Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/1-OTLSt9bxerjVQrXim1tii-2o9E.roa
File: 1-OTLSt9bxerjVQrXim1tii-2o9E.roa (raw, json)
Hash identifier: pXJ9LGfvy4+1EbvSdA31KaVxZBu7t1Z+nzZrQNY4cjI=
Subject key identifier: F8:E4:CB:4A:DF:5B:C5:EA:E3:55:0A:D7:8A:6D:6D:8A:2F:B6:A3:D1
Certificate issuer: /CN=3a5d4a329702e2c9831cd36262bbb7fa7b97de37
Certificate serial: 019E426419360977BC3E7ADC5AC626355ACA
Authority key identifier: 3A:5D:4A:32:97:02:E2:C9:83:1C:D3:62:62:BB:B7:FA:7B:97:DE:37
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ol1KMpcC4smDHNNiYru3-nuX3jc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/1-OTLSt9bxerjVQrXim1tii-2o9E.roa
Signing time: Tue 19 May 2026 22:38:36 +0000
ROA not before: Tue 19 May 2026 22:38:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 47191
IP address blocks: 37.77.80.0/21 maxlen: 24
74.113.236.0/23 maxlen: 24
85.149.224.0/20 maxlen: 24
103.143.178.0/23 maxlen: 24
172.96.38.0/23 maxlen: 24
192.198.184.0/23 maxlen: 24
195.246.194.0/24 maxlen: 24
199.36.102.0/23 maxlen: 24
216.180.224.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/Ol1KMpcC4smDHNNiYru3-nuX3jc.crl
rsync://rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/Ol1KMpcC4smDHNNiYru3-nuX3jc.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ol1KMpcC4smDHNNiYru3-nuX3jc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 03 Jun 2026 15:55:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:42:64:19:36:09:77:bc:3e:7a:dc:5a:c6:26:35:5a:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3a5d4a329702e2c9831cd36262bbb7fa7b97de37
Validity
Not Before: May 19 22:38:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f8e4cb4adf5bc5eae3550ad78a6d6d8a2fb6a3d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:52:d6:c4:c5:ac:76:0a:05:ea:dd:18:c5:57:
e7:aa:8d:57:33:bd:f2:4f:bd:c1:5f:e1:e1:89:c7:
84:c5:02:a3:ac:93:ec:8e:af:71:d8:2e:7c:b1:cb:
86:4f:a5:10:1f:02:9c:b6:57:05:d8:c1:6d:b5:6f:
57:1b:c8:0f:e4:0e:9d:6f:6e:0e:ed:c2:a1:6c:4b:
84:2e:4d:d7:ec:f4:e2:b0:b7:59:84:09:72:10:45:
90:a2:23:7e:c2:13:62:ee:97:cf:70:35:53:93:85:
92:4d:e8:c9:08:57:49:0e:c6:11:f0:16:7a:1d:0f:
6e:d3:8a:bd:f4:6c:29:a1:84:5e:9b:bc:e6:3c:e0:
be:f1:16:5f:b1:4b:27:70:23:f5:57:c1:9f:af:d7:
da:ff:fc:3e:89:8d:86:54:eb:35:b1:5e:d0:7b:ed:
42:54:22:1d:a0:fd:17:1f:89:3d:b2:ed:00:f7:2f:
72:31:20:46:e1:e3:d9:46:30:84:8a:75:24:98:c6:
3e:5b:60:d4:68:81:86:a4:1b:3b:73:9b:8a:7f:27:
da:37:12:38:7b:56:c9:44:71:90:db:4a:6a:73:fb:
7e:1e:c8:3b:36:84:ee:03:5b:42:0b:d7:b8:99:d9:
e1:16:9e:60:83:a6:8e:a3:49:08:00:47:ac:bb:2a:
09:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:E4:CB:4A:DF:5B:C5:EA:E3:55:0A:D7:8A:6D:6D:8A:2F:B6:A3:D1
X509v3 Authority Key Identifier:
keyid:3A:5D:4A:32:97:02:E2:C9:83:1C:D3:62:62:BB:B7:FA:7B:97:DE:37
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ol1KMpcC4smDHNNiYru3-nuX3jc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/1-OTLSt9bxerjVQrXim1tii-2o9E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/Ol1KMpcC4smDHNNiYru3-nuX3jc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.77.80.0/21
