Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Dn85KELFOjryky7h9oTXV3jWSyw.roa
File: Dn85KELFOjryky7h9oTXV3jWSyw.roa (raw, json)
Hash identifier: MEN9HCPZnsYXRdRobHfYwAZWx/z6Y7geToU4Oh1zdXE=
Subject key identifier: 0E:7F:39:28:42:C5:3A:3A:F2:93:2E:E1:F6:84:D7:57:78:D6:4B:2C
Certificate issuer: /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial: 019CD1B16B2EB5931F1FC5880D2E7DF95BA1
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Dn85KELFOjryky7h9oTXV3jWSyw.roa
Signing time: Mon 09 Mar 2026 08:23:11 +0000
ROA not before: Mon 09 Mar 2026 08:23:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 0
IP address blocks: 77.76.4.0/22 maxlen: 22
78.128.2.0/23 maxlen: 23
78.128.10.0/23 maxlen: 23
78.128.12.0/22 maxlen: 22
78.128.16.0/20 maxlen: 20
78.128.41.0/24 maxlen: 24
78.128.52.0/22 maxlen: 22
78.128.56.0/22 maxlen: 22
78.128.83.0/24 maxlen: 24
78.128.84.0/22 maxlen: 22
78.128.88.0/22 maxlen: 22
78.128.97.0/24 maxlen: 24
78.128.100.0/22 maxlen: 22
78.128.104.0/22 maxlen: 22
78.142.10.0/23 maxlen: 23
78.142.31.0/24 maxlen: 24
82.118.242.0/24 maxlen: 24
83.222.190.0/23 maxlen: 23
84.201.224.0/20 maxlen: 20
91.148.162.0/23 maxlen: 23
91.148.164.0/23 maxlen: 23
91.148.169.0/24 maxlen: 24
91.148.170.0/23 maxlen: 23
91.148.172.0/22 maxlen: 22
91.148.176.0/21 maxlen: 21
130.185.227.0/24 maxlen: 24
130.185.234.0/24 maxlen: 24
185.81.120.0/24 maxlen: 24
193.24.240.0/22 maxlen: 22
193.200.14.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 11 Mar 2026 06:19:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:d1:b1:6b:2e:b5:93:1f:1f:c5:88:0d:2e:7d:f9:5b:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Validity
Not Before: Mar 9 08:23:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0e7f392842c53a3af2932ee1f684d75778d64b2c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:1c:8c:dc:c0:0f:56:7e:7b:b7:52:04:a2:16:
1a:d9:8f:a3:a0:9f:45:9f:fe:7d:67:be:21:d1:e5:
84:e2:e5:4d:3a:a9:01:da:77:9b:d5:81:8e:d9:2c:
87:0f:38:81:f8:53:58:b4:49:f5:7b:19:71:a8:16:
62:f4:95:5a:5f:23:81:b6:93:77:fc:01:f3:65:78:
e9:46:2f:c3:41:c5:00:91:11:99:b4:fb:a3:7f:cc:
8d:61:31:6a:fb:8f:6d:55:ae:5e:19:bd:45:a3:0d:
18:51:75:00:76:04:bc:93:ce:bd:af:85:a9:30:c3:
69:15:3d:bc:66:2a:fb:c6:b7:f2:df:62:16:3e:5f:
6a:94:c5:74:e0:96:5b:19:7a:d7:c6:de:d1:e0:3a:
85:d7:7a:0c:56:41:d0:b2:76:c3:b6:9f:45:e6:95:
1c:30:30:78:b5:85:ae:ff:5f:43:c9:a9:1a:e6:50:
d7:b9:e4:e4:27:58:72:69:31:66:4e:01:98:4e:9a:
a1:f1:07:84:81:95:b7:b6:cc:12:69:40:4d:3a:ce:
5c:54:04:e9:32:1a:e3:73:91:29:ef:de:1c:a4:fc:
66:31:5b:12:4d:bc:b0:73:61:4b:65:d7:e7:d3:5c:
1d:3a:a5:d5:fe:bf:ab:f1:45:24:b9:f3:69:eb:dc:
64:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:7F:39:28:42:C5:3A:3A:F2:93:2E:E1:F6:84:D7:57:78:D6:4B:2C
X509v3 Authority Key Identifier:
keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Dn85KELFOjryky7h9oTXV3jWSyw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.76.4.0/22
