Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pMPBLSnfpDf_IMx2XEEavrq2u0M.roa
File: pMPBLSnfpDf_IMx2XEEavrq2u0M.roa (raw, json)
Hash identifier: M9jLmT/VL53X4fuWpNq8HYmR/M5D2LwZJXiToybGmUk=
Subject key identifier: A4:C3:C1:2D:29:DF:A4:37:FF:20:CC:76:5C:41:1A:BE:BA:B6:BB:43
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019D9B2C8E98F3AEA8E5019010B260848AAC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pMPBLSnfpDf_IMx2XEEavrq2u0M.roa
Signing time: Fri 17 Apr 2026 11:21:21 +0000
ROA not before: Fri 17 Apr 2026 11:21:21 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 214025
IP address blocks: 37.98.146.0/24 maxlen: 24
82.153.51.0/24 maxlen: 24
82.163.8.0/24 maxlen: 24
89.31.238.0/24 maxlen: 24
109.176.213.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 17:00:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:9b:2c:8e:98:f3:ae:a8:e5:01:90:10:b2:60:84:8a:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Apr 17 11:21:21 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a4c3c12d29dfa437ff20cc765c411abebab6bb43
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:c8:fd:9b:6e:7e:dc:a2:1c:cd:11:96:3d:fd:
a9:04:c5:b3:00:17:22:d0:fa:75:90:2b:4b:9b:9f:
4c:1a:08:34:48:90:aa:49:cc:41:74:54:76:24:60:
bc:05:af:b0:28:d3:07:96:c5:85:b4:a6:71:ce:6b:
0e:f5:fd:4e:e3:d9:ae:c4:b0:36:bf:5c:ae:86:fd:
56:97:e7:11:19:73:2b:33:36:13:25:ef:fb:df:28:
7a:9c:5d:54:27:19:02:62:53:17:cb:80:e2:b9:bc:
c5:45:80:39:37:91:df:c7:1c:b9:3a:33:60:a0:9e:
02:cb:d4:1e:4c:16:6c:28:c4:d0:6f:3f:03:91:96:
39:c8:e8:62:56:85:55:d2:ed:c1:e2:74:53:5d:8b:
1e:aa:03:2d:43:59:53:76:e6:83:a5:76:ae:b9:f3:
81:0b:19:a9:af:6c:e1:b3:43:d8:99:50:39:54:4c:
9f:fb:d0:2d:bd:87:ad:32:4f:fb:82:77:fc:2a:3b:
c7:28:32:f7:c8:9f:1c:36:06:ae:04:f5:77:d3:7c:
8f:e3:a6:1e:1c:a4:ef:98:70:77:b8:8b:ea:25:86:
d9:c8:e3:1b:74:4f:7a:1a:44:84:be:2c:87:51:79:
82:21:61:a6:40:62:db:cc:de:7c:91:2f:a7:70:2c:
d1:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:C3:C1:2D:29:DF:A4:37:FF:20:CC:76:5C:41:1A:BE:BA:B6:BB:43
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pMPBLSnfpDf_IMx2XEEavrq2u0M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.98.146.0/24
82.153.51.0/24
82.163.8.0/24
89.31.238.0/24
109.176.213.0/24
Signature Algorithm: sha256WithRSAEncryption
9a:ea:a1:ac:4c:63:b2:fb:6c:b3:42:a8:12:a7:75:33:4c:16:
d7:4b:9c:73:fe:d3:59:6e:26:52:ae:1b:84:10:28:57:27:77:
6b:aa:1b:2e:0c:e2:56:58:fa:50:fb:d0:82:b2:a4:7b:bf:23:
5a:ca:cf:d3:f1:95:fd:dc:22:e8:ed:04:a0:ee:f4:a7:f4:16:
fc:2f:8f:5d:04:8b:67:ac:f4:25:65:bc:a3:28:4e:de:fe:71:
7d:ba:6b:0c:b2:1f:5c:75:ba:99:e5:42:0a:6c:33:d7:4a:a0:
8c:a5:2d:5c:f6:da:f3:4b:8c:8c:bf:d6:25:4f:a2:78:e2:6d:
b5:db:b8:6b:ed:58:18:20:38:66:b1:9a:e8:68:a1:7e:6d:81:
93:d7:be:21:a5:ad:58:ae:1a:b3:ee:3c:18:37:6c:cd:18:0d:
23:36:74:cc:eb:56:aa:83:05:54:08:08:90:4b:03:1c:be:e1:
33:1e:af:d8:bd:56:09:7b:90:eb:8b:93:f3:4a:71:1b:99:35:
a3:db:60:63:84:b5:50:7f:c0:fd:6c:e1:df:bb:93:50:b8:03:
3b:fe:44:f7:a5:12:c4:cd:f6:3f:05:ca:a8:fa:ad:bf:29:ed:
cc:81:5a:04:7b:16:3d:a4:04:24:49:75:76:79:fd:69:70:10:
58:44:c2:1e
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZ2bLI6Y866o5QGQELJghIqsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDE3MTEyMTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGMzYzEyZDI5ZGZhNDM3ZmYyMGNjNzY1YzQxMWFiZWJhYjZiYjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMj9m25+3KIczRGWPf2pBMWzABci
0Pp1kCtLm59MGgg0SJCqScxBdFR2JGC8Ba+wKNMHlsWFtKZxzmsO9f1O49muxLA2
v1yuhv1Wl+cRGXMrMzYTJe/73yh6nF1UJxkCYlMXy4DiubzFRYA5N5Hfxxy5OjNg
oJ4Cy9QeTBZsKMTQbz8DkZY5yOhiVoVV0u3B4nRTXYseqgMtQ1lTduaDpXauufOB
Cxmpr2zhs0PYmVA5VEyf+9AtvYetMk/7gnf8KjvHKDL3yJ8cNgauBPV303yP46Ye
HKTvmHB3uIvqJYbZyOMbdE96GkSEviyHUXmCIWGmQGLbzN58kS+ncCzReQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFKTDwS0p36Q3/yDMdlxBGr66trtDMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcE1QQkxTbmZwRGZfSU14MlhFRWF2cnEydTBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAJWKSAwQA
UpkzAwQAUqMIAwQAWR/uAwQAbbDVMA0GCSqGSIb3DQEBCwUAA4IBAQCa6qGsTGOy
+2yzQqgSp3UzTBbXS5xz/tNZbiZSrhuEEChXJ3drqhsuDOJWWPpQ+9CCsqR7vyNa
ys/T8ZX93CLo7QSg7vSn9Bb8L49dBItnrPQlZbyjKE7e/nF9umsMsh9cdbqZ5UIK
bDPXSqCMpS1c9trzS4yMv9YlT6J44m2127hr7VgYIDhmsZroaKF+bYGT174hpa1Y
rhqz7jwYN2zNGA0jNnTM61aqgwVUCAiQSwMcvuEzHq/YvVYJe5Dri5PzSnEbmTWj
22BjhLVQf8D9bOHfu5NQuAM7/kT3pRLEzfY/Bcqo+q2/Ke3MgVoEexY9pAQkSXV2
ef1pcBBYRMIe
-----END CERTIFICATE-----
Generated at Mon Apr 20 01:48:57 2026 by rpki-client