Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/PPK4ytlozgTlpuKjcYoJEBjic4A.roa
File: PPK4ytlozgTlpuKjcYoJEBjic4A.roa (raw, json)
Hash identifier: /oxx63nudItkR89k66x+ZrSydMNR+PS2Hu6rPoX+ReU=
Subject key identifier: 3C:F2:B8:CA:D9:68:CE:04:E5:A6:E2:A3:71:8A:09:10:18:E2:73:80
Certificate issuer: /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial: 019EDF86C96CFEC9536C0C32AEC61571B283
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/PPK4ytlozgTlpuKjcYoJEBjic4A.roa
Signing time: Fri 19 Jun 2026 10:56:53 +0000
ROA not before: Fri 19 Jun 2026 10:56:53 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 149978
IP address blocks: 195.21.132.0/24 maxlen: 24
195.21.133.0/24 maxlen: 24
195.21.134.0/24 maxlen: 24
195.21.135.0/24 maxlen: 24
195.162.249.0/24 maxlen: 24
195.162.250.0/24 maxlen: 24
195.162.251.0/24 maxlen: 24
195.162.252.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 28 Jun 2026 13:00:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:df:86:c9:6c:fe:c9:53:6c:0c:32:ae:c6:15:71:b2:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Validity
Not Before: Jun 19 10:56:53 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3cf2b8cad968ce04e5a6e2a3718a091018e27380
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:09:ef:a8:6d:bf:28:f2:ce:d7:7b:bd:27:1d:
ef:c2:e4:2e:80:0a:8b:51:ea:da:3d:35:b9:3d:46:
0c:53:89:be:fb:72:7f:d0:e4:4b:95:2d:12:88:2b:
73:73:47:c8:db:30:98:ce:99:06:ea:ed:03:1f:c1:
52:a4:a8:af:25:2d:7d:a5:a8:ae:14:36:57:8b:56:
7f:33:11:f5:48:8b:52:2b:f5:c0:52:cb:63:c2:ee:
77:27:89:84:ce:e1:bb:d9:65:24:ef:08:e6:18:20:
e8:ce:06:68:15:82:d2:bc:a3:1b:85:7d:20:4b:8d:
53:fd:65:8f:fb:d2:3c:04:f4:a8:ad:04:da:1c:c2:
27:46:ae:f3:db:3f:9f:a1:ee:70:ad:69:da:c2:5c:
cd:1b:59:01:72:19:05:a2:08:f4:e6:64:e4:04:32:
b0:bb:56:f9:8e:bd:86:8c:7c:80:73:3b:3c:e5:ef:
d3:93:87:b7:6d:af:d8:cb:b8:b1:a2:8e:e1:29:35:
c8:6a:4f:8f:5a:c4:e1:6f:2f:79:99:b0:be:e5:ab:
37:83:2d:f6:47:1b:c0:64:fc:e0:d6:47:62:42:88:
48:d0:6d:2a:ec:2d:b5:d5:b5:f9:98:7d:55:5c:f9:
cd:61:6d:05:89:25:35:63:48:f2:a2:03:a4:fb:8e:
90:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:F2:B8:CA:D9:68:CE:04:E5:A6:E2:A3:71:8A:09:10:18:E2:73:80
X509v3 Authority Key Identifier:
keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/PPK4ytlozgTlpuKjcYoJEBjic4A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.21.132.0/22
195.162.249.0-195.162.252.255
Signature Algorithm: sha256WithRSAEncryption
97:ca:8c:0f:5b:3c:89:1f:27:4d:29:23:d2:63:05:ed:b9:ca:
89:27:2d:31:6f:f8:ba:e3:e8:0b:43:6f:cb:68:65:54:80:44:
ab:4b:b5:f9:17:58:5e:c9:f9:87:d5:fc:d9:7f:dc:57:30:e1:
8c:ef:cf:a7:53:da:e0:d4:21:7d:fc:de:ce:76:cb:0c:03:1d:
88:d7:71:f3:a0:9a:bb:38:c8:7d:10:2c:6a:27:56:71:a1:56:
08:80:ac:e7:b8:aa:70:9e:bf:76:1c:a2:26:0d:43:39:75:ce:
42:4e:cc:96:ab:18:9f:3c:f3:af:05:2c:0f:69:fd:46:84:bb:
f8:c5:26:04:70:58:22:da:be:fb:2b:0f:56:93:c0:69:05:62:
63:f6:af:e1:dc:f9:ce:6d:40:ca:c0:a3:50:59:5a:9a:45:4c:
2e:3d:9c:57:9c:07:47:35:3c:ed:3f:b3:a6:0d:a4:a9:0b:7b:
56:3e:39:5a:47:cb:2c:3b:0a:df:36:ed:60:ec:04:39:7f:d4:
06:fc:f2:64:1f:bf:dd:64:cd:cf:44:bf:0d:a8:a4:18:75:ff:
76:c2:e4:bc:b2:c1:eb:f6:90:dd:85:4c:6d:63:e9:e7:7a:b1:
33:be:0e:1b:7e:1a:b7:3f:ba:33:b3:c4:3e:f0:b6:f2:35:d7:
ce:ab:6f:f3
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ7fhsls/slTbAwyrsYVcbKDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNjE5MTA1NjUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2YyYjhjYWQ5NjhjZTA0ZTVhNmUyYTM3MThhMDkxMDE4ZTI3MzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwnvqG2/KPLO13u9Jx3vwuQugAqL
UeraPTW5PUYMU4m++3J/0ORLlS0SiCtzc0fI2zCYzpkG6u0DH8FSpKivJS19paiu
FDZXi1Z/MxH1SItSK/XAUstjwu53J4mEzuG72WUk7wjmGCDozgZoFYLSvKMbhX0g
S41T/WWP+9I8BPSorQTaHMInRq7z2z+foe5wrWnawlzNG1kBchkFogj05mTkBDKw
u1b5jr2GjHyAczs85e/Tk4e3ba/Yy7ixoo7hKTXIak+PWsThby95mbC+5as3gy32
RxvAZPzg1kdiQohI0G0q7C211bX5mH1VXPnNYW0FiSU1Y0jyogOk+46QyQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDzyuMrZaM4E5abio3GKCRAY4nOAMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvUFBLNHl0bG96Z1RscHVLamNZb0pFQmppYzRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCwxWEMAwD
BADDovkDBADDovwwDQYJKoZIhvcNAQELBQADggEBAJfKjA9bPIkfJ00pI9JjBe25
yoknLTFv+Lrj6AtDb8toZVSARKtLtfkXWF7J+YfV/Nl/3Fcw4Yzvz6dT2uDUIX38
3s52ywwDHYjXcfOgmrs4yH0QLGonVnGhVgiArOe4qnCev3YcoiYNQzl1zkJOzJar
GJ88868FLA9p/UaEu/jFJgRwWCLavvsrD1aTwGkFYmP2r+Hc+c5tQMrAo1BZWppF
TC49nFecB0c1PO0/s6YNpKkLe1Y+OVpHyyw7Ct827WDsBDl/1Ab88mQfv91kzc9E
vw2opBh1/3bC5Lyywev2kN2FTG1j6ed6sTO+Dht+Grc/ujOzxD7wtvI1186rb/M=
-----END CERTIFICATE-----
Generated at Sat Jun 27 22:07:19 2026 by rpki-client