Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/OjnaoajH9HphznWi8wmUWNFvNCY.roa
File: OjnaoajH9HphznWi8wmUWNFvNCY.roa (raw, json)
Hash identifier: TZ9dXrPxHYF2IxHvxYYbYnNNNVlGdP5oxXsi5h2Qayk=
Subject key identifier: 3A:39:DA:A1:A8:C7:F4:7A:61:CE:75:A2:F3:09:94:58:D1:6F:34:26
Certificate issuer: /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial: 019CDC9707AF206A491DF61D163F8C080AFD
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/OjnaoajH9HphznWi8wmUWNFvNCY.roa
Signing time: Wed 11 Mar 2026 11:10:11 +0000
ROA not before: Wed 11 Mar 2026 11:10:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 34295
IP address blocks: 46.10.217.0/24 maxlen: 24
62.176.118.0/24 maxlen: 24
87.126.120.0/22 maxlen: 24
90.154.144.0/21 maxlen: 24
90.154.152.0/22 maxlen: 22
90.154.152.0/24 maxlen: 24
90.154.153.0/24 maxlen: 24
90.154.154.0/24 maxlen: 24
90.154.155.0/24 maxlen: 24
94.236.205.0/24 maxlen: 24
95.43.128.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 13 Mar 2026 14:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:dc:97:07:af:20:6a:49:1d:f6:1d:16:3f:8c:08:0a:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Validity
Not Before: Mar 11 11:10:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3a39daa1a8c7f47a61ce75a2f3099458d16f3426
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:60:f8:0a:1f:23:83:40:c6:e3:7e:4f:89:00:
9c:96:be:e3:b9:d6:6c:66:4b:ea:ad:de:98:e5:6c:
4a:c4:0f:ac:fb:ef:6e:14:87:fa:17:89:40:e8:dd:
1a:42:15:fc:39:a9:65:1c:14:1a:7c:ce:25:68:22:
91:48:54:b3:1d:4f:dd:ae:46:ae:ae:35:46:a7:6b:
03:2b:a0:f4:25:57:60:fb:ae:d3:1f:9f:c5:2e:e1:
81:42:c8:bb:e2:df:a7:40:83:96:f6:b7:44:0f:e4:
7d:ec:ef:dc:c6:99:85:1a:2a:4e:24:df:b3:7f:11:
d7:9d:98:f9:97:c3:af:8f:ec:13:35:e3:24:e3:c5:
da:a3:f1:23:17:f0:ed:93:3a:ee:e8:a7:13:34:b4:
7a:0a:ef:7f:3f:0a:b6:4f:37:d9:83:22:dd:ab:31:
b5:eb:33:de:a9:9d:d8:25:19:5d:08:46:2e:40:2b:
a4:a2:f8:e6:b6:77:c7:65:e9:bc:1e:8d:05:5b:a3:
3a:5d:b4:75:a7:a9:e0:e3:73:3d:b9:65:b4:97:cf:
e3:1e:85:48:fc:75:33:8f:22:90:02:b6:d7:91:18:
a8:5f:ea:61:a9:7d:57:b5:41:c1:cc:34:46:83:1e:
6f:f7:d8:7b:60:bf:4c:74:25:6b:17:ed:c1:19:2c:
9a:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:39:DA:A1:A8:C7:F4:7A:61:CE:75:A2:F3:09:94:58:D1:6F:34:26
X509v3 Authority Key Identifier:
keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/OjnaoajH9HphznWi8wmUWNFvNCY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.10.217.0/24
