Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/4s5y8WXDEKwGknqqfmIxL9lz1yw.roa
File: 4s5y8WXDEKwGknqqfmIxL9lz1yw.roa (raw, json)
Hash identifier: 8w0y21oLwufJE+8XdW1oUo9yxoSajAT9ABpDbgb8X8g=
Subject key identifier: E2:CE:72:F1:65:C3:10:AC:06:92:7A:AA:7E:62:31:2F:D9:73:D7:2C
Certificate issuer: /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial: 019CB8A80ED30148FEF669429E6659ABF012
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/4s5y8WXDEKwGknqqfmIxL9lz1yw.roa
Signing time: Wed 04 Mar 2026 11:42:27 +0000
ROA not before: Wed 04 Mar 2026 11:42:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9304
IP address blocks: 109.204.104.0/21 maxlen: 24
212.134.38.0/24 maxlen: 24
212.134.45.0/24 maxlen: 24
212.134.59.0/24 maxlen: 24
212.134.116.0/22 maxlen: 24
212.134.128.0/22 maxlen: 24
212.134.136.0/22 maxlen: 24
212.134.158.0/24 maxlen: 24
212.134.204.0/22 maxlen: 24
212.134.248.0/22 maxlen: 24
212.135.134.0/24 maxlen: 24
212.135.149.0/24 maxlen: 24
212.135.152.0/24 maxlen: 24
212.135.159.0/24 maxlen: 24
212.135.253.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 05 Mar 2026 09:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:b8:a8:0e:d3:01:48:fe:f6:69:42:9e:66:59:ab:f0:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e20b034e2c497b1884488def106972704765029
Validity
Not Before: Mar 4 11:42:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=e2ce72f165c310ac06927aaa7e62312fd973d72c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:ac:f2:ec:07:4e:10:b5:95:20:f4:d5:12:c7:
b5:93:39:4a:0f:61:b1:6f:76:e9:9e:13:7c:33:81:
ca:2e:9c:6c:31:4a:c0:76:2c:cd:ee:69:5c:87:7d:
e7:cf:83:e6:2b:18:09:4c:3f:8a:d6:e8:89:19:c5:
36:6b:46:e4:31:97:bf:56:cc:cf:9c:98:9d:a1:13:
8d:10:26:cd:94:d7:59:a4:1d:e0:e4:f1:b9:0e:fe:
44:92:44:bd:b3:30:5d:6e:51:54:f5:76:97:d7:0f:
1e:b2:4f:da:ed:7f:61:95:37:e7:45:1d:18:e8:b8:
cb:08:a1:51:13:44:57:1c:96:f2:77:a8:9d:8a:ed:
cd:c5:c8:e2:f4:70:4c:49:c4:cc:69:1f:fc:19:94:
3c:82:79:6c:c1:11:82:6d:b9:13:28:e2:3f:28:3e:
b8:17:1e:25:ca:2a:30:58:b8:b3:b2:45:d4:59:7e:
16:7c:7e:cc:3e:b7:21:da:4d:f2:fa:fc:e6:ad:66:
37:2f:8a:5e:16:c7:a9:02:c5:e2:61:8a:73:d6:57:
28:a9:46:89:02:da:15:68:b9:bf:58:bc:c0:22:5c:
4e:b4:20:5e:28:b7:70:ba:49:4b:34:8c:26:95:56:
1a:95:7a:19:b6:ad:b8:57:b8:4c:58:21:bd:e6:d9:
b5:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:CE:72:F1:65:C3:10:AC:06:92:7A:AA:7E:62:31:2F:D9:73:D7:2C
X509v3 Authority Key Identifier:
keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/4s5y8WXDEKwGknqqfmIxL9lz1yw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.204.104.0/21
