Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/aHdoN_DGVG-KMc_3F8GUkgwtfTA.roa
File: aHdoN_DGVG-KMc_3F8GUkgwtfTA.roa (raw, json)
Hash identifier: H3UvgyihVWPWNvTZnG+geSxthabfqT2G1VF5QJWsGAw=
Subject key identifier: 68:77:68:37:F0:C6:54:6F:8A:31:CF:F7:17:C1:94:92:0C:2D:7D:30
Certificate issuer: /CN=9a48c1d8008cdc059db0b27aa9514799c06d5443
Certificate serial: 019D9BF99E0EB58842D02207E306D1C02699
Authority key identifier: 9A:48:C1:D8:00:8C:DC:05:9D:B0:B2:7A:A9:51:47:99:C0:6D:54:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/aHdoN_DGVG-KMc_3F8GUkgwtfTA.roa
Signing time: Fri 17 Apr 2026 15:05:20 +0000
ROA not before: Fri 17 Apr 2026 15:05:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 56694
IP address blocks: 31.177.108.0/22 maxlen: 24
45.154.184.0/22 maxlen: 24
91.219.148.0/22 maxlen: 24
93.184.168.0/21 maxlen: 24
94.198.50.0/23 maxlen: 24
94.198.52.0/22 maxlen: 24
109.238.92.0/22 maxlen: 24
152.89.216.0/22 maxlen: 24
178.255.126.0/23 maxlen: 24
185.9.144.0/22 maxlen: 24
185.130.248.0/22 maxlen: 24
188.127.224.0/20 maxlen: 24
188.127.240.0/22 maxlen: 24
188.127.244.0/23 maxlen: 24
188.127.248.0/22 maxlen: 24
188.127.253.0/24 maxlen: 24
188.127.254.0/23 maxlen: 24
213.171.16.0/21 maxlen: 24
2a06:dd00::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.crl
rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.mft
rsync://rpki.ripe.net/repository/DEFAULT/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 21:01:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:9b:f9:9e:0e:b5:88:42:d0:22:07:e3:06:d1:c0:26:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9a48c1d8008cdc059db0b27aa9514799c06d5443
Validity
Not Before: Apr 17 15:05:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=68776837f0c6546f8a31cff717c194920c2d7d30
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:5f:2f:b9:ad:f7:8f:79:8b:c9:4d:c1:cb:ff:
b5:64:2f:b2:06:52:98:97:3a:41:10:27:33:56:3d:
12:5d:88:d4:d3:32:7a:75:fa:1e:a8:55:fb:73:96:
80:64:2e:0e:e1:49:44:19:4b:eb:14:de:6f:28:4d:
f2:4c:a4:ed:34:89:d5:37:be:74:26:58:6a:ca:5d:
fe:a2:76:5e:e0:c5:df:75:d9:61:d1:f5:ae:8c:78:
5d:d0:c3:fa:be:7c:f3:7d:eb:39:dc:dc:d3:7a:57:
25:f4:85:78:c9:9d:5e:3c:67:b3:a5:1b:43:a7:44:
bb:14:de:e3:38:08:70:23:b1:21:6b:6e:ed:08:34:
8b:3e:c5:eb:c3:a1:42:6d:6d:dc:2b:57:a1:ab:c4:
4c:ff:6f:ff:9c:54:90:8f:53:f5:69:3d:88:aa:0f:
19:64:1b:6c:69:27:0d:a8:f4:c2:8c:e8:d3:9c:c0:
2f:d1:22:27:61:33:d4:69:a8:5f:48:a2:c9:bb:4e:
8d:e7:b7:a3:be:a6:34:8e:2f:2e:75:fa:fa:04:ab:
db:38:52:a7:f2:fb:f6:4d:67:3f:d1:d8:23:f9:76:
05:2b:e1:4c:85:5c:f2:eb:a5:e2:3d:4e:f6:81:81:
43:0c:8b:2a:4f:09:d5:ab:e4:2e:19:c6:51:17:a7:
cc:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:77:68:37:F0:C6:54:6F:8A:31:CF:F7:17:C1:94:92:0C:2D:7D:30
X509v3 Authority Key Identifier:
keyid:9A:48:C1:D8:00:8C:DC:05:9D:B0:B2:7A:A9:51:47:99:C0:6D:54:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/aHdoN_DGVG-KMc_3F8GUkgwtfTA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.177.108.0/22
45.154.184.0/22
