Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/a3YDLtZE0HzEan-oIxQBmtpC5gs.roa
File: a3YDLtZE0HzEan-oIxQBmtpC5gs.roa (raw, json)
Hash identifier: qCKco4UPXku6jco162Ez77p8D1LHYLu9AZjnC7vUMBM=
Subject key identifier: 6B:76:03:2E:D6:44:D0:7C:C4:6A:7F:A8:23:14:01:9A:DA:42:E6:0B
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019DBDF6E513FC6BBBC1B80C7F96A381C821
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/a3YDLtZE0HzEan-oIxQBmtpC5gs.roa
Signing time: Fri 24 Apr 2026 05:29:27 +0000
ROA not before: Fri 24 Apr 2026 05:29:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 151612
IP address blocks: 31.13.224.0/24 maxlen: 24
81.161.230.0/24 maxlen: 24
87.120.89.0/24 maxlen: 24
193.37.47.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 25 Apr 2026 05:31:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:bd:f6:e5:13:fc:6b:bb:c1:b8:0c:7f:96:a3:81:c8:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 24 05:29:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6b76032ed644d07cc46a7fa82314019ada42e60b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:99:85:03:93:76:b0:23:bb:dc:2c:a1:9b:5c:
07:db:2c:57:ae:6d:ae:28:ba:8f:8c:43:99:a9:ed:
37:dd:24:00:2a:44:f4:05:57:0a:f0:bf:f4:82:32:
23:35:de:19:d0:9e:d3:9f:4e:78:50:69:9c:a4:11:
be:d6:11:4f:c2:66:c3:ab:2f:c0:7e:d0:5c:2a:09:
ed:40:0f:fa:bd:aa:ee:88:b5:71:99:3e:3a:c8:9a:
52:fa:4a:b8:41:fa:a3:dc:90:14:6f:3b:3f:5f:09:
91:7c:95:6a:e7:42:70:2e:ee:8e:23:af:f8:34:eb:
b2:bc:bb:84:51:e6:7e:de:e7:ed:2c:68:06:66:a6:
8e:b1:9e:ea:cb:44:aa:55:e0:72:a3:b9:d7:04:72:
90:3c:b1:24:20:b9:70:2f:a7:08:f2:f1:fc:04:84:
44:24:09:e9:0e:bb:06:0e:c2:74:70:f3:c0:d1:a0:
69:b4:0c:06:f2:26:16:1e:8e:22:d9:df:50:01:92:
81:cd:c0:95:45:dc:93:41:84:16:87:fb:26:86:f3:
7c:92:b5:f7:8c:6c:1f:22:7c:5c:f8:07:48:6c:9e:
09:90:9f:21:d3:c1:97:e1:c0:45:18:a6:34:6d:41:
58:b6:45:4a:28:6c:dd:fd:d2:0a:dd:cf:50:0e:35:
b0:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:76:03:2E:D6:44:D0:7C:C4:6A:7F:A8:23:14:01:9A:DA:42:E6:0B
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/a3YDLtZE0HzEan-oIxQBmtpC5gs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.224.0/24
81.161.230.0/24
87.120.89.0/24
193.37.47.0/24
Signature Algorithm: sha256WithRSAEncryption
0b:80:67:1b:af:4f:30:87:59:3d:01:09:30:89:e1:8c:ef:5e:
b6:a3:36:45:52:c2:77:f0:3e:4c:6c:fc:aa:cd:55:c5:6e:7f:
85:55:30:76:a7:7f:d9:85:a2:04:c0:a0:ab:ba:c3:91:0b:7a:
56:19:cd:7e:c9:fd:f2:b7:22:db:8b:66:72:c1:71:0e:e0:fd:
5b:e9:a9:57:8d:12:fe:35:b5:56:57:4f:b4:32:a8:b8:a2:61:
b7:93:40:12:2a:ba:07:19:ef:58:12:b2:1b:cc:ac:a4:f6:a2:
49:20:a3:90:c1:c1:03:36:c0:d1:3a:7c:3d:01:6b:d5:3c:d8:
4a:14:a7:c3:fd:98:1e:e6:ba:a9:e8:2d:4a:37:c4:b9:87:b3:
94:9f:9c:63:84:db:a3:01:ef:76:eb:c6:f8:0b:c7:b3:1d:cb:
21:29:5b:ef:9b:74:5a:13:7d:2a:24:e4:60:c8:60:62:8f:22:
b1:00:77:ab:d9:8a:8d:0a:55:ce:3d:be:cf:b3:b3:e1:a4:de:
70:8e:ec:7c:c4:51:88:94:54:17:a3:8b:9b:1b:ca:4c:8d:01:
3d:84:df:67:9c:23:ec:9c:97:5c:db:93:af:36:56:3f:6d:c0:
b7:b9:18:61:01:57:d2:39:3c:b7:70:87:6c:a7:dc:4e:65:ad:
30:c0:20:a2
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ299uUT/Gu7wbgMf5ajgcghMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwNDI0MDUyOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yjc2MDMyZWQ2NDRkMDdjYzQ2YTdmYTgyMzE0MDE5YWRhNDJlNjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpmFA5N2sCO73Cyhm1wH2yxXrm2u
KLqPjEOZqe033SQAKkT0BVcK8L/0gjIjNd4Z0J7Tn054UGmcpBG+1hFPwmbDqy/A
ftBcKgntQA/6varuiLVxmT46yJpS+kq4Qfqj3JAUbzs/XwmRfJVq50JwLu6OI6/4
NOuyvLuEUeZ+3uftLGgGZqaOsZ7qy0SqVeByo7nXBHKQPLEkILlwL6cI8vH8BIRE
JAnpDrsGDsJ0cPPA0aBptAwG8iYWHo4i2d9QAZKBzcCVRdyTQYQWh/smhvN8krX3
jGwfInxc+AdIbJ4JkJ8h08GX4cBFGKY0bUFYtkVKKGzd/dIK3c9QDjWwbQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGt2Ay7WRNB8xGp/qCMUAZraQuYLMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYTNZREx0WkUwSHpFYW4tb0l4UUJtdHBDNWdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAHw3gAwQA
UaHmAwQAV3hZAwQAwSUvMA0GCSqGSIb3DQEBCwUAA4IBAQALgGcbr08wh1k9AQkw
ieGM7162ozZFUsJ38D5MbPyqzVXFbn+FVTB2p3/ZhaIEwKCrusORC3pWGc1+yf3y
tyLbi2ZywXEO4P1b6alXjRL+NbVWV0+0Mqi4omG3k0ASKroHGe9YErIbzKyk9qJJ
IKOQwcEDNsDROnw9AWvVPNhKFKfD/Zge5rqp6C1KN8S5h7OUn5xjhNujAe9268b4
C8ezHcshKVvvm3RaE30qJORgyGBijyKxAHer2YqNClXOPb7Ps7PhpN5wjux8xFGI
lFQXo4ubG8pMjQE9hN9nnCPsnJdc25OvNlY/bcC3uRhhAVfSOTy3cIdsp9xOZa0w
wCCi
-----END CERTIFICATE-----
Generated at Fri Apr 24 11:19:13 2026 by rpki-client