Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NQos0S8hZJOQ87eEr_1cyUOvdaw.roa
File: NQos0S8hZJOQ87eEr_1cyUOvdaw.roa (raw, json)
Hash identifier: LtsAumt0jcF+87sqe/XtxK54SHLrUfPQBPL0VsI0xec=
Subject key identifier: 35:0A:2C:D1:2F:21:64:93:90:F3:B7:84:AF:FD:5C:C9:43:AF:75:AC
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019F132F57E292B9C944A8F1954120672859
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NQos0S8hZJOQ87eEr_1cyUOvdaw.roa
Signing time: Mon 29 Jun 2026 11:41:37 +0000
ROA not before: Mon 29 Jun 2026 11:41:37 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 0
IP address blocks: 37.139.128.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.91.194.0/24 maxlen: 24
45.129.85.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.143.113.0/24 maxlen: 24
85.217.130.0/23 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.126.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.120.192.0/23 maxlen: 24
87.121.62.0/24 maxlen: 24
87.121.63.0/24 maxlen: 24
87.121.114.0/23 maxlen: 24
87.121.114.0/24 maxlen: 24
87.121.115.0/24 maxlen: 24
87.121.221.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.100.0/23 maxlen: 24
93.123.109.0/24 maxlen: 24
94.156.188.0/24 maxlen: 32
147.78.101.0/24 maxlen: 24
185.218.84.0/22 maxlen: 24
185.222.160.0/24 maxlen: 24
185.246.221.0/24 maxlen: 24
185.252.177.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 30 Jun 2026 11:41:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9f:13:2f:57:e2:92:b9:c9:44:a8:f1:95:41:20:67:28:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jun 29 11:41:37 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=350a2cd12f21649390f3b784affd5cc943af75ac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:ad:c1:6d:17:5f:b4:8e:1f:9c:10:69:c6:22:
d2:e2:e9:8a:ff:cd:be:66:df:32:f4:b5:42:5c:cb:
66:66:aa:31:d3:fa:00:5e:19:de:2b:2a:af:67:41:
93:4f:51:1c:64:c0:43:44:90:32:34:6b:82:bf:b5:
ca:01:45:99:12:1d:a7:84:d0:13:81:f3:ea:4b:fc:
f9:5c:20:51:75:88:f9:57:a3:6c:56:91:33:16:bd:
41:56:e0:29:b0:5a:18:61:97:ca:0b:c3:b5:ee:b1:
ca:45:3f:10:a0:b1:67:36:e6:86:af:90:38:ea:d0:
44:e9:89:20:cc:84:17:d5:ea:cd:89:a6:1f:71:c7:
e8:b1:fb:67:aa:71:6d:3d:7f:46:fa:2c:64:79:44:
ce:2c:9c:4e:9e:5f:84:18:d9:8b:c6:d3:0e:db:65:
81:32:60:fa:2e:21:7b:e9:a9:90:dc:f4:7e:3c:a5:
09:7a:85:78:7c:94:c1:74:00:f2:a8:b4:ec:08:82:
27:f9:43:35:86:8d:20:72:e4:19:bf:73:94:b0:08:
89:62:81:8a:1b:d3:e2:f1:6c:83:30:f8:57:08:1a:
a2:cb:ec:9b:99:95:5a:86:b6:23:cd:97:67:5c:a2:
a6:01:62:84:b6:10:7c:ce:3d:12:d0:d0:6a:73:ee:
b5:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:0A:2C:D1:2F:21:64:93:90:F3:B7:84:AF:FD:5C:C9:43:AF:75:AC
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NQos0S8hZJOQ87eEr_1cyUOvdaw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.128.0/24
45.66.228.0/24