62.176.118.0/24
87.126.120.0/22
90.154.144.0-90.154.155.255
94.236.205.0/24
95.43.128.0/20
Signature Algorithm: sha256WithRSAEncryption
02:9b:85:bf:e1:d1:ee:70:59:3b:d4:e8:79:2d:ce:86:34:ae:
fc:ca:4c:c4:fc:e8:22:07:64:0e:8f:ee:89:2b:61:8a:ec:8d:
65:fe:ee:66:64:17:a9:45:0f:df:9c:38:de:55:6e:0a:4a:07:
81:57:c3:b3:c0:0e:48:16:4d:97:b7:4a:f7:0f:42:88:b2:9b:
e2:3f:5c:cb:d4:91:7d:4e:c2:e5:9c:86:45:d2:33:f4:3a:01:
46:a5:fc:c8:ec:87:8b:8e:3b:a6:70:bc:f2:e1:c2:bf:a2:71:
d9:b7:ab:1f:15:b4:a6:c9:04:89:08:c9:a3:6a:c5:12:b2:a4:
cb:61:f4:9a:f9:e2:36:34:b6:71:7b:c5:7c:5e:7b:1d:27:32:
85:27:e7:fd:5e:e2:d2:57:ea:c0:6a:90:94:3e:64:c3:89:a4:
74:ff:d2:9f:d7:21:7b:ce:2b:6c:b6:26:7c:9e:db:a4:35:30:
51:ac:27:de:a2:c9:6f:f3:05:88:ff:d1:85:d9:8a:a8:85:9c:
25:8a:c3:3b:f8:5b:ec:e5:41:f0:78:02:3f:2d:bf:74:be:ed:
2a:83:94:cd:b9:54:8f:67:dd:1e:de:c0:8e:bd:ef:4c:1a:d8:
4e:92:8d:50:ac:85:2e:1b:4c:1b:e5:cb:13:3e:a5:80:29:f0:
cc:8a:5d:9e
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZzclwevIGpJHfYdFj+MCAr9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMzExMTExMDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTM5ZGFhMWE4YzdmNDdhNjFjZTc1YTJmMzA5OTQ1OGQxNmYzNDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WD4Ch8jg0DG435PiQCclr7judZs
Zkvqrd6Y5WxKxA+s++9uFIf6F4lA6N0aQhX8OallHBQafM4laCKRSFSzHU/drkau
rjVGp2sDK6D0JVdg+67TH5/FLuGBQsi74t+nQIOW9rdED+R97O/cxpmFGipOJN+z
fxHXnZj5l8Ovj+wTNeMk48Xao/EjF/Dtkzru6KcTNLR6Cu9/Pwq2TzfZgyLdqzG1
6zPeqZ3YJRldCEYuQCukovjmtnfHZem8Ho0FW6M6XbR1p6ng43M9uWW0l8/jHoVI
/HUzjyKQArbXkRioX+phqX1XtUHBzDRGgx5v99h7YL9MdCVrF+3BGSyaAQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFDo52qGox/R6Yc51ovMJlFjRbzQmMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvT2puYW9hakg5SHBoem5XaTh3bVVXTkZ2TkNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQALgrZAwQA
PrB2AwQCV354MAwDBARampADBAJampgDBABe7M0DBARfK4AwDQYJKoZIhvcNAQEL
BQADggEBAAKbhb/h0e5wWTvU6HktzoY0rvzKTMT86CIHZA6P7okrYYrsjWX+7mZk
F6lFD9+cON5VbgpKB4FXw7PADkgWTZe3SvcPQoiym+I/XMvUkX1OwuWchkXSM/Q6
AUal/Mjsh4uOO6ZwvPLhwr+icdm3qx8VtKbJBIkIyaNqxRKypMth9Jr54jY0tnF7
xXxeex0nMoUn5/1e4tJX6sBqkJQ+ZMOJpHT/0p/XIXvOK2y2Jnye26Q1MFGsJ96i
yW/zBYj/0YXZiqiFnCWKwzv4W+zlQfB4Aj8tv3S+7SqDlM25VI9n3R7ewI6970wa
2E6SjVCshS4bTBvlyxM+pYAp8MyKXZ4=
-----END CERTIFICATE-----
Generated at Fri Mar 13 00:55:30 2026 by rpki-client