Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/34NNjlwas8r1mvwkZ8lGTHTkmEk.roa
File: 34NNjlwas8r1mvwkZ8lGTHTkmEk.roa (raw, json)
Hash identifier: rXQGVwtQCUJF7b+cMJcFPY1oQ6jfWC9XaJzSl8xkqSs=
Subject key identifier: DF:83:4D:8E:5C:1A:B3:CA:F5:9A:FC:24:67:C9:46:4C:74:E4:98:49
Certificate issuer: /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial: 019DD8E09606191137F654DB1B5EBB6EFCDF
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/34NNjlwas8r1mvwkZ8lGTHTkmEk.roa
Signing time: Wed 29 Apr 2026 10:54:50 +0000
ROA not before: Wed 29 Apr 2026 10:54:50 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 34872
IP address blocks: 45.154.97.0/24 maxlen: 32
45.154.99.0/24 maxlen: 32
62.3.50.0/24 maxlen: 32
194.28.96.0/24 maxlen: 32
194.28.98.0/23 maxlen: 32
2a0c:b640::/32 maxlen: 128
2a0c:b641::/44 maxlen: 128
2a0c:b641:10::/44 maxlen: 128
2a0c:b641:50::/44 maxlen: 128
2a0c:b641:60::/44 maxlen: 128
2a0c:b641:530::/44 maxlen: 128
2a0c:b641:5e0::/44 maxlen: 48
2a0c:b641:660::/44 maxlen: 44
2a0c:b641:6d0::/44 maxlen: 128
2a0c:b641:70f::/48 maxlen: 128
2a0c:b641:730::/44 maxlen: 128
2a0c:b641:820::/44 maxlen: 128
2a0f:8400::/32 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 01 May 2026 14:01:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:d8:e0:96:06:19:11:37:f6:54:db:1b:5e:bb:6e:fc:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05976801363d375786152e4d061e75c8beb35058
Validity
Not Before: Apr 29 10:54:50 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=df834d8e5c1ab3caf59afc2467c9464c74e49849
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:7b:05:68:1f:0e:a6:67:bc:78:af:2f:a7:a1:
dd:b7:80:af:48:e6:3b:4b:89:b1:cd:69:3c:57:dc:
27:df:92:fb:81:83:01:06:dc:1b:ec:e4:81:70:d8:
d4:4d:98:e4:61:c1:89:87:a0:cd:33:41:8b:d9:8b:
a5:46:be:41:06:99:f2:3b:04:82:7b:89:b7:a1:ac:
c5:de:4d:6b:d2:6b:0e:74:65:54:87:48:1c:3a:e7:
ed:56:dd:5a:47:9f:91:22:2d:1b:11:d9:d7:2c:8a:
ec:1d:fc:9f:e3:fc:80:42:f0:29:7b:84:ee:f8:9e:
77:49:fe:c4:1b:db:b9:70:be:cd:37:fe:62:43:47:
ee:6d:10:63:21:eb:fd:26:67:2f:69:d7:45:17:ae:
af:6c:9f:bc:95:3f:77:66:fc:72:6f:0c:a8:d1:bb:
3f:81:c3:24:19:fb:de:02:f3:08:97:b0:0f:cd:41:
1d:cf:49:28:2d:93:e9:2e:33:c9:aa:7d:12:b6:21:
99:6f:ae:20:9d:47:14:ef:8e:66:94:5f:2a:55:b5:
ef:36:5d:73:23:85:d0:6f:37:f9:48:54:bd:8d:16:
7a:3d:d7:62:68:4b:9e:d6:19:6d:f7:7f:29:61:9f:
8b:b8:80:40:e2:af:32:83:ec:b0:17:46:48:34:31:
f6:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:83:4D:8E:5C:1A:B3:CA:F5:9A:FC:24:67:C9:46:4C:74:E4:98:49
X509v3 Authority Key Identifier:
keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/34NNjlwas8r1mvwkZ8lGTHTkmEk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.154.97.0/24