45.66.231.0/24
45.89.247.0/24
45.91.194.0/24
45.129.85.0/24
45.141.158.0/24
81.161.238.0/24
83.143.113.0/24
85.217.130.0/23
87.120.87.0/24
87.120.126.0/24
87.120.166.0/24
87.120.192.0/23
87.121.62.0/23
87.121.114.0/23
87.121.221.0/24
92.249.50.0/24
93.123.100.0/23
93.123.109.0/24
94.156.188.0/24
147.78.101.0/24
185.218.84.0/22
185.222.160.0/24
185.246.221.0/24
185.252.177.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
ae:8e:02:f1:a5:79:04:dd:44:51:a0:99:c3:ec:89:bb:b0:3d:
79:92:e0:07:cc:dc:c6:34:f7:b7:cb:b5:11:3a:bc:59:a4:23:
e8:94:c5:13:b5:81:19:70:9b:72:8e:e7:25:59:90:c2:fc:e3:
97:b1:b4:ad:80:be:41:fc:cb:1a:29:f4:68:6f:6a:59:b6:a3:
23:07:8e:23:ef:98:c9:5c:0d:d6:2e:80:c4:66:bc:f1:cf:96:
cc:b1:99:f4:ad:52:c3:34:67:66:a3:7e:f1:40:bc:0f:cd:b3:
93:cc:91:08:9c:59:5b:96:0f:53:d0:87:1b:c4:6d:a5:d3:d3:
e8:80:7b:f4:af:cc:18:f2:aa:f7:88:c5:7d:a8:14:41:96:47:
75:35:89:f7:e2:86:88:bb:6c:68:79:0a:42:fe:7b:40:4b:e9:
88:90:c1:cc:fb:43:26:32:d7:05:08:52:ae:8e:87:a4:55:98:
7a:a3:44:bb:37:13:82:25:5b:82:dc:be:12:44:46:cb:11:fe:
c8:23:46:06:aa:34:33:8f:e8:57:4a:68:39:1f:a8:53:5e:66:
28:77:86:ec:a5:06:d6:d9:ac:7c:bc:e9:15:19:65:7f:0c:ae:
ac:66:9f:97:76:20:7f:93:e8:e7:2d:82:8d:ca:de:8e:09:95:
66:2e:1b:e6
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgISAZ8TL1fikrnJRKjxlUEgZyhZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwNjI5MTE0MTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTBhMmNkMTJmMjE2NDkzOTBmM2I3ODRhZmZkNWNjOTQzYWY3NWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtK3BbRdftI4fnBBpxiLS4umK/82+
Zt8y9LVCXMtmZqox0/oAXhneKyqvZ0GTT1EcZMBDRJAyNGuCv7XKAUWZEh2nhNAT
gfPqS/z5XCBRdYj5V6NsVpEzFr1BVuApsFoYYZfKC8O17rHKRT8QoLFnNuaGr5A4
6tBE6YkgzIQX1erNiaYfccfosftnqnFtPX9G+ixkeUTOLJxOnl+EGNmLxtMO22WB
MmD6LiF76amQ3PR+PKUJeoV4fJTBdADyqLTsCIIn+UM1ho0gcuQZv3OUsAiJYoGK
G9Pi8WyDMPhXCBqiy+ybmZVahrYjzZdnXKKmAWKEthB8zj0S0NBqc+611wIDAQAB
o4ICsDCCAqwwHQYDVR0OBBYEFDUKLNEvIWSTkPO3hK/9XMlDr3WsMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTlFvczBTOGhaSk9RODdlRXJfMWN5VU92ZGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHFBggrBgEFBQcBBwEB/wSBtTCBsjCBrwQCAAEwgagDBAAl
i4ADBAAtQuQDBAAtQucDBAAtWfcDBAAtW8IDBAAtgVUDBAAtjZ4DBABRoe4DBABT
j3EDBAFV2YIDBABXeFcDBABXeH4DBABXeKYDBAFXeMADBAFXeT4DBAFXeXIDBABX
ed0DBABc+TIDBAFde2QDBABde20DBABenLwDBACTTmUDBAK52lQDBAC53qADBAC5
9t0DBAC5/LEDBADCN7oDBADCqa8wDQYJKoZIhvcNAQELBQADggEBAK6OAvGleQTd
RFGgmcPsibuwPXmS4AfM3MY097fLtRE6vFmkI+iUxRO1gRlwm3KO5yVZkML845ex
tK2AvkH8yxop9Ghvalm2oyMHjiPvmMlcDdYugMRmvPHPlsyxmfStUsM0Z2ajfvFA
vA/Ns5PMkQicWVuWD1PQhxvEbaXT0+iAe/SvzBjyqveIxX2oFEGWR3U1iffihoi7
bGh5CkL+e0BL6YiQwcz7QyYy1wUIUq6Oh6RVmHqjRLs3E4IlW4LcvhJERssR/sgj
RgaqNDOP6FdKaDkfqFNeZih3huylBtbZrHy86RUZZX8Mrqxmn5d2IH+T6Octgo3K
3o4JlWYuG+Y=
-----END CERTIFICATE-----
Generated at Mon Jun 29 19:11:58 2026 by rpki-client