Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/7c7e90-c781-42ab-9691-ce923d19508f/1/3nfvY0I0VrbwO32y2-kd0ubWfRg.roa
File: 3nfvY0I0VrbwO32y2-kd0ubWfRg.roa (raw, json)
Hash identifier: f5ve+22gvtdJ/a/eB+O5WK4SdRb1WOcwjSGFSIVWpT4=
Subject key identifier: DE:77:EF:63:42:34:56:B6:F0:3B:7D:B2:DB:E9:1D:D2:E6:D6:7D:18
Certificate issuer: /CN=12c305404e80b5a4d70d21dab86fc5b6b801a8b8
Certificate serial: 019CB7EA88A9C3DBC2A22A784956623055AC
Authority key identifier: 12:C3:05:40:4E:80:B5:A4:D7:0D:21:DA:B8:6F:C5:B6:B8:01:A8:B8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EsMFQE6AtaTXDSHauG_FtrgBqLg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/7c7e90-c781-42ab-9691-ce923d19508f/1/3nfvY0I0VrbwO32y2-kd0ubWfRg.roa
Signing time: Wed 04 Mar 2026 08:15:26 +0000
ROA not before: Wed 04 Mar 2026 08:15:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 24594
IP address blocks: 93.95.120.0/21 maxlen: 21
93.95.123.0/24 maxlen: 24
93.95.125.0/24 maxlen: 24
93.95.126.0/24 maxlen: 24
185.120.52.0/22 maxlen: 22
185.120.54.0/24 maxlen: 24
2a00:d68::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/86/7c7e90-c781-42ab-9691-ce923d19508f/1/EsMFQE6AtaTXDSHauG_FtrgBqLg.crl
rsync://rpki.ripe.net/repository/DEFAULT/86/7c7e90-c781-42ab-9691-ce923d19508f/1/EsMFQE6AtaTXDSHauG_FtrgBqLg.mft
rsync://rpki.ripe.net/repository/DEFAULT/EsMFQE6AtaTXDSHauG_FtrgBqLg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 13 Mar 2026 14:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:b7:ea:88:a9:c3:db:c2:a2:2a:78:49:56:62:30:55:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=12c305404e80b5a4d70d21dab86fc5b6b801a8b8
Validity
Not Before: Mar 4 08:15:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=de77ef63423456b6f03b7db2dbe91dd2e6d67d18
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:2b:eb:ed:1d:ca:d5:05:d7:9c:66:8a:3d:45:
8e:1a:0f:32:e0:f0:21:d3:0c:13:28:dd:a9:b0:9c:
f3:b6:b1:d2:fa:b9:eb:0e:fc:12:df:7f:83:fe:8c:
aa:49:13:5c:0b:e1:2f:ef:b7:5c:09:89:06:d3:fa:
08:e5:10:78:32:b2:8c:6f:17:70:92:e0:8e:be:09:
f7:fe:57:cf:8e:a0:5b:78:8b:47:99:85:1f:0f:74:
87:36:2e:ad:0b:e2:76:6e:c3:17:2f:ae:ac:4c:41:
2a:b0:a9:2f:8f:1d:e5:18:53:97:da:5f:e8:a1:d7:
02:af:7a:5e:f4:1e:fb:f5:61:4c:4e:5a:6e:aa:ae:
30:a5:8b:28:7b:5b:bd:2c:76:ca:0f:99:48:17:da:
5c:0b:82:05:eb:18:6d:6a:c9:f0:34:40:e9:92:76:
54:e8:3e:2b:41:23:be:27:31:90:86:23:b1:f3:58:
84:90:31:76:68:de:ea:58:db:e6:01:70:48:2d:7a:
43:87:4d:0e:eb:95:e2:47:f8:89:da:92:34:8b:90:
b8:ca:0b:f5:a8:13:20:a2:4e:e3:9f:dc:e2:e3:59:
6c:35:62:92:89:ae:cd:17:c3:f1:e6:a6:e3:36:19:
48:7d:ec:f5:f2:61:ef:2c:a0:63:f0:bf:14:1e:08:
ea:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:77:EF:63:42:34:56:B6:F0:3B:7D:B2:DB:E9:1D:D2:E6:D6:7D:18
X509v3 Authority Key Identifier:
keyid:12:C3:05:40:4E:80:B5:A4:D7:0D:21:DA:B8:6F:C5:B6:B8:01:A8:B8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsMFQE6AtaTXDSHauG_FtrgBqLg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/7c7e90-c781-42ab-9691-ce923d19508f/1/3nfvY0I0VrbwO32y2-kd0ubWfRg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/7c7e90-c781-42ab-9691-ce923d19508f/1/EsMFQE6AtaTXDSHauG_FtrgBqLg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.95.120.0/21
185.120.52.0/22
IPv6:
2a00:d68::/32
Signature Algorithm: sha256WithRSAEncryption
36:c8:2a:3d:6e:dc:65:7f:1b:4b:22:fe:45:82:b8:b2:e7:46:
93:b5:db:07:2b:47:61:d9:68:43:54:95:83:4d:2b:33:30:77:
82:2f:9b:c5:37:51:d5:1f:54:3b:e1:5d:6f:0a:71:19:d2:ec:
f9:95:dd:24:9f:6a:28:f3:cc:b0:ee:de:a7:5d:8b:89:15:e0:
ed:5f:fc:c1:b1:69:fc:82:37:85:05:f0:dd:39:46:4c:4d:39:
25:28:89:66:b2:6e:41:47:e8:94:87:48:3f:5f:a9:74:3a:f6:
fd:d2:ac:06:1d:f7:92:11:78:5b:99:80:d5:a7:2d:b2:ca:e6:
61:5c:d6:93:46:a2:6e:07:64:e7:6b:90:c2:73:9d:c6:d9:f7:
f8:74:a4:a4:2c:04:e1:cd:e2:d9:dc:78:f7:a1:f4:d0:ac:93:
25:9e:d7:91:06:60:c7:c5:b2:8f:e3:7f:41:0a:10:e3:f5:04:
20:8c:be:ae:5f:66:77:c0:77:0c:d1:10:a0:0e:58:53:76:dd:
2b:f3:87:b0:68:1d:b3:f4:b5:01:db:5c:21:05:45:69:12:73:
22:01:5b:31:b2:76:0b:7d:a2:42:7a:eb:a8:bc:c9:04:38:41:
ba:af:8a:bb:f7:5b:de:ec:ef:f5:7b:ae:2d:08:c6:7e:2b:57:
d3:03:05:5f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZy36oipw9vCoip4SVZiMFWsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYzMwNTQwNGU4MGI1YTRkNzBkMjFkYWI4NmZjNWI2Yjgw
MWE4YjgwHhcNMjYwMzA0MDgxNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTc3ZWY2MzQyMzQ1NmI2ZjAzYjdkYjJkYmU5MWRkMmU2ZDY3ZDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCvr7R3K1QXXnGaKPUWOGg8y4PAh
0wwTKN2psJzztrHS+rnrDvwS33+D/oyqSRNcC+Ev77dcCYkG0/oI5RB4MrKMbxdw
kuCOvgn3/lfPjqBbeItHmYUfD3SHNi6tC+J2bsMXL66sTEEqsKkvjx3lGFOX2l/o
odcCr3pe9B779WFMTlpuqq4wpYsoe1u9LHbKD5lIF9pcC4IF6xhtasnwNEDpknZU
6D4rQSO+JzGQhiOx81iEkDF2aN7qWNvmAXBILXpDh00O65XiR/iJ2pI0i5C4ygv1
qBMgok7jn9zi41lsNWKSia7NF8Px5qbjNhlIfez18mHvLKBj8L8UHgjqVQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFN5372NCNFa28Dt9stvpHdLm1n0YMB8GA1UdIwQY
MBaAFBLDBUBOgLWk1w0h2rhvxba4Aai4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXNNRlFFNkF0YVRYRFNIYXVHX0Z0cmdCcUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni83YzdlOTAtYzc4MS00MmFiLTk2OTEt
Y2U5MjNkMTk1MDhmLzEvM25mdlkwSTBWcmJ3TzMyeTIta2QwdWJXZlJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni83YzdlOTAtYzc4MS00MmFiLTk2OTEtY2U5MjNkMTk1MDhm
LzEvRXNNRlFFNkF0YVRYRFNIYXVHX0Z0cmdCcUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXV94AwQC
uXg0MA0EAgACMAcDBQAqAA1oMA0GCSqGSIb3DQEBCwUAA4IBAQA2yCo9btxlfxtL
Iv5Fgriy50aTtdsHK0dh2WhDVJWDTSszMHeCL5vFN1HVH1Q74V1vCnEZ0uz5ld0k
n2oo88yw7t6nXYuJFeDtX/zBsWn8gjeFBfDdOUZMTTklKIlmsm5BR+iUh0g/X6l0
Ovb90qwGHfeSEXhbmYDVpy2yyuZhXNaTRqJuB2Tna5DCc53G2ff4dKSkLAThzeLZ
3Hj3ofTQrJMlnteRBmDHxbKP439BChDj9QQgjL6uX2Z3wHcM0RCgDlhTdt0r84ew
aB2z9LUB21whBUVpEnMiAVsxsnYLfaJCeuuovMkEOEG6r4q791ve7O/1e64tCMZ+
K1fTAwVf
-----END CERTIFICATE-----
Generated at Fri Mar 13 00:16:46 2026 by rpki-client