Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/0EJd6KM5OKs4ZeWtakfKi4LfHMQ.roa
File: 0EJd6KM5OKs4ZeWtakfKi4LfHMQ.roa (raw, json)
Hash identifier: lq/+jqUsuGMmo0V5eC2lYaf4+vkz0NSEYMEZoOw+h8M=
Subject key identifier: D0:42:5D:E8:A3:39:38:AB:38:65:E5:AD:6A:47:CA:8B:82:DF:1C:C4
Certificate issuer: /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial: 019CB615CACB84E6DDDD894218B42D1C3E5D
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/0EJd6KM5OKs4ZeWtakfKi4LfHMQ.roa
Signing time: Tue 03 Mar 2026 23:43:27 +0000
ROA not before: Tue 03 Mar 2026 23:43:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 64200
IP address blocks: 45.67.147.0/24 maxlen: 24
63.246.136.0/24 maxlen: 24
63.246.139.0/24 maxlen: 24
63.246.142.0/24 maxlen: 24
63.246.145.0/24 maxlen: 24
63.246.146.0/23 maxlen: 23
63.246.149.0/24 maxlen: 24
103.105.167.0/24 maxlen: 24
185.171.124.0/24 maxlen: 24
185.171.125.0/24 maxlen: 24
185.171.127.0/24 maxlen: 24
185.198.88.0/24 maxlen: 24
185.205.206.0/24 maxlen: 24
192.145.68.0/24 maxlen: 24
212.60.18.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 06 Mar 2026 16:05:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:b6:15:ca:cb:84:e6:dd:dd:89:42:18:b4:2d:1c:3e:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Validity
Not Before: Mar 3 23:43:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d0425de8a33938ab3865e5ad6a47ca8b82df1cc4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:13:dc:03:5e:be:b0:20:90:52:b5:d4:f7:02:
50:82:2e:70:e5:bd:dd:44:13:b7:d9:df:58:87:a1:
08:5e:3f:b6:d0:e6:ce:eb:57:60:97:36:4c:16:33:
cb:36:ca:ae:d1:d9:c3:29:3e:8a:1e:ab:ec:57:30:
aa:85:12:65:3a:7e:f3:10:46:7a:27:57:6d:a4:ed:
ba:cd:35:8f:e1:d0:80:5a:fb:64:dc:c3:b5:db:d2:
b8:fa:94:54:e2:d5:41:a9:99:d7:f7:1e:a4:39:c7:
45:cc:b5:b4:93:a5:a3:34:e1:b4:e5:53:fb:d9:6d:
45:cd:fb:d5:3a:3e:9f:6b:64:16:db:53:5d:4e:c6:
6a:41:5c:f4:43:6f:e7:d4:9f:b5:ae:b3:15:61:fb:
39:e3:e0:27:8b:08:ca:ae:6a:a5:34:85:89:26:01:
19:92:56:b4:00:bb:c6:b7:66:99:d4:06:b2:05:f6:
95:f9:a2:c6:2f:1d:ac:b0:b1:8c:5d:a4:d7:63:f2:
ef:08:cd:14:68:8f:87:a6:e1:f2:92:bc:18:fa:4b:
55:90:f4:a0:ee:cf:97:31:bf:69:e0:87:a5:42:4c:
8a:56:3c:b2:26:d2:5a:cb:97:7d:c8:71:a7:9b:b7:
eb:a7:a5:50:7f:84:3f:5b:c0:d7:bd:ae:d4:ce:9d:
5b:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:42:5D:E8:A3:39:38:AB:38:65:E5:AD:6A:47:CA:8B:82:DF:1C:C4
X509v3 Authority Key Identifier:
keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/0EJd6KM5OKs4ZeWtakfKi4LfHMQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.67.147.0/24
