Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oK4b-o5eN3lnOAZv3aaUJCEWF30.roa
File: oK4b-o5eN3lnOAZv3aaUJCEWF30.roa (raw, json)
Hash identifier: AYpGmN0A02tpLtzQMCHQEICy1FmXVsN+4klV6DbwH20=
Subject key identifier: A0:AE:1B:FA:8E:5E:37:79:67:38:06:6F:DD:A6:94:24:21:16:17:7D
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019DDDAA7CE2B4B1F4E478833D1BD9575076
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oK4b-o5eN3lnOAZv3aaUJCEWF30.roa
Signing time: Thu 30 Apr 2026 09:13:51 +0000
ROA not before: Thu 30 Apr 2026 09:13:51 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 402298
IP address blocks: 79.99.75.0/24 maxlen: 24
81.168.7.0/24 maxlen: 24
81.168.100.0/24 maxlen: 24
82.152.84.0/24 maxlen: 24
82.153.115.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 01 May 2026 10:34:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:dd:aa:7c:e2:b4:b1:f4:e4:78:83:3d:1b:d9:57:50:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Apr 30 09:13:51 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a0ae1bfa8e5e37796738066fdda694242116177d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:cc:3b:18:0e:80:b5:cd:1d:2b:40:13:57:78:
93:d8:1a:76:8a:b0:c1:b6:69:e2:88:06:b7:15:a0:
87:cd:90:63:07:50:b9:4c:a5:12:6f:51:a1:b6:03:
ba:4c:61:3f:c7:1a:4f:9b:f0:a2:f5:28:9d:28:dd:
27:e9:d8:2a:70:2f:7e:15:6a:fa:41:6e:3d:b6:fd:
32:5c:d3:3b:80:d8:cd:c8:91:33:3b:82:43:1c:16:
05:8f:dc:8f:bc:ac:28:d2:05:a7:b9:79:df:ab:84:
c4:47:bf:95:1b:3e:20:c4:c0:5a:7f:99:bf:ab:da:
91:a4:0b:b8:dd:e9:c9:db:35:f5:cf:3a:b7:4d:b2:
0c:43:37:ca:c5:92:a3:eb:9e:46:d2:72:7c:b1:93:
5e:61:d2:87:e0:ed:a9:70:88:35:ed:e3:3b:28:7d:
d0:3b:85:67:48:11:ea:c0:92:6e:0c:d3:8e:f3:d3:
db:2b:a6:d5:3e:8a:ee:51:f9:c0:00:76:78:82:76:
15:48:6a:da:a6:8e:90:55:9a:c3:36:36:86:3b:52:
bd:24:88:ce:ee:48:d5:d2:9f:57:fa:32:52:e4:86:
de:08:53:54:ef:c8:98:02:19:48:5d:2c:10:4b:b0:
8d:e2:14:b1:4f:5d:ab:dc:ca:fc:89:d7:f9:2b:43:
d0:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:AE:1B:FA:8E:5E:37:79:67:38:06:6F:DD:A6:94:24:21:16:17:7D
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oK4b-o5eN3lnOAZv3aaUJCEWF30.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.99.75.0/24
81.168.7.0/24
81.168.100.0/24
82.152.84.0/24
82.153.115.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:43:7d:d5:58:f8:a4:fd:da:73:ed:2f:65:a1:b6:4c:2c:3a:
3b:fb:94:5f:b5:08:b3:d2:53:a1:66:8a:27:9e:22:7b:80:94:
39:1b:57:25:20:56:44:67:de:2b:e5:f9:b4:cb:76:31:c4:98:
76:ef:ee:3c:bf:4d:85:aa:bb:70:9c:8a:6e:3c:3f:d1:75:a5:
0e:4b:c0:6c:63:48:dc:47:db:0a:07:7e:d8:d2:c9:03:78:8e:
ab:9a:56:87:a6:bd:0a:2b:ba:6d:b7:f5:5f:43:20:44:3b:64:
85:6b:8b:30:d5:50:35:7c:1e:6f:84:cf:65:ea:ca:47:05:91:
00:1e:b2:e8:eb:96:5c:24:68:e3:95:df:39:29:60:c1:38:8c:
18:c2:77:ec:5a:ad:23:90:50:93:10:69:d6:00:3e:91:4b:83:
8d:96:d7:4e:0f:00:e4:eb:a9:b8:19:62:d2:fa:64:f8:cb:12:
2a:54:81:c2:65:1c:00:fc:e6:ee:a2:42:c1:9d:93:69:e8:0a:
d5:80:12:53:c8:4d:68:c4:6c:99:9c:c9:29:4d:3a:8c:33:ad:
fb:cc:4a:4b:b0:86:f0:0a:c7:2a:4c:e5:bc:15:3d:74:e1:46:
6d:d0:54:fe:93:6a:9a:c0:1f:98:45:69:51:e5:d8:e8:fa:d0:
6b:61:72:cc
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZ3dqnzitLH05HiDPRvZV1B2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDMwMDkxMzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGFlMWJmYThlNWUzNzc5NjczODA2NmZkZGE2OTQyNDIxMTYxNzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8w7GA6Atc0dK0ATV3iT2Bp2irDB
tmniiAa3FaCHzZBjB1C5TKUSb1GhtgO6TGE/xxpPm/Ci9SidKN0n6dgqcC9+FWr6
QW49tv0yXNM7gNjNyJEzO4JDHBYFj9yPvKwo0gWnuXnfq4TER7+VGz4gxMBaf5m/
q9qRpAu43enJ2zX1zzq3TbIMQzfKxZKj655G0nJ8sZNeYdKH4O2pcIg17eM7KH3Q
O4VnSBHqwJJuDNOO89PbK6bVPoruUfnAAHZ4gnYVSGrapo6QVZrDNjaGO1K9JIjO
7kjV0p9X+jJS5IbeCFNU78iYAhlIXSwQS7CN4hSxT12r3Mr8idf5K0PQrwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFKCuG/qOXjd5ZzgGb92mlCQhFhd9MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvb0s0Yi1vNWVOM2xuT0FadjNhYVVKQ0VXRjMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAT2NLAwQA
UagHAwQAUahkAwQAUphUAwQAUplzMA0GCSqGSIb3DQEBCwUAA4IBAQCPQ33VWPik
/dpz7S9lobZMLDo7+5RftQiz0lOhZoonniJ7gJQ5G1clIFZEZ94r5fm0y3YxxJh2
7+48v02FqrtwnIpuPD/RdaUOS8BsY0jcR9sKB37Y0skDeI6rmlaHpr0KK7ptt/Vf
QyBEO2SFa4sw1VA1fB5vhM9l6spHBZEAHrLo65ZcJGjjld85KWDBOIwYwnfsWq0j
kFCTEGnWAD6RS4ONltdODwDk66m4GWLS+mT4yxIqVIHCZRwA/ObuokLBnZNp6ArV
gBJTyE1oxGyZnMkpTTqMM637zEpLsIbwCscqTOW8FT104UZt0FT+k2qawB+YRWlR
5djo+tBrYXLM
-----END CERTIFICATE-----
Generated at Thu Apr 30 17:26:06 2026 by rpki-client