Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CSUYqoj-9hy8HDuXxPrYhw5o3dc.roa
File: CSUYqoj-9hy8HDuXxPrYhw5o3dc.roa (raw, json)
Hash identifier: 6oRZPIFd4Xmi8XKvRV1PaCFsWLn2lWCnUUWQrAR/7Rw=
Subject key identifier: 09:25:18:AA:88:FE:F6:1C:BC:1C:3B:97:C4:FA:D8:87:0E:68:DD:D7
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019D66DC63343C547CBF910277C5AE523FB3
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CSUYqoj-9hy8HDuXxPrYhw5o3dc.roa
Signing time: Tue 07 Apr 2026 07:33:32 +0000
ROA not before: Tue 07 Apr 2026 07:33:32 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 63199
IP address blocks: 80.240.88.0/24 maxlen: 24
82.152.122.0/24 maxlen: 24
89.31.234.0/24 maxlen: 24
217.145.73.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Apr 2026 20:11:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:66:dc:63:34:3c:54:7c:bf:91:02:77:c5:ae:52:3f:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Apr 7 07:33:32 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=092518aa88fef61cbc1c3b97c4fad8870e68ddd7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:50:8d:d0:15:13:ec:a8:18:26:d6:c0:ac:55:
a6:eb:ba:2d:76:ae:1f:c4:7d:49:f0:a5:4d:71:6b:
9f:e7:f4:20:1b:d3:0d:93:e8:ca:4f:d3:1c:91:59:
82:0b:f1:a2:16:8f:88:08:50:e8:64:8c:7f:d3:99:
49:bb:23:1e:d2:a2:ff:06:b3:e2:c1:f6:d0:69:4f:
86:23:a0:21:96:97:29:e1:3c:d0:aa:4e:dc:7a:a3:
18:4e:1a:d0:ea:57:14:87:9f:81:25:d0:ab:a3:17:
0b:86:eb:c9:f8:80:a5:23:8f:fc:58:f6:e8:b6:ee:
a5:7c:02:e1:c3:5a:78:54:cb:30:7e:08:ba:5d:04:
2c:96:f0:f6:a5:41:9e:6e:35:f5:ae:0d:bf:51:c8:
83:bf:d3:db:0a:14:02:f4:d6:45:df:26:e9:3e:2a:
ff:8c:1b:ce:8d:4d:44:ff:d7:1a:11:9e:90:ec:78:
05:17:32:0f:ef:48:8b:ac:ec:5a:ba:54:01:46:f2:
2e:89:a4:e4:58:56:c8:58:a1:0c:11:8f:07:c4:78:
7e:2e:2b:ce:58:0c:9e:49:b3:45:5a:a6:71:fd:99:
2f:40:e0:7d:90:ba:2d:10:f6:65:d6:ca:92:5e:21:
62:1c:e6:31:c7:4a:a3:32:6f:84:49:c6:d0:ff:00:
78:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:25:18:AA:88:FE:F6:1C:BC:1C:3B:97:C4:FA:D8:87:0E:68:DD:D7
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CSUYqoj-9hy8HDuXxPrYhw5o3dc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.240.88.0/24
82.152.122.0/24
89.31.234.0/24
217.145.73.0/24
Signature Algorithm: sha256WithRSAEncryption
12:9a:e2:9f:90:f6:67:3f:ab:78:85:c9:3b:cd:a9:ba:aa:20:
7f:2d:5f:52:ec:c5:fe:b9:7d:c4:7d:43:45:2a:90:84:71:d1:
e2:9d:3f:19:18:72:e4:12:ec:b4:5a:7e:7e:67:35:f1:96:aa:
c0:88:1c:0d:22:b4:ae:72:22:ef:a8:3b:a4:ba:9a:d7:3c:7e:
a8:40:c9:fc:3b:ad:83:3a:79:a0:8c:6c:5c:83:9c:34:47:38:
62:a2:ed:af:d3:1b:0a:9c:69:da:d2:7c:f6:de:2c:a4:c5:d7:
78:57:45:f4:36:ca:8e:0a:8b:8a:8a:e3:83:c0:dd:5b:d6:4c:
32:44:20:8e:99:e7:ad:8f:2f:c4:8c:f1:5c:83:a7:e0:96:ed:
7b:7c:cb:7f:a6:f6:83:ad:da:8c:3f:60:70:e6:ff:a7:b0:c1:
9b:39:d2:2f:ac:d8:41:2d:a9:53:22:87:9c:9c:36:23:26:86:
d3:b5:f7:b6:1e:1d:b8:8c:a1:63:4a:3c:0e:23:3f:5c:ac:5a:
a0:d0:2c:69:d4:39:ce:80:55:88:f5:d2:fd:b4:4d:5d:0d:b8:
50:b5:47:63:0e:5f:e5:bf:17:da:40:2e:46:e3:5c:c3:91:e0:
96:6f:1c:04:2f:5f:41:5b:14:a6:2a:92:61:05:ae:33:ca:0b:
82:d0:6e:71
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ1m3GM0PFR8v5ECd8WuUj+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDA3MDczMzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTI1MThhYTg4ZmVmNjFjYmMxYzNiOTdjNGZhZDg4NzBlNjhkZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFCN0BUT7KgYJtbArFWm67otdq4f
xH1J8KVNcWuf5/QgG9MNk+jKT9MckVmCC/GiFo+ICFDoZIx/05lJuyMe0qL/BrPi
wfbQaU+GI6Ahlpcp4TzQqk7ceqMYThrQ6lcUh5+BJdCroxcLhuvJ+IClI4/8WPbo
tu6lfALhw1p4VMswfgi6XQQslvD2pUGebjX1rg2/UciDv9PbChQC9NZF3ybpPir/
jBvOjU1E/9caEZ6Q7HgFFzIP70iLrOxaulQBRvIuiaTkWFbIWKEMEY8HxHh+LivO
WAyeSbNFWqZx/ZkvQOB9kLotEPZl1sqSXiFiHOYxx0qjMm+EScbQ/wB41QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFAklGKqI/vYcvBw7l8T62IcOaN3XMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQ1NVWXFvai05aHk4SER1WHhQcllodzVvM2RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUPBYAwQA
Uph6AwQAWR/qAwQA2ZFJMA0GCSqGSIb3DQEBCwUAA4IBAQASmuKfkPZnP6t4hck7
zam6qiB/LV9S7MX+uX3EfUNFKpCEcdHinT8ZGHLkEuy0Wn5+ZzXxlqrAiBwNIrSu
ciLvqDukuprXPH6oQMn8O62DOnmgjGxcg5w0Rzhiou2v0xsKnGna0nz23iykxdd4
V0X0NsqOCouKiuODwN1b1kwyRCCOmeetjy/EjPFcg6fglu17fMt/pvaDrdqMP2Bw
5v+nsMGbOdIvrNhBLalTIoecnDYjJobTtfe2Hh24jKFjSjwOIz9crFqg0Cxp1DnO
gFWI9dL9tE1dDbhQtUdjDl/lvxfaQC5G41zDkeCWbxwEL19BWxSmKpJhBa4zyguC
0G5x
-----END CERTIFICATE-----
Generated at Thu Apr 9 05:18:51 2026 by rpki-client