91.219.148.0/22
93.184.168.0/21
94.198.50.0-94.198.55.255
109.238.92.0/22
152.89.216.0/22
178.255.126.0/23
185.9.144.0/22
185.130.248.0/22
188.127.224.0-188.127.245.255
188.127.248.0/22
188.127.253.0-188.127.255.255
213.171.16.0/21
IPv6:
2a06:dd00::/32
Signature Algorithm: sha256WithRSAEncryption
83:df:95:a2:f8:8a:e8:8a:e3:1b:ff:58:e8:7e:e9:19:bf:cc:
3e:0a:51:0b:84:ee:f8:8c:71:a0:44:f1:94:a1:88:a1:36:d2:
ef:1b:4b:9a:72:65:5f:7f:6f:fa:e9:a7:d9:91:04:08:b4:80:
cc:56:f4:4e:5d:9c:e6:35:11:70:95:cf:81:4d:60:bc:73:bf:
f3:de:9a:92:85:a2:e7:06:49:eb:6f:62:d1:55:c7:5a:c1:56:
95:dd:2a:11:7f:ab:3b:b6:07:e0:f6:be:6c:7e:dd:43:ae:b3:
1b:5d:17:0a:5d:84:29:6c:ad:29:a4:a8:5b:b3:5f:90:18:0f:
54:81:d3:b6:50:8a:77:c8:d9:c6:f9:2c:2a:d3:82:b8:70:69:
29:6c:7f:a4:7f:87:c4:ce:63:a1:6c:16:9a:b8:15:2f:9b:38:
cd:7e:f8:c1:c3:a4:e2:4d:23:af:c3:f2:bf:4e:97:07:4f:4f:
f9:42:94:c9:18:6c:7e:e6:af:49:f5:03:b6:47:15:5a:f6:6a:
6f:6d:c1:bc:ed:7f:14:f0:02:26:94:9e:b7:f1:4a:30:d7:83:
80:76:4b:e0:9c:e2:2b:11:96:bb:70:e2:8f:5e:59:ab:a8:97:
3f:93:eb:ab:0a:ee:a6:01:4a:ef:6e:30:56:76:43:35:b3:f7:
7c:a3:84:a0
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgISAZ2b+Z4OtYhC0CIH4wbRwCaZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNDhjMWQ4MDA4Y2RjMDU5ZGIwYjI3YWE5NTE0Nzk5YzA2
ZDU0NDMwHhcNMjYwNDE3MTUwNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODc3NjgzN2YwYzY1NDZmOGEzMWNmZjcxN2MxOTQ5MjBjMmQ3ZDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArV8vua33j3mLyU3By/+1ZC+yBlKY
lzpBECczVj0SXYjU0zJ6dfoeqFX7c5aAZC4O4UlEGUvrFN5vKE3yTKTtNInVN750
Jlhqyl3+onZe4MXfddlh0fWujHhd0MP6vnzzfes53NzTelcl9IV4yZ1ePGezpRtD
p0S7FN7jOAhwI7Eha27tCDSLPsXrw6FCbW3cK1ehq8RM/2//nFSQj1P1aT2Iqg8Z
ZBtsaScNqPTCjOjTnMAv0SInYTPUaahfSKLJu06N57ejvqY0ji8udfr6BKvbOFKn
8vv2TWc/0dgj+XYFK+FMhVzy66XiPU72gYFDDIsqTwnVq+QuGcZRF6fMpQIDAQAB
o4ICgDCCAnwwHQYDVR0OBBYEFGh3aDfwxlRvijHP9xfBlJIMLX0wMB8GA1UdIwQY
MBaAFJpIwdgAjNwFnbCyeqlRR5nAbVRDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWtqQjJBQ00zQVdkc0xKNnFWRkhtY0J0VkVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9jYjYxNGMtNDk1ZS00MTBlLTg3MzAt
NWEzNjYzMTVjMTY2LzEvYUhkb05fREdWRy1LTWNfM0Y4R1VrZ3d0ZlRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9jYjYxNGMtNDk1ZS00MTBlLTg3MzAtNWEzNjYzMTVjMTY2
LzEvbWtqQjJBQ00zQVdkc0xKNnFWRkhtY0J0VkVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGVBggrBgEFBQcBBwEB/wSBhTCBgjBxBAIAATBrAwQCH7Fs
AwQCLZq4AwQCW9uUAwQDXbioMAwDBAFexjIDBANexjADBAJt7lwDBAKYWdgDBAGy
/34DBAK5CZADBAK5gvgwDAMEBbx/4AMEAbx/9AMEArx/+DALAwQAvH/9AwMHvAAD
BAPVqxAwDQQCAAIwBwMFACoG3QAwDQYJKoZIhvcNAQELBQADggEBAIPflaL4iuiK
4xv/WOh+6Rm/zD4KUQuE7viMcaBE8ZShiKE20u8bS5pyZV9/b/rpp9mRBAi0gMxW
9E5dnOY1EXCVz4FNYLxzv/PempKFoucGSetvYtFVx1rBVpXdKhF/qzu2B+D2vmx+
3UOusxtdFwpdhClsrSmkqFuzX5AYD1SB07ZQinfI2cb5LCrTgrhwaSlsf6R/h8TO
Y6FsFpq4FS+bOM1++MHDpOJNI6/D8r9OlwdPT/lClMkYbH7mr0n1A7ZHFVr2am9t
wbztfxTwAiaUnrfxSjDXg4B2S+Cc4isRlrtw4o9eWauolz+T66sK7qYBSu9uMFZ2
QzWz93yjhKA=
-----END CERTIFICATE-----
Generated at Mon Apr 20 08:24:40 2026 by rpki-client