Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/NCKHSq1L93RSNmWsVPen2Pp7itw.roa
File: NCKHSq1L93RSNmWsVPen2Pp7itw.roa (raw, json)
Hash identifier: E1xwyNLOyD17eDTlIsUyX0bH+yVNi172nC4ro2vpPiY=
Subject key identifier: 34:22:87:4A:AD:4B:F7:74:52:36:65:AC:54:F7:A7:D8:FA:7B:8A:DC
Certificate issuer: /CN=20d4bd499f58494ac0e82263b5520a2c64d6477e
Certificate serial: 019E8DDCFB3DE4A1C7DC61182C91EC7D91B9
Authority key identifier: 20:D4:BD:49:9F:58:49:4A:C0:E8:22:63:B5:52:0A:2C:64:D6:47:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/INS9SZ9YSUrA6CJjtVIKLGTWR34.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/NCKHSq1L93RSNmWsVPen2Pp7itw.roa
Signing time: Wed 03 Jun 2026 14:22:09 +0000
ROA not before: Wed 03 Jun 2026 14:22:09 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 680
IP address blocks: 132.180.0.0/16 maxlen: 16
192.109.13.0/24 maxlen: 24
192.109.19.0/24 maxlen: 24
192.109.202.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/INS9SZ9YSUrA6CJjtVIKLGTWR34.crl
rsync://rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/INS9SZ9YSUrA6CJjtVIKLGTWR34.mft
rsync://rpki.ripe.net/repository/DEFAULT/INS9SZ9YSUrA6CJjtVIKLGTWR34.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 13:27:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:8d:dc:fb:3d:e4:a1:c7:dc:61:18:2c:91:ec:7d:91:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=20d4bd499f58494ac0e82263b5520a2c64d6477e
Validity
Not Before: Jun 3 14:22:09 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3422874aad4bf774523665ac54f7a7d8fa7b8adc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:24:41:79:ff:ed:2f:94:23:b9:34:89:34:90:
93:fc:bc:01:11:ce:b9:f5:1a:01:a8:8f:22:73:f2:
27:b7:61:d9:de:2e:0b:12:83:4d:9d:ee:e2:cb:55:
8d:c5:31:b5:7e:95:c1:91:c0:fa:1f:5f:92:bc:bf:
ea:ce:3a:01:39:ca:1c:fa:ca:57:1e:aa:16:f4:d3:
da:f9:41:d4:be:8a:d4:70:4a:cb:71:29:7d:92:82:
23:7c:19:7b:30:5f:bd:d5:51:f5:a5:68:04:45:61:
b0:9d:f0:49:f2:f5:af:c3:4f:b9:6d:ab:c9:46:c3:
c4:55:72:73:c0:74:12:18:b1:bd:6c:a9:a9:b6:dd:
cf:2c:99:80:b4:67:47:39:a2:5f:a6:36:ff:10:c8:
d0:44:81:9e:1f:1a:a6:7e:1e:7a:fa:c2:78:dd:dd:
d5:ca:45:2b:38:ce:32:a8:63:0b:cd:37:1b:98:cb:
d1:4d:9b:9b:16:65:72:2a:bc:47:22:2d:0c:a7:ea:
d6:4a:22:74:fe:2f:26:e7:26:e3:94:80:43:f5:04:
e5:e0:df:8a:78:56:9e:5d:61:b7:af:50:63:f1:46:
2f:da:83:28:00:93:06:5e:ae:0c:28:35:0b:62:0c:
70:5a:03:7f:1f:af:5c:42:5a:61:fd:66:0d:d4:89:
f9:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:22:87:4A:AD:4B:F7:74:52:36:65:AC:54:F7:A7:D8:FA:7B:8A:DC
X509v3 Authority Key Identifier:
keyid:20:D4:BD:49:9F:58:49:4A:C0:E8:22:63:B5:52:0A:2C:64:D6:47:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/INS9SZ9YSUrA6CJjtVIKLGTWR34.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/NCKHSq1L93RSNmWsVPen2Pp7itw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/INS9SZ9YSUrA6CJjtVIKLGTWR34.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