45.154.99.0/24
62.3.50.0/24
194.28.96.0/24
194.28.98.0/23
IPv6:
2a0c:b640::-2a0c:b641:1f:ffff:ffff:ffff:ffff:ffff
2a0c:b641:50::-2a0c:b641:6f:ffff:ffff:ffff:ffff:ffff
2a0c:b641:530::/44
2a0c:b641:5e0::/44
2a0c:b641:660::/44
2a0c:b641:6d0::/44
2a0c:b641:70f::/48
2a0c:b641:730::/44
2a0c:b641:820::/44
2a0f:8400::/32
Signature Algorithm: sha256WithRSAEncryption
17:db:de:82:db:1f:b3:c2:a6:22:b1:6c:4f:68:78:e1:5f:bb:
13:59:6d:e5:43:5e:94:ea:4c:5e:f0:2b:19:ac:f3:86:ff:b7:
5b:d6:0d:db:0f:2f:ed:1a:0c:37:b0:33:3f:d3:5c:a3:8f:45:
a2:51:18:19:dd:61:40:f1:fc:72:b9:dd:bd:c9:b5:3c:a0:5d:
84:7d:c3:89:7d:53:2c:d6:0d:fe:53:3f:ca:e4:d6:ec:9b:a1:
2f:1f:b3:82:48:06:29:7f:d0:c0:fc:c3:a5:a4:64:20:46:61:
a8:69:ae:0f:16:3c:0c:6b:c9:f4:a3:ea:a4:29:6f:89:7f:a6:
cd:48:83:99:56:2b:bf:8f:9a:26:64:f2:88:80:8e:d2:57:66:
f0:55:a2:61:0a:c3:f8:96:2b:cd:45:18:b1:3f:2e:44:8f:ea:
8f:1d:5d:da:ad:30:98:63:c9:51:08:ef:27:9b:25:7c:08:49:
52:86:a4:76:74:8d:d1:49:00:45:69:8e:44:17:64:b5:e1:43:
2e:4d:11:56:b4:a9:46:e9:fb:c0:4a:f6:02:97:06:14:7d:30:
ba:eb:34:13:26:d9:67:79:d6:b4:19:d8:e5:d9:b2:dc:84:8f:
a2:a0:80:54:40:3f:5a:08:71:0b:7b:24:3d:d6:30:f4:b7:d8:
7d:bf:90:51
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgISAZ3Y4JYGGRE39lTbG167bvzfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwNDI5MTA1NDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjgzNGQ4ZTVjMWFiM2NhZjU5YWZjMjQ2N2M5NDY0Yzc0ZTQ5ODQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXsFaB8Opme8eK8vp6Hdt4CvSOY7
S4mxzWk8V9wn35L7gYMBBtwb7OSBcNjUTZjkYcGJh6DNM0GL2YulRr5BBpnyOwSC
e4m3oazF3k1r0msOdGVUh0gcOuftVt1aR5+RIi0bEdnXLIrsHfyf4/yAQvApe4Tu
+J53Sf7EG9u5cL7NN/5iQ0fubRBjIev9JmcvaddFF66vbJ+8lT93Zvxybwyo0bs/
gcMkGfveAvMIl7APzUEdz0koLZPpLjPJqn0StiGZb64gnUcU745mlF8qVbXvNl1z
I4XQbzf5SFS9jRZ6PddiaEue1hlt938pYZ+LuIBA4q8yg+ywF0ZINDH2hQIDAQAB
o4ICmDCCApQwHQYDVR0OBBYEFN+DTY5cGrPK9Zr8JGfJRkx05JhJMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvMzROTmpsd2FzOHIxbXZ3a1o4bEdUSFRrbUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGtBggrBgEFBQcBBwEB/wSBnTCBmjAkBAIAATAeAwQALZph
AwQALZpjAwQAPgMyAwQAwhxgAwQBwhxiMHIEAgACMGwwEAMFBioMtkADBwUqDLZB
AAAwEgMHBCoMtkEAUAMHBCoMtkEAYAMHBCoMtkEFMAMHBCoMtkEF4AMHBCoMtkEG
YAMHBCoMtkEG0AMHACoMtkEHDwMHBCoMtkEHMAMHBCoMtkEIIAMFACoPhAAwDQYJ
KoZIhvcNAQELBQADggEBABfb3oLbH7PCpiKxbE9oeOFfuxNZbeVDXpTqTF7wKxms
84b/t1vWDdsPL+0aDDewMz/TXKOPRaJRGBndYUDx/HK53b3JtTygXYR9w4l9UyzW
Df5TP8rk1uyboS8fs4JIBil/0MD8w6WkZCBGYahprg8WPAxryfSj6qQpb4l/ps1I
g5lWK7+PmiZk8oiAjtJXZvBVomEKw/iWK81FGLE/LkSP6o8dXdqtMJhjyVEI7yeb
JXwISVKGpHZ0jdFJAEVpjkQXZLXhQy5NEVa0qUbp+8BK9gKXBhR9MLrrNBMm2Wd5
1rQZ2OXZstyEj6KggFRAP1oIcQt7JD3WMPS32H2/kFE=
-----END CERTIFICATE-----
Generated at Thu Apr 30 19:16:39 2026 by rpki-client