Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/3Vx1cnLpiAfNCzWy0I3_nXPcC9M.roa
File: 3Vx1cnLpiAfNCzWy0I3_nXPcC9M.roa (raw, json)
Hash identifier: p+noQvGX+yQD2XLqg2x5Tru3ct/yVQ6G5E/ulPipjjA=
Subject key identifier: DD:5C:75:72:72:E9:88:07:CD:0B:35:B2:D0:8D:FF:9D:73:DC:0B:D3
Certificate issuer: /CN=4b48cf146b4c73d274096d705708d24b729329f8
Certificate serial: 019E68C479BA55946D62C2780BF995CDE9EB
Authority key identifier: 4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/3Vx1cnLpiAfNCzWy0I3_nXPcC9M.roa
Signing time: Wed 27 May 2026 09:29:27 +0000
ROA not before: Wed 27 May 2026 09:29:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 205467
IP address blocks: 85.12.0.0/22 maxlen: 22
85.12.4.0/22 maxlen: 22
193.138.220.0/24 maxlen: 24
193.138.221.0/24 maxlen: 24
193.138.222.0/24 maxlen: 24
193.138.223.0/24 maxlen: 24
2a01:788:213::/48 maxlen: 48
2a01:788:1001::/48 maxlen: 48
2a01:788:aaaa::/48 maxlen: 48
2a01:788:aaab::/48 maxlen: 48
2a01:788:aaac::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.crl
rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.mft
rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 18:00:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:68:c4:79:ba:55:94:6d:62:c2:78:0b:f9:95:cd:e9:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b48cf146b4c73d274096d705708d24b729329f8
Validity
Not Before: May 27 09:29:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=dd5c757272e98807cd0b35b2d08dff9d73dc0bd3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:47:be:53:8c:1a:1c:75:23:22:b5:87:89:ea:
87:b0:3a:1e:64:45:78:98:f2:f8:aa:0b:8d:2d:6a:
c5:d3:e7:a1:40:77:ca:21:e3:be:18:b9:83:f9:77:
4b:cb:4e:77:c4:10:13:6d:2a:63:ca:ef:0c:f7:9b:
d5:e1:db:ba:dc:ae:65:d1:af:4c:3f:82:5d:13:c3:
0e:0e:2e:d6:71:43:37:14:cb:cb:9e:0c:43:f6:27:
3d:1a:8a:f7:6a:4b:7d:30:8f:0e:a0:b2:9f:2f:fb:
72:22:03:65:fa:60:e6:e4:ae:f3:6c:62:1a:e1:a4:
9a:a3:12:30:39:f5:69:e7:a4:e5:4f:9d:84:86:90:
a0:6e:7c:49:3b:c6:de:da:13:43:7f:32:9e:cc:fd:
28:92:16:69:9e:a9:2f:c3:4d:53:ec:a0:8e:27:90:
b0:33:86:56:b4:7d:8f:b4:a5:3b:5f:50:ef:4e:c7:
82:cb:35:11:07:e6:cf:e3:94:09:13:4c:ed:dd:89:
0a:63:c3:5a:9a:44:5f:b6:da:81:40:55:3b:3c:8d:
7a:d2:70:75:82:76:84:be:1c:9c:c0:45:6a:a4:e4:
80:e4:ee:68:c7:ca:09:9b:ae:81:43:75:c6:14:09:
33:df:0b:6f:03:6d:21:36:54:00:25:1d:e8:60:8c:
4d:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:5C:75:72:72:E9:88:07:CD:0B:35:B2:D0:8D:FF:9D:73:DC:0B:D3
X509v3 Authority Key Identifier:
keyid:4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/3Vx1cnLpiAfNCzWy0I3_nXPcC9M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.12.0.0/21
