Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/3ItD5jxG4JJpbcwJCUfzhdJIFso.roa
File: 3ItD5jxG4JJpbcwJCUfzhdJIFso.roa (raw, json)
Hash identifier: UhKdtFu8FL701bASsI8fWBz037pstsrvgV3MSwTBCe8=
Subject key identifier: DC:8B:43:E6:3C:46:E0:92:69:6D:CC:09:09:47:F3:85:D2:48:16:CA
Certificate issuer: /CN=6fccdffda6a4c48914b5e8cde7da5d820b9c9718
Certificate serial: 019ED08E240C727FAAD1FA56FA095D34B600
Authority key identifier: 6F:CC:DF:FD:A6:A4:C4:89:14:B5:E8:CD:E7:DA:5D:82:0B:9C:97:18
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b8zf_aakxIkUtejN59pdgguclxg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/3ItD5jxG4JJpbcwJCUfzhdJIFso.roa
Signing time: Tue 16 Jun 2026 13:10:36 +0000
ROA not before: Tue 16 Jun 2026 13:10:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 8254
IP address blocks: 94.131.16.0/24 maxlen: 32
94.131.48.0/24 maxlen: 24
2a06:fcc0:5::/48 maxlen: 48
2a06:fcc0:6::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/b8zf_aakxIkUtejN59pdgguclxg.crl
rsync://rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/b8zf_aakxIkUtejN59pdgguclxg.mft
rsync://rpki.ripe.net/repository/DEFAULT/b8zf_aakxIkUtejN59pdgguclxg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 28 Jun 2026 14:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:d0:8e:24:0c:72:7f:aa:d1:fa:56:fa:09:5d:34:b6:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6fccdffda6a4c48914b5e8cde7da5d820b9c9718
Validity
Not Before: Jun 16 13:10:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=dc8b43e63c46e092696dcc090947f385d24816ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:60:84:1a:b1:07:c0:ed:20:6b:51:64:99:36:
94:bd:c6:56:b9:d2:a1:0e:7f:0f:df:83:ed:bc:fd:
6c:f0:7c:cd:af:b0:62:ec:09:7a:d3:46:10:7d:01:
c7:f2:f3:6c:3f:df:8f:56:3a:83:e4:62:09:f0:94:
63:b1:cb:6c:84:b4:14:9e:1d:f7:bb:f0:11:93:6d:
22:50:49:ee:31:8b:67:e8:9e:2d:3b:b4:c0:ca:64:
34:f2:ed:a9:60:5c:ec:b0:d9:40:cb:01:07:d0:ff:
99:c5:7a:89:20:b2:98:cc:45:55:ea:6e:50:9a:17:
11:07:0f:88:39:bb:9b:95:1d:85:a6:07:62:31:a2:
23:0a:8a:1c:d0:fb:46:71:f3:9b:58:e7:db:45:0b:
59:e0:52:ca:a6:26:22:4f:58:e6:46:b4:e5:8c:bc:
73:2a:fd:d8:59:e6:90:2a:82:98:73:d0:0b:f4:8a:
a1:6e:e2:15:de:d2:f8:75:26:63:f0:ea:0c:7b:97:
56:02:58:2b:99:8f:14:4c:b5:33:28:63:72:c1:e7:
a2:af:6a:7d:6e:76:30:9b:81:43:57:95:7d:01:03:
be:11:55:3d:9e:98:88:d4:33:ba:14:f9:64:7e:d4:
15:7f:56:7f:69:2c:8a:df:38:23:11:e7:86:e4:19:
57:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:8B:43:E6:3C:46:E0:92:69:6D:CC:09:09:47:F3:85:D2:48:16:CA
X509v3 Authority Key Identifier:
keyid:6F:CC:DF:FD:A6:A4:C4:89:14:B5:E8:CD:E7:DA:5D:82:0B:9C:97:18
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8zf_aakxIkUtejN59pdgguclxg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/3ItD5jxG4JJpbcwJCUfzhdJIFso.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/b8zf_aakxIkUtejN59pdgguclxg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.16.0/24
