Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/snyxNkTFYf7h126E6FUkcy9u8X0.roa
File: snyxNkTFYf7h126E6FUkcy9u8X0.roa (raw, json)
Hash identifier: 4dHgFXGnDyerdjyync3e5Z6RRtYyzHs+tUhwEIDtCl8=
Subject key identifier: B2:7C:B1:36:44:C5:61:FE:E1:D7:6E:84:E8:55:24:73:2F:6E:F1:7D
Certificate issuer: /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial: 019DAB046D9B8B59E890F671CCDCA57B1398
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/snyxNkTFYf7h126E6FUkcy9u8X0.roa
Signing time: Mon 20 Apr 2026 13:11:27 +0000
ROA not before: Mon 20 Apr 2026 13:11:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43205
IP address blocks: 37.143.192.0/18 maxlen: 18
46.40.64.0/18 maxlen: 18
46.40.75.0/24 maxlen: 24
46.47.64.0/18 maxlen: 24
46.237.64.0/18 maxlen: 18
91.139.128.0/17 maxlen: 17
93.155.128.0/17 maxlen: 17
109.121.192.0/18 maxlen: 18
158.58.192.0/18 maxlen: 18
178.169.128.0/17 maxlen: 17
185.4.80.0/22 maxlen: 24
188.254.128.0/17 maxlen: 17
212.43.32.0/19 maxlen: 19
212.75.0.0/19 maxlen: 19
213.214.64.0/19 maxlen: 19
2a02:6800::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Apr 2026 07:01:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:ab:04:6d:9b:8b:59:e8:90:f6:71:cc:dc:a5:7b:13:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Validity
Not Before: Apr 20 13:11:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b27cb13644c561fee1d76e84e85524732f6ef17d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:6d:01:c8:da:82:6d:c6:67:43:b6:2c:4c:91:
0a:ce:86:f1:95:06:19:e1:b2:e7:cf:30:e1:9c:6e:
55:5e:e6:57:60:72:76:3d:0c:98:e2:12:81:ff:59:
21:ea:d6:d2:7c:2f:db:c7:98:4a:61:64:21:fc:73:
22:b5:c8:84:68:74:db:28:2b:1a:59:4b:cb:1e:a2:
33:95:54:fa:33:03:b3:b4:57:61:fe:a4:1e:8c:37:
85:b1:2c:a9:04:ba:90:04:71:9e:31:dc:83:b1:49:
0b:eb:95:b5:a6:9b:43:07:7a:a2:1b:03:3e:6b:dd:
82:c9:f4:90:b9:5e:ac:09:c5:34:ea:e2:1e:dd:50:
cb:8d:a4:91:f0:9c:6a:e0:4f:bb:3e:ac:d7:00:e5:
3d:cd:5d:cf:ec:9d:d4:99:e6:e5:04:a1:bb:27:a5:
06:b4:0d:a0:2a:dd:84:86:48:7a:96:7c:17:d1:43:
e2:1f:06:30:0c:22:c8:5e:97:64:bb:4d:1c:32:1c:
21:d9:13:09:b5:5e:d1:0e:5c:da:12:ae:5f:23:c2:
1a:60:00:ee:35:02:5b:a1:e5:07:28:c8:11:e1:cc:
25:95:b7:51:82:c7:ac:7f:f1:ab:37:50:e2:97:6f:
2f:f5:ab:0e:19:82:7f:e7:a7:cf:21:0a:bf:f0:5d:
32:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:7C:B1:36:44:C5:61:FE:E1:D7:6E:84:E8:55:24:73:2F:6E:F1:7D
X509v3 Authority Key Identifier:
keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/snyxNkTFYf7h126E6FUkcy9u8X0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.143.192.0/18