78.128.2.0/23
78.128.10.0-78.128.31.255
78.128.41.0/24
78.128.52.0-78.128.59.255
78.128.83.0-78.128.91.255
78.128.97.0/24
78.128.100.0-78.128.107.255
78.142.10.0/23
78.142.31.0/24
82.118.242.0/24
83.222.190.0/23
84.201.224.0/20
91.148.162.0-91.148.165.255
91.148.169.0-91.148.183.255
130.185.227.0/24
130.185.234.0/24
185.81.120.0/24
193.24.240.0/22
193.200.14.0/23
Signature Algorithm: sha256WithRSAEncryption
30:f2:42:28:51:40:cb:7c:4f:08:a4:c8:8f:d4:d8:f1:79:2f:
a6:de:83:5c:b2:d7:5c:53:da:6c:66:88:eb:0e:b7:9f:ae:c0:
df:73:2b:c7:9c:a2:37:cb:94:69:38:f4:8f:0e:14:90:56:1c:
95:ed:51:10:d7:91:4f:e0:43:ff:1f:c4:a0:18:a9:9f:b6:32:
26:5e:ef:da:dc:cf:a6:65:ac:41:22:b4:12:01:02:54:d7:e6:
fd:c7:13:48:96:ca:5a:df:8d:ae:2f:0b:fe:ee:a1:1e:f5:3e:
da:21:4c:d5:97:ce:71:ab:a1:81:f0:48:7f:9e:6d:a6:d4:43:
7d:76:92:07:40:3d:f1:4b:10:44:19:49:3b:ac:50:ff:4b:2a:
0a:8c:3b:f6:98:5b:6a:0b:5d:7a:86:1b:66:b4:2e:73:96:a4:
2d:56:49:98:b2:5c:08:74:fe:8e:f7:85:7f:64:a6:5c:cc:b2:
f3:ff:c2:98:a6:79:6c:78:98:1a:6c:96:39:8e:a5:29:46:fc:
45:52:d5:43:e6:be:85:19:76:f7:1d:11:c8:6e:a3:57:18:68:
9c:40:7c:2e:f2:02:bd:3d:fa:73:d2:1f:33:74:25:11:ad:42:
2a:53:cf:67:b1:0f:23:83:e9:32:8a:c4:fb:ac:25:46:fa:8d:
cc:39:0e:c4
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgISAZzRsWsutZMfH8WIDS59+VuhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjYwMzA5MDgyMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTdmMzkyODQyYzUzYTNhZjI5MzJlZTFmNjg0ZDc1Nzc4ZDY0YjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhyM3MAPVn57t1IEohYa2Y+joJ9F
n/59Z74h0eWE4uVNOqkB2neb1YGO2SyHDziB+FNYtEn1exlxqBZi9JVaXyOBtpN3
/AHzZXjpRi/DQcUAkRGZtPujf8yNYTFq+49tVa5eGb1Fow0YUXUAdgS8k869r4Wp
MMNpFT28Zir7xrfy32IWPl9qlMV04JZbGXrXxt7R4DqF13oMVkHQsnbDtp9F5pUc
MDB4tYWu/19Dyaka5lDXueTkJ1hyaTFmTgGYTpqh8QeEgZW3tswSaUBNOs5cVATp
Mhrjc5Ep794cpPxmMVsSTbywc2FLZdfn01wdOqXV/r+r8UUkufNp69xkRwIDAQAB
o4ICsDCCAqwwHQYDVR0OBBYEFA5/OShCxTo68pMu4faE11d41kssMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvRG44NUtFTEZPanJ5a3k3aDlvVFhWM2pXU3l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHFBggrBgEFBQcBBwEB/wSBtTCBsjCBrwQCAAEwgagDBAJN
TAQDBAFOgAIwDAMEAU6ACgMEBU6AAAMEAE6AKTAMAwQCToA0AwQCToA4MAwDBABO
gFMDBAJOgFgDBABOgGEwDAMEAk6AZAMEAk6AaAMEAU6OCgMEAE6OHwMEAFJ28gME
AVPevgMEBFTJ4DAMAwQBW5SiAwQBW5SkMAwDBABblKkDBANblLADBACCueMDBACC
ueoDBAC5UXgDBALBGPADBAHByA4wDQYJKoZIhvcNAQELBQADggEBADDyQihRQMt8
TwikyI/U2PF5L6beg1yy11xT2mxmiOsOt5+uwN9zK8ecojfLlGk49I8OFJBWHJXt
URDXkU/gQ/8fxKAYqZ+2MiZe79rcz6ZlrEEitBIBAlTX5v3HE0iWylrfja4vC/7u
oR71PtohTNWXznGroYHwSH+ebabUQ312kgdAPfFLEEQZSTusUP9LKgqMO/aYW2oL
XXqGG2a0LnOWpC1WSZiyXAh0/o73hX9kplzMsvP/wpimeWx4mBpsljmOpSlG/EVS
1UPmvoUZdvcdEchuo1cYaJxAfC7yAr09+nPSHzN0JRGtQipTz2exDyOD6TKKxPus
JUb6jcw5DsQ=
-----END CERTIFICATE-----
Generated at Tue Mar 10 12:42:47 2026 by rpki-client