193.138.220.0/22
IPv6:
2a01:788:213::/48
2a01:788:1001::/48
2a01:788:aaaa::-2a01:788:aaac:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
8e:90:9c:87:4c:54:f5:c2:6b:b9:f5:91:18:c1:52:8a:c3:7e:
38:28:88:0a:be:bc:b0:b9:26:59:71:22:9c:9b:7f:e3:ed:36:
a8:02:42:e0:20:ab:e9:3e:f6:2d:f2:24:9e:e5:b9:c1:fb:70:
7b:fb:1b:fb:4f:bf:ba:68:3a:b3:e4:bc:d2:8e:34:78:4e:d5:
56:c2:f8:19:08:56:ac:e6:27:a8:e2:6f:13:ad:61:42:7d:9d:
c4:e8:fa:55:1a:7d:4e:19:33:1d:3a:1e:62:35:c9:b0:5c:4d:
bb:8f:4e:f0:76:3f:3a:c0:ae:01:7c:65:79:b4:d9:63:1d:50:
0e:b9:0f:b9:b9:5f:e9:75:dd:89:3f:bc:a1:b9:be:f1:15:9b:
a7:bd:12:9f:55:81:c6:4d:d3:c2:bc:8f:8a:20:55:7e:23:8b:
ae:a4:dc:a0:ff:0e:4b:82:a6:f9:db:1d:32:1e:8e:b6:b2:75:
2e:97:d2:83:ec:96:e1:ab:47:69:58:0c:25:96:e1:4b:ca:ef:
76:eb:0d:99:4c:1c:59:77:98:67:61:64:12:c6:6e:20:1c:6d:
ab:58:04:5d:8f:da:f1:34:cf:81:20:56:94:ff:d5:c9:90:fa:
68:32:8c:5c:d7:fe:a4:3e:83:20:8d:55:35:79:0d:fd:98:4f:
81:fb:84:79
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZ5oxHm6VZRtYsJ4C/mVzenrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNDhjZjE0NmI0YzczZDI3NDA5NmQ3MDU3MDhkMjRiNzI5
MzI5ZjgwHhcNMjYwNTI3MDkyOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDVjNzU3MjcyZTk4ODA3Y2QwYjM1YjJkMDhkZmY5ZDczZGMwYmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUe+U4waHHUjIrWHieqHsDoeZEV4
mPL4qguNLWrF0+ehQHfKIeO+GLmD+XdLy053xBATbSpjyu8M95vV4du63K5l0a9M
P4JdE8MODi7WcUM3FMvLngxD9ic9Gor3akt9MI8OoLKfL/tyIgNl+mDm5K7zbGIa
4aSaoxIwOfVp56TlT52EhpCgbnxJO8be2hNDfzKezP0okhZpnqkvw01T7KCOJ5Cw
M4ZWtH2PtKU7X1DvTseCyzURB+bP45QJE0zt3YkKY8NamkRfttqBQFU7PI160nB1
gnaEvhycwEVqpOSA5O5ox8oJm66BQ3XGFAkz3wtvA20hNlQAJR3oYIxNFQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFN1cdXJy6YgHzQs1stCN/51z3AvTMB8GA1UdIwQY
MBaAFEtIzxRrTHPSdAltcFcI0ktykyn4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMt
NjRhNmEwNWI5OTA1LzEvM1Z4MWNuTHBpQWZOQ3pXeTBJM19uWFBjQzlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMtNjRhNmEwNWI5OTA1
LzEvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjASBAIAATAMAwQDVQwAAwQC
wYrcMCwEAgACMCYDBwAqAQeIAhMDBwAqAQeIEAEwEgMHASoBB4iqqgMHACoBB4iq
rDANBgkqhkiG9w0BAQsFAAOCAQEAjpCch0xU9cJrufWRGMFSisN+OCiICr68sLkm
WXEinJt/4+02qAJC4CCr6T72LfIknuW5wftwe/sb+0+/umg6s+S80o40eE7VVsL4
GQhWrOYnqOJvE61hQn2dxOj6VRp9ThkzHToeYjXJsFxNu49O8HY/OsCuAXxlebTZ
Yx1QDrkPublf6XXdiT+8obm+8RWbp70Sn1WBxk3TwryPiiBVfiOLrqTcoP8OS4Km
+dsdMh6OtrJ1LpfSg+yW4atHaVgMJZbhS8rvdusNmUwcWXeYZ2FkEsZuIBxtq1gE
XY/a8TTPgSBWlP/VyZD6aDKMXNf+pD6DII1VNXkN/ZhPgfuEeQ==
-----END CERTIFICATE-----
Generated at Thu Jun 11 23:49:21 2026 by rpki-client