Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/NcsdRSjRqCVuItEE-ayUBzBumXE.roa
File: NcsdRSjRqCVuItEE-ayUBzBumXE.roa (raw, json)
Hash identifier: 4eAQSmJXb+9iu0td6xDo76uzZ04hrceyun+kAyHeNXk=
Subject key identifier: 35:CB:1D:45:28:D1:A8:25:6E:22:D1:04:F9:AC:94:07:30:6E:99:71
Certificate issuer: /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial: 019CB957D569B4B49FD552F7B5AEBF7EE3A9
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/NcsdRSjRqCVuItEE-ayUBzBumXE.roa
Signing time: Wed 04 Mar 2026 14:54:27 +0000
ROA not before: Wed 04 Mar 2026 14:54:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43278
IP address blocks: 85.8.186.0/24 maxlen: 24
91.220.80.0/24 maxlen: 24
185.189.255.0/24 maxlen: 24
194.147.90.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 06 Mar 2026 16:05:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:b9:57:d5:69:b4:b4:9f:d5:52:f7:b5:ae:bf:7e:e3:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Validity
Not Before: Mar 4 14:54:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=35cb1d4528d1a8256e22d104f9ac9407306e9971
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:e4:25:48:84:d2:51:6c:9c:b1:67:bb:0f:4b:
f1:0f:6d:6b:53:19:d2:20:6e:16:13:fd:34:da:24:
e4:00:46:74:11:aa:67:5e:f0:e1:02:a2:c8:65:e4:
0c:ae:66:6e:71:b0:66:a4:1a:dc:db:52:94:fa:fb:
63:b7:23:09:1f:76:0c:46:a0:a2:ce:ff:a2:29:d1:
be:55:be:f0:3d:17:17:78:b6:28:36:1c:32:31:69:
c6:dd:a7:a9:f8:e8:2e:7c:d3:a8:29:3a:7e:24:64:
c4:00:f5:57:7b:42:8d:d5:63:4a:39:27:4b:28:aa:
ad:21:8d:41:fd:b8:04:44:0f:bc:8e:6e:4c:a2:86:
26:be:60:8f:76:46:a7:a8:17:fa:6e:85:b1:f0:7d:
9f:2d:63:88:d3:30:81:b9:39:fd:0f:38:4b:c2:f8:
c5:37:ea:f3:ca:56:c9:c6:8c:c8:80:dc:85:ab:70:
a0:1c:b2:e4:22:b7:95:a5:e6:d0:ea:88:c2:5e:20:
3c:b4:24:48:4e:a3:c0:3f:2a:6d:93:0b:6a:9d:e8:
18:1b:8e:4a:0f:09:58:80:8c:42:ca:3b:06:35:47:
07:24:64:58:ee:93:15:3f:15:42:ef:51:0d:07:bd:
99:4f:57:ac:cd:5f:63:9f:a9:1a:7c:a1:dc:5a:af:
09:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:CB:1D:45:28:D1:A8:25:6E:22:D1:04:F9:AC:94:07:30:6E:99:71
X509v3 Authority Key Identifier:
keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/NcsdRSjRqCVuItEE-ayUBzBumXE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.8.186.0/24
91.220.80.0/24
185.189.255.0/24
194.147.90.0/24
Signature Algorithm: sha256WithRSAEncryption
11:29:54:39:3c:72:21:d9:91:6d:ee:7b:4f:00:61:c5:a1:58:
1e:99:11:b9:0a:5a:f1:d7:8a:a2:86:22:ca:7c:f7:59:35:da:
4f:6b:9f:5f:7c:d5:c6:15:bb:99:3a:07:31:df:7d:68:51:a9:
5e:13:25:6b:37:ee:16:a2:2c:3f:36:00:14:13:34:81:17:ee:
4c:1d:81:87:c3:f7:5f:8a:99:eb:e9:3d:d7:8a:af:77:bc:26:
87:49:fb:af:e7:27:cd:d6:a6:70:4f:38:08:50:83:26:ac:c2:
7f:f6:4a:2f:d9:d8:1a:81:00:2b:48:9e:aa:f6:ee:56:ac:6c:
ba:c8:ae:64:04:ec:93:2d:a9:c7:28:63:77:0a:36:75:19:07:
d6:68:16:fa:ff:93:a6:7f:ae:41:6e:ad:c7:41:3f:dd:43:b1:
3c:1b:89:75:9e:8f:47:bd:40:24:a4:ad:31:d1:b9:13:b6:17:
d6:2a:d5:0c:44:40:8d:9f:dd:34:ce:de:9b:a2:27:e9:f8:15:
a4:77:34:99:46:e7:b0:bd:60:50:34:c7:e6:6a:6c:99:31:ba:
94:f4:01:e8:d5:3b:e1:75:67:db:e9:b5:28:10:7a:bd:15:5c:
62:5a:4f:bf:55:0c:8b:3a:91:b7:74:e3:33:43:98:00:c9:59:
ca:e2:ed:e1
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZy5V9VptLSf1VL3ta6/fuOpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwMzA0MTQ1NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWNiMWQ0NTI4ZDFhODI1NmUyMmQxMDRmOWFjOTQwNzMwNmU5OTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhuQlSITSUWycsWe7D0vxD21rUxnS
IG4WE/002iTkAEZ0EapnXvDhAqLIZeQMrmZucbBmpBrc21KU+vtjtyMJH3YMRqCi
zv+iKdG+Vb7wPRcXeLYoNhwyMWnG3aep+OgufNOoKTp+JGTEAPVXe0KN1WNKOSdL
KKqtIY1B/bgERA+8jm5MooYmvmCPdkanqBf6boWx8H2fLWOI0zCBuTn9DzhLwvjF
N+rzylbJxozIgNyFq3CgHLLkIreVpebQ6ojCXiA8tCRITqPAPyptkwtqnegYG45K
DwlYgIxCyjsGNUcHJGRY7pMVPxVC71ENB72ZT1eszV9jn6kafKHcWq8JwwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDXLHUUo0aglbiLRBPmslAcwbplxMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvTmNzZFJTalJxQ1Z1SXRFRS1heVVCekJ1bVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVQi6AwQA
W9xQAwQAub3/AwQAwpNaMA0GCSqGSIb3DQEBCwUAA4IBAQARKVQ5PHIh2ZFt7ntP
AGHFoVgemRG5Clrx14qihiLKfPdZNdpPa59ffNXGFbuZOgcx331oUaleEyVrN+4W
oiw/NgAUEzSBF+5MHYGHw/dfipnr6T3Xiq93vCaHSfuv5yfN1qZwTzgIUIMmrMJ/
9kov2dgagQArSJ6q9u5WrGy6yK5kBOyTLanHKGN3CjZ1GQfWaBb6/5Omf65Bbq3H
QT/dQ7E8G4l1no9HvUAkpK0x0bkTthfWKtUMRECNn900zt6boifp+BWkdzSZRuew
vWBQNMfmamyZMbqU9AHo1TvhdWfb6bUoEHq9FVxiWk+/VQyLOpG3dOMzQ5gAyVnK
4u3h
-----END CERTIFICATE-----
Generated at Thu Mar 5 23:39:17 2026 by rpki-client