Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/d853d7-7785-4e6d-993c-7c6e4809df59/1/gjKNGRgKjW8aFZnJfD5jET9I6jU.roa
File: gjKNGRgKjW8aFZnJfD5jET9I6jU.roa (raw, json)
Hash identifier: KM5oAerppM84vSrPibDX6lgrxjDAWru509Ev4ZnBEag=
Subject key identifier: 82:32:8D:19:18:0A:8D:6F:1A:15:99:C9:7C:3E:63:11:3F:48:EA:35
Certificate issuer: /CN=997ad9f5cda66d961d1bceefc463e629ee819a5c
Certificate serial: 019BA20A5DFF4655C9090C54A347DF201694
Authority key identifier: 99:7A:D9:F5:CD:A6:6D:96:1D:1B:CE:EF:C4:63:E6:29:EE:81:9A:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mXrZ9c2mbZYdG87vxGPmKe6Bmlw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/d853d7-7785-4e6d-993c-7c6e4809df59/1/gjKNGRgKjW8aFZnJfD5jET9I6jU.roa
Signing time: Fri 09 Jan 2026 09:15:46 +0000
ROA not before: Fri 09 Jan 2026 09:15:46 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 211823
IP address blocks: 45.156.88.0/22 maxlen: 22
45.156.88.0/24 maxlen: 24
45.156.89.0/24 maxlen: 24
45.156.90.0/24 maxlen: 24
45.156.91.0/24 maxlen: 24
2a11:bc40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/d853d7-7785-4e6d-993c-7c6e4809df59/1/mXrZ9c2mbZYdG87vxGPmKe6Bmlw.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/d853d7-7785-4e6d-993c-7c6e4809df59/1/mXrZ9c2mbZYdG87vxGPmKe6Bmlw.mft
rsync://rpki.ripe.net/repository/DEFAULT/mXrZ9c2mbZYdG87vxGPmKe6Bmlw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Mar 2026 03:00:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:a2:0a:5d:ff:46:55:c9:09:0c:54:a3:47:df:20:16:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=997ad9f5cda66d961d1bceefc463e629ee819a5c
Validity
Not Before: Jan 9 09:15:46 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=82328d19180a8d6f1a1599c97c3e63113f48ea35
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:e5:99:ab:ff:e5:d5:85:9a:3c:d3:2a:08:47:
fe:cb:9b:6b:e3:4d:a2:d4:c2:59:bc:ab:2b:cc:32:
1a:da:f6:cb:6b:aa:da:92:88:e5:b1:c2:ab:06:3f:
2b:b6:48:f8:60:62:6b:8a:cc:6b:03:f1:6b:9b:3a:
50:ee:ac:7c:0e:fd:bc:28:93:79:2f:19:63:80:7a:
2d:4b:44:20:b4:ce:13:0a:fd:f3:f5:41:87:78:f2:
3b:5f:79:cc:24:bf:47:57:1d:3e:6d:ec:23:b5:f1:
db:0d:02:f7:d3:b8:e4:18:a7:61:a7:ca:ed:1b:80:
4f:e1:6b:8c:50:73:54:fb:3e:d0:14:96:b1:da:34:
84:60:48:e4:b7:0c:d2:ad:93:7c:25:fc:e4:a1:38:
5a:54:05:4b:be:82:74:40:53:08:e3:23:27:c9:44:
09:1b:b2:11:a2:5c:ad:16:33:91:95:13:ee:cc:01:
06:e3:f8:44:00:0b:4f:79:5e:6d:be:0b:d5:75:db:
f8:00:12:3c:bc:b0:a0:ce:41:e1:10:05:85:18:6e:
13:21:a0:b7:7c:1e:95:ed:51:1f:47:98:2e:c8:fc:
b1:0c:a3:a6:57:4a:9c:f9:81:f5:8d:d1:08:eb:92:
69:f5:66:90:d1:8f:0f:00:96:b5:85:bb:e9:8e:ee:
ae:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:32:8D:19:18:0A:8D:6F:1A:15:99:C9:7C:3E:63:11:3F:48:EA:35
X509v3 Authority Key Identifier:
keyid:99:7A:D9:F5:CD:A6:6D:96:1D:1B:CE:EF:C4:63:E6:29:EE:81:9A:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mXrZ9c2mbZYdG87vxGPmKe6Bmlw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/d853d7-7785-4e6d-993c-7c6e4809df59/1/gjKNGRgKjW8aFZnJfD5jET9I6jU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/d853d7-7785-4e6d-993c-7c6e4809df59/1/mXrZ9c2mbZYdG87vxGPmKe6Bmlw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.88.0/22
IPv6:
2a11:bc40::/29
Signature Algorithm: sha256WithRSAEncryption
97:18:91:59:57:15:2d:06:2f:48:02:9d:5b:5a:c7:56:d2:cc:
57:95:fa:1a:3e:93:55:73:c2:9c:f4:75:94:18:6a:30:27:5a:
47:c6:17:76:46:f6:ba:fc:41:0c:02:bb:2d:bc:67:d6:1c:88:
49:d2:c0:81:55:c9:fb:5b:b2:55:1c:ef:f4:19:1e:2a:c5:6b:
02:3f:cd:4f:9b:fd:df:cd:12:08:e8:62:ba:d0:fb:6b:38:33:
dc:1b:68:5b:e0:b8:68:b1:af:c3:e0:8c:b8:5a:c1:72:e1:7a:
5c:89:79:a9:49:cc:e2:45:ce:d0:7c:72:a9:d2:e5:94:44:96:
92:bb:1a:74:ad:22:c5:cc:f1:36:7a:55:28:69:83:64:bb:65:
6c:30:80:d9:a4:81:c0:53:a1:fb:18:b0:94:f4:39:67:4a:99:
42:54:1d:d8:f4:b7:9b:0d:05:27:86:47:c3:48:70:d6:1a:1f:
f3:07:b7:c7:6b:57:73:6e:e5:30:4e:ac:4c:cb:dc:14:e8:e3:
13:17:78:89:77:ee:d6:02:4c:ce:4c:e9:fb:61:05:d5:ad:ff:
50:c4:4b:6e:1d:67:17:d1:8c:22:09:bd:85:39:e8:f6:06:53:
83:6a:31:f8:cf:96:c9:dc:c3:88:a8:ca:a8:00:37:14:69:64:
b2:31:e1:6c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZuiCl3/RlXJCQxUo0ffIBaUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5N2FkOWY1Y2RhNjZkOTYxZDFiY2VlZmM0NjNlNjI5ZWU4
MTlhNWMwHhcNMjYwMTA5MDkxNTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjMyOGQxOTE4MGE4ZDZmMWExNTk5Yzk3YzNlNjMxMTNmNDhlYTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuWZq//l1YWaPNMqCEf+y5tr402i
1MJZvKsrzDIa2vbLa6rakojlscKrBj8rtkj4YGJrisxrA/FrmzpQ7qx8Dv28KJN5
LxljgHotS0QgtM4TCv3z9UGHePI7X3nMJL9HVx0+bewjtfHbDQL307jkGKdhp8rt
G4BP4WuMUHNU+z7QFJax2jSEYEjktwzSrZN8JfzkoThaVAVLvoJ0QFMI4yMnyUQJ
G7IRolytFjORlRPuzAEG4/hEAAtPeV5tvgvVddv4ABI8vLCgzkHhEAWFGG4TIaC3
fB6V7VEfR5guyPyxDKOmV0qc+YH1jdEI65Jp9WaQ0Y8PAJa1hbvpju6uxwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIIyjRkYCo1vGhWZyXw+YxE/SOo1MB8GA1UdIwQY
MBaAFJl62fXNpm2WHRvO78Rj5inugZpcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVhyWjljMm1iWllkRzg3dnhHUG1LZTZCbWx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9kODUzZDctNzc4NS00ZTZkLTk5M2Mt
N2M2ZTQ4MDlkZjU5LzEvZ2pLTkdSZ0tqVzhhRlpuSmZENWpFVDlJNmpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9kODUzZDctNzc4NS00ZTZkLTk5M2MtN2M2ZTQ4MDlkZjU5
LzEvbVhyWjljMm1iWllkRzg3dnhHUG1LZTZCbWx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZxYMA0E
AgACMAcDBQMqEbxAMA0GCSqGSIb3DQEBCwUAA4IBAQCXGJFZVxUtBi9IAp1bWsdW
0sxXlfoaPpNVc8Kc9HWUGGowJ1pHxhd2Rva6/EEMArstvGfWHIhJ0sCBVcn7W7JV
HO/0GR4qxWsCP81Pm/3fzRII6GK60PtrODPcG2hb4Lhosa/D4Iy4WsFy4XpciXmp
ScziRc7QfHKp0uWURJaSuxp0rSLFzPE2elUoaYNku2VsMIDZpIHAU6H7GLCU9Dln
SplCVB3Y9LebDQUnhkfDSHDWGh/zB7fHa1dzbuUwTqxMy9wU6OMTF3iJd+7WAkzO
TOn7YQXVrf9QxEtuHWcX0YwiCb2FOej2BlODajH4z5bJ3MOIqMqoADcUaWSyMeFs
-----END CERTIFICATE-----
Generated at Sun Mar 29 13:38:57 2026 by rpki-client