94.131.48.0/24
IPv6:
2a06:fcc0:5::-2a06:fcc0:6:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
79:14:c1:75:e5:bf:db:cd:24:46:e8:7a:fe:a7:dc:62:9b:61:
99:1a:96:6c:6d:2e:80:52:0b:70:92:79:92:b9:bc:d8:bd:75:
ab:c5:75:2f:93:37:a9:10:98:a7:cb:28:dc:0d:1e:de:e2:2f:
16:36:95:b2:92:57:05:d4:17:d0:2c:c4:56:0e:43:72:67:3b:
07:11:72:e4:e9:57:2b:0b:18:40:eb:8b:af:06:40:28:86:36:
99:01:46:08:15:06:e6:41:dd:90:f1:85:5a:01:a5:53:c2:d7:
1a:7c:1c:ca:21:0e:34:4b:b4:1b:b8:db:42:68:d5:93:df:63:
28:6c:23:97:fd:5c:77:89:90:91:3c:4c:7d:2f:87:d0:3b:59:
53:96:5e:8a:4f:d8:a5:97:82:81:dd:9e:05:2e:83:75:82:91:
fc:ad:f7:e4:ae:fc:23:e1:fa:85:d1:46:1d:a4:a7:08:0f:51:
30:bc:c3:f4:82:64:c9:e8:77:c8:78:81:fc:d6:c8:9a:af:74:
4e:e2:0b:04:ba:94:dc:41:5f:ab:f6:32:68:4f:3b:9f:29:40:
47:72:64:c9:db:e1:cb:b1:a3:6f:a6:61:5d:4e:0a:c0:0b:4f:
bf:8a:69:6d:76:97:e0:a0:69:c5:f4:fb:90:92:43:a9:f1:48:
29:ca:01:23
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZ7QjiQMcn+q0fpW+gldNLYAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmY2NkZmZkYTZhNGM0ODkxNGI1ZThjZGU3ZGE1ZDgyMGI5
Yzk3MTgwHhcNMjYwNjE2MTMxMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzhiNDNlNjNjNDZlMDkyNjk2ZGNjMDkwOTQ3ZjM4NWQyNDgxNmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4WCEGrEHwO0ga1FkmTaUvcZWudKh
Dn8P34PtvP1s8HzNr7Bi7Al600YQfQHH8vNsP9+PVjqD5GIJ8JRjsctshLQUnh33
u/ARk20iUEnuMYtn6J4tO7TAymQ08u2pYFzssNlAywEH0P+ZxXqJILKYzEVV6m5Q
mhcRBw+IObublR2FpgdiMaIjCooc0PtGcfObWOfbRQtZ4FLKpiYiT1jmRrTljLxz
Kv3YWeaQKoKYc9AL9IqhbuIV3tL4dSZj8OoMe5dWAlgrmY8UTLUzKGNyweeir2p9
bnYwm4FDV5V9AQO+EVU9npiI1DO6FPlkftQVf1Z/aSyK3zgjEeeG5BlX6QIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFNyLQ+Y8RuCSaW3MCQlH84XSSBbKMB8GA1UdIwQY
MBaAFG/M3/2mpMSJFLXozefaXYILnJcYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjh6Zl9hYWt4SWtVdGVqTjU5cGRnZ3VjbHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9jYjAxNTMtODAzYS00YmI2LWIxOWQt
YTc3NGU0MWQyNjRjLzEvM0l0RDVqeEc0SkpwYmN3SkNVZnpoZEpJRnNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9jYjAxNTMtODAzYS00YmI2LWIxOWQtYTc3NGU0MWQyNjRj
LzEvYjh6Zl9hYWt4SWtVdGVqTjU5cGRnZ3VjbHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDASBAIAATAMAwQAXoMQAwQA
XoMwMBoEAgACMBQwEgMHACoG/MAABQMHACoG/MAABjANBgkqhkiG9w0BAQsFAAOC
AQEAeRTBdeW/280kRuh6/qfcYpthmRqWbG0ugFILcJJ5krm82L11q8V1L5M3qRCY
p8so3A0e3uIvFjaVspJXBdQX0CzEVg5Dcmc7BxFy5OlXKwsYQOuLrwZAKIY2mQFG
CBUG5kHdkPGFWgGlU8LXGnwcyiEONEu0G7jbQmjVk99jKGwjl/1cd4mQkTxMfS+H
0DtZU5Zeik/YpZeCgd2eBS6DdYKR/K335K78I+H6hdFGHaSnCA9RMLzD9IJkyeh3
yHiB/NbImq90TuILBLqU3EFfq/YyaE87nylAR3Jkydvhy7Gjb6ZhXU4KwAtPv4pp
bXaX4KBpxfT7kJJDqfFIKcoBIw==
-----END CERTIFICATE-----
Generated at Sun Jun 28 01:21:04 2026 by rpki-client