Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/P4iYo_pgPdMjfud17S1Pja-OB4g.roa
File: P4iYo_pgPdMjfud17S1Pja-OB4g.roa (raw, json)
Hash identifier: V9YQ3Ly1AA0IvwxjFuA9aYy5KxQNhTDwIiK8jm1VIm0=
Subject key identifier: 3F:88:98:A3:FA:60:3D:D3:23:7E:E7:75:ED:2D:4F:8D:AF:8E:07:88
Certificate issuer: /CN=8978ff5dab33c42da65fe4e1abfbca4eafbdd2aa
Certificate serial: 019D2F9C2D8888CEB7A3DCF2B848B1DB3FF6
Authority key identifier: 89:78:FF:5D:AB:33:C4:2D:A6:5F:E4:E1:AB:FB:CA:4E:AF:BD:D2:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iXj_XaszxC2mX-Thq_vKTq-90qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/P4iYo_pgPdMjfud17S1Pja-OB4g.roa
Signing time: Fri 27 Mar 2026 14:04:17 +0000
ROA not before: Fri 27 Mar 2026 14:04:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 207147
IP address blocks: 45.11.68.0/22 maxlen: 24
45.88.128.0/22 maxlen: 24
45.89.112.0/22 maxlen: 22
45.143.208.0/22 maxlen: 22
45.143.208.0/24 maxlen: 24
45.143.209.0/24 maxlen: 24
45.143.210.0/24 maxlen: 24
45.143.211.0/24 maxlen: 24
46.183.32.0/22 maxlen: 22
46.183.32.0/24 maxlen: 24
46.183.33.0/24 maxlen: 24
46.183.34.0/24 maxlen: 24
46.183.35.0/24 maxlen: 24
46.183.36.0/22 maxlen: 22
46.183.36.0/24 maxlen: 24
46.183.37.0/24 maxlen: 24
46.183.38.0/24 maxlen: 24
46.183.39.0/24 maxlen: 24
84.247.4.0/22 maxlen: 24
85.204.148.0/22 maxlen: 24
85.204.148.0/24 maxlen: 24
85.204.149.0/24 maxlen: 24
85.204.150.0/24 maxlen: 24
85.204.151.0/24 maxlen: 24
89.37.228.0/22 maxlen: 24
130.0.88.0/22 maxlen: 24
130.0.88.0/24 maxlen: 24
130.0.89.0/24 maxlen: 24
176.223.176.0/22 maxlen: 24
185.164.212.0/22 maxlen: 24
185.178.88.0/22 maxlen: 24
185.178.91.0/24 maxlen: 24
185.194.120.0/22 maxlen: 24
185.194.120.0/24 maxlen: 24
185.194.121.0/24 maxlen: 24
185.194.122.0/24 maxlen: 24
185.194.123.0/24 maxlen: 24
185.237.40.0/22 maxlen: 24
2a0b:9c00::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/iXj_XaszxC2mX-Thq_vKTq-90qo.crl
rsync://rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/iXj_XaszxC2mX-Thq_vKTq-90qo.mft
rsync://rpki.ripe.net/repository/DEFAULT/iXj_XaszxC2mX-Thq_vKTq-90qo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Mar 2026 07:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:2f:9c:2d:88:88:ce:b7:a3:dc:f2:b8:48:b1:db:3f:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8978ff5dab33c42da65fe4e1abfbca4eafbdd2aa
Validity
Not Before: Mar 27 14:04:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3f8898a3fa603dd3237ee775ed2d4f8daf8e0788
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:7c:9b:46:ea:7d:92:7e:9a:83:27:a2:ff:9c:
65:35:d5:32:1c:24:1c:c5:eb:16:95:72:e5:a2:05:
44:40:1c:13:84:5c:74:78:5e:83:7d:8a:c0:ff:e3:
bc:37:91:85:7f:3e:de:44:13:9d:28:50:b7:e6:f4:
52:d9:8f:7c:50:7e:cb:a0:cc:aa:c4:99:87:21:59:
aa:31:b8:68:07:dd:8d:ac:ec:e6:ca:19:66:8f:d3:
5e:5d:60:95:3b:5a:b2:e3:2f:48:3b:2b:f0:e1:a0:
52:4f:f5:d6:b0:55:cb:6a:de:aa:e7:96:4b:67:c9:
7b:c5:40:c5:f0:58:a1:08:bb:52:0c:c4:40:7c:e4:
70:56:98:24:b8:f8:c8:2b:d4:7f:6f:ac:33:c2:53:
f9:3c:1e:70:09:eb:1a:e8:df:52:6c:cf:6b:2e:28:
cf:6b:29:df:f7:1d:37:17:51:4f:7a:9d:90:57:ea:
cb:ea:31:e9:f1:49:a8:e5:2f:d4:73:b4:0f:8e:1e:
0f:d9:d7:24:1f:87:d1:e7:e7:45:8e:ad:f5:89:05:
c0:51:44:0e:d7:0c:48:b8:41:f7:5f:21:97:ba:ce:
f3:af:8d:9e:62:22:7c:26:80:21:19:6f:dc:ce:6b:
ac:0e:99:0d:a1:9f:1d:1e:87:5a:97:bb:ae:c9:2e:
27:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:88:98:A3:FA:60:3D:D3:23:7E:E7:75:ED:2D:4F:8D:AF:8E:07:88
X509v3 Authority Key Identifier:
keyid:89:78:FF:5D:AB:33:C4:2D:A6:5F:E4:E1:AB:FB:CA:4E:AF:BD:D2:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iXj_XaszxC2mX-Thq_vKTq-90qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/P4iYo_pgPdMjfud17S1Pja-OB4g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/iXj_XaszxC2mX-Thq_vKTq-90qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.11.68.0/22
45.88.128.0/22
45.89.112.0/22
45.143.208.0/22
46.183.32.0/21
84.247.4.0/22
85.204.148.0/22
89.37.228.0/22
130.0.88.0/22
176.223.176.0/22
185.164.212.0/22
185.178.88.0/22
185.194.120.0/22
185.237.40.0/22
IPv6:
2a0b:9c00::/48
Signature Algorithm: sha256WithRSAEncryption
71:2d:09:9e:e5:3a:5e:08:bd:5b:5a:de:02:08:59:23:2a:26:
06:2a:bb:a3:55:a5:c4:2d:69:a2:91:b5:54:83:12:65:4c:ff:
22:27:86:1f:76:c2:3c:b4:22:5f:d1:36:c3:f7:e4:ba:0b:59:
23:b6:b2:8d:f1:4c:04:a9:20:5a:e6:e4:6c:fb:1a:89:fd:36:
d3:70:d7:1a:dc:6e:c5:10:1d:4f:9d:c4:a8:56:6c:15:57:9c:
ac:ef:93:74:2e:d8:e5:be:6e:12:a5:50:2b:e9:fd:6f:fc:a1:
3b:54:34:72:cb:b2:2b:9e:12:a4:52:43:5a:06:f9:5f:59:49:
95:79:a5:59:f8:3d:3c:a4:17:cc:ec:8d:30:76:5e:f1:36:f3:
16:93:4c:46:ae:38:e0:88:98:b6:47:a5:13:f7:8b:e7:3f:ca:
a0:17:a7:db:59:b1:c1:44:32:e4:f3:22:38:8e:16:25:cf:3c:
23:c5:85:28:a4:05:89:8b:36:2d:86:24:5e:bd:2e:7a:9e:52:
7e:41:02:3c:cd:49:51:d7:42:b2:f0:dd:e7:15:e3:36:b9:40:
61:f2:13:1e:b8:04:29:2c:bd:d8:c6:9e:11:be:b5:7f:e2:7f:
7c:52:ec:34:65:c4:3b:56:f8:2c:0d:e2:e8:b8:ba:fe:5c:13:
2e:ff:81:5e
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAZ0vnC2IiM63o9zyuEix2z/2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NzhmZjVkYWIzM2M0MmRhNjVmZTRlMWFiZmJjYTRlYWZi
ZGQyYWEwHhcNMjYwMzI3MTQwNDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjg4OThhM2ZhNjAzZGQzMjM3ZWU3NzVlZDJkNGY4ZGFmOGUwNzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunybRup9kn6agyei/5xlNdUyHCQc
xesWlXLlogVEQBwThFx0eF6DfYrA/+O8N5GFfz7eRBOdKFC35vRS2Y98UH7LoMyq
xJmHIVmqMbhoB92NrOzmyhlmj9NeXWCVO1qy4y9IOyvw4aBST/XWsFXLat6q55ZL
Z8l7xUDF8FihCLtSDMRAfORwVpgkuPjIK9R/b6wzwlP5PB5wCesa6N9SbM9rLijP
aynf9x03F1FPep2QV+rL6jHp8Umo5S/Uc7QPjh4P2dckH4fR5+dFjq31iQXAUUQO
1wxIuEH3XyGXus7zr42eYiJ8JoAhGW/czmusDpkNoZ8dHodal7uuyS4n2QIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFD+ImKP6YD3TI37nde0tT42vjgeIMB8GA1UdIwQY
MBaAFIl4/12rM8Qtpl/k4av7yk6vvdKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVhqX1hhc3p4QzJtWC1UaHFfdktUcS05MHFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yZTgzNDctZDljNy00ZTUxLTliMTQt
ZDAyZDk2YzM2Y2EzLzEvUDRpWW9fcGdQZE1qZnVkMTdTMVBqYS1PQjRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yZTgzNDctZDljNy00ZTUxLTliMTQtZDAyZDk2YzM2Y2Ez
LzEvaVhqX1hhc3p4QzJtWC1UaHFfdktUcS05MHFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBaBAIAATBUAwQCLQtEAwQC
LViAAwQCLVlwAwQCLY/QAwQDLrcgAwQCVPcEAwQCVcyUAwQCWSXkAwQCggBYAwQC
sN+wAwQCuaTUAwQCubJYAwQCucJ4AwQCue0oMA8EAgACMAkDBwAqC5wAAAAwDQYJ
KoZIhvcNAQELBQADggEBAHEtCZ7lOl4IvVta3gIIWSMqJgYqu6NVpcQtaaKRtVSD
EmVM/yInhh92wjy0Il/RNsP35LoLWSO2so3xTASpIFrm5Gz7Gon9NtNw1xrcbsUQ
HU+dxKhWbBVXnKzvk3Qu2OW+bhKlUCvp/W/8oTtUNHLLsiueEqRSQ1oG+V9ZSZV5
pVn4PTykF8zsjTB2XvE28xaTTEauOOCImLZHpRP3i+c/yqAXp9tZscFEMuTzIjiO
FiXPPCPFhSikBYmLNi2GJF69LnqeUn5BAjzNSVHXQrLw3ecV4za5QGHyEx64BCks
vdjGnhG+tX/if3xS7DRlxDtW+CwN4ui4uv5cEy7/gV4=
-----END CERTIFICATE-----
Generated at Sun Mar 29 16:42:21 2026 by rpki-client