Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/Kj4lgrXdfh0TXIFOyUu8Ltj56L0.roa
File: Kj4lgrXdfh0TXIFOyUu8Ltj56L0.roa (raw, json)
Hash identifier: FfOY3HSva/ObzmJgNclIEbCMjUeA0WXlmVR3EGFE4mA=
Subject key identifier: 2A:3E:25:82:B5:DD:7E:1D:13:5C:81:4E:C9:4B:BC:2E:D8:F9:E8:BD
Certificate issuer: /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial: 019DFE302ACF9E00A8981833F2623D6D616E
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/Kj4lgrXdfh0TXIFOyUu8Ltj56L0.roa
Signing time: Wed 06 May 2026 16:47:42 +0000
ROA not before: Wed 06 May 2026 16:47:42 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 2856
IP address blocks: 5.35.192.0/21 maxlen: 24
79.139.52.0/23 maxlen: 23
79.139.54.0/23 maxlen: 23
85.204.160.0/22 maxlen: 24
89.39.172.0/23 maxlen: 24
94.26.64.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 07 May 2026 13:58:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:fe:30:2a:cf:9e:00:a8:98:18:33:f2:62:3d:6d:61:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Validity
Not Before: May 6 16:47:42 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2a3e2582b5dd7e1d135c814ec94bbc2ed8f9e8bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:59:17:23:94:ce:08:62:49:ed:96:f7:e1:f5:
d1:09:7f:03:05:a1:73:21:70:cd:74:82:38:cf:79:
6a:64:34:f5:d8:ed:93:43:ac:23:bd:3f:4b:29:ed:
f2:b0:99:18:50:9d:43:07:13:7f:a8:49:96:f9:1d:
66:d6:cb:35:04:d2:b0:8c:b5:e2:4b:d1:a5:63:a6:
d6:e6:a6:b6:ca:2d:08:7d:5d:a5:c0:a2:37:47:67:
19:81:ad:6f:b4:f2:cd:a3:0f:d4:7c:f7:2d:50:59:
49:75:8b:ff:65:13:f9:60:83:09:78:ef:bb:4f:73:
83:c8:aa:13:9b:93:9f:c6:1f:8f:de:08:9e:e1:1a:
c3:c7:0f:da:14:b8:8b:46:26:cb:d0:61:f6:68:97:
2e:da:82:4d:2b:aa:54:4a:79:54:d5:29:a4:52:17:
17:d7:a9:e6:3e:35:2d:fa:a4:ca:1b:3d:2d:ff:eb:
8e:e4:83:7b:7c:c8:ca:37:90:1f:78:ac:7f:8e:49:
19:29:b8:76:2e:f6:af:ce:fd:78:66:12:87:4d:25:
67:04:59:d0:49:21:e8:e1:91:65:d0:ad:b8:d7:3a:
52:0c:4e:95:cf:d7:84:e9:30:a1:89:fb:00:7a:1e:
2d:d3:16:ad:d1:d7:79:d6:cf:c9:6b:a5:22:fc:6f:
d6:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:3E:25:82:B5:DD:7E:1D:13:5C:81:4E:C9:4B:BC:2E:D8:F9:E8:BD
X509v3 Authority Key Identifier:
keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/Kj4lgrXdfh0TXIFOyUu8Ltj56L0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.35.192.0/21
79.139.52.0/22
85.204.160.0/22
89.39.172.0/23
94.26.64.0/23
Signature Algorithm: sha256WithRSAEncryption
6c:38:59:1f:91:f1:d1:fd:b9:26:dc:c2:5d:a9:77:4c:91:fc:
fc:ac:58:4b:4f:2d:a0:e8:61:9a:a3:ed:e8:a8:b3:60:d3:cc:
fb:eb:bd:c3:f8:b2:72:67:91:f1:20:c0:6c:ff:83:cd:b2:23:
60:f8:af:db:f7:ef:a0:02:82:1c:03:46:4c:65:89:9d:7e:5b:
35:1b:de:ac:95:fc:7f:d1:29:b2:a4:65:92:df:88:85:ae:3f:
3b:6a:16:e1:00:ed:d3:1e:1e:e3:21:27:3d:62:7d:d6:60:03:
f9:81:5d:a0:83:5c:15:a0:2a:9c:b2:67:26:de:4e:23:ea:e9:
13:cf:77:2c:7a:d8:f9:04:5d:b1:2d:bd:38:b1:10:8f:97:67:
9d:99:e7:7d:84:95:b3:bf:54:27:75:20:94:db:ac:bd:2a:72:
d6:a0:0e:76:92:d9:62:ce:62:02:7c:b4:3c:52:5d:05:ad:62:
2c:da:66:d3:4f:91:28:82:7e:b2:b0:33:64:e1:19:3b:57:54:
1a:4d:c1:7e:26:c9:73:f4:8e:2a:be:f1:2c:ae:c5:aa:10:6e:
42:cd:00:c6:de:bc:c3:b1:a4:4c:14:7f:6b:9f:57:10:7a:e3:
9a:07:63:c2:c5:41:dd:8a:69:6e:cf:69:8a:32:11:3d:89:0d:
e7:43:6f:4f
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZ3+MCrPngComBgz8mI9bWFuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjYwNTA2MTY0NzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTNlMjU4MmI1ZGQ3ZTFkMTM1YzgxNGVjOTRiYmMyZWQ4ZjllOGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVkXI5TOCGJJ7Zb34fXRCX8DBaFz
IXDNdII4z3lqZDT12O2TQ6wjvT9LKe3ysJkYUJ1DBxN/qEmW+R1m1ss1BNKwjLXi
S9GlY6bW5qa2yi0IfV2lwKI3R2cZga1vtPLNow/UfPctUFlJdYv/ZRP5YIMJeO+7
T3ODyKoTm5Ofxh+P3gie4RrDxw/aFLiLRibL0GH2aJcu2oJNK6pUSnlU1SmkUhcX
16nmPjUt+qTKGz0t/+uO5IN7fMjKN5AfeKx/jkkZKbh2Lvavzv14ZhKHTSVnBFnQ
SSHo4ZFl0K241zpSDE6Vz9eE6TChifsAeh4t0xat0dd51s/Ja6Ui/G/W6QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCo+JYK13X4dE1yBTslLvC7Y+ei9MB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvS2o0bGdyWGRmaDBUWElGT3lVdThMdGo1NkwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDBSPAAwQC
T4s0AwQCVcygAwQBWSesAwQBXhpAMA0GCSqGSIb3DQEBCwUAA4IBAQBsOFkfkfHR
/bkm3MJdqXdMkfz8rFhLTy2g6GGao+3oqLNg08z7673D+LJyZ5HxIMBs/4PNsiNg
+K/b9++gAoIcA0ZMZYmdfls1G96slfx/0SmypGWS34iFrj87ahbhAO3THh7jISc9
Yn3WYAP5gV2gg1wVoCqcsmcm3k4j6ukTz3csetj5BF2xLb04sRCPl2edmed9hJWz
v1QndSCU26y9KnLWoA52ktlizmICfLQ8Ul0FrWIs2mbTT5Eogn6ysDNk4Rk7V1Qa
TcF+Jslz9I4qvvEsrsWqEG5CzQDG3rzDsaRMFH9rn1cQeuOaB2PCxUHdimluz2mK
MhE9iQ3nQ29P
-----END CERTIFICATE-----
Generated at Wed May 6 20:17:29 2026 by rpki-client