Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/CmNc3VJuwFS26D0PnHJBVha8l0s.roa
File: CmNc3VJuwFS26D0PnHJBVha8l0s.roa (raw, json)
Hash identifier: 8CDkFgvvJQE2dO4cOtYf0ZWz8xKNUVZ4gAHCWXo5ALc=
Subject key identifier: 0A:63:5C:DD:52:6E:C0:54:B6:E8:3D:0F:9C:72:41:56:16:BC:97:4B
Certificate issuer: /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial: 019DC06AEEF93EC6E13ABBDC4E8602837766
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/CmNc3VJuwFS26D0PnHJBVha8l0s.roa
Signing time: Fri 24 Apr 2026 16:55:26 +0000
ROA not before: Fri 24 Apr 2026 16:55:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 834
IP address blocks: 212.116.228.0/23 maxlen: 23
212.116.237.0/24 maxlen: 24
212.116.238.0/23 maxlen: 24
212.116.238.0/24 maxlen: 24
212.116.243.0/24 maxlen: 24
212.116.245.0/24 maxlen: 24
212.116.246.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 26 Apr 2026 01:00:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:c0:6a:ee:f9:3e:c6:e1:3a:bb:dc:4e:86:02:83:77:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Validity
Not Before: Apr 24 16:55:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0a635cdd526ec054b6e83d0f9c72415616bc974b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:80:03:af:1b:f5:bc:ff:c7:4e:cb:9b:0a:b4:
8d:2e:1c:65:39:7b:7e:2c:fc:09:ed:fa:66:17:0b:
ec:27:fe:06:06:c0:22:3b:4c:bb:bf:ae:37:05:5c:
77:bb:d5:b9:ee:09:77:f4:3e:cb:54:48:5e:db:84:
aa:a2:6c:ee:dd:f1:60:6e:1c:3d:4e:cf:73:14:c0:
cb:7f:f3:47:89:e8:5f:73:b1:ae:c2:20:d1:d1:cc:
01:ce:b6:d8:80:2a:b6:f0:6a:54:cd:9c:61:21:1a:
bc:34:44:3d:d1:cf:4a:6d:e0:8a:10:7b:1b:75:16:
89:10:96:f5:84:f5:54:19:1e:96:43:4c:76:a1:67:
ed:df:7d:97:37:80:e2:13:36:f7:c4:36:4f:be:3b:
48:62:d4:89:b7:65:95:40:0e:d8:d6:ff:c0:db:52:
24:76:58:63:49:02:70:45:9a:fa:3c:91:d0:fc:bf:
f2:54:98:cb:4f:ab:06:44:40:4f:cc:1e:cc:ca:09:
79:52:84:bc:9c:29:e1:af:b1:0a:f2:a5:54:83:ea:
6d:5d:0c:e7:10:e9:3f:9a:b2:de:e0:07:cb:89:eb:
a5:59:00:6a:3e:89:29:37:89:6c:71:5e:95:79:65:
a3:24:ce:4d:ba:05:5d:0a:46:e0:91:02:64:14:0d:
e8:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:63:5C:DD:52:6E:C0:54:B6:E8:3D:0F:9C:72:41:56:16:BC:97:4B
X509v3 Authority Key Identifier:
keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/CmNc3VJuwFS26D0PnHJBVha8l0s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.116.228.0/23
212.116.237.0-212.116.239.255
212.116.243.0/24
212.116.245.0-212.116.246.255
Signature Algorithm: sha256WithRSAEncryption
7c:77:4a:69:74:8d:62:7d:b1:be:66:a3:82:dd:4e:e3:28:f9:
71:80:cc:5d:b4:3d:99:0d:0d:23:3a:20:4f:b5:f2:68:8a:5e:
64:62:88:56:a7:b6:5c:18:d3:d9:54:e0:90:73:43:1b:53:e8:
1b:88:92:3c:4e:4c:e1:71:0a:46:8e:2f:35:be:5e:0d:bd:ab:
b7:8c:d5:71:f9:63:cd:8c:06:e1:04:d4:68:c9:34:0c:e2:25:
50:04:94:ab:fa:6d:50:96:e4:5b:81:75:f6:1c:ce:12:75:e0:
8b:55:66:6c:e4:57:82:b7:0b:50:9c:f9:57:42:e8:c1:37:80:
f0:1f:31:93:cd:e6:a1:34:56:f1:0d:b3:1a:c5:d7:3b:7f:1a:
43:c6:0f:51:c2:fa:33:25:55:5c:cf:40:10:57:1d:71:dd:b0:
8d:e1:2a:2f:c0:ea:e5:ab:28:79:cd:24:e1:f6:30:83:7c:2f:
fa:c2:26:01:81:1f:7d:d4:d9:bd:f1:db:c0:45:4a:c7:1a:90:
67:df:15:7a:14:09:75:49:24:29:6f:62:f2:e9:69:55:42:9a:
cd:68:bf:10:07:93:d2:80:b1:1b:bd:12:88:b4:5a:73:db:6b:
34:e3:02:4f:33:37:17:3b:b8:61:34:df:f0:bb:e1:fd:3c:c3:
78:30:15:c4
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZ3Aau75PsbhOrvcToYCg3dmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjYwNDI0MTY1NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTYzNWNkZDUyNmVjMDU0YjZlODNkMGY5YzcyNDE1NjE2YmM5NzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3IADrxv1vP/HTsubCrSNLhxlOXt+
LPwJ7fpmFwvsJ/4GBsAiO0y7v643BVx3u9W57gl39D7LVEhe24Sqomzu3fFgbhw9
Ts9zFMDLf/NHiehfc7GuwiDR0cwBzrbYgCq28GpUzZxhIRq8NEQ90c9KbeCKEHsb
dRaJEJb1hPVUGR6WQ0x2oWft332XN4DiEzb3xDZPvjtIYtSJt2WVQA7Y1v/A21Ik
dlhjSQJwRZr6PJHQ/L/yVJjLT6sGREBPzB7Mygl5UoS8nCnhr7EK8qVUg+ptXQzn
EOk/mrLe4AfLieulWQBqPokpN4lscV6VeWWjJM5NugVdCkbgkQJkFA3obQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFApjXN1SbsBUtug9D5xyQVYWvJdLMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvQ21OYzNWSnV3RlMyNkQwUG5ISkJWaGE4bDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQB1HTkMAwD
BADUdO0DBATUdOADBADUdPMwDAMEANR09QMEANR09jANBgkqhkiG9w0BAQsFAAOC
AQEAfHdKaXSNYn2xvmajgt1O4yj5cYDMXbQ9mQ0NIzogT7XyaIpeZGKIVqe2XBjT
2VTgkHNDG1PoG4iSPE5M4XEKRo4vNb5eDb2rt4zVcfljzYwG4QTUaMk0DOIlUASU
q/ptUJbkW4F19hzOEnXgi1VmbORXgrcLUJz5V0LowTeA8B8xk83moTRW8Q2zGsXX
O38aQ8YPUcL6MyVVXM9AEFcdcd2wjeEqL8Dq5asoec0k4fYwg3wv+sImAYEffdTZ
vfHbwEVKxxqQZ98VehQJdUkkKW9i8ulpVUKazWi/EAeT0oCxG70SiLRac9trNOMC
TzM3Fzu4YTTf8Lvh/TzDeDAVxA==
-----END CERTIFICATE-----
Generated at Sat Apr 25 05:26:52 2026 by rpki-client