29:45:da:31:56:3c:92:b6:80:63:b5:df:d3:5b:03:62:9d:
30:55:8a:e1
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZzYVLTnWAOEuJrXD28oDnO9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjYwMzEwMTUxOTE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDFlNjQ3YjBlOWZjY2EwYmMyZWI0NDQyZWM3YzQxN2ZjNmEzZDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp76V0IUMJDZxyGE1mOzAhlR7PikK
syM5sGypcWR+5OeW0iWs1BI3cxRx0iGphO6POzzUs1FJM9wFXUf1oyh/zkbrDLmE
1z/GIkotKTLD/Zeo8bpsLVarIuLb8Xytfz4nDMEeu5Ut1UeqYfykzZlhpg2H7wXf
Wtr3wWN1eDeA52uxX+CqrY7gy2YivUf5N5+krbC9FJxIti2oJGZJJEvMZguF9Tjq
c3uHJ/zx3X9cWdldYXwqhpLeryS06swZGTfD6uRPb72wV2Y05uATmPAFPf/YvmV3
SGLy4G69gcBQ6y2M4q9Sc7GH816tRmt6AxsyaegXI+MDv8hL4im/1slnhQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFI0eZHsOn8ygvC60RC7HxBf8aj2NMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvalI1a2V3NmZ6S0M4THJSRUxzZkVGX3hxUFkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAuewIAwQA
uf9wAwQAuf9yAwQAwSb6MA0GCSqGSIb3DQEBCwUAA4IBAQCKOfeACUThUVoZZFXZ
3Bu1t82W3cXA9HFVhiHe/25iHabaegrkdA4/pbdEU7ltM8CsSsnFl5L0AoctPkDs
xuv4qqBxjViN6OmYk42724o7OgKXjeP4HJZAN3T9atzS8l6IW4fIrUylT2MqUz4B
97XumFSO8F+QAveR+kIPp4UpibmgCbjvDM3L1yvVFRi3WUIqz6VKslf1PI35wMEC
akUR/Pjhd9O06i14YSNreoMZw81/OTl+1iv/RGSwIHPRbtSUerc9S1r6zs9oBg4L
cdSIFZMRjvLgShfThvajkSmWsC7PatIp/zXZH5sxKUXaMVY8kraAY7Xf01sDYp0w
VYrh
-----END CERTIFICATE-----
Generated at Wed Mar 25 21:27:16 2026 by rpki-client