Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/4SGHkhKi4QTLFpo-qosd2bahj-Q.roa
File: 4SGHkhKi4QTLFpo-qosd2bahj-Q.roa (raw, json)
Hash identifier: dW+Z69p8lpg56uETMd4OUZVzln7S7hdyAq7PkiXDS3o=
Subject key identifier: E1:21:87:92:12:A2:E1:04:CB:16:9A:3E:AA:8B:1D:D9:B6:A1:8F:E4
Certificate issuer: /CN=0842759a04fcfd9dd386486f04820e4a060397f2
Certificate serial: 019E5EC03C2240CC2CED672255459718A1D5
Authority key identifier: 08:42:75:9A:04:FC:FD:9D:D3:86:48:6F:04:82:0E:4A:06:03:97:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/4SGHkhKi4QTLFpo-qosd2bahj-Q.roa
Signing time: Mon 25 May 2026 10:48:36 +0000
ROA not before: Mon 25 May 2026 10:48:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 35617
IP address blocks: 85.204.42.0/24 maxlen: 24
86.104.135.0/24 maxlen: 24
109.239.240.0/20 maxlen: 20
178.132.88.0/21 maxlen: 21
185.59.132.0/22 maxlen: 22
185.72.40.0/22 maxlen: 22
185.225.128.0/22 maxlen: 22
194.62.112.0/24 maxlen: 24
212.81.60.0/22 maxlen: 22
2a04:e240::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.crl
rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.mft
rsync://rpki.ripe.net/repository/DEFAULT/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 22:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:5e:c0:3c:22:40:cc:2c:ed:67:22:55:45:97:18:a1:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0842759a04fcfd9dd386486f04820e4a060397f2
Validity
Not Before: May 25 10:48:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=e121879212a2e104cb169a3eaa8b1dd9b6a18fe4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:ec:1b:74:a4:00:5e:53:3b:03:5e:fc:fe:36:
f0:06:77:de:e0:68:e4:e7:47:d4:bc:ec:cd:ca:ad:
1e:b8:0c:7e:ec:73:52:a4:64:39:cd:da:de:76:88:
04:b8:8d:d1:e4:6e:0a:48:39:c9:bb:a6:a1:6e:25:
6e:6b:b6:ac:4e:7f:af:b3:16:c1:a7:d6:ae:8e:fe:
e3:0c:11:3e:6e:e8:af:23:f9:17:78:22:01:97:21:
7e:62:dc:c2:b5:f0:a6:95:ea:0f:c5:8a:97:a6:19:
68:32:a5:12:af:51:26:58:d7:ed:45:36:27:6c:2c:
45:61:17:5b:90:21:f2:a7:81:ad:77:3f:2a:42:f5:
fa:a1:10:73:b4:87:89:96:ac:db:9d:a2:73:ab:58:
ae:7f:14:ff:a5:fb:58:9a:19:48:bc:90:ca:2e:35:
03:98:d1:55:c5:68:7a:7b:51:06:c7:9f:0e:92:f2:
01:c3:8c:23:5b:02:9e:b0:1c:83:d9:d5:0f:4f:ed:
69:cf:3b:e5:20:05:ad:c6:2d:03:71:d7:10:f8:08:
b5:9a:48:09:2d:8b:3b:e5:5a:bf:4c:81:63:a8:93:
77:0e:6a:be:74:18:ac:4c:8b:b9:55:41:77:d1:cd:
bb:f6:34:2c:57:20:38:a0:b7:2a:0d:bc:0f:ab:c3:
0c:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:21:87:92:12:A2:E1:04:CB:16:9A:3E:AA:8B:1D:D9:B6:A1:8F:E4
X509v3 Authority Key Identifier:
keyid:08:42:75:9A:04:FC:FD:9D:D3:86:48:6F:04:82:0E:4A:06:03:97:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/4SGHkhKi4QTLFpo-qosd2bahj-Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.42.0/24
86.104.135.0/24
109.239.240.0/20
