Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/ehK6H2_jZuPqG4QhIKv0ymxsbDQ.roa
File: ehK6H2_jZuPqG4QhIKv0ymxsbDQ.roa (raw, json)
Hash identifier: bZYLtDWIbvIB4g/bl4ZfVDyJn83ZWH0mdDzN3opdtVM=
Subject key identifier: 7A:12:BA:1F:6F:E3:66:E3:EA:1B:84:21:20:AB:F4:CA:6C:6C:6C:34
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 019DB54CF3FA98538590C76B5442550A36A8
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/ehK6H2_jZuPqG4QhIKv0ymxsbDQ.roa
Signing time: Wed 22 Apr 2026 13:06:52 +0000
ROA not before: Wed 22 Apr 2026 13:06:52 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 29802
IP address blocks: 84.32.15.0/24 maxlen: 24
84.32.24.0/24 maxlen: 24
84.32.107.0/24 maxlen: 24
84.32.152.0/24 maxlen: 24
84.32.156.0/24 maxlen: 24
84.32.218.0/24 maxlen: 24
88.216.41.0/24 maxlen: 24
88.216.100.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 02 May 2026 01:01:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:b5:4c:f3:fa:98:53:85:90:c7:6b:54:42:55:0a:36:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Apr 22 13:06:52 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=7a12ba1f6fe366e3ea1b842120abf4ca6c6c6c34
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:54:3f:24:b7:60:ec:5d:c0:c1:24:1d:e7:af:
79:15:13:70:ee:9f:e3:e9:d5:5b:fb:33:f5:89:5a:
34:a7:0e:d8:ff:d7:1c:65:42:f0:d5:43:13:6b:20:
a8:5f:cd:34:7b:a8:e2:18:2e:2e:98:5b:1c:38:ad:
f8:66:e3:2e:8a:0b:57:8c:c5:d8:28:9f:a7:75:e8:
57:4a:f8:ea:53:77:8a:c7:28:cf:f1:9f:25:38:7a:
38:9d:2d:c6:b7:0b:19:90:50:97:01:f2:2e:e6:78:
cc:49:f4:6c:65:75:18:02:1a:91:8f:6e:75:0f:6e:
ce:4a:64:d2:8d:34:19:e7:bf:49:22:88:f0:c5:63:
da:e4:11:c0:fc:4d:39:4e:54:f1:94:12:ea:ee:a7:
c1:5b:b8:f0:b9:5c:96:e5:23:3d:b9:3d:58:5f:b4:
cc:09:e3:87:38:1e:88:20:27:8a:c9:99:d5:ea:5f:
19:9f:88:f6:b3:fa:05:94:2e:49:bf:3f:9e:f4:50:
ee:85:a5:4d:5b:3b:36:c5:a2:d9:1b:1e:b6:bc:ea:
fd:bc:07:28:60:6a:23:93:3c:36:73:33:3d:2a:f9:
8f:39:5e:8a:99:a7:f1:9a:03:9a:a3:90:79:dc:4b:
3b:fc:87:3b:9a:6e:5c:f7:d3:64:68:b9:94:4b:1e:
d1:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:12:BA:1F:6F:E3:66:E3:EA:1B:84:21:20:AB:F4:CA:6C:6C:6C:34
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/ehK6H2_jZuPqG4QhIKv0ymxsbDQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.15.0/24
84.32.24.0/24
84.32.107.0/24
84.32.152.0/24
84.32.156.0/24
84.32.218.0/24
88.216.41.0/24
88.216.100.0/24
Signature Algorithm: sha256WithRSAEncryption
9b:08:aa:ef:26:c3:de:16:4f:80:5e:d2:84:76:3b:85:f4:a2:
e3:2c:9f:1f:c7:25:62:e8:ff:c3:35:d9:8a:c3:c1:41:7a:a7:
5a:6c:df:97:61:0a:be:fa:1f:4e:58:b6:b1:95:3d:92:ea:12:
d7:63:5d:a5:2e:bf:3b:63:6b:1e:6e:b8:03:52:c4:20:b5:23:
4c:4e:b6:9a:a7:e3:9d:04:8b:f6:26:93:20:e2:e4:13:11:b7:
4f:61:b0:68:47:1d:b5:b2:8c:db:89:d3:1d:e4:93:c4:8b:ec:
27:c4:6b:96:7c:81:bd:8d:04:23:fa:da:a0:f7:0a:65:b6:b3:
1c:63:e3:05:ca:30:21:a6:0a:5a:c2:cd:5c:4b:b2:c9:40:ec:
5d:80:5c:2d:77:f1:05:c5:1a:c0:03:18:0d:a8:68:9d:1d:f7:
e2:fb:35:74:d4:d5:15:70:1a:55:ab:11:95:cf:34:70:8a:e1:
76:d7:29:38:5a:d3:02:fb:88:31:da:23:d4:de:1c:21:c8:0c:
85:22:ad:12:fd:57:b5:0b:18:c7:25:22:a6:06:4e:c5:c9:ca:
4f:9b:f0:75:e9:89:2e:66:b2:5a:a3:4b:a7:9c:38:4c:64:d1:
ec:39:63:ea:f9:bd:c8:44:ee:16:47:ef:86:47:83:ed:f3:65:
16:10:f1:0f
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZ21TPP6mFOFkMdrVEJVCjaoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjYwNDIyMTMwNjUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTEyYmExZjZmZTM2NmUzZWExYjg0MjEyMGFiZjRjYTZjNmM2YzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VQ/JLdg7F3AwSQd5695FRNw7p/j
6dVb+zP1iVo0pw7Y/9ccZULw1UMTayCoX800e6jiGC4umFscOK34ZuMuigtXjMXY
KJ+ndehXSvjqU3eKxyjP8Z8lOHo4nS3GtwsZkFCXAfIu5njMSfRsZXUYAhqRj251
D27OSmTSjTQZ579JIojwxWPa5BHA/E05TlTxlBLq7qfBW7jwuVyW5SM9uT1YX7TM
CeOHOB6IICeKyZnV6l8Zn4j2s/oFlC5Jvz+e9FDuhaVNWzs2xaLZGx62vOr9vAco
YGojkzw2czM9KvmPOV6KmafxmgOao5B53Es7/Ic7mm5c99NkaLmUSx7RRwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFHoSuh9v42bj6huEISCr9MpsbGw0MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvZWhLNkgyX2padVBxRzRRaElLdjB5bXhzYkRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAVCAPAwQA
VCAYAwQAVCBrAwQAVCCYAwQAVCCcAwQAVCDaAwQAWNgpAwQAWNhkMA0GCSqGSIb3
DQEBCwUAA4IBAQCbCKrvJsPeFk+AXtKEdjuF9KLjLJ8fxyVi6P/DNdmKw8FBeqda
bN+XYQq++h9OWLaxlT2S6hLXY12lLr87Y2sebrgDUsQgtSNMTraap+OdBIv2JpMg
4uQTEbdPYbBoRx21sozbidMd5JPEi+wnxGuWfIG9jQQj+tqg9wpltrMcY+MFyjAh
pgpaws1cS7LJQOxdgFwtd/EFxRrAAxgNqGidHffi+zV01NUVcBpVqxGVzzRwiuF2
1yk4WtMC+4gx2iPU3hwhyAyFIq0S/Ve1CxjHJSKmBk7FycpPm/B16YkuZrJao0un
nDhMZNHsOWPq+b3IRO4WR++GR4Pt82UWEPEP
-----END CERTIFICATE-----
Generated at Fri May 1 09:25:35 2026 by rpki-client