Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/4xlo2O_OqJgVVOFloRLvMxaBwQs.roa
File: 4xlo2O_OqJgVVOFloRLvMxaBwQs.roa (raw, json)
Hash identifier: eTLZwh8UjCv07sqGJKbBVLzY6OEB5GPGQk/tTdZbA94=
Subject key identifier: E3:19:68:D8:EF:CE:A8:98:15:54:E1:65:A1:12:EF:33:16:81:C1:0B
Certificate issuer: /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial: 019DC05A18735D9B63BB12BC46ABAAF02F3F
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/4xlo2O_OqJgVVOFloRLvMxaBwQs.roa
Signing time: Fri 24 Apr 2026 16:37:03 +0000
ROA not before: Fri 24 Apr 2026 16:37:03 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 138997
IP address blocks: 64.118.128.0/19 maxlen: 24
216.195.192.0/19 maxlen: 24
216.236.0.0/18 maxlen: 24
216.236.3.0/24 maxlen: 24
216.236.28.0/22 maxlen: 22
216.236.28.0/24 maxlen: 24
216.236.29.0/24 maxlen: 24
216.236.30.0/24 maxlen: 24
216.236.31.0/24 maxlen: 24
2a01:4240::/30 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 27 Apr 2026 14:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:c0:5a:18:73:5d:9b:63:bb:12:bc:46:ab:aa:f0:2f:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Validity
Not Before: Apr 24 16:37:03 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=e31968d8efcea8981554e165a112ef331681c10b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:3f:94:e5:38:17:ef:71:30:c7:44:08:41:99:
82:40:9e:04:61:18:29:29:78:b6:94:60:f9:c8:2f:
84:80:5e:4e:0b:5b:3f:a5:5e:16:79:f0:ac:e1:fb:
0e:81:83:0a:85:3b:8d:a3:84:5c:71:50:dc:47:f8:
0f:d5:5f:b1:dd:37:14:7b:ac:54:0b:ee:91:6f:19:
7d:5f:9e:c8:e2:86:97:03:29:3e:df:73:23:2a:dd:
e3:fa:31:9a:df:da:96:56:b2:08:5f:4b:a9:47:ca:
b8:57:d2:78:37:1c:d6:04:7f:0b:46:b5:79:0e:1c:
b7:c8:32:64:3d:59:47:08:26:1e:fd:8a:bb:49:77:
12:01:93:f4:75:aa:04:bb:8a:c4:54:d4:11:ed:e5:
96:29:7e:e3:22:ca:64:cc:08:11:82:4a:ea:29:fe:
b6:77:e1:bc:21:e0:0f:b3:2c:e2:c2:bf:63:1e:16:
b0:44:11:19:ad:be:e7:7a:d3:15:67:d9:f5:5f:93:
bd:36:3e:e7:8d:85:c0:32:67:b6:f9:06:c3:10:01:
f3:e4:bd:b9:bd:34:91:7b:42:a7:4c:0c:cd:8a:c3:
6f:3a:a2:1b:50:91:3a:3b:47:93:c9:35:42:04:53:
9e:fa:8c:27:8f:72:7e:96:f5:7e:e9:67:dd:e0:1d:
1f:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:19:68:D8:EF:CE:A8:98:15:54:E1:65:A1:12:EF:33:16:81:C1:0B
X509v3 Authority Key Identifier:
keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/4xlo2O_OqJgVVOFloRLvMxaBwQs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.118.128.0/19
216.195.192.0/19
216.236.0.0/18
IPv6:
2a01:4240::/30
Signature Algorithm: sha256WithRSAEncryption
6b:b5:16:b2:95:de:53:30:35:9a:fb:81:ea:7a:c9:2e:5e:e3:
f5:48:97:45:b5:44:21:b8:ef:3a:b0:9b:e3:b3:78:bd:fa:6a:
2a:f9:0a:c9:dd:ae:fd:e8:14:05:d0:d5:d3:26:38:99:21:76:
fc:70:b4:0d:58:5f:b8:08:53:57:a4:e7:5b:0d:f0:79:42:6e:
de:bb:76:7a:72:39:d0:b2:78:8b:1e:36:32:c9:6a:a7:d4:19:
46:2f:02:eb:09:d2:7b:fe:3e:33:5e:b6:a1:24:9b:fb:b8:cd:
26:0c:aa:7d:3e:f9:41:32:60:6a:ce:9f:72:6e:bb:72:ac:a6:
a6:86:09:e8:f5:cf:9c:3b:f8:ce:c3:80:ad:ef:14:a6:50:a4:
6e:c2:32:b7:62:e4:29:66:28:72:a0:43:6b:08:30:ca:99:99:
ea:a5:3f:e8:86:66:42:4a:a6:bd:66:3e:6e:f5:95:54:b6:a1:
60:71:d4:44:7e:bb:70:5d:f8:73:07:c3:f3:eb:14:53:d3:a0:
7a:14:89:16:56:87:1e:b1:99:82:6a:ac:95:71:df:0c:2c:7d:
b7:75:f5:16:60:d7:a9:a4:ab:cb:dd:6a:71:a4:1e:24:e7:99:
87:72:c4:38:c3:1d:7d:3b:4d:fc:c7:51:7a:fb:cf:59:6e:bd:
56:0a:bf:27
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZ3AWhhzXZtjuxK8Rquq8C8/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNDI0MTYzNzAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzE5NjhkOGVmY2VhODk4MTU1NGUxNjVhMTEyZWYzMzE2ODFjMTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4j+U5TgX73Ewx0QIQZmCQJ4EYRgp
KXi2lGD5yC+EgF5OC1s/pV4WefCs4fsOgYMKhTuNo4RccVDcR/gP1V+x3TcUe6xU
C+6Rbxl9X57I4oaXAyk+33MjKt3j+jGa39qWVrIIX0upR8q4V9J4NxzWBH8LRrV5
Dhy3yDJkPVlHCCYe/Yq7SXcSAZP0daoEu4rEVNQR7eWWKX7jIspkzAgRgkrqKf62
d+G8IeAPsyziwr9jHhawRBEZrb7netMVZ9n1X5O9Nj7njYXAMme2+QbDEAHz5L25
vTSRe0KnTAzNisNvOqIbUJE6O0eTyTVCBFOe+ownj3J+lvV+6Wfd4B0fywIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFOMZaNjvzqiYFVThZaES7zMWgcELMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvNHhsbzJPX09xSmdWVk9GbG9STHZNeGFCd1FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQFQHaAAwQF
2MPAAwQG2OwAMA0EAgACMAcDBQIqAUJAMA0GCSqGSIb3DQEBCwUAA4IBAQBrtRay
ld5TMDWa+4HqeskuXuP1SJdFtUQhuO86sJvjs3i9+moq+QrJ3a796BQF0NXTJjiZ
IXb8cLQNWF+4CFNXpOdbDfB5Qm7eu3Z6cjnQsniLHjYyyWqn1BlGLwLrCdJ7/j4z
XrahJJv7uM0mDKp9PvlBMmBqzp9ybrtyrKamhgno9c+cO/jOw4Ct7xSmUKRuwjK3
YuQpZihyoENrCDDKmZnqpT/ohmZCSqa9Zj5u9ZVUtqFgcdREfrtwXfhzB8Pz6xRT
06B6FIkWVocesZmCaqyVcd8MLH23dfUWYNeppKvL3WpxpB4k55mHcsQ4wx19O038
x1F6+89Zbr1WCr8n
-----END CERTIFICATE-----
Generated at Mon Apr 27 00:38:02 2026 by rpki-client