Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/RROskC01oY8ik1jv9pODlvMWoI0.roa
File: RROskC01oY8ik1jv9pODlvMWoI0.roa (raw, json)
Hash identifier: lRVESEDIz33P/s8fDuslCEVyyzFPd8mRR/XC1xoem+M=
Subject key identifier: 45:13:AC:90:2D:35:A1:8F:22:93:58:EF:F6:93:83:96:F3:16:A0:8D
Certificate issuer: /CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
Certificate serial: 019D0124EA31794E5AE28D756E631C521A84
Authority key identifier: DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/RROskC01oY8ik1jv9pODlvMWoI0.roa
Signing time: Wed 18 Mar 2026 13:31:29 +0000
ROA not before: Wed 18 Mar 2026 13:31:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 210656
IP address blocks: 89.223.20.0/24 maxlen: 24
92.255.58.0/23 maxlen: 24
94.126.204.0/22 maxlen: 24
94.139.248.0/22 maxlen: 24
185.184.128.0/22 maxlen: 22
2a0d:d6c2::/48 maxlen: 48
2a0d:d6c7:3::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.crl
rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.mft
rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 09:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:01:24:ea:31:79:4e:5a:e2:8d:75:6e:63:1c:52:1a:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
Validity
Not Before: Mar 18 13:31:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4513ac902d35a18f229358eff6938396f316a08d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:a9:e0:00:12:62:01:f9:54:ba:0b:0b:1e:23:
eb:91:d6:1d:c8:31:f8:d1:94:b6:65:29:6f:92:2a:
83:c1:77:01:f2:b8:32:f1:b4:6b:f2:65:0b:ae:1f:
11:b1:6e:0c:d2:a4:6a:f7:cf:5b:79:c2:62:b4:5a:
1b:f8:39:a7:47:dc:07:b8:7c:56:90:62:57:83:b8:
95:b5:1e:7b:81:a9:7b:be:89:f8:e5:9e:ec:fc:18:
73:2e:97:3f:3e:4b:42:20:4d:63:bd:6a:22:24:85:
a6:53:be:3e:a8:3f:8e:92:1d:a9:15:cb:8e:bd:54:
c0:ba:e9:a1:70:97:66:f8:89:64:4b:ce:ef:ff:92:
2d:66:30:c0:73:d7:2d:94:b2:f3:11:30:70:21:a5:
ab:13:17:57:8a:aa:95:41:0c:fe:c8:78:57:e9:16:
8a:ce:d7:c7:0d:a8:3a:c9:6e:bc:36:6c:61:09:4f:
2e:d7:e4:1d:21:e7:c4:f3:dd:9b:d3:97:70:45:0f:
72:4f:9e:88:58:1a:d3:15:00:4b:69:0b:ac:b4:4e:
6a:32:ec:e3:a1:11:9e:66:0e:31:bb:32:11:87:67:
77:08:f1:a3:9c:da:06:f8:b0:50:b2:27:53:2c:ad:
18:95:6e:db:c6:72:d2:39:ee:c0:ce:5e:9e:44:5c:
a1:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:13:AC:90:2D:35:A1:8F:22:93:58:EF:F6:93:83:96:F3:16:A0:8D
X509v3 Authority Key Identifier:
keyid:DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/RROskC01oY8ik1jv9pODlvMWoI0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.223.20.0/24
92.255.58.0/23
94.126.204.0/22
94.139.248.0/22
