Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/nH4QGJOU2j3EPIWo9AxW00IQFnk.roa
File: nH4QGJOU2j3EPIWo9AxW00IQFnk.roa (raw, json)
Hash identifier: IWD2BtbqLOYthCXactOhK7e4mOG0DXsr0Rz/2aTPlOE=
Subject key identifier: 9C:7E:10:18:93:94:DA:3D:C4:3C:85:A8:F4:0C:56:D3:42:10:16:79
Certificate issuer: /CN=d5b6a5ca37ead31fd2a350b0b412d77d95320928
Certificate serial: 019EAB4F746AFD94F6BE952EA5E2891EF8AC
Authority key identifier: D5:B6:A5:CA:37:EA:D3:1F:D2:A3:50:B0:B4:12:D7:7D:95:32:09:28
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1balyjfq0x_So1CwtBLXfZUyCSg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/nH4QGJOU2j3EPIWo9AxW00IQFnk.roa
Signing time: Tue 09 Jun 2026 07:36:11 +0000
ROA not before: Tue 09 Jun 2026 07:36:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 5405
IP address blocks: 5.183.211.0/24 maxlen: 24
45.153.81.0/24 maxlen: 24
45.153.82.0/23 maxlen: 23
81.27.68.0/24 maxlen: 24
81.27.69.0/24 maxlen: 24
81.27.70.0/24 maxlen: 24
94.103.180.0/24 maxlen: 24
185.93.213.0/24 maxlen: 24
185.134.66.0/24 maxlen: 24
185.134.67.0/24 maxlen: 24
2a11:4140::/29 maxlen: 29
2a11:4140:1000::/36 maxlen: 36
2a11:4140:2000::/36 maxlen: 36
2a11:4140:3000::/36 maxlen: 36
2a11:4140:4000::/36 maxlen: 36
2a11:4140:5000::/36 maxlen: 36
2a11:4140:6000::/36 maxlen: 36
2a11:4140:7000::/36 maxlen: 36
2a11:4140:8000::/36 maxlen: 36
2a11:4140:9000::/36 maxlen: 36
2a11:4140:a000::/36 maxlen: 36
2a11:4140:b000::/36 maxlen: 36
2a11:4140:c000::/36 maxlen: 36
2a11:4140:d000::/36 maxlen: 36
2a11:4140:e000::/36 maxlen: 36
2a11:4140:f000::/36 maxlen: 36
2a11:4141::/36 maxlen: 36
2a11:4141:1000::/36 maxlen: 36
2a11:4141:3000::/36 maxlen: 36
2a11:4141:4000::/36 maxlen: 36
2a11:4141:5000::/36 maxlen: 36
2a11:4141:6000::/36 maxlen: 36
2a11:4141:7000::/36 maxlen: 36
2a11:4141:8000::/36 maxlen: 36
2a11:4141:9000::/36 maxlen: 36
2a11:4141:b000::/36 maxlen: 36
2a11:4141:c000::/36 maxlen: 36
2a11:4142::/36 maxlen: 36
2a11:4142:1000::/36 maxlen: 36
2a11:4146:8000::/36 maxlen: 36
2a11:4147:d000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/1balyjfq0x_So1CwtBLXfZUyCSg.crl
rsync://rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/1balyjfq0x_So1CwtBLXfZUyCSg.mft
rsync://rpki.ripe.net/repository/DEFAULT/1balyjfq0x_So1CwtBLXfZUyCSg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 08:43:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:ab:4f:74:6a:fd:94:f6:be:95:2e:a5:e2:89:1e:f8:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5b6a5ca37ead31fd2a350b0b412d77d95320928
Validity
Not Before: Jun 9 07:36:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9c7e10189394da3dc43c85a8f40c56d342101679
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:a3:b2:47:0d:ca:c0:cc:b2:55:d3:e7:6c:92:
49:86:4a:44:c4:d0:71:eb:ec:b9:ea:29:c1:d7:53:
69:4d:05:f5:74:7e:ee:94:98:94:4c:3e:e1:b0:fd:
1c:59:c1:af:c4:14:2e:ab:0f:f6:5c:ad:2b:0c:06:
95:0d:a0:29:1d:a4:3c:a1:e1:14:c9:58:36:a5:78:
ff:40:5c:c6:8c:61:f8:ea:bb:18:cf:d5:05:b2:eb:
74:16:db:39:79:51:54:f0:73:2c:24:41:e7:92:4f:
01:60:42:7c:11:08:06:1f:e8:86:e8:4f:67:1a:a1:
9d:d2:8d:8b:63:f3:6c:4f:34:8c:04:a1:ba:aa:85:
92:09:1c:b0:89:e2:52:d3:07:ed:fb:f7:9c:89:7a:
77:92:c2:72:bc:3d:54:f8:91:bb:2a:66:7d:76:01:
b6:e8:41:8d:2f:bc:22:0d:09:69:54:90:98:61:bd:
bd:1c:24:0b:3a:4a:14:c2:35:f3:bd:e4:6f:33:01:
9c:37:d8:5d:80:cf:0c:64:16:c9:b8:84:5b:41:e4:
7f:9c:16:86:62:a2:69:9f:ec:3d:bf:16:98:fa:0c:
0e:89:2c:b7:45:05:97:5a:62:14:29:8e:2a:30:f3:
d9:bc:72:90:2c:79:ab:aa:fd:49:3e:ff:45:f8:05:
a1:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:7E:10:18:93:94:DA:3D:C4:3C:85:A8:F4:0C:56:D3:42:10:16:79
X509v3 Authority Key Identifier:
keyid:D5:B6:A5:CA:37:EA:D3:1F:D2:A3:50:B0:B4:12:D7:7D:95:32:09:28
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1balyjfq0x_So1CwtBLXfZUyCSg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/nH4QGJOU2j3EPIWo9AxW00IQFnk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/1balyjfq0x_So1CwtBLXfZUyCSg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.183.211.0/24
45.153.81.0-45.153.83.255
81.27.68.0-81.27.70.255
94.103.180.0/24
185.93.213.0/24
185.134.66.0/23
IPv6:
2a11:4140::/29
Signature Algorithm: sha256WithRSAEncryption
d7:5d:e0:24:34:d9:2f:84:44:95:43:ca:d2:fd:26:de:97:be:
ad:9e:ec:e5:cb:75:22:07:6d:c4:cb:15:9c:41:c1:cb:d0:f3:
14:72:93:03:7e:d6:d4:21:1f:e9:c9:0e:fc:4c:fb:26:bc:9c:
f5:be:af:8f:7d:c7:73:a8:f2:21:75:3e:c7:84:0c:05:8e:0a:
32:31:31:c8:04:6c:fd:0a:1d:ce:4e:72:18:ac:53:32:c5:4a:
9f:dc:37:a1:f7:b7:0e:68:85:3f:04:c4:5d:e1:1e:9b:5c:60:
a1:cd:3f:77:39:9f:4a:12:9c:b7:ef:bf:12:ba:af:31:14:d7:
d0:dc:38:a2:bd:cc:66:48:eb:94:d4:e8:35:d3:85:c7:6b:fe:
be:f3:85:b1:f9:e1:c8:c4:05:95:df:bd:c4:3b:98:1d:08:20:
f0:7e:c3:cc:61:9b:be:ac:d5:e9:3d:38:a5:8a:b3:6c:ac:f2:
e6:41:fc:54:a4:3c:42:81:2c:f7:be:3a:5e:84:c1:f1:15:de:
2a:cc:21:07:99:7f:67:c8:a2:d9:31:d1:74:b1:80:f7:a0:7d:
44:f0:11:b3:23:e6:49:37:1f:2f:71:e5:c0:ac:96:61:48:73:
81:a7:ad:19:0f:71:17:25:2c:12:8c:8c:ca:2d:8c:43:02:c9:
c0:0b:11:ab
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAZ6rT3Rq/ZT2vpUupeKJHvisMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1YjZhNWNhMzdlYWQzMWZkMmEzNTBiMGI0MTJkNzdkOTUz
MjA5MjgwHhcNMjYwNjA5MDczNjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzdlMTAxODkzOTRkYTNkYzQzYzg1YThmNDBjNTZkMzQyMTAxNjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6OyRw3KwMyyVdPnbJJJhkpExNBx
6+y56inB11NpTQX1dH7ulJiUTD7hsP0cWcGvxBQuqw/2XK0rDAaVDaApHaQ8oeEU
yVg2pXj/QFzGjGH46rsYz9UFsut0Fts5eVFU8HMsJEHnkk8BYEJ8EQgGH+iG6E9n
GqGd0o2LY/NsTzSMBKG6qoWSCRywieJS0wft+/eciXp3ksJyvD1U+JG7KmZ9dgG2
6EGNL7wiDQlpVJCYYb29HCQLOkoUwjXzveRvMwGcN9hdgM8MZBbJuIRbQeR/nBaG
YqJpn+w9vxaY+gwOiSy3RQWXWmIUKY4qMPPZvHKQLHmrqv1JPv9F+AWhFwIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFJx+EBiTlNo9xDyFqPQMVtNCEBZ5MB8GA1UdIwQY
MBaAFNW2pco36tMf0qNQsLQS132VMgkoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWJhbHlqZnEweF9TbzFDd3RCTFhmWlV5Q1NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8zZmE5M2YtYTM0Zi00MWNmLTg4NzUt
ZDRlODgyMDgzZTRmLzEvbkg0UUdKT1UyajNFUElXbzlBeFcwMElRRm5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8zZmE5M2YtYTM0Zi00MWNmLTg4NzUtZDRlODgyMDgzZTRm
LzEvMWJhbHlqZnEweF9TbzFDd3RCTFhmWlV5Q1NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzA6BAIAATA0AwQABbfTMAwD
BAAtmVEDBAItmVAwDAMEAlEbRAMEAFEbRgMEAF5ntAMEALld1QMEAbmGQjANBAIA
AjAHAwUDKhFBQDANBgkqhkiG9w0BAQsFAAOCAQEA113gJDTZL4RElUPK0v0m3pe+
rZ7s5ct1IgdtxMsVnEHBy9DzFHKTA37W1CEf6ckO/Ez7Jryc9b6vj33Hc6jyIXU+
x4QMBY4KMjExyARs/Qodzk5yGKxTMsVKn9w3ofe3DmiFPwTEXeEem1xgoc0/dzmf
ShKct++/ErqvMRTX0Nw4or3MZkjrlNToNdOFx2v+vvOFsfnhyMQFld+9xDuYHQgg
8H7DzGGbvqzV6T04pYqzbKzy5kH8VKQ8QoEs9746XoTB8RXeKswhB5l/Z8ii2THR
dLGA96B9RPARsyPmSTcfL3HlwKyWYUhzgaetGQ9xFyUsEoyMyi2MQwLJwAsRqw==
-----END CERTIFICATE-----
Generated at Sat Jun 13 18:28:11 2026 by rpki-client