Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/inqAza4l5ciwhzOXj0ACyqcFlwQ.roa
File: inqAza4l5ciwhzOXj0ACyqcFlwQ.roa (raw, json)
Hash identifier: qQ0Spr3AGwQWQJ5ShabquSkGRqgIUO97WsMc218INn0=
Subject key identifier: 8A:7A:80:CD:AE:25:E5:C8:B0:87:33:97:8F:40:02:CA:A7:05:97:04
Certificate issuer: /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial: 019CD4C95A4B1C350429A02523EA5D168398
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/inqAza4l5ciwhzOXj0ACyqcFlwQ.roa
Signing time: Mon 09 Mar 2026 22:48:11 +0000
ROA not before: Mon 09 Mar 2026 22:48:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 205463
IP address blocks: 2.56.108.0/24 maxlen: 24
2.56.109.0/24 maxlen: 24
45.9.30.0/24 maxlen: 24
45.81.113.0/24 maxlen: 24
45.81.115.0/24 maxlen: 24
45.88.139.0/24 maxlen: 24
45.132.181.0/24 maxlen: 24
85.209.120.0/24 maxlen: 24
193.57.41.0/24 maxlen: 24
194.15.52.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 11 Mar 2026 06:19:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:d4:c9:5a:4b:1c:35:04:29:a0:25:23:ea:5d:16:83:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Validity
Not Before: Mar 9 22:48:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8a7a80cdae25e5c8b08733978f4002caa7059704
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:4a:da:72:ff:07:0f:03:6b:6a:17:43:54:ff:
a8:05:a9:e8:98:85:c3:e3:37:c9:1b:47:8d:52:58:
e8:0f:49:04:a3:a6:7e:2f:94:de:48:6d:84:30:a4:
40:39:c5:04:83:d9:b5:b1:f0:99:8a:ae:54:8f:25:
76:c7:2f:fe:52:66:a5:61:ed:66:79:04:44:d3:fb:
0e:36:59:10:6e:98:87:b5:bb:39:08:cc:7c:46:f1:
60:74:55:c0:04:b2:46:8b:87:29:c3:7d:64:1e:f1:
f6:41:22:f9:84:69:e5:2e:8b:78:ea:5c:61:c8:9d:
ba:a7:08:65:74:28:13:33:86:dd:bd:e2:a6:a4:fc:
6c:c5:b2:ab:12:8a:1e:31:eb:0d:b8:3a:07:e1:99:
4c:4b:3d:eb:89:e0:23:74:76:6b:fe:40:12:60:e7:
cc:fc:e9:9a:ec:d1:40:44:3c:06:2e:60:13:92:c0:
65:3f:0a:da:ad:df:fb:59:25:ba:bb:dc:c1:bf:e4:
0e:02:56:1b:80:b1:35:d8:37:5a:e0:ce:7f:8b:01:
01:f2:88:66:7b:11:19:7a:48:0d:7a:35:6b:40:90:
7e:4e:dd:5a:a3:b1:a5:27:e9:80:93:e6:55:68:8c:
97:bc:a7:21:c7:dc:d6:9c:78:16:1d:c8:de:b6:bd:
a7:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:7A:80:CD:AE:25:E5:C8:B0:87:33:97:8F:40:02:CA:A7:05:97:04
X509v3 Authority Key Identifier:
keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/inqAza4l5ciwhzOXj0ACyqcFlwQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.108.0/23
45.9.30.0/24
45.81.113.0/24
45.81.115.0/24
45.88.139.0/24
45.132.181.0/24
85.209.120.0/24
193.57.41.0/24
194.15.52.0/24
Signature Algorithm: sha256WithRSAEncryption
45:83:8b:05:a5:74:04:5d:fe:5d:8e:ee:d7:0c:3d:c5:56:e7:
7a:92:0f:35:75:c0:d1:3b:e1:fb:98:be:b7:80:66:e4:15:84:
93:de:72:c6:cf:37:80:f2:7d:3f:3f:1a:eb:ba:5b:0b:af:03:
59:02:68:2b:e3:3f:fc:05:6c:bb:0e:b4:bd:7d:d6:d6:ec:46:
4f:fd:d8:7e:97:29:88:3f:5f:1c:5f:95:31:65:8b:22:d9:4b:
cb:ca:ff:c9:54:df:38:99:23:39:85:93:88:2a:58:e3:a6:87:
e5:88:17:dc:dd:12:b7:1b:cc:62:99:dc:0a:1e:58:ce:a0:45:
ce:46:a6:cb:c5:89:9a:30:5a:2f:ed:59:c6:3b:1c:a1:56:c0:
5a:74:89:bb:90:2b:67:26:a5:ba:7a:1f:c5:84:e4:c4:ad:b6:
ea:30:e2:37:a3:40:8e:76:35:16:4c:7c:70:02:41:4f:94:4b:
a8:21:c8:bd:01:e8:30:c5:dc:e5:a5:a0:25:60:6d:2c:66:6d:
4c:c5:79:38:26:f1:66:ec:11:3a:08:f6:11:b2:b3:57:53:88:
83:c0:ea:ed:2a:9c:fb:aa:7e:ea:66:e0:ce:a8:b7:71:55:d2:
05:44:86:2d:46:a1:48:d8:e0:ea:c6:a7:ce:56:6f:53:fc:8f:
f2:dd:c1:a6
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZzUyVpLHDUEKaAlI+pdFoOYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwMzA5MjI0ODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTdhODBjZGFlMjVlNWM4YjA4NzMzOTc4ZjQwMDJjYWE3MDU5NzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkracv8HDwNrahdDVP+oBanomIXD
4zfJG0eNUljoD0kEo6Z+L5TeSG2EMKRAOcUEg9m1sfCZiq5UjyV2xy/+UmalYe1m
eQRE0/sONlkQbpiHtbs5CMx8RvFgdFXABLJGi4cpw31kHvH2QSL5hGnlLot46lxh
yJ26pwhldCgTM4bdveKmpPxsxbKrEooeMesNuDoH4ZlMSz3rieAjdHZr/kASYOfM
/Oma7NFARDwGLmATksBlPwrard/7WSW6u9zBv+QOAlYbgLE12Dda4M5/iwEB8ohm
exEZekgNejVrQJB+Tt1ao7GlJ+mAk+ZVaIyXvKchx9zWnHgWHcjetr2nEQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFIp6gM2uJeXIsIczl49AAsqnBZcEMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvaW5xQXphNGw1Y2l3aHpPWGowQUN5cWNGbHdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBAjhsAwQA
LQkeAwQALVFxAwQALVFzAwQALViLAwQALYS1AwQAVdF4AwQAwTkpAwQAwg80MA0G
CSqGSIb3DQEBCwUAA4IBAQBFg4sFpXQEXf5dju7XDD3FVud6kg81dcDRO+H7mL63
gGbkFYST3nLGzzeA8n0/PxrrulsLrwNZAmgr4z/8BWy7DrS9fdbW7EZP/dh+lymI
P18cX5UxZYsi2UvLyv/JVN84mSM5hZOIKljjpofliBfc3RK3G8ximdwKHljOoEXO
RqbLxYmaMFov7VnGOxyhVsBadIm7kCtnJqW6eh/FhOTErbbqMOI3o0COdjUWTHxw
AkFPlEuoIci9AegwxdzlpaAlYG0sZm1MxXk4JvFm7BE6CPYRsrNXU4iDwOrtKpz7
qn7qZuDOqLdxVdIFRIYtRqFI2ODqxqfOVm9T/I/y3cGm
-----END CERTIFICATE-----
Generated at Tue Mar 10 09:54:44 2026 by rpki-client