212.134.38.0/24
212.134.45.0/24
212.134.59.0/24
212.134.116.0/22
212.134.128.0/22
212.134.136.0/22
212.134.158.0/24
212.134.204.0/22
212.134.248.0/22
212.135.134.0/24
212.135.149.0/24
212.135.152.0/24
212.135.159.0/24
212.135.253.0/24
Signature Algorithm: sha256WithRSAEncryption
c2:b2:b5:88:3d:f2:86:79:06:a7:e0:23:45:cb:9e:51:51:54:
84:90:87:84:3f:78:dc:ea:be:2d:e2:eb:63:6f:17:88:da:b7:
96:83:5a:99:4a:50:30:ca:fa:c7:ea:16:f9:9a:47:85:f8:c2:
dd:63:9a:06:13:89:5c:78:52:02:7f:c7:25:87:f5:63:10:f9:
4a:14:a8:f9:af:e3:bc:a8:01:12:08:86:e1:38:b3:70:36:7f:
a2:30:dc:dd:4f:62:30:26:dc:68:e4:f6:7b:44:54:a3:5d:76:
ca:06:9f:79:c9:31:f1:1d:fd:56:20:f6:56:1d:88:2e:91:93:
01:1c:95:a3:db:7e:ca:23:08:6f:95:1d:1b:00:a2:aa:d6:8d:
76:1c:00:b1:5e:c5:db:25:af:97:c5:a2:a8:13:a1:7e:fe:80:
82:25:12:ad:07:a8:85:90:b4:f4:39:19:92:88:34:d5:99:5c:
03:da:3f:fd:c7:07:52:ba:99:60:de:6d:14:48:50:c1:41:2f:
3c:25:2d:3d:0d:d3:9f:da:b8:b8:90:dd:23:59:cb:af:4d:a0:
a4:1a:e3:95:8e:61:e1:44:18:bc:66:ce:66:d0:6e:42:75:4b:
be:43:53:a7:13:09:6c:20:af:a2:42:e7:dc:20:4c:07:75:58:
c9:ca:2e:2d
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZy4qA7TAUj+9mlCnmZZq/ASMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMzA0MTE0MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmNlNzJmMTY1YzMxMGFjMDY5MjdhYWE3ZTYyMzEyZmQ5NzNkNzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKzy7AdOELWVIPTVEse1kzlKD2Gx
b3bpnhN8M4HKLpxsMUrAdizN7mlch33nz4PmKxgJTD+K1uiJGcU2a0bkMZe/VszP
nJidoRONECbNlNdZpB3g5PG5Dv5EkkS9szBdblFU9XaX1w8esk/a7X9hlTfnRR0Y
6LjLCKFRE0RXHJbyd6idiu3Nxcji9HBMScTMaR/8GZQ8gnlswRGCbbkTKOI/KD64
Fx4lyiowWLizskXUWX4WfH7MPrch2k3y+vzmrWY3L4peFsepAsXiYYpz1lcoqUaJ
AtoVaLm/WLzAIlxOtCBeKLdwuklLNIwmlVYalXoZtq24V7hMWCG95tm1iwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFOLOcvFlwxCsBpJ6qn5iMS/Zc9csMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvNHM1eThXWERFS3dHa25xcWZtSXhMOWx6MXl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQDbcxoAwQA
1IYmAwQA1IYtAwQA1IY7AwQC1IZ0AwQC1IaAAwQC1IaIAwQA1IaeAwQC1IbMAwQC
1Ib4AwQA1IeGAwQA1IeVAwQA1IeYAwQA1IefAwQA1If9MA0GCSqGSIb3DQEBCwUA
A4IBAQDCsrWIPfKGeQan4CNFy55RUVSEkIeEP3jc6r4t4utjbxeI2reWg1qZSlAw
yvrH6hb5mkeF+MLdY5oGE4lceFICf8clh/VjEPlKFKj5r+O8qAESCIbhOLNwNn+i
MNzdT2IwJtxo5PZ7RFSjXXbKBp95yTHxHf1WIPZWHYgukZMBHJWj237KIwhvlR0b
AKKq1o12HACxXsXbJa+XxaKoE6F+/oCCJRKtB6iFkLT0ORmSiDTVmVwD2j/9xwdS
uplg3m0USFDBQS88JS09DdOf2ri4kN0jWcuvTaCkGuOVjmHhRBi8Zs5m0G5CdUu+
Q1OnEwlsIK+iQufcIEwHdVjJyi4t
-----END CERTIFICATE-----
Generated at Wed Mar 4 14:21:29 2026 by rpki-client