Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/IMC5fjcQ_DWcsRbnT_lDAoFdkcM.roa
File: IMC5fjcQ_DWcsRbnT_lDAoFdkcM.roa (raw, json)
Hash identifier: A0aysdB2+Z1WaCKJ3yfflKSlHn0Wo7eICnmJ34jKbxA=
Subject key identifier: 20:C0:B9:7E:37:10:FC:35:9C:B1:16:E7:4F:F9:43:02:81:5D:91:C3
Certificate issuer: /CN=4b9f31e7352a8707b98c6d27348e8bc493d1a9af
Certificate serial: 019CD79AC7147D69AB0F5B2993E4BA839FDF
Authority key identifier: 4B:9F:31:E7:35:2A:87:07:B9:8C:6D:27:34:8E:8B:C4:93:D1:A9:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S58x5zUqhwe5jG0nNI6LxJPRqa8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/IMC5fjcQ_DWcsRbnT_lDAoFdkcM.roa
Signing time: Tue 10 Mar 2026 11:56:10 +0000
ROA not before: Tue 10 Mar 2026 11:56:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 199181
IP address blocks: 5.158.64.0/20 maxlen: 21
77.39.128.0/19 maxlen: 20
185.142.68.0/22 maxlen: 23
185.142.70.0/23 maxlen: 23
2a04:4500::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/S58x5zUqhwe5jG0nNI6LxJPRqa8.crl
rsync://rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/S58x5zUqhwe5jG0nNI6LxJPRqa8.mft
rsync://rpki.ripe.net/repository/DEFAULT/S58x5zUqhwe5jG0nNI6LxJPRqa8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 14 Mar 2026 09:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:d7:9a:c7:14:7d:69:ab:0f:5b:29:93:e4:ba:83:9f:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b9f31e7352a8707b98c6d27348e8bc493d1a9af
Validity
Not Before: Mar 10 11:56:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=20c0b97e3710fc359cb116e74ff94302815d91c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:88:15:df:8e:53:7f:e9:44:f1:26:f1:30:cf:
08:61:b1:8f:82:ba:cd:f2:21:ea:67:15:53:ad:74:
0f:20:42:0c:86:24:25:a1:00:25:d1:b0:2e:db:9f:
63:2b:a8:cc:c4:a6:90:c5:d6:df:ce:a3:76:50:2a:
54:ae:69:3d:fb:31:bf:06:55:0a:35:08:81:b8:06:
d6:08:7a:7a:b3:8f:c7:bf:ef:55:09:02:6c:b8:36:
c3:28:0d:e2:cb:44:d3:cf:59:b9:f9:58:fb:e6:35:
f7:72:3f:52:2d:b0:7c:03:29:0c:e0:b3:90:38:ee:
b6:82:2f:05:1f:a4:4f:85:af:76:ba:af:16:61:a4:
5c:2b:ed:0a:55:28:c8:90:bb:58:18:b2:2b:24:a6:
93:e5:a8:c8:a9:bc:ba:5f:41:48:46:5e:7a:b0:d1:
6a:d3:db:71:c8:6c:c3:3b:7d:d8:d5:16:ad:6b:cb:
b5:e3:6e:17:60:dd:4e:3e:a3:7b:71:52:7f:10:59:
34:74:02:d2:cb:89:9d:78:ad:be:6d:f1:f8:35:d9:
cb:62:58:a6:36:73:5b:20:24:65:03:c0:c4:47:52:
60:80:4e:0c:8a:7b:2c:06:7b:a2:43:bd:17:69:f8:
49:c1:5d:c9:cb:f9:33:a4:dc:8a:b4:94:0a:65:13:
7a:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:C0:B9:7E:37:10:FC:35:9C:B1:16:E7:4F:F9:43:02:81:5D:91:C3
X509v3 Authority Key Identifier:
keyid:4B:9F:31:E7:35:2A:87:07:B9:8C:6D:27:34:8E:8B:C4:93:D1:A9:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S58x5zUqhwe5jG0nNI6LxJPRqa8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/IMC5fjcQ_DWcsRbnT_lDAoFdkcM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/S58x5zUqhwe5jG0nNI6LxJPRqa8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.158.64.0/20
