Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4YLwR3INXP4aMO5f1qNbs7iaFpA.roa
File: 4YLwR3INXP4aMO5f1qNbs7iaFpA.roa (raw, json)
Hash identifier: bkqebMqyFFeZaZgLD6ZEh1tGj6oPTIHeT8VY+kJzlmw=
Subject key identifier: E1:82:F0:47:72:0D:5C:FE:1A:30:EE:5F:D6:A3:5B:B3:B8:9A:16:90
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019CE72077B0E3C09C27D761CE76738684CE
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4YLwR3INXP4aMO5f1qNbs7iaFpA.roa
Signing time: Fri 13 Mar 2026 12:16:30 +0000
ROA not before: Fri 13 Mar 2026 12:16:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9009
IP address blocks: 37.139.128.0/24 maxlen: 24
45.128.234.0/24 maxlen: 24
83.219.98.0/24 maxlen: 24
85.31.44.0/24 maxlen: 24
185.246.221.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 14 Mar 2026 18:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:e7:20:77:b0:e3:c0:9c:27:d7:61:ce:76:73:86:84:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 13 12:16:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=e182f047720d5cfe1a30ee5fd6a35bb3b89a1690
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:ee:df:0d:0f:1f:44:fe:60:70:41:eb:d9:cc:
57:e4:e5:73:4f:83:dc:6b:a9:a5:03:84:3f:eb:81:
db:a1:aa:39:2b:60:52:fb:1c:9c:00:41:9f:c3:10:
30:b3:40:cf:d0:11:87:d2:e1:93:ec:d2:3f:cc:85:
f5:c3:1e:56:03:bd:27:cc:5c:a3:d9:9f:b9:a9:58:
40:94:2d:f4:9d:4f:d7:cd:06:6a:68:32:80:4e:2d:
ba:49:a5:f5:4b:d9:d5:15:2f:2a:74:bf:40:19:a3:
6f:f1:c2:88:e1:7e:73:f0:cd:42:37:5c:2d:75:0e:
f4:4b:4e:14:f8:87:88:64:c1:16:cb:f4:25:d6:f9:
d1:3a:06:02:44:a8:3f:b7:28:89:62:ad:fb:1b:cc:
7c:9b:9c:18:90:ef:e4:69:09:14:b0:48:a2:e4:b0:
1d:94:4a:f8:28:f6:77:06:4f:f5:75:52:ab:74:68:
96:43:f8:82:5a:ec:8e:61:38:06:38:ed:b8:dd:e5:
a2:f5:e4:d1:d7:ac:60:a1:1f:75:9c:cf:6f:c6:ad:
bf:79:d2:e9:3b:1f:2f:54:50:3e:76:7d:37:57:59:
86:7b:1c:22:2b:e6:9e:4b:fe:8f:09:3a:60:ed:77:
4c:cf:90:2e:a9:1d:36:84:57:bd:d2:72:ac:2b:e7:
96:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:82:F0:47:72:0D:5C:FE:1A:30:EE:5F:D6:A3:5B:B3:B8:9A:16:90
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4YLwR3INXP4aMO5f1qNbs7iaFpA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.128.0/24
45.128.234.0/24
83.219.98.0/24
85.31.44.0/24
185.246.221.0/24
Signature Algorithm: sha256WithRSAEncryption
0e:a2:da:87:c8:db:89:76:38:c3:e4:32:1a:1d:cd:07:15:99:
3a:a1:85:a2:9a:63:10:5b:a9:48:42:ef:8e:aa:a6:6b:63:3b:
e9:ca:a3:64:74:d0:95:35:c7:d1:09:2f:c9:ce:b1:44:89:92:
c9:eb:48:a9:e6:98:0c:b5:63:f1:6d:31:4d:3e:f1:58:90:c4:
92:1b:e4:a5:2d:2b:07:cf:e1:e7:2b:7d:08:ce:01:6b:57:84:
fa:4f:bb:24:a7:e9:af:76:24:9d:c2:76:ab:69:08:2d:b1:e2:
8a:5c:fa:bd:c2:b0:51:e8:0c:66:ec:27:16:41:d2:3e:db:22:
75:79:4a:f7:4b:86:a1:b9:3b:01:47:34:af:58:0d:8f:20:25:
7e:47:aa:ce:24:5e:32:bf:d4:ca:75:80:20:c3:bf:fc:c2:90:
f8:f7:d2:51:e6:22:4d:02:7e:65:8a:75:37:2e:f9:67:df:cc:
1d:e5:59:37:00:ac:13:cf:9f:19:d0:44:ed:a6:98:ef:9e:38:
64:30:08:35:db:82:3e:13:4c:df:43:d4:22:e1:70:42:8a:29:
59:5a:b4:b0:ce:87:16:90:bc:64:1a:2f:d3:33:74:26:87:95:
0e:af:fb:65:f6:9f:a4:af:2c:c0:fc:eb:f2:7e:4b:36:cc:5a:
fd:2e:56:a1
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZznIHew48CcJ9dhznZzhoTOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMzEzMTIxNjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTgyZjA0NzcyMGQ1Y2ZlMWEzMGVlNWZkNmEzNWJiM2I4OWExNjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyu7fDQ8fRP5gcEHr2cxX5OVzT4Pc
a6mlA4Q/64Hboao5K2BS+xycAEGfwxAws0DP0BGH0uGT7NI/zIX1wx5WA70nzFyj
2Z+5qVhAlC30nU/XzQZqaDKATi26SaX1S9nVFS8qdL9AGaNv8cKI4X5z8M1CN1wt
dQ70S04U+IeIZMEWy/Ql1vnROgYCRKg/tyiJYq37G8x8m5wYkO/kaQkUsEii5LAd
lEr4KPZ3Bk/1dVKrdGiWQ/iCWuyOYTgGOO243eWi9eTR16xgoR91nM9vxq2/edLp
Ox8vVFA+dn03V1mGexwiK+aeS/6PCTpg7XdMz5AuqR02hFe90nKsK+eWxwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFOGC8EdyDVz+GjDuX9ajW7O4mhaQMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNFlMd1IzSU5YUDRhTU81ZjFxTmJzN2lhRnBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAJYuAAwQA
LYDqAwQAU9tiAwQAVR8sAwQAufbdMA0GCSqGSIb3DQEBCwUAA4IBAQAOotqHyNuJ
djjD5DIaHc0HFZk6oYWimmMQW6lIQu+OqqZrYzvpyqNkdNCVNcfRCS/JzrFEiZLJ
60ip5pgMtWPxbTFNPvFYkMSSG+SlLSsHz+HnK30IzgFrV4T6T7skp+mvdiSdwnar
aQgtseKKXPq9wrBR6Axm7CcWQdI+2yJ1eUr3S4ahuTsBRzSvWA2PICV+R6rOJF4y
v9TKdYAgw7/8wpD499JR5iJNAn5linU3Lvln38wd5Vk3AKwTz58Z0ETtppjvnjhk
MAg124I+E0zfQ9Qi4XBCiilZWrSwzocWkLxkGi/TM3Qmh5UOr/tl9p+kryzA/Ovy
fks2zFr9Llah
-----END CERTIFICATE-----
Generated at Fri Mar 13 23:06:06 2026 by rpki-client