Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/nX2Do3yl01SkG8qTZnbxpDImmas.roa
File: nX2Do3yl01SkG8qTZnbxpDImmas.roa (raw, json)
Hash identifier: uT6TW7RJ5QxSTbgmkaNTNlO97/aaIdjcvNGfR9TMGkY=
Subject key identifier: 9D:7D:83:A3:7C:A5:D3:54:A4:1B:CA:93:66:76:F1:A4:32:26:99:AB
Certificate issuer: /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial: 019D2B57F49457386C4F8F2651906ECCA574
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/nX2Do3yl01SkG8qTZnbxpDImmas.roa
Signing time: Thu 26 Mar 2026 18:11:17 +0000
ROA not before: Thu 26 Mar 2026 18:11:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 42821
IP address blocks: 77.90.128.0/24 maxlen: 24
77.90.129.0/24 maxlen: 24
77.90.130.0/24 maxlen: 24
77.90.132.0/24 maxlen: 24
77.90.133.0/24 maxlen: 24
77.90.134.0/24 maxlen: 24
77.90.136.0/24 maxlen: 24
77.90.137.0/24 maxlen: 24
77.90.139.0/24 maxlen: 24
77.90.140.0/24 maxlen: 24
77.90.143.0/24 maxlen: 24
77.90.144.0/24 maxlen: 24
77.90.146.0/24 maxlen: 24
77.90.147.0/24 maxlen: 24
213.209.138.0/24 maxlen: 24
213.209.145.0/24 maxlen: 24
213.209.157.0/24 maxlen: 24
2a04:29c2::/32 maxlen: 32
2a04:29c7::/32 maxlen: 32
2a04:29c7:1280:24::/64 maxlen: 64
2a04:29c7:1280:27::/64 maxlen: 64
2a04:29c7:1290:24::/64 maxlen: 64
2a04:29c7:1300:24::/64 maxlen: 64
2a04:29c7:1371:6027::/64 maxlen: 64
2a04:29c7:1420::/48 maxlen: 48
2a04:29c7:1880:24::/64 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Mar 2026 16:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:2b:57:f4:94:57:38:6c:4f:8f:26:51:90:6e:cc:a5:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Validity
Not Before: Mar 26 18:11:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9d7d83a37ca5d354a41bca936676f1a4322699ab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:0b:22:21:10:05:9d:21:70:1a:c3:ef:00:c9:
ec:67:03:98:77:79:ed:26:67:1a:2b:b5:e0:e3:20:
3f:e5:30:ea:0b:3a:23:9b:27:6d:d6:54:f4:ce:16:
c8:d1:fe:8a:f3:a0:ca:99:f4:c7:be:e5:9b:cb:92:
fd:f3:29:9e:fa:8d:5f:c8:a3:c2:af:84:11:db:d4:
82:9d:fc:c6:85:d8:34:72:0b:a7:75:c0:c4:63:a8:
c5:c7:b4:bd:6b:9b:e2:94:e3:ae:07:9d:2f:a1:12:
03:b6:f0:00:93:4b:b7:4f:96:26:43:2f:4e:65:77:
6d:24:fa:77:e3:ca:bf:cc:ba:81:0c:d8:20:af:24:
b5:b3:2f:f5:83:dd:ea:dd:b9:f9:1d:69:91:d0:fa:
1d:43:63:c5:db:34:f8:75:49:db:0c:d5:75:1d:54:
ee:79:fa:36:65:f9:f0:1e:b0:01:57:e4:bc:0c:eb:
82:da:7a:47:d2:e5:67:4f:f2:b8:9f:72:ef:9f:e9:
f4:92:15:07:4c:36:16:ab:8d:e5:c8:da:74:c1:0d:
a5:d2:60:37:e2:df:ee:0b:b0:29:1a:3d:0b:ea:10:
f9:29:bd:ef:7c:fa:82:d5:46:c5:1b:07:a0:c2:d4:
5b:a4:6d:46:4f:d6:f8:a4:41:63:59:df:0a:43:a1:
13:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:7D:83:A3:7C:A5:D3:54:A4:1B:CA:93:66:76:F1:A4:32:26:99:AB
X509v3 Authority Key Identifier:
keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/nX2Do3yl01SkG8qTZnbxpDImmas.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.90.128.0-77.90.130.255
77.90.132.0-77.90.134.255
77.90.136.0/23
77.90.139.0-77.90.140.255
77.90.143.0-77.90.144.255
77.90.146.0/23
213.209.138.0/24
213.209.145.0/24
213.209.157.0/24
IPv6:
2a04:29c2::/32
2a04:29c7::/32
Signature Algorithm: sha256WithRSAEncryption
91:3e:46:b4:76:92:ab:f7:f3:29:9f:f4:9f:07:64:08:0c:ec:
e6:47:18:b4:da:6f:9b:38:58:0a:b5:d7:43:52:89:05:d5:65:
15:65:05:91:04:77:17:e5:90:8e:21:0e:1c:a1:cf:e5:9b:aa:
88:ba:ed:1c:dc:85:9c:38:35:75:19:a8:45:ff:12:95:76:e0:
04:e5:d3:34:7b:73:ea:f0:fd:f4:f1:93:8b:5c:8f:39:d7:0c:
36:d7:d6:42:d2:d5:ab:63:6d:f0:44:51:ee:cd:f7:ef:1c:28:
0b:c0:5b:5d:10:8e:68:a9:a5:78:ca:6a:4b:18:3a:05:6d:2d:
7f:5a:4f:2a:b6:1c:fa:8c:8b:12:bb:77:eb:28:22:ad:ee:f9:
95:50:81:1d:31:aa:65:99:36:5e:65:43:de:74:eb:9c:a6:c2:
38:19:c8:c1:0d:a0:a8:b5:1e:33:e6:fd:55:6f:46:e0:f2:71:
d6:4b:b3:0a:5c:76:c1:06:16:9b:1f:ca:98:b9:eb:66:34:5b:
59:e2:b0:c2:f0:e1:ab:65:e9:c2:0d:7d:56:6e:e0:12:1c:22:
41:7e:c0:9c:26:e0:e3:22:3d:ef:c8:52:06:9c:ec:a0:08:39:
e0:bc:75:5b:12:39:b5:07:c1:cc:d5:3f:6c:51:7d:1d:df:22:
72:98:b8:52
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgISAZ0rV/SUVzhsT48mUZBuzKV0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjYwMzI2MTgxMTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDdkODNhMzdjYTVkMzU0YTQxYmNhOTM2Njc2ZjFhNDMyMjY5OWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgsiIRAFnSFwGsPvAMnsZwOYd3nt
JmcaK7Xg4yA/5TDqCzojmydt1lT0zhbI0f6K86DKmfTHvuWby5L98yme+o1fyKPC
r4QR29SCnfzGhdg0cgundcDEY6jFx7S9a5vilOOuB50voRIDtvAAk0u3T5YmQy9O
ZXdtJPp348q/zLqBDNggryS1sy/1g93q3bn5HWmR0PodQ2PF2zT4dUnbDNV1HVTu
efo2ZfnwHrABV+S8DOuC2npH0uVnT/K4n3Lvn+n0khUHTDYWq43lyNp0wQ2l0mA3
4t/uC7ApGj0L6hD5Kb3vfPqC1UbFGwegwtRbpG1GT9b4pEFjWd8KQ6ETKQIDAQAB
o4ICcDCCAmwwHQYDVR0OBBYEFJ19g6N8pdNUpBvKk2Z28aQyJpmrMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvblgyRG8zeWwwMVNrRzhxVFpuYnhwREltbWFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGFBggrBgEFBQcBBwEB/wR2MHQwXAQCAAEwVjAMAwQHTVqA
AwQATVqCMAwDBAJNWoQDBABNWoYDBAFNWogwDAMEAE1aiwMEAE1ajDAMAwQATVqP
AwQATVqQAwQBTVqSAwQA1dGKAwQA1dGRAwQA1dGdMBQEAgACMA4DBQAqBCnCAwUA
KgQpxzANBgkqhkiG9w0BAQsFAAOCAQEAkT5GtHaSq/fzKZ/0nwdkCAzs5kcYtNpv
mzhYCrXXQ1KJBdVlFWUFkQR3F+WQjiEOHKHP5ZuqiLrtHNyFnDg1dRmoRf8SlXbg
BOXTNHtz6vD99PGTi1yPOdcMNtfWQtLVq2Nt8ERR7s337xwoC8BbXRCOaKmleMpq
Sxg6BW0tf1pPKrYc+oyLErt36ygire75lVCBHTGqZZk2XmVD3nTrnKbCOBnIwQ2g
qLUeM+b9VW9G4PJx1kuzClx2wQYWmx/KmLnrZjRbWeKwwvDhq2Xpwg19Vm7gEhwi
QX7AnCbg4yI978hSBpzsoAg54Lx1WxI5tQfBzNU/bFF9Hd8icpi4Ug==
-----END CERTIFICATE-----
Generated at Mon Mar 30 00:06:36 2026 by rpki-client