178.132.88.0/21
185.59.132.0/22
185.72.40.0/22
185.225.128.0/22
194.62.112.0/24
212.81.60.0/22
IPv6:
2a04:e240::/29
Signature Algorithm: sha256WithRSAEncryption
67:b1:ea:c5:c0:e6:98:8b:6a:ab:91:05:98:8e:09:64:5b:4e:
9b:75:82:70:5d:01:b7:4c:e5:ef:8d:de:bf:fa:eb:06:6d:fd:
00:ae:cb:56:a4:5f:38:46:2d:0a:88:cf:8e:23:d6:cd:80:b6:
ec:e2:e7:15:a3:77:2a:96:7b:a0:23:7f:d0:af:85:4d:56:97:
c8:47:74:39:50:cd:5a:ad:81:ac:a9:58:9a:f6:43:6c:4b:7f:
e7:dc:81:ac:43:71:1c:c8:76:9e:83:65:a1:ff:81:bd:5f:0d:
eb:44:0e:9f:26:b1:20:8f:7e:61:62:2a:e6:89:fa:70:d3:11:
28:e2:01:03:82:42:b0:45:76:3f:ed:a5:b1:0e:19:d6:24:70:
3e:65:03:57:b0:8c:93:a3:cb:66:a9:0f:a1:28:da:8c:d5:c0:
71:ec:57:99:c8:e2:3f:b0:8b:48:05:c4:0b:85:a8:ea:04:20:
b2:89:f4:08:03:d0:67:8c:5a:d6:f4:d8:57:05:7f:32:52:01:
06:e1:7e:e3:11:13:b5:6a:39:3e:8d:3d:13:c2:df:d7:15:99:
ad:7f:0a:56:05:b7:22:4a:3a:ca:fd:b4:24:e7:5b:2b:68:db:
36:40:a5:9c:11:b1:ce:6a:2f:20:38:d8:4a:34:01:05:a9:73:
66:fd:b9:67
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZ5ewDwiQMws7WciVUWXGKHVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NDI3NTlhMDRmY2ZkOWRkMzg2NDg2ZjA0ODIwZTRhMDYw
Mzk3ZjIwHhcNMjYwNTI1MTA0ODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTIxODc5MjEyYTJlMTA0Y2IxNjlhM2VhYThiMWRkOWI2YTE4ZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuwbdKQAXlM7A178/jbwBnfe4Gjk
50fUvOzNyq0euAx+7HNSpGQ5zdredogEuI3R5G4KSDnJu6ahbiVua7asTn+vsxbB
p9aujv7jDBE+buivI/kXeCIBlyF+YtzCtfCmleoPxYqXphloMqUSr1EmWNftRTYn
bCxFYRdbkCHyp4Gtdz8qQvX6oRBztIeJlqzbnaJzq1iufxT/pftYmhlIvJDKLjUD
mNFVxWh6e1EGx58OkvIBw4wjWwKesByD2dUPT+1pzzvlIAWtxi0DcdcQ+Ai1mkgJ
LYs75Vq/TIFjqJN3Dmq+dBisTIu5VUF30c279jQsVyA4oLcqDbwPq8MMHwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFOEhh5ISouEEyxaaPqqLHdm2oY/kMB8GA1UdIwQY
MBaAFAhCdZoE/P2d04ZIbwSCDkoGA5fyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0VKMW1nVDhfWjNUaGtodkJJSU9TZ1lEbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8zZGZlN2YtNTdhZS00NTBjLTkyZTEt
NzAyNWUxODgwNjhjLzEvNFNHSGtoS2k0UVRMRnBvLXFvc2QyYmFoai1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8zZGZlN2YtNTdhZS00NTBjLTkyZTEtNzAyNWUxODgwNjhj
LzEvQ0VKMW1nVDhfWjNUaGtodkJJSU9TZ1lEbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQAVcwqAwQA
VmiHAwQEbe/wAwQDsoRYAwQCuTuEAwQCuUgoAwQCueGAAwQAwj5wAwQC1FE8MA0E
AgACMAcDBQMqBOJAMA0GCSqGSIb3DQEBCwUAA4IBAQBnserFwOaYi2qrkQWYjglk
W06bdYJwXQG3TOXvjd6/+usGbf0ArstWpF84Ri0KiM+OI9bNgLbs4ucVo3cqlnug
I3/Qr4VNVpfIR3Q5UM1arYGsqVia9kNsS3/n3IGsQ3EcyHaeg2Wh/4G9Xw3rRA6f
JrEgj35hYirmifpw0xEo4gEDgkKwRXY/7aWxDhnWJHA+ZQNXsIyTo8tmqQ+hKNqM
1cBx7FeZyOI/sItIBcQLhajqBCCyifQIA9BnjFrW9NhXBX8yUgEG4X7jERO1ajk+
jT0Twt/XFZmtfwpWBbciSjrK/bQk51sraNs2QKWcEbHOai8gONhKNAEFqXNm/bln
-----END CERTIFICATE-----
Generated at Fri Jun 12 08:42:29 2026 by rpki-client