132.180.0.0/16
192.109.13.0/24
192.109.19.0/24
192.109.202.0/24
Signature Algorithm: sha256WithRSAEncryption
71:69:3f:26:8f:a7:2e:d1:23:bf:c9:e2:51:b3:c7:49:f8:c8:
3e:62:d9:dc:db:d2:cc:1e:a9:7a:fa:9c:f7:72:47:36:f3:c3:
21:57:37:9a:f9:d2:33:2b:76:04:82:be:5c:49:2d:cf:a1:05:
5d:3a:c9:ce:c9:30:bb:01:df:c5:b3:d0:44:88:c3:9f:02:f6:
31:5f:af:2e:fd:df:41:d7:bf:90:75:15:b8:f8:0a:9d:19:26:
99:46:09:0d:56:9f:b9:ba:cc:d2:0e:7d:ec:7c:6d:c0:91:38:
15:47:74:b1:85:fa:ea:f1:d0:f7:39:fa:5f:ce:9d:ec:2c:1b:
a2:06:6f:c6:6d:55:50:84:12:3f:61:a4:14:e9:e2:13:a9:1b:
b4:cb:4f:66:4d:e7:da:5a:0f:94:0a:00:05:cd:19:46:a0:db:
52:3f:e9:93:e4:ee:5f:b1:42:dd:f3:ec:e2:4d:c8:5a:48:0a:
70:b7:84:38:85:1e:ba:b1:ca:8a:49:48:33:f4:4f:d3:db:6e:
0f:e0:16:5d:20:c1:5e:ca:b4:24:77:42:c5:ab:88:8d:13:a5:
53:5d:f6:83:a4:7b:51:a4:76:a6:15:a2:68:ea:cd:e5:40:04:
d1:56:d3:a7:cf:04:76:cd:a0:22:2c:6b:2c:97:8b:e7:40:1b:
79:93:e9:4b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ6N3Ps95KHH3GEYLJHsfZG5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZDRiZDQ5OWY1ODQ5NGFjMGU4MjI2M2I1NTIwYTJjNjRk
NjQ3N2UwHhcNMjYwNjAzMTQyMjA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDIyODc0YWFkNGJmNzc0NTIzNjY1YWM1NGY3YTdkOGZhN2I4YWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1SRBef/tL5QjuTSJNJCT/LwBEc65
9RoBqI8ic/Int2HZ3i4LEoNNne7iy1WNxTG1fpXBkcD6H1+SvL/qzjoBOcoc+spX
HqoW9NPa+UHUvorUcErLcSl9koIjfBl7MF+91VH1pWgERWGwnfBJ8vWvw0+5bavJ
RsPEVXJzwHQSGLG9bKmptt3PLJmAtGdHOaJfpjb/EMjQRIGeHxqmfh56+sJ43d3V
ykUrOM4yqGMLzTcbmMvRTZubFmVyKrxHIi0Mp+rWSiJ0/i8m5ybjlIBD9QTl4N+K
eFaeXWG3r1Bj8UYv2oMoAJMGXq4MKDULYgxwWgN/H69cQlph/WYN1In5nQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDQih0qtS/d0UjZlrFT3p9j6e4rcMB8GA1UdIwQY
MBaAFCDUvUmfWElKwOgiY7VSCixk1kd+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU5TOVNaOVlTVXJBNkNKanRWSUtMR1RXUjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9hZjYwMWUtYzJiZi00YTZhLWFhMzIt
ZDJlZTE1Mzk5ZDA2LzEvTkNLSFNxMUw5M1JTTm1Xc1ZQZW4yUHA3aXR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9hZjYwMWUtYzJiZi00YTZhLWFhMzItZDJlZTE1Mzk5ZDA2
LzEvSU5TOVNaOVlTVXJBNkNKanRWSUtMR1RXUjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAATAXAwMAhLQDBADA
bQ0DBADAbRMDBADAbcowDQYJKoZIhvcNAQELBQADggEBAHFpPyaPpy7RI7/J4lGz
x0n4yD5i2dzb0sweqXr6nPdyRzbzwyFXN5r50jMrdgSCvlxJLc+hBV06yc7JMLsB
38Wz0ESIw58C9jFfry7930HXv5B1Fbj4Cp0ZJplGCQ1Wn7m6zNIOfex8bcCROBVH
dLGF+urx0Pc5+l/OnewsG6IGb8ZtVVCEEj9hpBTp4hOpG7TLT2ZN59paD5QKAAXN
GUag21I/6ZPk7l+xQt3z7OJNyFpICnC3hDiFHrqxyopJSDP0T9Pbbg/gFl0gwV7K
tCR3QsWriI0TpVNd9oOke1GkdqYVomjqzeVABNFW06fPBHbNoCIsayyXi+dAG3mT
6Us=
-----END CERTIFICATE-----
Generated at Thu Jun 11 22:32:27 2026 by rpki-client