Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/_iSoJoSQU2rWRPQsCDM8n6gmZr0.roa
File: _iSoJoSQU2rWRPQsCDM8n6gmZr0.roa (raw, json)
Hash identifier: jprC0r9ZYRJlUMCI1TbisXmvXfahkQeehe5ckHPPRcM=
Subject key identifier: FE:24:A8:26:84:90:53:6A:D6:44:F4:2C:08:33:3C:9F:A8:26:66:BD
Certificate issuer: /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial: 019E8708959105C71309D4EB08464B312703
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/_iSoJoSQU2rWRPQsCDM8n6gmZr0.roa
Signing time: Tue 02 Jun 2026 06:32:27 +0000
ROA not before: Tue 02 Jun 2026 06:32:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9304
IP address blocks: 109.229.216.0/23 maxlen: 24
109.229.218.0/24 maxlen: 24
109.229.223.0/24 maxlen: 24
185.220.199.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 03 Jun 2026 15:00:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:87:08:95:91:05:c7:13:09:d4:eb:08:46:4b:31:27:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Validity
Not Before: Jun 2 06:32:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fe24a8268490536ad644f42c08333c9fa82666bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:09:4b:0d:ba:e8:c0:01:08:0c:44:4f:6f:2d:
f6:4d:68:27:2f:d7:43:fe:72:3b:c4:83:ac:e9:ec:
9a:6c:fe:69:9d:dd:70:71:e5:e0:37:b0:2e:50:97:
43:a4:33:07:b9:fd:4b:f7:94:d8:02:d8:38:a9:be:
fb:1b:67:18:f9:a8:eb:b6:75:11:41:b8:46:f0:09:
83:35:70:34:2b:3f:e1:5b:9a:5d:db:03:da:0a:de:
35:9f:23:3f:2a:0a:7e:d3:7c:e7:76:d8:9b:fb:1b:
3b:70:8d:1a:ee:3e:7c:12:3b:ec:70:b3:3c:7d:91:
4b:e9:6f:ec:d2:47:4e:a4:c8:4f:a6:05:f7:09:8a:
2f:c5:bc:db:23:f9:74:54:77:00:2d:15:8d:24:74:
e1:85:df:c1:da:32:01:bd:fc:d1:3a:20:c4:42:b1:
77:08:97:07:c9:7e:f5:2b:09:f1:fe:e0:d1:25:3f:
d9:e1:31:0c:81:32:22:7a:45:5b:3e:c4:8b:32:f2:
f8:92:de:d1:54:2b:e4:46:96:02:d9:d9:2a:7d:70:
20:8c:de:23:98:c3:9a:d4:a6:16:14:04:f8:2d:d3:
83:2e:6b:c5:2d:d3:6b:de:16:d4:47:3b:73:c1:e9:
f0:8e:3d:47:aa:40:7e:13:38:8d:ee:82:0c:b5:e5:
69:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:24:A8:26:84:90:53:6A:D6:44:F4:2C:08:33:3C:9F:A8:26:66:BD
X509v3 Authority Key Identifier:
keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/_iSoJoSQU2rWRPQsCDM8n6gmZr0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.229.216.0-109.229.218.255
109.229.223.0/24
185.220.199.0/24
Signature Algorithm: sha256WithRSAEncryption
1d:df:00:a6:05:48:e0:64:16:bd:81:fd:d1:73:27:8c:3c:2f:
5c:ea:13:b6:d5:5c:68:b6:2d:17:12:32:98:e2:36:03:bf:0e:
fd:18:c8:b0:22:91:c4:d5:a7:ea:4d:37:45:89:43:19:73:f7:
e0:50:04:86:57:57:ac:9e:0d:d5:66:be:28:6f:9f:41:f4:c6:
97:d0:e0:43:71:43:d0:10:01:2a:30:33:90:f5:b3:a7:0c:f5:
e8:2c:2c:a3:f1:aa:e9:04:4a:02:44:85:a2:48:16:24:27:70:
87:6a:8c:af:b9:3c:1a:c6:5b:84:f9:7f:c2:e8:d1:a5:46:ca:
ec:a3:5a:43:5d:db:80:8c:01:61:f3:7f:35:d0:77:bd:7c:4e:
4d:d5:d5:c3:09:ea:f3:c0:44:7c:98:61:75:ba:64:c3:53:34:
08:4e:fd:5c:2f:d1:39:98:54:0e:3b:0b:2e:1e:e0:b0:1f:7a:
a9:2d:c6:8d:56:90:e3:f4:c9:5d:bb:1a:2b:12:b7:15:b5:0f:
1c:a1:53:f1:2a:3d:8a:6d:50:fa:04:d6:4b:34:c1:fa:f4:9e:
e7:93:3a:bf:2d:f5:c0:a5:49:e3:b2:00:8c:f6:98:be:07:87:
e7:b7:35:9a:66:3d:70:54:54:81:2e:b5:e9:4a:9c:0a:65:7b:
65:33:fe:c3
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZ6HCJWRBccTCdTrCEZLMScDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwNjAyMDYzMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTI0YTgyNjg0OTA1MzZhZDY0NGY0MmMwODMzM2M5ZmE4MjY2NmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyglLDbrowAEIDERPby32TWgnL9dD
/nI7xIOs6eyabP5pnd1wceXgN7AuUJdDpDMHuf1L95TYAtg4qb77G2cY+ajrtnUR
QbhG8AmDNXA0Kz/hW5pd2wPaCt41nyM/Kgp+03zndtib+xs7cI0a7j58EjvscLM8
fZFL6W/s0kdOpMhPpgX3CYovxbzbI/l0VHcALRWNJHThhd/B2jIBvfzROiDEQrF3
CJcHyX71Kwnx/uDRJT/Z4TEMgTIiekVbPsSLMvL4kt7RVCvkRpYC2dkqfXAgjN4j
mMOa1KYWFAT4LdODLmvFLdNr3hbURztzwenwjj1HqkB+EziN7oIMteVpHwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFP4kqCaEkFNq1kT0LAgzPJ+oJma9MB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvX2lTb0pvU1FVMnJXUlBRc0NETThuNmdtWnIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBANt5dgD
BABt5doDBABt5d8DBAC53McwDQYJKoZIhvcNAQELBQADggEBAB3fAKYFSOBkFr2B
/dFzJ4w8L1zqE7bVXGi2LRcSMpjiNgO/Dv0YyLAikcTVp+pNN0WJQxlz9+BQBIZX
V6yeDdVmvihvn0H0xpfQ4ENxQ9AQASowM5D1s6cM9egsLKPxqukESgJEhaJIFiQn
cIdqjK+5PBrGW4T5f8Lo0aVGyuyjWkNd24CMAWHzfzXQd718Tk3V1cMJ6vPARHyY
YXW6ZMNTNAhO/Vwv0TmYVA47Cy4e4LAfeqktxo1WkOP0yV27GisStxW1DxyhU/Eq
PYptUPoE1ks0wfr0nueTOr8t9cClSeOyAIz2mL4Hh+e3NZpmPXBUVIEutelKnApl
e2Uz/sM=
-----END CERTIFICATE-----
Generated at Tue Jun 2 20:50:29 2026 by rpki-client