Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/PiR6PkVQRFqEfm9lMFMx7R_IaDM.roa
File: PiR6PkVQRFqEfm9lMFMx7R_IaDM.roa (raw, json)
Hash identifier: 2obqgsdNVnsgyNIGbMXRSD+tRQgkX3zupnny+MExpEw=
Subject key identifier: 3E:24:7A:3E:45:50:44:5A:84:7E:6F:65:30:53:31:ED:1F:C8:68:33
Certificate issuer: /CN=09e5518e68467b4290c3509268b6d6d664962c86
Certificate serial: 019EDF571AB167FDBBD85B2D6BEC5049F96C
Authority key identifier: 09:E5:51:8E:68:46:7B:42:90:C3:50:92:68:B6:D6:D6:64:96:2C:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CeVRjmhGe0KQw1CSaLbW1mSWLIY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/PiR6PkVQRFqEfm9lMFMx7R_IaDM.roa
Signing time: Fri 19 Jun 2026 10:04:48 +0000
ROA not before: Fri 19 Jun 2026 10:04:48 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 31515
IP address blocks: 161.30.0.0/16 maxlen: 16
161.30.3.0/24 maxlen: 24
161.30.4.0/24 maxlen: 24
161.30.5.0/24 maxlen: 24
161.30.6.0/24 maxlen: 24
161.30.7.0/24 maxlen: 24
161.30.8.0/24 maxlen: 24
161.30.9.0/24 maxlen: 24
161.30.10.0/23 maxlen: 24
161.30.10.0/24 maxlen: 24
161.30.12.0/22 maxlen: 22
161.30.16.0/22 maxlen: 22
161.30.20.0/24 maxlen: 24
161.30.22.0/23 maxlen: 23
161.30.28.0/24 maxlen: 24
161.30.29.0/24 maxlen: 24
161.30.33.0/24 maxlen: 24
161.30.40.0/23 maxlen: 23
161.30.42.0/23 maxlen: 24
161.30.44.0/23 maxlen: 24
161.30.112.0/23 maxlen: 23
161.30.114.0/23 maxlen: 23
161.30.115.0/24 maxlen: 24
161.30.116.0/23 maxlen: 23
161.30.118.0/24 maxlen: 24
161.30.119.0/24 maxlen: 24
161.30.120.0/24 maxlen: 24
161.30.121.0/24 maxlen: 24
161.30.124.0/23 maxlen: 23
161.30.126.0/23 maxlen: 23
161.30.128.0/23 maxlen: 23
161.30.129.0/24 maxlen: 24
161.30.130.0/24 maxlen: 24
161.30.155.0/24 maxlen: 24
161.30.162.0/24 maxlen: 24
161.30.163.0/24 maxlen: 24
161.30.164.0/24 maxlen: 24
161.30.165.0/24 maxlen: 24
161.30.166.0/24 maxlen: 24
161.30.167.0/24 maxlen: 24
161.30.169.0/24 maxlen: 24
161.30.171.0/24 maxlen: 24
161.30.176.0/20 maxlen: 20
161.30.193.0/24 maxlen: 24
161.30.194.0/23 maxlen: 23
161.30.201.0/24 maxlen: 24
161.30.202.0/24 maxlen: 24
161.30.203.0/24 maxlen: 24
161.30.220.0/24 maxlen: 24
161.30.221.0/24 maxlen: 24
161.30.236.0/22 maxlen: 24
161.30.236.0/24 maxlen: 24
161.30.237.0/24 maxlen: 24
161.30.238.0/24 maxlen: 24
161.30.239.0/24 maxlen: 24
161.30.240.0/24 maxlen: 24
161.30.241.0/24 maxlen: 24
161.30.246.0/24 maxlen: 24
161.30.250.0/24 maxlen: 24
161.30.251.0/24 maxlen: 24
2a11:ae00::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/CeVRjmhGe0KQw1CSaLbW1mSWLIY.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/CeVRjmhGe0KQw1CSaLbW1mSWLIY.mft
rsync://rpki.ripe.net/repository/DEFAULT/CeVRjmhGe0KQw1CSaLbW1mSWLIY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 01 Jul 2026 14:31:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:df:57:1a:b1:67:fd:bb:d8:5b:2d:6b:ec:50:49:f9:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=09e5518e68467b4290c3509268b6d6d664962c86
Validity
Not Before: Jun 19 10:04:48 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3e247a3e4550445a847e6f65305331ed1fc86833
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:3c:e2:9a:2a:4a:78:dd:3b:7b:0d:6a:8a:03:
64:85:66:f0:af:df:39:a5:93:8e:52:d9:20:b0:af:
0c:ca:bc:50:44:e7:ca:2f:fc:50:57:92:a4:47:37:
78:df:7d:91:4c:61:1f:ed:0b:af:59:1f:0c:24:db:
54:75:5a:2d:e5:d6:f8:de:09:50:f0:49:6c:6d:a1:
aa:d0:5c:c8:97:b0:4b:26:2c:39:1f:88:ac:16:3f:
bc:76:37:82:88:82:34:1c:b7:79:db:7b:5e:76:89:
d7:ee:7f:ca:de:23:77:3a:d7:be:7b:2a:f2:b4:41:
53:a1:d7:01:11:6c:9f:36:53:e0:8d:78:83:9d:39:
99:1a:75:bb:84:4b:f0:f8:a7:3e:f2:c3:8d:db:1b:
92:43:12:17:8a:34:4d:23:c8:0f:31:f8:64:a5:77:
c6:9a:f3:e4:0e:71:01:96:8d:1b:9c:30:9d:ad:7d:
d0:22:7d:36:f1:43:db:4b:57:a7:cb:ac:d1:86:9c:
03:3a:97:e8:75:54:62:08:b8:26:af:e1:c1:3c:15:
95:5d:16:a4:37:70:88:b1:40:e1:b5:dc:b3:80:31:
29:8f:c5:02:46:e1:73:20:0c:10:a8:0d:b6:3b:68:
c1:8e:35:59:08:c4:3b:fe:d2:07:97:33:11:15:26:
2b:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:24:7A:3E:45:50:44:5A:84:7E:6F:65:30:53:31:ED:1F:C8:68:33
X509v3 Authority Key Identifier:
keyid:09:E5:51:8E:68:46:7B:42:90:C3:50:92:68:B6:D6:D6:64:96:2C:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CeVRjmhGe0KQw1CSaLbW1mSWLIY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/PiR6PkVQRFqEfm9lMFMx7R_IaDM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/CeVRjmhGe0KQw1CSaLbW1mSWLIY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
161.30.0.0/16
IPv6:
2a11:ae00::/32
Signature Algorithm: sha256WithRSAEncryption
2b:56:29:51:b9:47:6e:cf:5f:1b:76:e3:92:ba:bf:da:b9:6c:
42:6f:3c:ca:ea:be:eb:4b:43:0a:80:4c:77:6b:34:ed:a4:56:
7e:99:a6:89:05:de:d4:8f:97:ac:48:12:8e:64:a7:ad:7b:ac:
b8:be:4d:48:ea:76:ba:f4:46:08:e9:72:bd:78:80:68:da:58:
91:60:47:16:30:e8:bc:b5:94:16:93:b1:6e:ec:ec:3a:ce:8c:
fc:7f:6e:fa:61:89:7e:02:d0:9b:7f:b5:af:42:6a:93:b1:15:
ad:3a:f4:3c:b4:3e:03:0c:6d:25:8d:3b:65:4b:04:7c:9d:6a:
a3:bc:b1:16:a5:96:6a:85:15:64:a5:5d:2d:3c:a2:f7:c6:3e:
14:8c:0d:02:6f:28:ca:25:cb:10:26:dc:dc:38:98:25:6b:2d:
98:25:1c:5f:fe:d9:a5:3b:e3:e2:90:28:88:9a:cb:a4:45:09:
fb:9e:32:28:4d:af:84:c5:56:90:6c:03:96:95:21:a5:ed:24:
98:fa:a9:27:9b:53:b8:bc:89:a7:8f:df:b9:5e:cb:46:ee:a6:
49:cd:3b:52:49:ff:29:37:8b:4f:3a:09:6e:ad:31:5c:25:4a:
07:73:1a:21:0f:ba:d5:ce:34:ad:b4:7a:0b:47:28:b9:89:92:
21:d0:69:aa
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ7fVxqxZ/272Fsta+xQSflsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZTU1MThlNjg0NjdiNDI5MGMzNTA5MjY4YjZkNmQ2NjQ5
NjJjODYwHhcNMjYwNjE5MTAwNDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTI0N2EzZTQ1NTA0NDVhODQ3ZTZmNjUzMDUzMzFlZDFmYzg2ODMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTzimipKeN07ew1qigNkhWbwr985
pZOOUtkgsK8MyrxQROfKL/xQV5KkRzd4332RTGEf7QuvWR8MJNtUdVot5db43glQ
8ElsbaGq0FzIl7BLJiw5H4isFj+8djeCiII0HLd523tedonX7n/K3iN3Ote+eyry
tEFTodcBEWyfNlPgjXiDnTmZGnW7hEvw+Kc+8sON2xuSQxIXijRNI8gPMfhkpXfG
mvPkDnEBlo0bnDCdrX3QIn028UPbS1eny6zRhpwDOpfodVRiCLgmr+HBPBWVXRak
N3CIsUDhtdyzgDEpj8UCRuFzIAwQqA22O2jBjjVZCMQ7/tIHlzMRFSYrhwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFD4kej5FUERahH5vZTBTMe0fyGgzMB8GA1UdIwQY
MBaAFAnlUY5oRntCkMNQkmi21tZkliyGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2VWUmptaEdlMEtRdzFDU2FMYlcxbVNXTElZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8zMDI4MmMtM2M4Mi00NzMwLWI5NWUt
ZTc0NTk0ODk4M2VkLzEvUGlSNlBrVlFSRnFFZm05bE1GTXg3Ul9JYURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8zMDI4MmMtM2M4Mi00NzMwLWI5NWUtZTc0NTk0ODk4M2Vk
LzEvQ2VWUmptaEdlMEtRdzFDU2FMYlcxbVNXTElZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDALBAIAATAFAwMAoR4wDQQC
AAIwBwMFACoRrgAwDQYJKoZIhvcNAQELBQADggEBACtWKVG5R27PXxt245K6v9q5
bEJvPMrqvutLQwqATHdrNO2kVn6ZpokF3tSPl6xIEo5kp617rLi+TUjqdrr0Rgjp
cr14gGjaWJFgRxYw6Ly1lBaTsW7s7DrOjPx/bvphiX4C0Jt/ta9CapOxFa069Dy0
PgMMbSWNO2VLBHydaqO8sRallmqFFWSlXS08ovfGPhSMDQJvKMolyxAm3Nw4mCVr
LZglHF/+2aU74+KQKIiay6RFCfueMihNr4TFVpBsA5aVIaXtJJj6qSebU7i8iaeP
37ley0bupknNO1JJ/yk3i086CW6tMVwlSgdzGiEPutXONK20egtHKLmJkiHQaao=
-----END CERTIFICATE-----
Generated at Tue Jun 30 19:06:20 2026 by rpki-client