Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/c731c4-9183-4db3-b70a-33980c03f08e/1/EplHXqSzmRoMyvj3JLROrpnUZc0.roa
File: EplHXqSzmRoMyvj3JLROrpnUZc0.roa (raw, json)
Hash identifier: j5DTguTZ+vBGCuEywM5pyMaQoBWgtnVjuF/GQ4nTMbE=
Subject key identifier: 12:99:47:5E:A4:B3:99:1A:0C:CA:F8:F7:24:B4:4E:AE:99:D4:65:CD
Certificate issuer: /CN=43965dd1f6f24a46d7cc4bccfecd4151c6dd1bfb
Certificate serial: 019D3793F98EEE3BCE6EAD19B9CE958CAD4A
Authority key identifier: 43:96:5D:D1:F6:F2:4A:46:D7:CC:4B:CC:FE:CD:41:51:C6:DD:1B:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Q5Zd0fbySkbXzEvM_s1BUcbdG_s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/c731c4-9183-4db3-b70a-33980c03f08e/1/EplHXqSzmRoMyvj3JLROrpnUZc0.roa
Signing time: Sun 29 Mar 2026 03:12:17 +0000
ROA not before: Sun 29 Mar 2026 03:12:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202029
IP address blocks: 91.213.151.0/24 maxlen: 24
91.213.157.0/24 maxlen: 24
185.212.194.0/24 maxlen: 24
185.221.193.0/24 maxlen: 24
195.8.102.0/24 maxlen: 24
195.230.107.0/24 maxlen: 24
2a04:acc0:10::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/c731c4-9183-4db3-b70a-33980c03f08e/1/Q5Zd0fbySkbXzEvM_s1BUcbdG_s.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/c731c4-9183-4db3-b70a-33980c03f08e/1/Q5Zd0fbySkbXzEvM_s1BUcbdG_s.mft
rsync://rpki.ripe.net/repository/DEFAULT/Q5Zd0fbySkbXzEvM_s1BUcbdG_s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Mar 2026 03:12:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:37:93:f9:8e:ee:3b:ce:6e:ad:19:b9:ce:95:8c:ad:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43965dd1f6f24a46d7cc4bccfecd4151c6dd1bfb
Validity
Not Before: Mar 29 03:12:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1299475ea4b3991a0ccaf8f724b44eae99d465cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:f7:9e:75:35:e9:15:a2:03:16:35:7e:80:a0:
75:2b:6b:83:a7:ba:58:8c:b1:2a:e0:6b:ae:b1:8c:
13:cb:e7:2f:97:cb:9f:79:c2:66:ed:3e:ab:be:0d:
7f:43:9d:17:bc:c1:f7:b3:8a:51:54:40:5e:51:5b:
b3:b9:56:4a:49:4a:ec:36:27:4b:bf:d1:7e:c6:5d:
f9:77:53:5b:6b:e6:4b:f9:ca:0d:06:4e:df:24:ee:
95:45:70:20:69:d8:b2:7c:35:30:39:90:1e:26:9b:
be:17:a6:72:dd:e8:4b:51:34:ab:1b:cd:8e:c3:33:
0e:2e:9a:dd:e5:7a:12:c6:cf:27:65:57:a9:74:c6:
dd:70:2f:e3:fd:cd:4a:26:a2:31:60:27:3e:b8:73:
ba:b1:9a:5b:b9:54:d1:5f:e5:0a:f9:83:5a:5e:8e:
78:39:36:ee:3f:35:1b:5b:f2:f6:be:32:ac:8f:aa:
14:42:c7:e7:13:8f:2c:63:50:2a:4f:6e:cc:7c:b2:
5e:0c:95:5a:6b:6b:a4:9d:10:66:89:6c:ae:4b:b4:
c5:7a:70:20:46:27:9d:3c:7c:09:99:e9:0f:98:84:
d3:a9:8f:28:08:38:d3:7c:61:49:62:4f:06:f9:c9:
4b:16:38:31:9e:39:c6:b5:3b:d4:b8:8f:3c:59:12:
55:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:99:47:5E:A4:B3:99:1A:0C:CA:F8:F7:24:B4:4E:AE:99:D4:65:CD
X509v3 Authority Key Identifier:
keyid:43:96:5D:D1:F6:F2:4A:46:D7:CC:4B:CC:FE:CD:41:51:C6:DD:1B:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q5Zd0fbySkbXzEvM_s1BUcbdG_s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c731c4-9183-4db3-b70a-33980c03f08e/1/EplHXqSzmRoMyvj3JLROrpnUZc0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c731c4-9183-4db3-b70a-33980c03f08e/1/Q5Zd0fbySkbXzEvM_s1BUcbdG_s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.213.151.0/24
91.213.157.0/24
185.212.194.0/24
185.221.193.0/24
195.8.102.0/24
195.230.107.0/24
IPv6:
2a04:acc0:10::/44
Signature Algorithm: sha256WithRSAEncryption
06:b0:1b:01:56:4d:fa:53:d8:aa:b1:15:6e:f3:a6:c7:38:30:
e4:5c:45:a9:e9:6b:14:7d:6e:94:43:00:79:3f:05:09:46:d1:
0e:fe:59:09:28:09:73:d0:ed:3e:33:8d:0c:b4:f7:8b:bd:96:
45:b9:62:76:01:fb:cf:b4:88:89:66:ec:6b:c0:ca:60:6f:7c:
af:61:e2:e8:10:31:a7:39:24:d3:44:95:c4:81:83:69:b9:b3:
36:71:87:76:21:a8:8d:5c:fb:e3:e4:4c:07:c0:10:93:a0:f7:
df:9e:20:5b:7b:9d:d2:d8:87:a1:0e:46:12:b9:30:e3:65:dd:
48:2d:b3:7d:4d:17:4c:fa:00:ec:3c:6a:eb:3f:60:b3:b5:c8:
2f:86:11:c4:d8:5e:8e:63:22:d7:68:34:a8:95:d9:e8:49:06:
78:15:72:73:2a:12:0c:e3:de:8b:6a:20:1a:80:90:22:4f:ff:
3a:e1:1e:79:e2:bd:c1:a6:a1:1b:c7:83:5c:9a:9a:d7:51:14:
ad:bb:2e:7b:55:d8:56:e4:f0:d5:9f:5a:66:4d:fb:d6:56:5d:
f9:5e:0c:94:d7:a4:a8:d1:0f:0a:1d:75:82:82:c8:a6:bd:63:
6c:91:5f:d3:be:64:e8:17:b0:a3:3f:ef:ce:7b:b5:bf:06:b5:
84:df:84:0b
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZ03k/mO7jvObq0Zuc6VjK1KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzOTY1ZGQxZjZmMjRhNDZkN2NjNGJjY2ZlY2Q0MTUxYzZk
ZDFiZmIwHhcNMjYwMzI5MDMxMjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjk5NDc1ZWE0YjM5OTFhMGNjYWY4ZjcyNGI0NGVhZTk5ZDQ2NWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/eedTXpFaIDFjV+gKB1K2uDp7pY
jLEq4GuusYwTy+cvl8ufecJm7T6rvg1/Q50XvMH3s4pRVEBeUVuzuVZKSUrsNidL
v9F+xl35d1Nba+ZL+coNBk7fJO6VRXAgadiyfDUwOZAeJpu+F6Zy3ehLUTSrG82O
wzMOLprd5XoSxs8nZVepdMbdcC/j/c1KJqIxYCc+uHO6sZpbuVTRX+UK+YNaXo54
OTbuPzUbW/L2vjKsj6oUQsfnE48sY1AqT27MfLJeDJVaa2uknRBmiWyuS7TFenAg
RiedPHwJmekPmITTqY8oCDjTfGFJYk8G+clLFjgxnjnGtTvUuI88WRJVdwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFBKZR16ks5kaDMr49yS0Tq6Z1GXNMB8GA1UdIwQY
MBaAFEOWXdH28kpG18xLzP7NQVHG3Rv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTVaZDBmYnlTa2JYekV2TV9zMUJVY2JkR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9jNzMxYzQtOTE4My00ZGIzLWI3MGEt
MzM5ODBjMDNmMDhlLzEvRXBsSFhxU3ptUm9NeXZqM0pMUk9ycG5VWmMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9jNzMxYzQtOTE4My00ZGIzLWI3MGEtMzM5ODBjMDNmMDhl
LzEvUTVaZDBmYnlTa2JYekV2TV9zMUJVY2JkR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAqBAIAATAkAwQAW9WXAwQA
W9WdAwQAudTCAwQAud3BAwQAwwhmAwQAw+ZrMA8EAgACMAkDBwQqBKzAABAwDQYJ
KoZIhvcNAQELBQADggEBAAawGwFWTfpT2KqxFW7zpsc4MORcRanpaxR9bpRDAHk/
BQlG0Q7+WQkoCXPQ7T4zjQy094u9lkW5YnYB+8+0iIlm7GvAymBvfK9h4ugQMac5
JNNElcSBg2m5szZxh3YhqI1c++PkTAfAEJOg99+eIFt7ndLYh6EORhK5MONl3Ugt
s31NF0z6AOw8aus/YLO1yC+GEcTYXo5jItdoNKiV2ehJBngVcnMqEgzj3otqIBqA
kCJP/zrhHnnivcGmoRvHg1yamtdRFK27LntV2Fbk8NWfWmZN+9ZWXfleDJTXpKjR
DwoddYKCyKa9Y2yRX9O+ZOgXsKM/7857tb8GtYTfhAs=
-----END CERTIFICATE-----
Generated at Sun Mar 29 12:46:59 2026 by rpki-client