185.184.128.0/22
IPv6:
2a0d:d6c2::/48
2a0d:d6c7:3::/48
Signature Algorithm: sha256WithRSAEncryption
5b:d1:8f:0c:06:99:3c:57:f7:d8:cb:20:22:5f:6f:1e:7f:a1:
0f:d3:09:2b:16:c0:d9:27:86:bd:6f:cd:7e:65:29:b5:03:02:
d2:09:e8:9d:1a:66:4b:3d:de:71:8a:48:fd:81:cb:5a:78:ff:
9f:07:b4:4b:53:6b:63:3a:19:dc:a5:fd:ab:f1:79:54:18:aa:
eb:1d:c2:76:e2:c1:bb:56:47:63:30:8a:70:c9:53:10:d9:4b:
39:d6:d8:7c:c4:a8:44:f9:dc:92:72:76:44:19:e8:17:31:f0:
dc:1c:2a:2b:77:18:b8:06:4f:3d:23:03:6b:9a:88:85:e4:c1:
07:e7:2b:45:8e:34:cc:46:71:40:60:95:9d:97:9c:25:b6:10:
f4:6c:e3:cc:11:9c:8b:78:81:a7:c6:02:f5:fc:99:01:01:cb:
85:05:13:ac:04:fb:3d:6d:d0:97:5a:0d:70:bc:2c:d3:ee:1c:
4a:f0:40:3f:61:28:33:02:ca:ec:77:4e:d2:1a:32:ef:ba:c3:
9b:9a:3a:bc:67:31:98:b2:b4:72:7b:93:4c:5a:fa:22:b4:2a:
67:60:81:c0:88:f1:2b:c0:3d:0f:c1:5d:83:b7:d1:81:7d:49:
05:0f:b1:10:db:61:84:e5:53:80:a8:85:ba:16:ca:8b:a4:39:
8f:9b:02:aa
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZ0BJOoxeU5a4o11bmMcUhqEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjODZlM2U5MjhjN2YwYzlkYjY5NTE1ZmYzYWExZjY3OGNl
ZTQzYzAwHhcNMjYwMzE4MTMzMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTEzYWM5MDJkMzVhMThmMjI5MzU4ZWZmNjkzODM5NmYzMTZhMDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKngABJiAflUugsLHiPrkdYdyDH4
0ZS2ZSlvkiqDwXcB8rgy8bRr8mULrh8RsW4M0qRq989becJitFob+DmnR9wHuHxW
kGJXg7iVtR57gal7von45Z7s/BhzLpc/PktCIE1jvWoiJIWmU74+qD+Okh2pFcuO
vVTAuumhcJdm+IlkS87v/5ItZjDAc9ctlLLzETBwIaWrExdXiqqVQQz+yHhX6RaK
ztfHDag6yW68NmxhCU8u1+QdIefE892b05dwRQ9yT56IWBrTFQBLaQustE5qMuzj
oRGeZg4xuzIRh2d3CPGjnNoG+LBQsidTLK0YlW7bxnLSOe7Azl6eRFyhDwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFEUTrJAtNaGPIpNY7/aTg5bzFqCNMB8GA1UdIwQY
MBaAFNyG4+kox/DJ22lRX/OqH2eM7kPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjIt
OWM4ZTU5YzI3NzFjLzEvUlJPc2tDMDFvWThpazFqdjlwT0Rsdk1Xb0kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjItOWM4ZTU5YzI3NzFj
LzEvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAkBAIAATAeAwQAWd8UAwQB
XP86AwQCXn7MAwQCXov4AwQCubiAMBgEAgACMBIDBwAqDdbCAAADBwAqDdbHAAMw
DQYJKoZIhvcNAQELBQADggEBAFvRjwwGmTxX99jLICJfbx5/oQ/TCSsWwNknhr1v
zX5lKbUDAtIJ6J0aZks93nGKSP2By1p4/58HtEtTa2M6Gdyl/avxeVQYqusdwnbi
wbtWR2MwinDJUxDZSznW2HzEqET53JJydkQZ6Bcx8NwcKit3GLgGTz0jA2uaiIXk
wQfnK0WONMxGcUBglZ2XnCW2EPRs48wRnIt4gafGAvX8mQEBy4UFE6wE+z1t0Jda
DXC8LNPuHErwQD9hKDMCyux3TtIaMu+6w5uaOrxnMZiytHJ7k0xa+iK0KmdggcCI
8SvAPQ/BXYO30YF9SQUPsRDbYYTlU4CohboWyoukOY+bAqo=
-----END CERTIFICATE-----
Generated at Thu Mar 26 13:32:28 2026 by rpki-client