Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CrXk7yW31R7pLJkRVzsgyKZWXJs.roa
File: CrXk7yW31R7pLJkRVzsgyKZWXJs.roa (raw, json)
Hash identifier: 4MmvDhUPESOTLePm4d7LBV0A/mg9p0RzkV0/1tiJjQE=
Subject key identifier: 0A:B5:E4:EF:25:B7:D5:1E:E9:2C:99:11:57:3B:20:C8:A6:56:5C:9B
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019E83DAB12DDE5413A2D23E4C9C9105D216
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CrXk7yW31R7pLJkRVzsgyKZWXJs.roa
Signing time: Mon 01 Jun 2026 15:43:28 +0000
ROA not before: Mon 01 Jun 2026 15:43:28 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9304
IP address blocks: 81.168.68.0/24 maxlen: 24
81.168.76.0/24 maxlen: 24
82.152.59.0/24 maxlen: 24
82.153.182.0/24 maxlen: 24
82.153.213.0/24 maxlen: 24
89.213.202.0/23 maxlen: 24
217.144.153.0/24 maxlen: 24
217.145.73.0/24 maxlen: 24
217.145.75.0/24 maxlen: 24
217.145.76.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 03 Jun 2026 13:25:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:83:da:b1:2d:de:54:13:a2:d2:3e:4c:9c:91:05:d2:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jun 1 15:43:28 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0ab5e4ef25b7d51ee92c9911573b20c8a6565c9b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:2e:0d:07:91:b5:9a:a7:dd:f0:9c:a0:2a:db:
1e:e9:f2:c6:a8:db:9e:84:b0:22:67:b8:b8:c1:51:
1d:42:5a:b9:0e:96:f0:9a:6e:08:4e:28:c0:ff:2c:
1a:34:4b:bc:76:b9:b0:a5:ef:3c:13:f3:2e:b5:c0:
40:f8:94:99:9f:43:89:25:a9:4c:4f:84:ad:84:bd:
ac:73:8d:86:91:13:60:cf:cb:49:41:1a:30:34:12:
85:42:19:48:f8:4f:6d:c9:66:9a:c5:a8:4f:f0:a3:
0b:e7:44:80:91:77:57:5d:ee:92:03:ab:57:79:fc:
15:c3:6a:6c:ce:5f:33:61:f2:89:fa:ef:31:a6:91:
9d:60:68:2c:50:a5:da:27:3d:44:2a:38:dc:2e:90:
ac:18:7d:1d:36:6e:14:90:5d:56:32:ad:89:9c:6c:
81:db:e3:47:02:36:f8:cb:f7:ab:a5:67:52:1c:33:
be:5a:16:1e:f6:5c:48:7d:ad:1c:e9:83:ea:d9:73:
f8:98:c0:c9:c1:1f:8d:0a:ef:fe:2b:61:b3:54:1b:
48:6d:40:c3:a9:41:74:23:ac:34:d1:10:92:2d:5e:
93:fb:c6:06:46:40:41:f9:f1:d5:03:37:7b:4d:3b:
1b:8b:aa:29:13:c5:35:c3:61:37:3c:bb:52:97:a9:
bf:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:B5:E4:EF:25:B7:D5:1E:E9:2C:99:11:57:3B:20:C8:A6:56:5C:9B
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CrXk7yW31R7pLJkRVzsgyKZWXJs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.68.0/24
81.168.76.0/24
82.152.59.0/24