63.246.136.0/24
63.246.139.0/24
63.246.142.0/24
63.246.145.0-63.246.147.255
63.246.149.0/24
103.105.167.0/24
185.171.124.0/23
185.171.127.0/24
185.198.88.0/24
185.205.206.0/24
192.145.68.0/24
212.60.18.0/23
Signature Algorithm: sha256WithRSAEncryption
2a:92:1e:cf:51:1d:f8:e2:15:fc:0f:be:2d:e0:b8:e2:77:81:
b5:32:1b:82:9b:8d:2d:7f:8f:0b:67:b5:33:4c:d9:15:b2:6f:
ef:b9:0c:96:e9:fd:ea:aa:df:c3:96:3a:88:8c:96:67:9f:a6:
4a:b2:31:a3:2c:91:0e:60:56:e4:ba:b0:57:85:5c:84:45:35:
9d:54:59:96:36:d6:54:d2:3e:bf:31:8c:fb:be:54:db:91:67:
45:a0:f9:35:22:47:ba:e6:7c:f3:f5:fb:db:7e:13:1b:a2:48:
5d:c5:19:95:49:a7:63:bd:08:6b:ff:84:40:58:c1:d5:d5:7f:
35:6f:85:51:4c:94:9b:80:38:0d:67:8f:af:87:fd:47:01:f2:
97:1b:4d:7e:87:6c:7f:84:73:ca:a8:c8:2d:ff:51:a5:95:6a:
74:8f:96:82:26:66:65:17:c0:7e:da:1f:c1:12:ee:b0:41:e4:
0e:0e:16:28:19:ba:bb:94:3c:32:d9:2b:be:9c:45:e3:85:6d:
f3:ee:a4:30:30:a9:d6:d1:09:09:c4:62:af:96:9e:ab:e7:ab:
d0:d8:0a:a3:a1:bb:73:62:34:87:ca:3f:4b:c1:a8:0a:49:3e:
57:4a:ef:f8:6d:4a:03:9b:40:74:9c:78:d6:21:7c:fa:c9:ed:
9c:6b:70:cb
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZy2FcrLhObd3YlCGLQtHD5dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjYwMzAzMjM0MzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDQyNWRlOGEzMzkzOGFiMzg2NWU1YWQ2YTQ3Y2E4YjgyZGYxY2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxPcA16+sCCQUrXU9wJQgi5w5b3d
RBO32d9Yh6EIXj+20ObO61dglzZMFjPLNsqu0dnDKT6KHqvsVzCqhRJlOn7zEEZ6
J1dtpO26zTWP4dCAWvtk3MO129K4+pRU4tVBqZnX9x6kOcdFzLW0k6WjNOG05VP7
2W1FzfvVOj6fa2QW21NdTsZqQVz0Q2/n1J+1rrMVYfs54+AniwjKrmqlNIWJJgEZ
kla0ALvGt2aZ1AayBfaV+aLGLx2ssLGMXaTXY/LvCM0UaI+HpuHykrwY+ktVkPSg
7s+XMb9p4IelQkyKVjyyJtJay5d9yHGnm7frp6VQf4Q/W8DXva7Uzp1bYwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFNBCXeijOTirOGXlrWpHyouC3xzEMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvMEVKZDZLTTVPS3M0WmVXdGFrZktpNExmSE1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQALUOTAwQA
P/aIAwQAP/aLAwQAP/aOMAwDBAA/9pEDBAI/9pADBAA/9pUDBABnaacDBAG5q3wD
BAC5q38DBAC5xlgDBAC5zc4DBADAkUQDBAHUPBIwDQYJKoZIhvcNAQELBQADggEB
ACqSHs9RHfjiFfwPvi3guOJ3gbUyG4KbjS1/jwtntTNM2RWyb++5DJbp/eqq38OW
OoiMlmefpkqyMaMskQ5gVuS6sFeFXIRFNZ1UWZY21lTSPr8xjPu+VNuRZ0Wg+TUi
R7rmfPP1+9t+ExuiSF3FGZVJp2O9CGv/hEBYwdXVfzVvhVFMlJuAOA1nj6+H/UcB
8pcbTX6HbH+Ec8qoyC3/UaWVanSPloImZmUXwH7aH8ES7rBB5A4OFigZuruUPDLZ
K76cReOFbfPupDAwqdbRCQnEYq+Wnqvnq9DYCqOhu3NiNIfKP0vBqApJPldK7/ht
SgObQHSceNYhfPrJ7ZxrcMs=
-----END CERTIFICATE-----
Generated at Fri Mar 6 01:03:45 2026 by rpki-client