Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0RzUvveQ_LV_CLngyPUmPtEKR8w.roa
File: 0RzUvveQ_LV_CLngyPUmPtEKR8w.roa (raw, json)
Hash identifier: vzzNyUCqCYt3hPXp1Lal758TsYT/M2iwwroV8Mw5a3s=
Subject key identifier: D1:1C:D4:BE:F7:90:FC:B5:7F:08:B9:E0:C8:F5:26:3E:D1:0A:47:CC
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019D66DC6144A5BA3A62C6A16047AD722394
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0RzUvveQ_LV_CLngyPUmPtEKR8w.roa
Signing time: Tue 07 Apr 2026 07:33:32 +0000
ROA not before: Tue 07 Apr 2026 07:33:32 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 17497
IP address blocks: 82.152.249.0/24 maxlen: 24
89.213.3.0/24 maxlen: 24
89.213.67.0/24 maxlen: 24
185.49.127.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Apr 2026 20:11:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:66:dc:61:44:a5:ba:3a:62:c6:a1:60:47:ad:72:23:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Apr 7 07:33:32 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d11cd4bef790fcb57f08b9e0c8f5263ed10a47cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:bb:98:a7:6f:2d:cf:92:5f:e3:c8:a1:fb:9b:
af:59:37:22:ef:11:a3:51:82:60:9b:90:06:be:98:
0f:a4:da:f3:6d:e7:64:0a:7b:c3:53:f4:87:50:11:
8c:92:a7:83:27:c1:45:73:7e:f5:57:f1:5c:46:24:
dc:b6:01:4b:36:59:52:c8:44:5d:32:39:cd:4a:d1:
79:c2:27:3b:d5:77:72:d3:80:d7:bc:1b:5c:4b:8d:
71:42:a3:48:45:c3:2b:7a:b8:ef:de:18:b9:85:48:
8d:53:6c:9d:b2:ec:9b:5a:fb:a7:03:3a:66:d8:24:
2c:1f:40:eb:14:5e:ee:62:a1:dd:c4:14:66:76:ba:
f8:0a:b6:7c:37:16:01:f9:0d:c4:67:3f:65:3a:d2:
ce:89:c2:58:48:a2:14:4b:d0:a9:f7:33:3f:a0:f6:
fc:b2:14:11:4d:bb:0c:f7:6f:31:4b:68:b4:ee:63:
af:c6:c9:99:b9:ad:9e:fd:07:f1:14:ac:bf:9e:c9:
19:35:ab:a7:1d:a3:84:b8:41:33:77:66:b7:87:1c:
08:cd:61:a8:02:4d:08:f4:4e:33:8c:a9:fa:7f:a8:
e6:26:5f:38:f0:ef:0a:69:e4:48:a8:4e:38:4f:d2:
ed:f6:b4:1f:c7:b3:e7:42:58:b6:bc:22:57:1a:6c:
13:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:1C:D4:BE:F7:90:FC:B5:7F:08:B9:E0:C8:F5:26:3E:D1:0A:47:CC
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0RzUvveQ_LV_CLngyPUmPtEKR8w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.249.0/24
89.213.3.0/24
89.213.67.0/24
185.49.127.0/24
Signature Algorithm: sha256WithRSAEncryption
3e:c2:52:56:4f:07:50:eb:bf:34:5b:53:51:c9:4d:4a:ba:b1:
ee:77:10:97:d4:b6:0b:53:4f:15:93:26:40:ca:6a:4a:9c:99:
40:d7:cb:ab:e7:db:d7:d6:ce:58:8f:b4:e9:f2:18:c5:df:4d:
dc:f4:85:a6:c7:fa:9c:7a:07:69:93:4e:94:da:52:4f:ac:d4:
93:75:18:73:32:b9:b1:c3:a2:fa:58:b0:3c:9f:a4:75:3c:a3:
87:d4:a3:06:6e:bb:b8:64:57:48:21:cd:87:32:e5:6f:18:28:
bf:e5:f2:c4:66:57:b5:e9:90:b5:01:98:9a:7f:8b:d4:b6:06:
0d:ed:48:cb:a2:1a:43:44:03:eb:6e:3f:93:07:75:0c:cc:56:
a3:be:4b:e5:66:83:c8:0f:59:6b:df:00:0e:00:00:ea:59:0a:
e6:07:6a:e7:63:0b:be:20:2e:7b:b5:4b:98:73:03:f1:73:34:
23:2b:fe:a5:e2:c6:67:fa:cc:19:9b:36:f5:63:e1:9b:dd:4c:
c8:2a:c5:b9:ad:97:93:21:8a:2b:11:54:f9:71:a1:fa:66:14:
db:38:ca:be:fa:3f:34:55:5f:cb:a7:bc:dc:39:ed:d1:7a:68:
57:fa:79:67:b2:a2:b0:70:f0:76:b7:6c:28:90:d7:75:1c:ec:
a6:cf:6a:34
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ1m3GFEpbo6YsahYEetciOUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDA3MDczMzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTFjZDRiZWY3OTBmY2I1N2YwOGI5ZTBjOGY1MjYzZWQxMGE0N2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3buYp28tz5Jf48ih+5uvWTci7xGj
UYJgm5AGvpgPpNrzbedkCnvDU/SHUBGMkqeDJ8FFc371V/FcRiTctgFLNllSyERd
MjnNStF5wic71Xdy04DXvBtcS41xQqNIRcMrerjv3hi5hUiNU2ydsuybWvunAzpm
2CQsH0DrFF7uYqHdxBRmdrr4CrZ8NxYB+Q3EZz9lOtLOicJYSKIUS9Cp9zM/oPb8
shQRTbsM928xS2i07mOvxsmZua2e/QfxFKy/nskZNaunHaOEuEEzd2a3hxwIzWGo
Ak0I9E4zjKn6f6jmJl848O8KaeRIqE44T9Lt9rQfx7PnQli2vCJXGmwTZQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNEc1L73kPy1fwi54Mj1Jj7RCkfMMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMFJ6VXZ2ZVFfTFZfQ0xuZ3lQVW1QdEVLUjh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUpj5AwQA
WdUDAwQAWdVDAwQAuTF/MA0GCSqGSIb3DQEBCwUAA4IBAQA+wlJWTwdQ6780W1NR
yU1KurHudxCX1LYLU08VkyZAympKnJlA18ur59vX1s5Yj7Tp8hjF303c9IWmx/qc
egdpk06U2lJPrNSTdRhzMrmxw6L6WLA8n6R1PKOH1KMGbru4ZFdIIc2HMuVvGCi/
5fLEZle16ZC1AZiaf4vUtgYN7UjLohpDRAPrbj+TB3UMzFajvkvlZoPID1lr3wAO
AADqWQrmB2rnYwu+IC57tUuYcwPxczQjK/6l4sZn+swZmzb1Y+Gb3UzIKsW5rZeT
IYorEVT5caH6ZhTbOMq++j80VV/Lp7zcOe3RemhX+nlnsqKwcPB2t2wokNd1HOym
z2o0
-----END CERTIFICATE-----
Generated at Thu Apr 9 05:19:14 2026 by rpki-client