Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OKJmi4GkrP0-NZiJY6zHTEzSaOU.roa
File: OKJmi4GkrP0-NZiJY6zHTEzSaOU.roa (raw, json)
Hash identifier: 2fceAaRqk0Np/s82p81wM7MT2UE47XCCJpi7UwEP9+A=
Subject key identifier: 38:A2:66:8B:81:A4:AC:FD:3E:35:98:89:63:AC:C7:4C:4C:D2:68:E5
Certificate issuer: /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial: 019D0A0C327AAEFE7FFDD05CF5FB497E0F7B
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OKJmi4GkrP0-NZiJY6zHTEzSaOU.roa
Signing time: Fri 20 Mar 2026 07:01:04 +0000
ROA not before: Fri 20 Mar 2026 07:01:04 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 56755
IP address blocks: 45.131.184.0/24 maxlen: 24
45.148.118.0/23 maxlen: 24
94.177.122.0/24 maxlen: 24
139.28.99.0/24 maxlen: 24
194.50.94.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Mar 2026 23:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:0a:0c:32:7a:ae:fe:7f:fd:d0:5c:f5:fb:49:7e:0f:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Validity
Not Before: Mar 20 07:01:04 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=38a2668b81a4acfd3e35988963acc74c4cd268e5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:cd:da:c9:e6:fa:fe:4b:39:24:23:d1:be:ba:
4e:d4:ea:f6:a8:8a:ec:b1:78:46:d5:9f:d4:f8:e6:
b9:4c:61:e6:6e:62:01:2b:56:ec:c6:55:cd:1e:76:
a7:2f:bd:8f:e5:33:a7:12:b0:62:4b:5e:61:51:05:
4d:26:ca:32:ae:11:d2:07:da:c5:e0:01:f4:76:3d:
2d:77:93:a9:36:83:d8:8f:1f:9e:02:fc:84:42:89:
a3:93:bf:74:55:cb:18:59:66:c2:7d:f8:35:0b:6b:
19:1a:07:e1:98:e3:9d:d1:8f:17:c3:9c:e8:99:1a:
86:bb:4e:dc:70:c2:11:04:d0:6b:db:fd:07:fc:2d:
40:ee:f2:19:67:ef:bd:99:eb:d8:30:45:49:06:e3:
dd:42:d8:e6:1f:6d:0e:18:8f:da:66:71:6f:7f:59:
a2:f1:2c:03:08:ba:5d:89:00:c4:a4:42:12:ab:85:
bb:40:ed:8c:2a:af:66:68:c5:14:c9:ca:b7:b4:ef:
db:9f:57:48:34:00:48:fe:0e:43:2e:e3:74:25:98:
73:c6:74:90:36:84:b0:48:6b:34:70:d6:4c:3c:ac:
df:03:42:6a:b8:e7:af:85:c4:e2:5d:2a:e0:20:c1:
f2:32:8e:e6:72:72:3e:a0:24:c1:af:1d:ee:58:78:
84:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:A2:66:8B:81:A4:AC:FD:3E:35:98:89:63:AC:C7:4C:4C:D2:68:E5
X509v3 Authority Key Identifier:
keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OKJmi4GkrP0-NZiJY6zHTEzSaOU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.131.184.0/24
45.148.118.0/23
94.177.122.0/24
139.28.99.0/24
194.50.94.0/24
Signature Algorithm: sha256WithRSAEncryption
14:27:79:b1:7d:66:2c:5e:f1:54:c0:cc:a8:ed:3c:48:83:b1:
2e:b4:fe:5b:b4:67:99:48:3a:a0:0d:88:7b:94:ed:97:a8:95:
1e:c2:f7:85:25:be:c4:97:8f:4a:ca:38:31:c0:ba:01:f1:a9:
75:63:19:4d:03:11:d5:70:af:c1:18:38:2b:c1:33:46:ad:c2:
c9:7a:70:ff:8a:fc:f1:87:de:c9:65:e3:3b:81:32:39:17:99:
df:20:8c:d6:00:da:34:3e:1c:57:ad:4e:fe:6a:eb:bb:b6:e9:
c7:c9:7d:f6:1e:85:96:65:a2:04:a2:d7:63:49:13:4b:ba:8e:
bb:f7:97:8d:bb:e5:a9:2b:e8:c9:19:3f:17:b2:f5:2c:71:2c:
d9:7a:b0:0e:d7:19:b7:bb:6c:a1:be:dd:a1:f5:f3:70:0a:0e:
92:a8:11:dc:cb:8d:07:0f:cf:98:cb:f4:b8:87:36:4d:f3:80:
ff:d5:15:9d:ee:d6:ed:da:12:a2:da:67:26:13:49:34:29:b8:
6f:c6:44:a4:f8:0c:13:f6:1f:69:7c:42:cd:25:35:89:54:d4:
63:cf:65:4e:21:0f:2d:0f:69:00:97:3e:23:37:83:4c:31:63:
74:e1:71:79:85:62:eb:ad:5e:35:ce:50:2b:9d:a4:bf:12:82:
c4:0b:e2:50
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZ0KDDJ6rv5//dBc9ftJfg97MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwMzIwMDcwMTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGEyNjY4YjgxYTRhY2ZkM2UzNTk4ODk2M2FjYzc0YzRjZDI2OGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArc3ayeb6/ks5JCPRvrpO1Or2qIrs
sXhG1Z/U+Oa5TGHmbmIBK1bsxlXNHnanL72P5TOnErBiS15hUQVNJsoyrhHSB9rF
4AH0dj0td5OpNoPYjx+eAvyEQomjk790VcsYWWbCffg1C2sZGgfhmOOd0Y8Xw5zo
mRqGu07ccMIRBNBr2/0H/C1A7vIZZ++9mevYMEVJBuPdQtjmH20OGI/aZnFvf1mi
8SwDCLpdiQDEpEISq4W7QO2MKq9maMUUycq3tO/bn1dINABI/g5DLuN0JZhzxnSQ
NoSwSGs0cNZMPKzfA0JquOevhcTiXSrgIMHyMo7mcnI+oCTBrx3uWHiEbQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFDiiZouBpKz9PjWYiWOsx0xM0mjlMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvT0tKbWk0R2tyUDAtTlppSlk2ekhURXpTYU9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQALYO4AwQB
LZR2AwQAXrF6AwQAixxjAwQAwjJeMA0GCSqGSIb3DQEBCwUAA4IBAQAUJ3mxfWYs
XvFUwMyo7TxIg7EutP5btGeZSDqgDYh7lO2XqJUewveFJb7El49KyjgxwLoB8al1
YxlNAxHVcK/BGDgrwTNGrcLJenD/ivzxh97JZeM7gTI5F5nfIIzWANo0PhxXrU7+
auu7tunHyX32HoWWZaIEotdjSRNLuo6795eNu+WpK+jJGT8XsvUscSzZerAO1xm3
u2yhvt2h9fNwCg6SqBHcy40HD8+Yy/S4hzZN84D/1RWd7tbt2hKi2mcmE0k0Kbhv
xkSk+AwT9h9pfELNJTWJVNRjz2VOIQ8tD2kAlz4jN4NMMWN04XF5hWLrrV41zlAr
naS/EoLEC+JQ
-----END CERTIFICATE-----
Generated at Sun Mar 22 02:04:50 2026 by rpki-client