Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/ntJmBypWJsX7aOzKTfBq4ZKaaJQ.roa
File: ntJmBypWJsX7aOzKTfBq4ZKaaJQ.roa (raw, json)
Hash identifier: x9oBOBfjKBk9B39p+PlGDZLBYguT1uhU4ndYq9536DE=
Subject key identifier: 9E:D2:66:07:2A:56:26:C5:FB:68:EC:CA:4D:F0:6A:E1:92:9A:68:94
Certificate issuer: /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial: 019D24DD57A995ED447E50D931B472221479
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/ntJmBypWJsX7aOzKTfBq4ZKaaJQ.roa
Signing time: Wed 25 Mar 2026 11:59:38 +0000
ROA not before: Wed 25 Mar 2026 11:59:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 834
IP address blocks: 85.115.208.0/23 maxlen: 24
85.115.210.0/23 maxlen: 24
85.115.210.0/24 maxlen: 24
213.145.68.0/23 maxlen: 23
213.145.70.0/23 maxlen: 24
213.145.70.0/24 maxlen: 24
213.145.72.0/21 maxlen: 24
213.145.82.0/24 maxlen: 24
213.145.84.0/23 maxlen: 23
213.145.86.0/23 maxlen: 23
213.145.88.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:24:dd:57:a9:95:ed:44:7e:50:d9:31:b4:72:22:14:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Validity
Not Before: Mar 25 11:59:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9ed266072a5626c5fb68ecca4df06ae1929a6894
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:6d:7f:38:e5:ec:db:22:5e:8a:9b:f3:a2:2d:
f8:39:26:15:57:62:3c:c6:c5:45:15:de:14:0f:23:
29:49:9d:66:e0:0b:e4:0b:3b:eb:59:9a:a9:6e:af:
34:fb:3e:cd:80:da:b5:91:e8:03:70:2f:96:82:00:
10:e1:fc:a4:84:80:e2:aa:1f:8f:67:dd:75:9a:68:
dd:1d:41:06:3c:73:3d:b6:77:a0:97:4e:04:18:23:
88:06:36:c4:b0:55:a3:dd:14:01:e1:e7:65:27:4e:
85:7a:d2:21:fe:88:4f:12:ff:7a:a9:2b:7a:e8:99:
22:3a:d1:06:ac:5a:68:0f:e1:8d:a1:11:37:a6:14:
64:db:f7:30:d7:ef:e1:52:a2:d7:07:30:81:46:e5:
30:dc:8d:8d:4d:b0:02:13:2d:84:01:6d:63:4e:ee:
e3:8b:93:dc:98:68:e8:1b:08:d9:e9:6f:b4:ce:e3:
14:93:51:60:8a:e5:02:6c:6c:f4:60:50:5e:12:4d:
8a:a4:cf:cd:9f:36:1e:73:d1:39:a6:31:c0:70:ee:
da:55:a6:8c:c3:90:3c:a8:c8:24:ea:7c:25:46:4b:
46:d5:2d:3e:46:52:a5:7d:77:c2:e2:fe:51:55:8f:
43:ae:3d:38:9c:14:0e:fb:01:17:66:ba:02:d3:b1:
bb:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:D2:66:07:2A:56:26:C5:FB:68:EC:CA:4D:F0:6A:E1:92:9A:68:94
X509v3 Authority Key Identifier:
keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/ntJmBypWJsX7aOzKTfBq4ZKaaJQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.115.208.0/22
213.145.68.0-213.145.79.255
213.145.82.0/24
213.145.84.0-213.145.89.255
Signature Algorithm: sha256WithRSAEncryption
e5:b0:0f:9a:30:20:7f:bd:b3:c5:97:5d:62:8f:4c:67:e9:4c:
de:a8:9c:48:f6:99:7c:76:24:89:d3:ed:89:01:3d:bb:24:19:
99:4e:20:3a:88:b7:0a:3c:ad:b2:3f:fb:ab:82:8b:fe:08:0e:
96:73:62:df:80:45:df:21:c0:1d:82:8a:05:88:82:69:ff:77:
81:43:48:27:42:38:5b:f9:c4:36:50:f8:06:79:86:d9:e6:00:
1c:2e:75:25:00:81:5b:f0:00:78:65:e9:0d:78:d4:09:ea:8f:
fa:c7:2c:24:fe:b1:4a:76:32:7d:94:94:cf:4c:c9:f8:ff:38:
58:8b:ce:af:8c:70:e5:01:74:60:bd:17:89:88:5e:4c:5c:d1:
03:ff:49:e5:dd:d1:8f:5c:62:0d:ac:05:92:e6:93:6c:61:2a:
d0:9f:72:eb:2f:e7:f0:81:58:2d:52:a8:82:5b:20:2a:20:ac:
49:08:fa:dc:10:57:95:f7:47:c5:59:7e:c6:bb:e0:8a:93:72:
18:9e:ca:da:51:47:cd:e6:28:88:cd:7f:69:41:7f:f5:fa:f5:
fd:aa:d7:0a:59:fd:d3:5b:03:b5:fc:13:0f:9e:c0:9b:58:21:
9d:74:df:c8:2d:06:fc:3d:0c:6f:b5:71:c3:40:e3:f0:77:44:
15:54:2c:02
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZ0k3Veple1EflDZMbRyIhR5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjYwMzI1MTE1OTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWQyNjYwNzJhNTYyNmM1ZmI2OGVjY2E0ZGYwNmFlMTkyOWE2ODk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu21/OOXs2yJeipvzoi34OSYVV2I8
xsVFFd4UDyMpSZ1m4AvkCzvrWZqpbq80+z7NgNq1kegDcC+WggAQ4fykhIDiqh+P
Z911mmjdHUEGPHM9tnegl04EGCOIBjbEsFWj3RQB4edlJ06FetIh/ohPEv96qSt6
6JkiOtEGrFpoD+GNoRE3phRk2/cw1+/hUqLXBzCBRuUw3I2NTbACEy2EAW1jTu7j
i5PcmGjoGwjZ6W+0zuMUk1FgiuUCbGz0YFBeEk2KpM/NnzYec9E5pjHAcO7aVaaM
w5A8qMgk6nwlRktG1S0+RlKlfXfC4v5RVY9Drj04nBQO+wEXZroC07G7VQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFJ7SZgcqVibF+2jsyk3wauGSmmiUMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvbnRKbUJ5cFdKc1g3YU96S1RmQnE0WkthYUpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQCVXPQMAwD
BALVkUQDBATVkUADBADVkVIwDAMEAtWRVAMEAdWRWDANBgkqhkiG9w0BAQsFAAOC
AQEA5bAPmjAgf72zxZddYo9MZ+lM3qicSPaZfHYkidPtiQE9uyQZmU4gOoi3Cjyt
sj/7q4KL/ggOlnNi34BF3yHAHYKKBYiCaf93gUNIJ0I4W/nENlD4BnmG2eYAHC51
JQCBW/AAeGXpDXjUCeqP+scsJP6xSnYyfZSUz0zJ+P84WIvOr4xw5QF0YL0XiYhe
TFzRA/9J5d3Rj1xiDawFkuaTbGEq0J9y6y/n8IFYLVKoglsgKiCsSQj63BBXlfdH
xVl+xrvgipNyGJ7K2lFHzeYoiM1/aUF/9fr1/arXCln901sDtfwTD57Am1ghnXTf
yC0G/D0Mb7Vxw0Dj8HdEFVQsAg==
-----END CERTIFICATE-----
Generated at Thu Mar 26 11:01:11 2026 by rpki-client