Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/BK8IgDa2YWfH15KeQoypNaZ7M18.roa
File: BK8IgDa2YWfH15KeQoypNaZ7M18.roa (raw, json)
Hash identifier: 6BpUvOIxTW0cg027WM/QNtn7tQ+zM4t80RnLiUv7sIs=
Subject key identifier: 04:AF:08:80:36:B6:61:67:C7:D7:92:9E:42:8C:A9:35:A6:7B:33:5F
Certificate issuer: /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial: 019D2973F6C9177769A9E76455ED7CE6049B
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/BK8IgDa2YWfH15KeQoypNaZ7M18.roa
Signing time: Thu 26 Mar 2026 09:22:38 +0000
ROA not before: Thu 26 Mar 2026 09:22:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 53856
IP address blocks: 95.164.24.0/22 maxlen: 22
95.164.28.0/22 maxlen: 22
95.164.70.0/24 maxlen: 24
95.164.78.0/23 maxlen: 23
95.164.96.0/21 maxlen: 21
95.164.104.0/21 maxlen: 21
95.164.168.0/23 maxlen: 23
95.164.240.0/22 maxlen: 24
95.164.252.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 09:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:29:73:f6:c9:17:77:69:a9:e7:64:55:ed:7c:e6:04:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
Validity
Not Before: Mar 26 09:22:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=04af088036b66167c7d7929e428ca935a67b335f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:68:84:9f:8d:1e:91:69:f3:00:66:da:c6:4c:
ee:44:a8:bb:b0:ca:87:56:2f:ee:c8:ff:94:ed:0f:
12:89:f0:87:d1:1c:c1:75:ed:9a:f6:7c:13:74:9c:
63:d3:fe:b8:5a:d7:4e:18:07:dd:b3:61:d6:06:ce:
00:2a:78:4a:75:54:8b:fc:6b:ed:9b:a7:bc:12:6d:
48:bd:d1:5c:9d:59:0b:a0:9a:74:87:5f:93:c4:f4:
f6:62:b8:e8:24:ee:94:d5:e7:3d:6d:69:bf:e4:aa:
c8:6d:d3:d5:34:8a:d4:6d:e2:46:4f:9b:72:56:95:
ff:b1:7b:90:5b:0d:54:74:30:59:65:45:00:f0:24:
03:47:2a:f5:20:f5:f5:cf:98:85:08:df:17:fd:52:
e1:72:20:57:ac:d7:f1:2e:c6:26:57:eb:b3:82:1d:
4c:58:32:7b:37:94:e0:06:7b:ad:0b:c1:7f:1a:6e:
f6:fa:93:ea:f5:b3:1d:05:36:65:45:1b:ac:78:70:
27:91:10:41:5d:6f:78:41:32:2d:06:c7:15:24:44:
af:c1:b9:a5:f2:bd:c0:f1:9b:43:82:a6:9a:2c:e5:
36:a5:73:cb:b3:3b:bf:3a:62:9c:49:34:2c:f6:68:
6f:30:a6:80:b7:40:aa:16:44:90:21:59:28:2a:67:
da:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:AF:08:80:36:B6:61:67:C7:D7:92:9E:42:8C:A9:35:A6:7B:33:5F
X509v3 Authority Key Identifier:
keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/BK8IgDa2YWfH15KeQoypNaZ7M18.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.164.24.0/21
95.164.70.0/24
95.164.78.0/23
95.164.96.0/20
95.164.168.0/23
95.164.240.0/22
95.164.252.0/22
Signature Algorithm: sha256WithRSAEncryption
20:c3:2c:41:75:47:63:ee:7f:e6:15:e5:76:85:32:1b:53:03:
31:8d:7b:bc:07:b3:45:82:ac:5f:45:fc:a5:90:69:3e:b9:5e:
ba:56:29:c8:1d:cd:e6:10:72:de:ae:39:28:0e:73:75:f1:2b:
d5:88:b1:b3:0d:63:92:ac:ce:51:47:30:ed:e2:06:22:f3:e2:
b6:64:79:11:65:2c:95:07:e4:e7:af:64:93:84:f5:5a:27:4f:
bf:ce:72:14:82:0a:b2:b1:90:6f:5f:73:91:9f:10:f9:e7:14:
92:e2:d7:95:b0:c5:fb:f1:e0:6b:86:5b:0e:26:c9:7c:d5:fd:
3a:ef:21:2a:a7:3a:95:28:84:84:52:91:73:a2:b5:91:30:89:
9a:ca:cd:2a:e4:33:a8:ab:12:f9:33:4c:ce:ce:dd:53:6d:6a:
44:6f:9e:b3:4b:f7:af:99:e2:09:cf:75:3e:e6:f8:8e:90:32:
ce:3e:d9:04:fc:51:10:51:0b:c7:88:d4:49:a9:32:5c:5f:1c:
69:05:02:33:60:5d:d5:0f:ef:74:eb:67:d8:8e:70:66:f4:60:
0a:c5:b2:88:8f:90:62:f5:0f:50:00:cf:03:90:fd:81:4b:86:
ae:21:cd:fa:c1:97:77:b8:5f:83:41:54:20:a7:14:1c:51:15:
fb:8a:2b:b5
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZ0pc/bJF3dpqedkVe185gSbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjYwMzI2MDkyMjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGFmMDg4MDM2YjY2MTY3YzdkNzkyOWU0MjhjYTkzNWE2N2IzMzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2iEn40ekWnzAGbaxkzuRKi7sMqH
Vi/uyP+U7Q8SifCH0RzBde2a9nwTdJxj0/64WtdOGAfds2HWBs4AKnhKdVSL/Gvt
m6e8Em1IvdFcnVkLoJp0h1+TxPT2YrjoJO6U1ec9bWm/5KrIbdPVNIrUbeJGT5ty
VpX/sXuQWw1UdDBZZUUA8CQDRyr1IPX1z5iFCN8X/VLhciBXrNfxLsYmV+uzgh1M
WDJ7N5TgBnutC8F/Gm72+pPq9bMdBTZlRRuseHAnkRBBXW94QTItBscVJESvwbml
8r3A8ZtDgqaaLOU2pXPLszu/OmKcSTQs9mhvMKaAt0CqFkSQIVkoKmfaawIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFASvCIA2tmFnx9eSnkKMqTWmezNfMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvQks4SWdEYTJZV2ZIMTVLZVFveXBOYVo3TTE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQDX6QYAwQA
X6RGAwQBX6ROAwQEX6RgAwQBX6SoAwQCX6TwAwQCX6T8MA0GCSqGSIb3DQEBCwUA
A4IBAQAgwyxBdUdj7n/mFeV2hTIbUwMxjXu8B7NFgqxfRfylkGk+uV66VinIHc3m
EHLerjkoDnN18SvViLGzDWOSrM5RRzDt4gYi8+K2ZHkRZSyVB+Tnr2SThPVaJ0+/
znIUggqysZBvX3ORnxD55xSS4teVsMX78eBrhlsOJsl81f067yEqpzqVKISEUpFz
orWRMImays0q5DOoqxL5M0zOzt1TbWpEb56zS/evmeIJz3U+5viOkDLOPtkE/FEQ
UQvHiNRJqTJcXxxpBQIzYF3VD+9062fYjnBm9GAKxbKIj5Bi9Q9QAM8DkP2BS4au
Ic36wZd3uF+DQVQgpxQcURX7iiu1
-----END CERTIFICATE-----
Generated at Thu Mar 26 15:55:04 2026 by rpki-client