77.39.128.0/19
185.142.68.0/22
IPv6:
2a04:4500::/29
Signature Algorithm: sha256WithRSAEncryption
90:3e:4d:ae:37:46:70:36:1d:8d:73:96:91:d5:b4:b2:6d:8d:
e4:38:ad:d8:d5:a6:c8:88:ff:18:f7:5f:14:ff:4f:ff:3d:64:
06:fe:e5:00:3c:2a:36:11:87:0c:c6:36:07:b6:40:3b:d4:2d:
11:89:6a:dd:04:73:4d:e0:b1:19:d5:ec:41:f6:81:3d:64:03:
69:03:09:41:10:be:9d:16:db:b0:92:53:16:71:73:5c:32:99:
11:82:fa:13:13:e3:e0:80:e5:fe:25:75:e2:e9:c9:3c:90:2c:
de:60:0c:6b:c4:dc:42:41:68:3d:35:fd:52:f9:49:15:eb:44:
3f:84:8d:d8:d1:33:d7:50:0a:79:f3:c0:2a:90:69:08:53:43:
3e:6a:27:b3:d3:2d:a1:c9:6b:d9:60:1b:bc:93:30:f2:33:ac:
02:0d:34:d3:3e:f8:07:62:4a:a1:a6:8f:5d:e1:74:3e:c8:15:
31:b1:9d:9b:8c:19:6e:40:b4:07:e8:9d:98:8f:68:14:43:5a:
da:c2:88:c2:55:03:5c:59:db:49:5a:c5:f4:26:26:4d:47:c2:
08:2f:c9:4a:e1:23:0b:c6:1a:db:cf:b1:59:18:c6:9f:b2:0d:
09:42:ac:df:53:f2:6a:81:76:93:46:56:8f:ec:29:3e:50:e5:
72:bb:cb:81
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZzXmscUfWmrD1spk+S6g5/fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOWYzMWU3MzUyYTg3MDdiOThjNmQyNzM0OGU4YmM0OTNk
MWE5YWYwHhcNMjYwMzEwMTE1NjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGMwYjk3ZTM3MTBmYzM1OWNiMTE2ZTc0ZmY5NDMwMjgxNWQ5MWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YgV345Tf+lE8SbxMM8IYbGPgrrN
8iHqZxVTrXQPIEIMhiQloQAl0bAu259jK6jMxKaQxdbfzqN2UCpUrmk9+zG/BlUK
NQiBuAbWCHp6s4/Hv+9VCQJsuDbDKA3iy0TTz1m5+Vj75jX3cj9SLbB8AykM4LOQ
OO62gi8FH6RPha92uq8WYaRcK+0KVSjIkLtYGLIrJKaT5ajIqby6X0FIRl56sNFq
09txyGzDO33Y1Rata8u1424XYN1OPqN7cVJ/EFk0dALSy4mdeK2+bfH4NdnLYlim
NnNbICRlA8DER1JggE4MinssBnuiQ70XafhJwV3Jy/kzpNyKtJQKZRN6xwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFCDAuX43EPw1nLEW50/5QwKBXZHDMB8GA1UdIwQY
MBaAFEufMec1KocHuYxtJzSOi8ST0amvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzU4eDV6VXFod2U1akcwbk5JNkx4SlBScWE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My84NWZkMzEtZmU5MS00Mzg5LWFiNjct
MzY1MWU0MGYxNDM2LzEvSU1DNWZqY1FfRFdjc1JiblRfbERBb0Zka2NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My84NWZkMzEtZmU5MS00Mzg5LWFiNjctMzY1MWU0MGYxNDM2
LzEvUzU4eDV6VXFod2U1akcwbk5JNkx4SlBScWE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQEBZ5AAwQF
TSeAAwQCuY5EMA0EAgACMAcDBQMqBEUAMA0GCSqGSIb3DQEBCwUAA4IBAQCQPk2u
N0ZwNh2Nc5aR1bSybY3kOK3Y1abIiP8Y918U/0//PWQG/uUAPCo2EYcMxjYHtkA7
1C0RiWrdBHNN4LEZ1exB9oE9ZANpAwlBEL6dFtuwklMWcXNcMpkRgvoTE+PggOX+
JXXi6ck8kCzeYAxrxNxCQWg9Nf1S+UkV60Q/hI3Y0TPXUAp588AqkGkIU0M+aiez
0y2hyWvZYBu8kzDyM6wCDTTTPvgHYkqhpo9d4XQ+yBUxsZ2bjBluQLQH6J2Yj2gU
Q1rawojCVQNcWdtJWsX0JiZNR8IIL8lK4SMLxhrbz7FZGMafsg0JQqzfU/JqgXaT
RlaP7Ck+UOVyu8uB
-----END CERTIFICATE-----
Generated at Fri Mar 13 13:33:58 2026 by rpki-client