Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/0b4629-39cc-4e6c-9e1c-991b7aee746c/1/xJC0DlbyZI1NuaWwAq4qQ5WaU7c.roa
File: xJC0DlbyZI1NuaWwAq4qQ5WaU7c.roa (raw, json)
Hash identifier: KuVc7uaamRTiDNcGOqyk3HELKRHYallBMYu1OzhhX88=
Subject key identifier: C4:90:B4:0E:56:F2:64:8D:4D:B9:A5:B0:02:AE:2A:43:95:9A:53:B7
Certificate issuer: /CN=a92dc7bdbc9d097336de6243b550ab173375ea39
Certificate serial: 019DBE8C1CE211B567F3112CB480F2CA6429
Authority key identifier: A9:2D:C7:BD:BC:9D:09:73:36:DE:62:43:B5:50:AB:17:33:75:EA:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qS3HvbydCXM23mJDtVCrFzN16jk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/74/0b4629-39cc-4e6c-9e1c-991b7aee746c/1/xJC0DlbyZI1NuaWwAq4qQ5WaU7c.roa
Signing time: Fri 24 Apr 2026 08:12:26 +0000
ROA not before: Fri 24 Apr 2026 08:12:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 3301
IP address blocks: 212.39.32.0/24 maxlen: 24
212.39.34.0/24 maxlen: 24
212.39.35.0/24 maxlen: 24
212.39.36.0/24 maxlen: 24
212.39.37.0/24 maxlen: 24
212.39.38.0/24 maxlen: 24
212.39.39.0/24 maxlen: 24
2a12:1587::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/74/0b4629-39cc-4e6c-9e1c-991b7aee746c/1/qS3HvbydCXM23mJDtVCrFzN16jk.crl
rsync://rpki.ripe.net/repository/DEFAULT/74/0b4629-39cc-4e6c-9e1c-991b7aee746c/1/qS3HvbydCXM23mJDtVCrFzN16jk.mft
rsync://rpki.ripe.net/repository/DEFAULT/qS3HvbydCXM23mJDtVCrFzN16jk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 27 Apr 2026 20:17:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:be:8c:1c:e2:11:b5:67:f3:11:2c:b4:80:f2:ca:64:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a92dc7bdbc9d097336de6243b550ab173375ea39
Validity
Not Before: Apr 24 08:12:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c490b40e56f2648d4db9a5b002ae2a43959a53b7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:07:49:03:31:bb:04:5b:ff:b3:67:c0:1a:e8:
98:b7:4e:7d:4b:d1:8f:e4:53:7b:fa:19:ea:d7:8e:
bc:bf:5c:0f:55:3f:b9:b3:43:05:b4:4f:04:88:d9:
b4:59:6d:55:dd:fb:83:92:fe:0d:1b:68:73:7d:56:
1a:ca:06:a7:d1:14:e3:28:43:47:5a:63:b7:82:27:
94:06:23:02:de:2d:2e:45:e4:b4:bb:33:90:24:cc:
9f:37:05:00:cd:d0:8a:b0:bd:c6:ef:cd:97:9b:80:
31:f9:79:18:8c:5d:a7:9b:55:fd:33:77:0b:39:82:
92:d5:a0:70:85:d6:6a:f2:ce:a7:12:15:2f:2d:de:
78:1c:e5:b5:bf:87:26:f8:1a:84:d0:af:9d:81:c1:
58:43:82:c4:a5:0c:91:01:32:dc:70:94:f0:79:40:
4f:da:a5:3a:3f:c0:d6:57:15:4f:0b:65:7a:53:98:
a0:31:f7:5f:f0:4d:c2:23:c5:36:e5:95:b6:36:48:
21:f4:43:31:b5:f8:9f:7e:71:1d:20:b1:95:d1:d8:
e0:9d:d3:ef:67:17:bb:95:99:d9:1e:fc:61:dd:1d:
a7:d8:72:73:88:fa:d9:aa:de:5f:29:61:5d:f1:a6:
3a:cb:c0:53:62:fd:20:70:6e:7e:ec:6b:17:cc:8a:
8e:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:90:B4:0E:56:F2:64:8D:4D:B9:A5:B0:02:AE:2A:43:95:9A:53:B7
X509v3 Authority Key Identifier:
keyid:A9:2D:C7:BD:BC:9D:09:73:36:DE:62:43:B5:50:AB:17:33:75:EA:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qS3HvbydCXM23mJDtVCrFzN16jk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/0b4629-39cc-4e6c-9e1c-991b7aee746c/1/xJC0DlbyZI1NuaWwAq4qQ5WaU7c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/74/0b4629-39cc-4e6c-9e1c-991b7aee746c/1/qS3HvbydCXM23mJDtVCrFzN16jk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.39.32.0/24
212.39.34.0-212.39.39.255
IPv6:
2a12:1587::/48
Signature Algorithm: sha256WithRSAEncryption
44:8e:22:cc:7a:15:79:49:36:48:ec:95:cf:b8:bf:c5:3f:5b:
65:20:75:be:70:a0:58:bf:2d:ec:fe:ee:22:e5:a5:12:98:d6:
a7:a9:31:f6:5a:5b:d8:5f:78:41:bc:80:41:75:1a:fd:8c:a1:
1f:2d:0c:6a:6b:46:69:74:5f:e1:76:27:6a:c8:8a:9c:70:fe:
1a:fb:4f:91:d6:e1:69:0d:3c:e0:5e:cd:0b:6a:39:a3:ca:30:
ea:5e:8f:2e:32:c9:b7:14:c8:5d:b2:99:9a:21:0f:eb:19:14:
79:34:df:37:e9:6a:aa:aa:95:71:36:36:13:55:7a:12:96:60:
0e:3e:f0:d7:fb:dc:f0:e3:6b:ab:b6:c4:1f:ed:f6:37:cf:3e:
e0:00:e0:ed:10:35:b4:3c:0a:50:4e:a6:a8:c6:29:71:84:0d:
fd:00:89:28:ae:c7:f7:bc:0a:fc:a5:7e:40:1a:a6:da:22:4b:
e4:44:24:ac:89:83:b7:e4:5b:f0:49:11:7d:22:54:40:31:51:
03:94:d3:03:69:06:35:d1:d6:be:a0:d0:58:4f:fa:9e:7d:6f:
0b:97:87:85:b0:35:c3:77:2e:8c:46:08:af:9f:4f:5c:0a:74:
8d:68:91:4b:ea:06:67:fe:00:98:46:55:be:e1:a2:19:95:06:
9f:fd:3d:6d
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAZ2+jBziEbVn8xEstIDyymQpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MmRjN2JkYmM5ZDA5NzMzNmRlNjI0M2I1NTBhYjE3MzM3
NWVhMzkwHhcNMjYwNDI0MDgxMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDkwYjQwZTU2ZjI2NDhkNGRiOWE1YjAwMmFlMmE0Mzk1OWE1M2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwdJAzG7BFv/s2fAGuiYt059S9GP
5FN7+hnq1468v1wPVT+5s0MFtE8EiNm0WW1V3fuDkv4NG2hzfVYaygan0RTjKENH
WmO3gieUBiMC3i0uReS0uzOQJMyfNwUAzdCKsL3G782Xm4Ax+XkYjF2nm1X9M3cL
OYKS1aBwhdZq8s6nEhUvLd54HOW1v4cm+BqE0K+dgcFYQ4LEpQyRATLccJTweUBP
2qU6P8DWVxVPC2V6U5igMfdf8E3CI8U25ZW2Nkgh9EMxtfiffnEdILGV0djgndPv
Zxe7lZnZHvxh3R2n2HJziPrZqt5fKWFd8aY6y8BTYv0gcG5+7GsXzIqOAQIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFMSQtA5W8mSNTbmlsAKuKkOVmlO3MB8GA1UdIwQY
MBaAFKktx728nQlzNt5iQ7VQqxczdeo5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVMzSHZieWRDWE0yM21KRHRWQ3JGek4xNmprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8wYjQ2MjktMzljYy00ZTZjLTllMWMt
OTkxYjdhZWU3NDZjLzEveEpDMERsYnlaSTFOdWFXd0FxNHFRNVdhVTdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8wYjQ2MjktMzljYy00ZTZjLTllMWMtOTkxYjdhZWU3NDZj
LzEvcVMzSHZieWRDWE0yM21KRHRWQ3JGek4xNmprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTAaBAIAATAUAwQA1CcgMAwD
BAHUJyIDBAPUJyAwDwQCAAIwCQMHACoSFYcAADANBgkqhkiG9w0BAQsFAAOCAQEA
RI4izHoVeUk2SOyVz7i/xT9bZSB1vnCgWL8t7P7uIuWlEpjWp6kx9lpb2F94QbyA
QXUa/YyhHy0MamtGaXRf4XYnasiKnHD+GvtPkdbhaQ084F7NC2o5o8ow6l6PLjLJ
txTIXbKZmiEP6xkUeTTfN+lqqqqVcTY2E1V6EpZgDj7w1/vc8ONrq7bEH+32N88+
4ADg7RA1tDwKUE6mqMYpcYQN/QCJKK7H97wK/KV+QBqm2iJL5EQkrImDt+Rb8EkR
fSJUQDFRA5TTA2kGNdHWvqDQWE/6nn1vC5eHhbA1w3cujEYIr59PXAp0jWiRS+oG
Z/4AmEZVvuGiGZUGn/09bQ==
-----END CERTIFICATE-----
Generated at Mon Apr 27 03:06:35 2026 by rpki-client