Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/9T4FAq-P5PN9ab3UK_fudjiDp0Q.roa
File: 9T4FAq-P5PN9ab3UK_fudjiDp0Q.roa (raw, json)
Hash identifier: pwHuZB5D3fnQ3OAIBVL1DljatQM+BCK6kl2QwVR0gzo=
Subject key identifier: F5:3E:05:02:AF:8F:E4:F3:7D:69:BD:D4:2B:F7:EE:76:38:83:A7:44
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019E88DB8130EF475265E140B343F920717A
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/9T4FAq-P5PN9ab3UK_fudjiDp0Q.roa
Signing time: Tue 02 Jun 2026 15:02:27 +0000
ROA not before: Tue 02 Jun 2026 15:02:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 216024
IP address blocks: 192.124.182.0/24 maxlen: 24
192.124.190.0/24 maxlen: 24
193.124.203.0/24 maxlen: 24
194.58.36.0/24 maxlen: 24
194.87.148.0/24 maxlen: 24
194.87.189.0/24 maxlen: 24
195.133.2.0/24 maxlen: 24
195.133.26.0/24 maxlen: 24
195.133.28.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 05 Jun 2026 06:29:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:88:db:81:30:ef:47:52:65:e1:40:b3:43:f9:20:71:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jun 2 15:02:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f53e0502af8fe4f37d69bdd42bf7ee763883a744
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:d2:8e:88:fe:97:93:e6:85:0f:f9:91:60:bc:
43:54:d6:99:51:21:2c:bd:de:17:e6:1c:72:cc:93:
26:2e:63:e6:19:0a:6c:c1:e3:fc:76:39:b3:51:92:
2c:99:c7:86:d3:69:36:3c:16:1b:a6:0b:2c:4b:e5:
7d:22:e4:91:81:d1:be:42:29:17:d5:85:fe:ea:2e:
99:3b:32:13:f1:c2:be:42:a1:47:76:76:ba:81:2d:
25:3c:49:0d:cc:1b:4c:08:cd:37:b6:4c:fb:35:9a:
03:d2:53:ac:ae:2f:1a:dc:ce:03:7a:75:7d:d4:6f:
a3:9d:31:fc:e4:fd:08:e5:b7:24:bc:3d:ac:0f:73:
cf:5a:07:c9:7b:b0:80:d2:b2:fc:0c:f0:33:46:f3:
fc:e0:41:4f:4a:90:0b:31:d5:8e:4d:08:5f:22:4e:
8b:d2:5a:45:84:b8:14:66:8b:0b:4e:90:b9:0b:b8:
5f:0e:bb:b3:f5:67:28:02:af:4f:24:1e:d2:38:fc:
da:52:21:7b:0d:a1:48:fb:b0:14:93:53:3f:d0:e8:
15:da:3d:55:c3:0e:44:dc:90:45:38:80:19:71:75:
d7:8d:80:c8:f1:c1:35:01:59:d6:86:85:3d:0c:bf:
87:da:9d:ff:aa:31:c4:1e:cb:c7:be:59:7e:69:f4:
0b:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:3E:05:02:AF:8F:E4:F3:7D:69:BD:D4:2B:F7:EE:76:38:83:A7:44
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/9T4FAq-P5PN9ab3UK_fudjiDp0Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.124.182.0/24
192.124.190.0/24
193.124.203.0/24
194.58.36.0/24
194.87.148.0/24
194.87.189.0/24
195.133.2.0/24
195.133.26.0/24
195.133.28.0/24
Signature Algorithm: sha256WithRSAEncryption
25:71:26:f4:87:b2:06:f4:94:86:a1:8c:6f:86:8a:d9:46:5e:
66:56:61:2a:60:ec:ed:19:f2:d3:13:90:e6:ea:b8:4d:a2:b2:
45:6b:44:4b:5f:70:49:f7:a7:56:8c:03:a5:6b:78:57:90:c9:
e8:45:6f:d7:d0:48:c1:ad:f7:cd:9a:fc:4f:24:31:ca:2b:67:
c6:3c:fd:cb:45:0e:dd:f1:64:82:f9:b1:a6:1e:db:45:16:d6:
e5:a3:68:ac:98:6a:66:ee:82:f0:82:d5:63:89:f8:d0:b5:bd:
56:79:28:a6:94:5e:4f:08:e0:03:c1:e7:9b:fc:59:be:29:14:
23:9f:1e:25:fb:5f:ee:fd:14:2e:47:49:a0:1f:f9:ec:66:14:
df:b4:46:e3:ce:1b:ae:4b:6f:b3:52:1f:9b:f4:e1:66:5f:bb:
64:dd:2c:fb:7c:cd:ea:a1:9d:e3:b4:8e:c1:38:24:22:00:96:
6c:46:9c:16:bb:6e:3b:00:6c:f0:3f:af:6b:cc:bd:7d:b8:c2:
af:1a:d6:92:20:ae:16:e5:a0:9f:c3:9d:2f:32:9b:9d:8b:8a:
3c:85:da:97:25:5a:3a:ea:0f:24:ef:36:28:2a:96:fb:59:b6:
bf:f0:1e:46:7a:18:65:2b:54:aa:40:02:f0:35:d9:6c:9d:38:
ac:fd:6b:2f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZ6I24Ew70dSZeFAs0P5IHF6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNjAyMTUwMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTNlMDUwMmFmOGZlNGYzN2Q2OWJkZDQyYmY3ZWU3NjM4ODNhNzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidKOiP6Xk+aFD/mRYLxDVNaZUSEs
vd4X5hxyzJMmLmPmGQpsweP8djmzUZIsmceG02k2PBYbpgssS+V9IuSRgdG+QikX
1YX+6i6ZOzIT8cK+QqFHdna6gS0lPEkNzBtMCM03tkz7NZoD0lOsri8a3M4DenV9
1G+jnTH85P0I5bckvD2sD3PPWgfJe7CA0rL8DPAzRvP84EFPSpALMdWOTQhfIk6L
0lpFhLgUZosLTpC5C7hfDruz9WcoAq9PJB7SOPzaUiF7DaFI+7AUk1M/0OgV2j1V
ww5E3JBFOIAZcXXXjYDI8cE1AVnWhoU9DL+H2p3/qjHEHsvHvll+afQLWwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFPU+BQKvj+TzfWm91Cv37nY4g6dEMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOVQ0RkFxLVA1UE45YWIzVUtfZnVkamlEcDBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAwHy2AwQA
wHy+AwQAwXzLAwQAwjokAwQAwleUAwQAwle9AwQAw4UCAwQAw4UaAwQAw4UcMA0G
CSqGSIb3DQEBCwUAA4IBAQAlcSb0h7IG9JSGoYxvhorZRl5mVmEqYOztGfLTE5Dm
6rhNorJFa0RLX3BJ96dWjAOla3hXkMnoRW/X0EjBrffNmvxPJDHKK2fGPP3LRQ7d
8WSC+bGmHttFFtblo2ismGpm7oLwgtVjifjQtb1WeSimlF5PCOADweeb/Fm+KRQj
nx4l+1/u/RQuR0mgH/nsZhTftEbjzhuuS2+zUh+b9OFmX7tk3Sz7fM3qoZ3jtI7B
OCQiAJZsRpwWu247AGzwP69rzL19uMKvGtaSIK4W5aCfw50vMpudi4o8hdqXJVo6
6g8k7zYoKpb7Wba/8B5GehhlK1SqQALwNdlsnTis/Wsv
-----END CERTIFICATE-----
Generated at Thu Jun 4 10:00:18 2026 by rpki-client