Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/3e3b4b-f827-4347-9022-2818f6578d1b/1/Dxm0EoxGp2ndo74sPdVeeXzoflk.roa
File: Dxm0EoxGp2ndo74sPdVeeXzoflk.roa (raw, json)
Hash identifier: yNKkIjFKgCoECJezorrDtiFQ2gdUXVgat36+B1ETObs=
Subject key identifier: 0F:19:B4:12:8C:46:A7:69:DD:A3:BE:2C:3D:D5:5E:79:7C:E8:7E:59
Certificate issuer: /CN=41b8c2f37bd8d7e04e76985a4ced4559d7651c43
Certificate serial: 019D2A1FC3BF76849BDE1C34CE40F70DA0F4
Authority key identifier: 41:B8:C2:F3:7B:D8:D7:E0:4E:76:98:5A:4C:ED:45:59:D7:65:1C:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QbjC83vY1-BOdphaTO1FWddlHEM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e1/3e3b4b-f827-4347-9022-2818f6578d1b/1/Dxm0EoxGp2ndo74sPdVeeXzoflk.roa
Signing time: Thu 26 Mar 2026 12:30:17 +0000
ROA not before: Thu 26 Mar 2026 12:30:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 29014
IP address blocks: 45.139.156.0/22 maxlen: 24
45.139.158.0/23 maxlen: 23
85.158.0.0/22 maxlen: 24
85.158.0.0/24 maxlen: 24
85.158.4.0/23 maxlen: 23
85.158.6.0/24 maxlen: 24
85.158.7.0/24 maxlen: 24
93.92.128.0/21 maxlen: 24
93.92.128.0/23 maxlen: 23
93.92.130.0/23 maxlen: 23
93.92.132.0/24 maxlen: 24
93.92.133.0/24 maxlen: 24
93.92.134.0/23 maxlen: 23
185.8.8.0/22 maxlen: 24
185.8.8.0/24 maxlen: 24
192.42.65.0/24 maxlen: 24
193.41.116.0/23 maxlen: 24
194.126.239.0/24 maxlen: 24
195.177.232.0/23 maxlen: 24
195.177.233.0/24 maxlen: 24
2a00:12e8::/32 maxlen: 48
2a00:12e8::/40 maxlen: 40
2a00:12e8:100::/40 maxlen: 40
2a00:12e8:200::/40 maxlen: 40
2a00:12e8:300::/40 maxlen: 40
2a00:12e8:400::/40 maxlen: 40
2a00:12e8:500::/40 maxlen: 40
2a00:12e8:600::/40 maxlen: 40
2a00:12e8:700::/40 maxlen: 40
2a00:12e8:800::/40 maxlen: 48
2a00:12e8:800::/48 maxlen: 48
2a00:12e8:801::/48 maxlen: 48
2a00:12e8:802::/48 maxlen: 48
2a00:12e8:900::/40 maxlen: 40
2a00:12e8:f111::/48 maxlen: 48
2a00:12e8:f122::/48 maxlen: 48
2a00:12e8:f123::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e1/3e3b4b-f827-4347-9022-2818f6578d1b/1/QbjC83vY1-BOdphaTO1FWddlHEM.crl
rsync://rpki.ripe.net/repository/DEFAULT/e1/3e3b4b-f827-4347-9022-2818f6578d1b/1/QbjC83vY1-BOdphaTO1FWddlHEM.mft
rsync://rpki.ripe.net/repository/DEFAULT/QbjC83vY1-BOdphaTO1FWddlHEM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Mar 2026 16:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:2a:1f:c3:bf:76:84:9b:de:1c:34:ce:40:f7:0d:a0:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=41b8c2f37bd8d7e04e76985a4ced4559d7651c43
Validity
Not Before: Mar 26 12:30:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0f19b4128c46a769dda3be2c3dd55e797ce87e59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:46:d3:92:15:6b:a1:a3:08:b8:bc:59:2e:67:
77:94:75:b3:d6:1c:3b:72:85:73:96:35:f2:84:dc:
70:cc:41:b7:2f:2e:e5:8f:5a:93:6c:20:22:6a:0a:
2a:93:93:4a:ad:33:74:5e:23:6c:a8:07:f9:1d:c2:
91:00:cc:0a:cb:0b:65:0f:58:68:af:4f:c6:de:79:
df:55:0f:02:7a:91:0b:d5:ef:20:e6:8d:c4:33:5a:
1a:b0:ce:7e:ca:08:c8:c4:43:6a:82:ed:1d:1a:4f:
1b:3e:d4:e4:de:2c:cd:5b:e9:d7:78:fb:6d:ce:5d:
80:10:3b:f8:8a:da:13:c7:86:7c:17:cb:6a:c3:21:
26:1a:3c:9f:59:04:65:31:41:fa:16:17:01:ac:63:
88:e0:56:6d:ec:ad:30:de:74:47:2e:b4:6c:b8:10:
81:42:e0:c6:95:8a:71:19:02:14:b0:b5:87:2a:b4:
d1:25:de:f9:59:24:3b:bb:02:a9:c7:d9:c3:8f:f4:
f6:99:62:cc:e2:f8:67:00:3a:7b:ad:04:e6:78:ce:
7c:1c:0e:a0:7d:ae:80:10:07:93:2a:80:27:e1:bf:
37:b1:3f:5a:5d:02:af:89:c5:42:da:28:90:b0:f7:
83:52:4e:ee:cc:b4:75:c0:02:23:65:a2:d9:66:26:
9b:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:19:B4:12:8C:46:A7:69:DD:A3:BE:2C:3D:D5:5E:79:7C:E8:7E:59
X509v3 Authority Key Identifier:
keyid:41:B8:C2:F3:7B:D8:D7:E0:4E:76:98:5A:4C:ED:45:59:D7:65:1C:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QbjC83vY1-BOdphaTO1FWddlHEM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/3e3b4b-f827-4347-9022-2818f6578d1b/1/Dxm0EoxGp2ndo74sPdVeeXzoflk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/3e3b4b-f827-4347-9022-2818f6578d1b/1/QbjC83vY1-BOdphaTO1FWddlHEM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.139.156.0/22
85.158.0.0/21
93.92.128.0/21
185.8.8.0/22
192.42.65.0/24
193.41.116.0/23
194.126.239.0/24
195.177.232.0/23
IPv6:
2a00:12e8::/32
Signature Algorithm: sha256WithRSAEncryption
12:6e:6f:40:39:03:f0:e0:9e:60:89:5a:93:58:7b:ac:b5:db:
62:3b:30:eb:ab:01:0b:32:ba:ac:2d:54:64:31:66:8d:fb:de:
83:36:05:e1:46:fe:10:08:00:b4:57:04:d5:05:b9:1b:5a:3e:
b3:f7:67:48:74:3f:0f:f1:ab:6a:32:18:0e:0e:f9:0c:17:d6:
1a:29:7d:22:94:55:21:24:54:86:8d:02:fe:12:58:ad:67:2c:
fe:c4:1d:9d:bc:df:a2:e3:83:d2:5f:56:90:52:9a:33:ad:9f:
af:86:10:c9:e3:46:d0:4e:67:cb:94:e7:c6:46:0b:6b:d8:64:
37:fe:1e:36:74:fb:d2:d9:27:8a:58:b4:2f:0c:d2:99:3c:e2:
57:32:d6:9d:7f:1e:8e:65:a7:d2:84:54:79:d7:60:76:cf:1d:
76:ff:ef:06:12:ee:eb:ea:27:8c:9b:8b:d7:e5:18:44:93:af:
7e:2e:99:32:9b:f9:28:ff:ab:1d:1d:6c:27:0f:c8:a7:5e:f3:
1b:1d:39:6f:28:31:05:8d:75:ab:f8:eb:df:97:b4:2d:4b:b9:
c7:1d:74:30:de:3d:19:75:15:c3:51:26:e8:59:68:7c:b8:15:
7b:6f:a8:24:ea:fa:80:a7:f5:e7:89:c3:fd:b5:56:93:0c:2f:
c5:7f:ae:81
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZ0qH8O/doSb3hw0zkD3DaD0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxYjhjMmYzN2JkOGQ3ZTA0ZTc2OTg1YTRjZWQ0NTU5ZDc2
NTFjNDMwHhcNMjYwMzI2MTIzMDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjE5YjQxMjhjNDZhNzY5ZGRhM2JlMmMzZGQ1NWU3OTdjZTg3ZTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkbTkhVroaMIuLxZLmd3lHWz1hw7
coVzljXyhNxwzEG3Ly7lj1qTbCAiagoqk5NKrTN0XiNsqAf5HcKRAMwKywtlD1ho
r0/G3nnfVQ8CepEL1e8g5o3EM1oasM5+ygjIxENqgu0dGk8bPtTk3izNW+nXePtt
zl2AEDv4itoTx4Z8F8tqwyEmGjyfWQRlMUH6FhcBrGOI4FZt7K0w3nRHLrRsuBCB
QuDGlYpxGQIUsLWHKrTRJd75WSQ7uwKpx9nDj/T2mWLM4vhnADp7rQTmeM58HA6g
fa6AEAeTKoAn4b83sT9aXQKvicVC2iiQsPeDUk7uzLR1wAIjZaLZZiabQQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFA8ZtBKMRqdp3aO+LD3VXnl86H5ZMB8GA1UdIwQY
MBaAFEG4wvN72NfgTnaYWkztRVnXZRxDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWJqQzgzdlkxLUJPZHBoYVRPMUZXZGRsSEVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8zZTNiNGItZjgyNy00MzQ3LTkwMjIt
MjgxOGY2NTc4ZDFiLzEvRHhtMEVveEdwMm5kbzc0c1BkVmVlWHpvZmxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8zZTNiNGItZjgyNy00MzQ3LTkwMjItMjgxOGY2NTc4ZDFi
LzEvUWJqQzgzdlkxLUJPZHBoYVRPMUZXZGRsSEVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQCLYucAwQD
VZ4AAwQDXVyAAwQCuQgIAwQAwCpBAwQBwSl0AwQAwn7vAwQBw7HoMA0EAgACMAcD
BQAqABLoMA0GCSqGSIb3DQEBCwUAA4IBAQASbm9AOQPw4J5giVqTWHustdtiOzDr
qwELMrqsLVRkMWaN+96DNgXhRv4QCAC0VwTVBbkbWj6z92dIdD8P8atqMhgODvkM
F9YaKX0ilFUhJFSGjQL+ElitZyz+xB2dvN+i44PSX1aQUpozrZ+vhhDJ40bQTmfL
lOfGRgtr2GQ3/h42dPvS2SeKWLQvDNKZPOJXMtadfx6OZafShFR512B2zx12/+8G
Eu7r6ieMm4vX5RhEk69+Lpkym/ko/6sdHWwnD8inXvMbHTlvKDEFjXWr+Ovfl7Qt
S7nHHXQw3j0ZdRXDUSboWWh8uBV7b6gk6vqAp/XnicP9tVaTDC/Ff66B
-----END CERTIFICATE-----
Generated at Sun Mar 29 23:08:04 2026 by rpki-client