Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dPxKOPE2DlhEez_ntX0lCwkAYHw.roa
File: dPxKOPE2DlhEez_ntX0lCwkAYHw.roa (raw, json)
Hash identifier: kl1oHMvqtKfB4I8OKWGkW6ObnG6lvp8ET6hExz5xyds=
Subject key identifier: 74:FC:4A:38:F1:36:0E:58:44:7B:3F:E7:B5:7D:25:0B:09:00:60:7C
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019EB186A6293CD0A56D5AB8BA800D4932A5
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dPxKOPE2DlhEez_ntX0lCwkAYHw.roa
Signing time: Wed 10 Jun 2026 12:34:11 +0000
ROA not before: Wed 10 Jun 2026 12:34:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 216024
IP address blocks: 192.124.182.0/24 maxlen: 24
192.124.190.0/24 maxlen: 24
193.124.203.0/24 maxlen: 24
194.58.36.0/24 maxlen: 24
194.87.148.0/24 maxlen: 24
194.87.189.0/24 maxlen: 24
195.133.2.0/24 maxlen: 24
195.133.26.0/24 maxlen: 24
195.133.28.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 13:27:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:b1:86:a6:29:3c:d0:a5:6d:5a:b8:ba:80:0d:49:32:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jun 10 12:34:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=74fc4a38f1360e58447b3fe7b57d250b0900607c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:45:3b:1f:5f:d3:63:f4:9d:24:19:a1:76:42:
47:31:96:60:ec:85:41:aa:8c:ee:73:14:e6:95:e3:
7f:e3:ca:1a:f0:ed:be:6a:db:16:80:b8:8d:6e:fe:
44:bc:7e:89:af:25:2e:bc:de:2d:20:b8:cd:03:44:
84:ca:c4:f3:e7:08:d6:e7:86:53:58:c8:eb:04:46:
c2:80:e3:e1:90:7c:27:bc:6d:ba:9a:81:11:0f:c6:
5c:24:37:5d:7b:03:40:1b:13:8c:ab:ed:b4:86:33:
7c:6d:4a:04:fb:08:03:3d:49:f2:84:08:5d:78:c7:
a6:02:80:9d:e1:e9:83:55:41:da:28:93:f8:d2:f0:
63:e7:f9:72:6e:86:d2:cd:2b:35:c2:ec:b8:94:ee:
33:75:3b:dd:22:b9:ce:30:cd:90:d0:4e:9d:97:9e:
9a:f1:7c:8f:85:fe:94:e5:bd:75:09:62:bf:37:3b:
8e:f6:6e:f6:a4:18:a3:bc:a2:a7:07:43:ab:e6:b8:
a7:fa:24:e6:76:e1:f8:4f:84:79:8f:37:50:a4:da:
5a:68:78:58:ea:da:ab:ce:82:69:15:38:08:f7:38:
d5:1b:e2:20:9a:f1:8e:83:fe:a5:55:aa:08:47:3c:
da:ab:f8:b3:5d:d7:e1:25:23:a6:38:cd:59:1b:18:
0c:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:FC:4A:38:F1:36:0E:58:44:7B:3F:E7:B5:7D:25:0B:09:00:60:7C
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dPxKOPE2DlhEez_ntX0lCwkAYHw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.124.182.0/24
192.124.190.0/24
193.124.203.0/24
194.58.36.0/24
194.87.148.0/24
194.87.189.0/24
195.133.2.0/24
195.133.26.0/24
195.133.28.0/24
Signature Algorithm: sha256WithRSAEncryption
8b:c0:7c:ad:93:57:09:1a:da:72:0c:a4:27:0b:9b:cb:0f:8f:
2b:55:20:20:a7:65:5b:ec:22:fc:60:47:4a:a0:c7:c8:ee:2f:
dd:a2:84:ee:22:53:47:64:c2:69:7e:8c:86:29:4d:29:e6:9e:
d9:b7:32:0a:d5:71:17:1b:93:52:1c:94:46:7b:13:80:19:91:
7c:38:7a:8b:bf:cf:ae:2f:c9:8f:92:50:b2:55:25:19:ae:7c:
38:21:b6:3a:df:f6:26:fc:63:2b:35:07:84:cc:cd:fa:eb:dc:
c4:fe:6b:74:51:a8:03:c4:95:dc:74:5c:ef:86:35:ab:8c:89:
fd:05:0b:b6:f6:6f:9c:de:7a:eb:a1:7f:3a:2d:ec:93:6d:93:
fe:60:9b:22:5d:f8:bf:91:f7:4a:32:d1:60:26:86:2d:ae:22:
7a:23:37:d1:25:f0:eb:66:95:df:5e:fe:73:99:d0:5c:2c:28:
30:0b:75:26:49:e5:22:7f:9c:4c:e5:3c:04:37:bb:ab:03:18:
24:8b:54:6a:1c:fb:98:e8:a4:c0:46:8e:96:89:ea:59:c3:ad:
3a:90:2c:12:72:25:51:7e:54:86:80:a6:36:5e:64:a9:eb:7e:
34:28:46:41:3f:14:30:ee:44:18:d5:54:3e:db:a5:aa:3f:9d:
05:0c:01:34
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZ6xhqYpPNClbVq4uoANSTKlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNjEwMTIzNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGZjNGEzOGYxMzYwZTU4NDQ3YjNmZTdiNTdkMjUwYjA5MDA2MDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0U7H1/TY/SdJBmhdkJHMZZg7IVB
qozucxTmleN/48oa8O2+atsWgLiNbv5EvH6JryUuvN4tILjNA0SEysTz5wjW54ZT
WMjrBEbCgOPhkHwnvG26moERD8ZcJDddewNAGxOMq+20hjN8bUoE+wgDPUnyhAhd
eMemAoCd4emDVUHaKJP40vBj5/lybobSzSs1wuy4lO4zdTvdIrnOMM2Q0E6dl56a
8XyPhf6U5b11CWK/NzuO9m72pBijvKKnB0Or5rin+iTmduH4T4R5jzdQpNpaaHhY
6tqrzoJpFTgI9zjVG+IgmvGOg/6lVaoIRzzaq/izXdfhJSOmOM1ZGxgMcQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFHT8SjjxNg5YRHs/57V9JQsJAGB8MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZFB4S09QRTJEbGhFZXpfbnRYMGxDd2tBWUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAwHy2AwQA
wHy+AwQAwXzLAwQAwjokAwQAwleUAwQAwle9AwQAw4UCAwQAw4UaAwQAw4UcMA0G
CSqGSIb3DQEBCwUAA4IBAQCLwHytk1cJGtpyDKQnC5vLD48rVSAgp2Vb7CL8YEdK
oMfI7i/dooTuIlNHZMJpfoyGKU0p5p7ZtzIK1XEXG5NSHJRGexOAGZF8OHqLv8+u
L8mPklCyVSUZrnw4IbY63/Ym/GMrNQeEzM3669zE/mt0UagDxJXcdFzvhjWrjIn9
BQu29m+c3nrroX86LeyTbZP+YJsiXfi/kfdKMtFgJoYtriJ6IzfRJfDrZpXfXv5z
mdBcLCgwC3UmSeUif5xM5TwEN7urAxgki1RqHPuY6KTARo6WiepZw606kCwSciVR
flSGgKY2XmSp6340KEZBPxQw7kQY1VQ+26WqP50FDAE0
-----END CERTIFICATE-----
Generated at Thu Jun 11 21:19:34 2026 by rpki-client