74.113.236.0/23
85.149.224.0/20
103.143.178.0/23
172.96.38.0/23
192.198.184.0/23
195.246.194.0/24
199.36.102.0/23
216.180.224.0/20
Signature Algorithm: sha256WithRSAEncryption
1a:d4:fa:a2:61:37:02:92:16:b8:c0:e6:3b:d6:49:08:c0:89:
82:12:84:e7:ab:79:c0:f0:c1:af:72:eb:bb:a3:2f:4c:be:0a:
71:c1:2c:9f:8f:3b:7d:98:97:e8:dd:46:f9:94:c4:31:fb:ba:
75:0c:34:e7:41:9e:7c:12:fc:89:89:80:a0:5e:11:82:ee:ab:
56:ab:f1:5c:d2:27:43:ae:4b:83:65:28:f8:0e:de:8f:77:26:
c4:c7:6a:c9:2c:90:44:9f:5d:f0:c7:e4:28:c2:d0:c2:18:8e:
6e:0c:56:12:d7:e1:9a:56:18:b6:13:67:4b:4c:f3:67:98:11:
f1:2d:78:9d:83:61:13:69:49:e5:59:f2:ce:48:2a:8f:ea:05:
2e:14:3b:9b:56:55:14:6d:2b:18:55:9a:f2:4e:0a:83:77:6d:
ad:0d:73:a3:fc:0f:52:18:84:ae:9c:94:2e:65:58:8e:93:51:
e7:b7:af:12:26:48:57:7e:e9:df:d2:94:3a:e2:bc:c1:5b:c9:
cd:b6:fa:95:8d:b8:81:8d:03:c6:9c:b0:b9:d5:cf:97:d3:c2:
da:41:10:d4:86:b2:ea:69:65:d1:d7:9a:b0:df:5e:d3:cb:76:
6b:49:af:09:e5:e0:b1:f0:9e:7d:eb:0e:a8:fc:0f:7f:d2:dd:
ed:f8:a1:f5
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAZ5CZBk2CXe8PnrcWsYmNVrKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNWQ0YTMyOTcwMmUyYzk4MzFjZDM2MjYyYmJiN2ZhN2I5
N2RlMzcwHhcNMjYwNTE5MjIzODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGU0Y2I0YWRmNWJjNWVhZTM1NTBhZDc4YTZkNmQ4YTJmYjZhM2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFLWxMWsdgoF6t0YxVfnqo1XM73y
T73BX+HhiceExQKjrJPsjq9x2C58scuGT6UQHwKctlcF2MFttW9XG8gP5A6db24O
7cKhbEuELk3X7PTisLdZhAlyEEWQoiN+whNi7pfPcDVTk4WSTejJCFdJDsYR8BZ6
HQ9u04q99GwpoYRem7zmPOC+8RZfsUsncCP1V8Gfr9fa//w+iY2GVOs1sV7Qe+1C
VCIdoP0XH4k9su0A9y9yMSBG4ePZRjCEinUkmMY+W2DUaIGGpBs7c5uKfyfaNxI4
e1bJRHGQ20pqc/t+Hsg7NoTuA1tCC9e4mdnhFp5gg6aOo0kIAEesuyoJeQIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFPjky0rfW8Xq41UK14ptbYovtqPRMB8GA1UdIwQY
MBaAFDpdSjKXAuLJgxzTYmK7t/p7l943MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2wxS01wY0M0c21ESE5OaVlydTMtbnVYM2pjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS80YmQ2NjEtOWIwYy00NTYwLWIxZDEt
MmNlYThlMTUzNjMyLzEvMS1PVExTdDlieGVyalZRclhpbTF0aWktMm85RS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTkvNGJkNjYxLTliMGMtNDU2MC1iMWQxLTJjZWE4ZTE1MzYz
Mi8xL09sMUtNcGNDNHNtREhOTmlZcnUzLW51WDNqYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBPBggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNgMEAyVNUAME
AUpx7AMEBFWV4AMEAWePsgMEAaxgJgMEAcDGuAMEAMP2wgMEAcckZgMEBNi04DAN
BgkqhkiG9w0BAQsFAAOCAQEAGtT6omE3ApIWuMDmO9ZJCMCJghKE56t5wPDBr3Lr
u6MvTL4KccEsn487fZiX6N1G+ZTEMfu6dQw050GefBL8iYmAoF4Rgu6rVqvxXNIn
Q65Lg2Uo+A7ej3cmxMdqySyQRJ9d8MfkKMLQwhiObgxWEtfhmlYYthNnS0zzZ5gR
8S14nYNhE2lJ5Vnyzkgqj+oFLhQ7m1ZVFG0rGFWa8k4Kg3dtrQ1zo/wPUhiErpyU
LmVYjpNR57evEiZIV37p39KUOuK8wVvJzbb6lY24gY0DxpywudXPl9PC2kEQ1Iay
6mll0deasN9e08t2a0mvCeXgsfCefesOqPwPf9Ld7fih9Q==
-----END CERTIFICATE-----
Generated at Tue Jun 2 21:39:26 2026 by rpki-client