46.40.64.0/18
46.47.64.0/18
46.237.64.0/18
91.139.128.0/17
93.155.128.0/17
109.121.192.0/18
158.58.192.0/18
178.169.128.0/17
185.4.80.0/22
188.254.128.0/17
212.43.32.0/19
212.75.0.0/19
213.214.64.0/19
IPv6:
2a02:6800::/32
Signature Algorithm: sha256WithRSAEncryption
9d:29:75:6a:94:f7:3f:a1:4c:1b:ec:2e:91:53:a5:af:82:04:
fd:6f:82:76:ee:49:a2:99:1e:c9:27:41:43:5b:99:87:9a:ca:
05:99:ad:f8:8e:51:67:f7:18:88:5d:ea:81:79:cb:0e:fd:32:
76:99:0f:db:0c:cf:39:6e:a4:c6:94:63:79:94:1b:d0:6f:41:
00:8e:96:5a:46:12:73:a5:09:2e:2f:09:30:1a:43:ab:e1:63:
ab:8b:39:fa:53:99:83:2b:b9:11:05:12:50:c7:e3:81:01:64:
26:ce:bc:4b:d4:b2:ca:f7:5b:3b:30:04:6b:1c:2b:d8:7c:f6:
1c:e0:31:c2:b0:a4:04:e2:e1:4c:c7:f7:e0:f9:38:24:e3:44:
a3:d0:4f:31:d2:af:92:ad:a3:0d:3f:e9:ea:3b:09:3e:a0:1a:
22:cd:d3:0e:ae:ae:5a:f5:03:65:f9:e8:c5:df:79:c4:fb:68:
b8:66:3d:17:43:ae:7a:a7:8a:72:02:04:80:52:b1:56:3c:94:
2e:03:e8:87:be:ea:b5:b7:cd:59:47:53:18:10:c5:f5:82:eb:
0d:db:db:6b:e5:3a:bf:06:7a:d5:d4:6e:78:2c:8d:f7:18:6c:
7c:45:26:37:ec:86:10:a2:ea:b1:5c:d5:ff:07:60:35:fa:15:
dc:f6:83:53
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAZ2rBG2bi1nokPZxzNylexOYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwNDIwMTMxMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjdjYjEzNjQ0YzU2MWZlZTFkNzZlODRlODU1MjQ3MzJmNmVmMTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzG0ByNqCbcZnQ7YsTJEKzobxlQYZ
4bLnzzDhnG5VXuZXYHJ2PQyY4hKB/1kh6tbSfC/bx5hKYWQh/HMitciEaHTbKCsa
WUvLHqIzlVT6MwOztFdh/qQejDeFsSypBLqQBHGeMdyDsUkL65W1pptDB3qiGwM+
a92CyfSQuV6sCcU06uIe3VDLjaSR8Jxq4E+7PqzXAOU9zV3P7J3UmeblBKG7J6UG
tA2gKt2Ehkh6lnwX0UPiHwYwDCLIXpdku00cMhwh2RMJtV7RDlzaEq5fI8IaYADu
NQJboeUHKMgR4cwllbdRgsesf/GrN1Dil28v9asOGYJ/56fPIQq/8F0yaQIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFLJ8sTZExWH+4dduhOhVJHMvbvF9MB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvc255eE5rVEZZZjdoMTI2RTZGVWtjeTl1OFgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBaBAIAATBUAwQGJY/AAwQG
LihAAwQGLi9AAwQGLu1AAwQHW4uAAwQHXZuAAwQGbXnAAwQGnjrAAwQHsqmAAwQC
uQRQAwQHvP6AAwQF1CsgAwQF1EsAAwQF1dZAMA0EAgACMAcDBQAqAmgAMA0GCSqG
SIb3DQEBCwUAA4IBAQCdKXVqlPc/oUwb7C6RU6WvggT9b4J27kmimR7JJ0FDW5mH
msoFma34jlFn9xiIXeqBecsO/TJ2mQ/bDM85bqTGlGN5lBvQb0EAjpZaRhJzpQku
LwkwGkOr4WOrizn6U5mDK7kRBRJQx+OBAWQmzrxL1LLK91s7MARrHCvYfPYc4DHC
sKQE4uFMx/fg+Tgk40Sj0E8x0q+SraMNP+nqOwk+oBoizdMOrq5a9QNl+ejF33nE
+2i4Zj0XQ656p4pyAgSAUrFWPJQuA+iHvuq1t81ZR1MYEMX1gusN29tr5Tq/BnrV
1G54LI33GGx8RSY37IYQouqxXNX/B2A1+hXc9oNT
-----END CERTIFICATE-----
Generated at Mon Apr 27 10:38:16 2026 by rpki-client