82.153.182.0/24
82.153.213.0/24
89.213.202.0/23
217.144.153.0/24
217.145.73.0/24
217.145.75.0-217.145.76.255
Signature Algorithm: sha256WithRSAEncryption
52:f4:23:3a:d9:19:6a:7c:17:99:88:f4:f0:8e:f2:6d:4e:33:
ac:2c:b1:09:39:da:8b:44:2d:a1:90:aa:86:65:04:3c:94:bc:
7f:41:97:2a:74:b2:b2:09:bc:4c:20:28:26:62:f2:47:28:1a:
0d:13:7b:9b:21:0a:3d:1f:70:8f:e1:de:c5:07:57:f1:10:07:
b5:69:90:9b:ad:0d:be:00:6c:c8:4d:b5:80:76:5b:60:bb:5f:
ff:b6:1e:3c:d7:e3:39:cc:8f:c0:c3:39:9b:94:5a:18:b3:c1:
c4:9d:c3:d8:aa:9b:28:3a:60:c9:e2:e9:ec:0f:73:cd:34:a7:
0f:13:9d:9b:3d:e3:02:21:e1:fd:4e:4d:00:55:e7:1f:a3:d1:
64:57:aa:47:37:2d:2c:c2:e6:cc:d6:ce:30:30:c9:18:09:a4:
d2:9e:47:00:d8:d4:61:b8:7f:28:c5:82:2e:fe:4a:8d:38:d8:
2d:2e:b1:ea:d0:37:4b:39:20:24:79:17:f4:41:db:47:59:0f:
7f:f7:75:b0:d8:28:7b:26:ad:8d:fe:7a:cc:d9:4f:1a:4b:96:
01:4b:73:1b:64:0b:fc:4f:ce:bd:09:47:57:7f:32:6d:2b:7a:
21:57:48:21:55:50:28:1c:21:6b:1d:f7:bf:2a:91:7c:6a:14:
28:0e:aa:36
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZ6D2rEt3lQTotI+TJyRBdIWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjAxMTU0MzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWI1ZTRlZjI1YjdkNTFlZTkyYzk5MTE1NzNiMjBjOGE2NTY1YzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoS4NB5G1mqfd8JygKtse6fLGqNue
hLAiZ7i4wVEdQlq5Dpbwmm4ITijA/ywaNEu8drmwpe88E/MutcBA+JSZn0OJJalM
T4SthL2sc42GkRNgz8tJQRowNBKFQhlI+E9tyWaaxahP8KML50SAkXdXXe6SA6tX
efwVw2pszl8zYfKJ+u8xppGdYGgsUKXaJz1EKjjcLpCsGH0dNm4UkF1WMq2JnGyB
2+NHAjb4y/erpWdSHDO+WhYe9lxIfa0c6YPq2XP4mMDJwR+NCu/+K2GzVBtIbUDD
qUF0I6w00RCSLV6T+8YGRkBB+fHVAzd7TTsbi6opE8U1w2E3PLtSl6m/OwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFAq15O8lt9Ue6SyZEVc7IMimVlybMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQ3JYazd5VzMxUjdwTEprUlZ6c2d5S1pXWEpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAUahEAwQA
UahMAwQAUpg7AwQAUpm2AwQAUpnVAwQBWdXKAwQA2ZCZAwQA2ZFJMAwDBADZkUsD
BADZkUwwDQYJKoZIhvcNAQELBQADggEBAFL0IzrZGWp8F5mI9PCO8m1OM6wssQk5
2otELaGQqoZlBDyUvH9Blyp0srIJvEwgKCZi8kcoGg0Te5shCj0fcI/h3sUHV/EQ
B7VpkJutDb4AbMhNtYB2W2C7X/+2HjzX4znMj8DDOZuUWhizwcSdw9iqmyg6YMni
6ewPc800pw8TnZs94wIh4f1OTQBV5x+j0WRXqkc3LSzC5szWzjAwyRgJpNKeRwDY
1GG4fyjFgi7+So042C0userQN0s5ICR5F/RB20dZD3/3dbDYKHsmrY3+eszZTxpL
lgFLcxtkC/xPzr0JR1d/Mm0reiFXSCFVUCgcIWsd978qkXxqFCgOqjY=
-----END CERTIFICATE-----
Generated at Tue Jun 2 20:50:56 2026 by rpki-client