Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pCmSUFv0D8MNqryfHgN8zV3O59c.roa
File: pCmSUFv0D8MNqryfHgN8zV3O59c.roa (raw, json)
Hash identifier: j+JoKUNrF/rtA9X3VBscK+/zU67YN9XrxM0nOFSUCRE=
Subject key identifier: A4:29:92:50:5B:F4:0F:C3:0D:AA:BC:9F:1E:03:7C:CD:5D:CE:E7:D7
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019DCE9F71805311C25461983DFFA5869C58
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pCmSUFv0D8MNqryfHgN8zV3O59c.roa
Signing time: Mon 27 Apr 2026 11:07:28 +0000
ROA not before: Mon 27 Apr 2026 11:07:28 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 210644
IP address blocks: 5.253.56.0/24 maxlen: 24
85.31.46.0/24 maxlen: 24
87.121.216.0/24 maxlen: 24
185.207.14.0/24 maxlen: 24
185.207.15.0/24 maxlen: 24
193.47.61.0/24 maxlen: 24
193.148.56.0/24 maxlen: 24
193.148.57.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Apr 2026 08:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:ce:9f:71:80:53:11:c2:54:61:98:3d:ff:a5:86:9c:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 27 11:07:28 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a42992505bf40fc30daabc9f1e037ccd5dcee7d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:05:88:ae:35:e0:af:ad:31:34:6d:ba:f7:0f:
74:34:b5:1c:af:9a:e1:70:0c:7a:c9:41:51:b9:5c:
65:ea:10:9b:bf:c2:be:cb:35:b6:20:90:99:f9:0b:
b8:d5:b5:ca:6e:7b:33:1e:8a:4b:6b:ec:54:c2:cc:
b0:c1:2e:e3:b3:72:8d:62:12:50:ce:a6:5f:73:fb:
49:32:43:38:71:2a:54:7f:24:83:8b:c4:61:30:ce:
d7:d2:a2:1f:3e:35:a2:60:d9:13:8c:55:a9:a2:3f:
47:15:3c:dd:4a:c5:37:34:e3:a3:81:9c:1c:e4:4c:
36:43:d5:b3:60:37:57:d3:d3:63:a2:6d:3f:35:58:
17:24:59:ff:0b:5f:b4:01:8e:a7:61:12:3d:8d:5f:
a0:ea:54:86:06:b8:ce:f7:6f:d7:d0:ec:5f:25:7d:
52:bb:c8:1e:c7:be:6c:b6:c4:37:8d:39:c1:66:a9:
5f:d7:66:76:9b:56:16:4b:65:40:6b:92:55:59:52:
50:fd:7d:e7:a4:0b:84:9b:52:c8:0c:b0:61:98:cf:
0d:4e:d1:d6:e0:e0:62:50:fe:8c:49:32:d4:a3:01:
c6:30:91:32:ed:65:98:54:86:4f:29:30:80:e5:01:
5a:45:c2:6d:80:f6:18:c8:ae:9d:9a:d6:76:56:1c:
5f:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:29:92:50:5B:F4:0F:C3:0D:AA:BC:9F:1E:03:7C:CD:5D:CE:E7:D7
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pCmSUFv0D8MNqryfHgN8zV3O59c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.56.0/24
85.31.46.0/24
87.121.216.0/24
185.207.14.0/23
193.47.61.0/24
193.148.56.0/23
Signature Algorithm: sha256WithRSAEncryption
08:14:be:05:ac:20:a4:82:7a:f2:ed:58:ec:87:f9:d0:0c:ff:
05:11:ee:5b:87:be:80:a1:89:c3:13:82:42:5a:8c:32:be:d5:
2f:5a:bb:88:1d:1d:1f:5f:32:58:fa:4a:8a:dc:83:ae:ac:e0:
0b:69:82:5f:c6:ed:36:7b:89:cc:b5:c6:db:17:a1:e6:d3:42:
f8:ab:1d:77:51:57:38:7e:09:f5:16:5b:81:79:f0:09:39:cf:
bb:ec:4f:da:d6:50:00:7a:ff:bb:15:75:e5:6e:25:4e:8e:8b:
01:71:08:f6:95:e4:4c:e4:5b:d7:87:42:30:46:32:40:8e:fc:
24:26:ee:f2:39:2d:db:6a:49:d0:79:69:5a:7f:f1:ae:c7:de:
50:ba:ad:ef:f9:7a:1d:d7:73:a6:9e:b2:17:52:95:55:ed:55:
91:b3:20:3e:17:50:93:11:96:1f:b2:b0:3b:c4:ad:fd:a4:95:
6c:cb:44:7d:ca:a9:62:02:73:92:f4:84:b5:65:f0:6d:49:90:
4d:89:ea:5f:73:31:0b:a6:44:d2:76:b6:ce:15:9a:7d:36:5a:
5b:f7:d8:5d:e1:e1:01:6a:52:69:41:cb:d8:8f:d0:ec:c3:02:
e2:25:97:90:90:36:47:19:0e:ca:36:44:e6:46:69:c4:f5:24:
c2:2c:42:45
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ3On3GAUxHCVGGYPf+lhpxYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwNDI3MTEwNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDI5OTI1MDViZjQwZmMzMGRhYWJjOWYxZTAzN2NjZDVkY2VlN2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmgWIrjXgr60xNG269w90NLUcr5rh
cAx6yUFRuVxl6hCbv8K+yzW2IJCZ+Qu41bXKbnszHopLa+xUwsywwS7js3KNYhJQ
zqZfc/tJMkM4cSpUfySDi8RhMM7X0qIfPjWiYNkTjFWpoj9HFTzdSsU3NOOjgZwc
5Ew2Q9WzYDdX09Njom0/NVgXJFn/C1+0AY6nYRI9jV+g6lSGBrjO92/X0OxfJX1S
u8gex75stsQ3jTnBZqlf12Z2m1YWS2VAa5JVWVJQ/X3npAuEm1LIDLBhmM8NTtHW
4OBiUP6MSTLUowHGMJEy7WWYVIZPKTCA5QFaRcJtgPYYyK6dmtZ2VhxfRwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFKQpklBb9A/DDaq8nx4DfM1dzufXMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcENtU1VGdjBEOE1OcXJ5ZkhnTjh6VjNPNTljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQABf04AwQA
VR8uAwQAV3nYAwQBuc8OAwQAwS89AwQBwZQ4MA0GCSqGSIb3DQEBCwUAA4IBAQAI
FL4FrCCkgnry7Vjsh/nQDP8FEe5bh76AoYnDE4JCWowyvtUvWruIHR0fXzJY+kqK
3IOurOALaYJfxu02e4nMtcbbF6Hm00L4qx13UVc4fgn1FluBefAJOc+77E/a1lAA
ev+7FXXlbiVOjosBcQj2leRM5FvXh0IwRjJAjvwkJu7yOS3baknQeWlaf/Gux95Q
uq3v+Xod13OmnrIXUpVV7VWRsyA+F1CTEZYfsrA7xK39pJVsy0R9yqliAnOS9IS1
ZfBtSZBNiepfczELpkTSdrbOFZp9Nlpb99hd4eEBalJpQcvYj9DswwLiJZeQkDZH
GQ7KNkTmRmnE9STCLEJF
-----END CERTIFICATE-----
Generated at Mon Apr 27 14:44:32 2026 by rpki-client