Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/3b6fb4-52e8-44e2-abe8-2c2fbad2f011/1/kniFntdxPbS1jBvN0hKNK7QT914.roa
File: kniFntdxPbS1jBvN0hKNK7QT914.roa (raw, json)
Hash identifier: Hc1QVDwdt4HeTUIYJSo4nwn3K1JUnhk+8tjIWHMrCAk=
Subject key identifier: 92:78:85:9E:D7:71:3D:B4:B5:8C:1B:CD:D2:12:8D:2B:B4:13:F7:5E
Certificate issuer: /CN=43aeb8ff55bd46500b27db9cf1dec256276b2b6a
Certificate serial: 019E633A78382F01695A98E4C6FB547BFB33
Authority key identifier: 43:AE:B8:FF:55:BD:46:50:0B:27:DB:9C:F1:DE:C2:56:27:6B:2B:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Q664_1W9RlALJ9uc8d7CVidrK2o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a1/3b6fb4-52e8-44e2-abe8-2c2fbad2f011/1/kniFntdxPbS1jBvN0hKNK7QT914.roa
Signing time: Tue 26 May 2026 07:40:36 +0000
ROA not before: Tue 26 May 2026 07:40:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 204589
IP address blocks: 91.212.14.0/24 maxlen: 24
185.150.156.0/23 maxlen: 24
185.150.158.0/24 maxlen: 24
185.246.31.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a1/3b6fb4-52e8-44e2-abe8-2c2fbad2f011/1/Q664_1W9RlALJ9uc8d7CVidrK2o.crl
rsync://rpki.ripe.net/repository/DEFAULT/a1/3b6fb4-52e8-44e2-abe8-2c2fbad2f011/1/Q664_1W9RlALJ9uc8d7CVidrK2o.mft
rsync://rpki.ripe.net/repository/DEFAULT/Q664_1W9RlALJ9uc8d7CVidrK2o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 13:27:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:63:3a:78:38:2f:01:69:5a:98:e4:c6:fb:54:7b:fb:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43aeb8ff55bd46500b27db9cf1dec256276b2b6a
Validity
Not Before: May 26 07:40:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9278859ed7713db4b58c1bcdd2128d2bb413f75e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:cb:60:fe:cc:2a:be:68:3b:a0:96:8d:6e:f8:
b3:cb:5c:49:4b:fc:e5:72:a0:a1:39:10:55:0f:74:
ab:98:a5:2e:cb:06:e7:f8:ff:75:0a:ef:a2:bd:87:
a0:8a:25:c9:b3:de:20:19:f8:20:d5:7a:db:7c:b5:
9a:a1:e2:68:60:f3:4a:76:0f:52:9c:a2:f0:e0:91:
d9:91:cd:58:51:57:90:e7:e1:6f:2b:8a:b7:4f:28:
3a:04:a1:2a:63:b2:88:9c:b7:ad:fc:d1:3f:66:45:
3f:92:cf:0f:2c:85:39:ac:50:ab:57:23:09:ca:1c:
31:d2:45:b9:74:8b:1c:8a:6a:3e:b4:1e:47:af:ba:
bd:67:41:9f:bc:10:da:0a:af:8e:ac:d3:61:9c:d6:
47:25:d2:3a:c3:fa:dc:13:ef:05:89:ba:22:0c:fc:
29:93:8a:84:02:58:7f:d8:25:da:90:8d:86:1e:71:
d8:27:e3:59:ac:09:62:22:86:de:17:7e:f0:9c:c2:
d2:52:dd:4c:96:06:75:4b:b6:31:45:56:9f:a9:16:
a2:d0:82:47:9f:10:cc:3d:93:49:b7:ff:6f:79:fb:
9b:1c:42:cd:6f:b2:27:69:85:66:f7:60:d1:e0:c6:
2e:a3:0e:70:08:fd:e3:a9:bd:60:fc:70:e5:88:74:
f2:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:78:85:9E:D7:71:3D:B4:B5:8C:1B:CD:D2:12:8D:2B:B4:13:F7:5E
X509v3 Authority Key Identifier:
keyid:43:AE:B8:FF:55:BD:46:50:0B:27:DB:9C:F1:DE:C2:56:27:6B:2B:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q664_1W9RlALJ9uc8d7CVidrK2o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/3b6fb4-52e8-44e2-abe8-2c2fbad2f011/1/kniFntdxPbS1jBvN0hKNK7QT914.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/3b6fb4-52e8-44e2-abe8-2c2fbad2f011/1/Q664_1W9RlALJ9uc8d7CVidrK2o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.212.14.0/24
185.150.156.0-185.150.158.255
185.246.31.0/24
Signature Algorithm: sha256WithRSAEncryption
a2:55:73:66:ce:ae:05:5d:82:15:8b:02:99:b4:51:97:c0:78:
b7:70:02:c0:4a:26:62:ec:ac:78:ca:39:92:17:90:5e:1d:7f:
8c:68:0f:6d:5b:cb:2e:8d:5e:58:e6:b4:eb:e5:48:49:ed:f1:
9b:fc:ca:b6:05:96:14:8e:17:90:6e:a9:2a:bc:d2:b7:b7:36:
f0:f5:01:5d:26:98:a5:3e:d6:61:49:70:f2:61:4d:c8:fe:5b:
bb:6f:b4:05:e1:7a:1e:32:7f:f5:15:93:64:40:00:ff:24:b6:
18:09:33:ed:12:df:a4:56:85:e8:51:09:42:2d:05:80:d5:d9:
d3:a7:fc:2a:1a:1e:3e:e6:e6:65:c4:e4:a1:57:4a:a7:c4:3c:
92:94:ab:52:19:29:65:7c:fb:6f:4a:23:c8:9b:1f:a9:77:3d:
90:02:18:7a:ff:0f:4f:3a:11:8e:4d:15:79:3a:17:22:c2:1c:
16:51:22:1d:45:7c:89:27:d4:5e:3c:cf:97:91:f5:fa:0f:5f:
7b:22:66:e3:30:47:04:9f:21:3d:fb:3f:d0:41:04:5d:29:6f:
77:1f:86:18:9c:e5:7c:6d:2c:57:0a:9a:11:2d:73:53:d6:38:
08:8f:d0:44:77:65:15:5c:7d:b6:ab:f8:f7:7f:5b:b2:55:c2:
2d:b2:4f:af
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZ5jOng4LwFpWpjkxvtUe/szMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYWViOGZmNTViZDQ2NTAwYjI3ZGI5Y2YxZGVjMjU2Mjc2
YjJiNmEwHhcNMjYwNTI2MDc0MDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjc4ODU5ZWQ3NzEzZGI0YjU4YzFiY2RkMjEyOGQyYmI0MTNmNzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3stg/swqvmg7oJaNbvizy1xJS/zl
cqChORBVD3SrmKUuywbn+P91Cu+ivYegiiXJs94gGfgg1XrbfLWaoeJoYPNKdg9S
nKLw4JHZkc1YUVeQ5+FvK4q3Tyg6BKEqY7KInLet/NE/ZkU/ks8PLIU5rFCrVyMJ
yhwx0kW5dIscimo+tB5Hr7q9Z0GfvBDaCq+OrNNhnNZHJdI6w/rcE+8FiboiDPwp
k4qEAlh/2CXakI2GHnHYJ+NZrAliIobeF37wnMLSUt1MlgZ1S7YxRVafqRai0IJH
nxDMPZNJt/9vefubHELNb7InaYVm92DR4MYuow5wCP3jqb1g/HDliHTyaQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFJJ4hZ7XcT20tYwbzdISjSu0E/deMB8GA1UdIwQY
MBaAFEOuuP9VvUZQCyfbnPHewlYnaytqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTY2NF8xVzlSbEFMSjl1YzhkN0NWaWRySzJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS8zYjZmYjQtNTJlOC00NGUyLWFiZTgt
MmMyZmJhZDJmMDExLzEva25pRm50ZHhQYlMxakJ2TjBoS05LN1FUOTE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS8zYjZmYjQtNTJlOC00NGUyLWFiZTgtMmMyZmJhZDJmMDEx
LzEvUTY2NF8xVzlSbEFMSjl1YzhkN0NWaWRySzJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAW9QOMAwD
BAK5lpwDBAC5lp4DBAC59h8wDQYJKoZIhvcNAQELBQADggEBAKJVc2bOrgVdghWL
Apm0UZfAeLdwAsBKJmLsrHjKOZIXkF4df4xoD21byy6NXljmtOvlSEnt8Zv8yrYF
lhSOF5BuqSq80re3NvD1AV0mmKU+1mFJcPJhTcj+W7tvtAXheh4yf/UVk2RAAP8k
thgJM+0S36RWhehRCUItBYDV2dOn/CoaHj7m5mXE5KFXSqfEPJKUq1IZKWV8+29K
I8ibH6l3PZACGHr/D086EY5NFXk6FyLCHBZRIh1FfIkn1F48z5eR9foPX3siZuMw
RwSfIT37P9BBBF0pb3cfhhic5XxtLFcKmhEtc1PWOAiP0ER3ZRVcfbar+Pd/W7JV
wi2yT68=
-----END CERTIFICATE-----
Generated at Thu Jun 11 18:55:19 2026 by rpki-client