Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/T9bowjYXEErwoaVYRV05cPhQNYY.roa
File: T9bowjYXEErwoaVYRV05cPhQNYY.roa (raw, json)
Hash identifier: K7Owe1SM069q+ebSYvPGJjD8paXxVB14K/5eVIO60Es=
Subject key identifier: 4F:D6:E8:C2:36:17:10:4A:F0:A1:A5:58:45:5D:39:70:F8:50:35:86
Certificate issuer: /CN=3a5d4a329702e2c9831cd36262bbb7fa7b97de37
Certificate serial: 019CC1292D547883966946BB19BC4D121D67
Authority key identifier: 3A:5D:4A:32:97:02:E2:C9:83:1C:D3:62:62:BB:B7:FA:7B:97:DE:37
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ol1KMpcC4smDHNNiYru3-nuX3jc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/T9bowjYXEErwoaVYRV05cPhQNYY.roa
Signing time: Fri 06 Mar 2026 03:20:27 +0000
ROA not before: Fri 06 Mar 2026 03:20:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 50183
IP address blocks: 94.154.178.0/24 maxlen: 24
103.143.178.0/23 maxlen: 24
172.96.38.0/23 maxlen: 24
192.198.184.0/23 maxlen: 24
193.148.95.0/24 maxlen: 24
195.246.194.0/24 maxlen: 24
198.13.22.0/23 maxlen: 24
199.36.102.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/Ol1KMpcC4smDHNNiYru3-nuX3jc.crl
rsync://rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/Ol1KMpcC4smDHNNiYru3-nuX3jc.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ol1KMpcC4smDHNNiYru3-nuX3jc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Mar 2026 12:01:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:c1:29:2d:54:78:83:96:69:46:bb:19:bc:4d:12:1d:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3a5d4a329702e2c9831cd36262bbb7fa7b97de37
Validity
Not Before: Mar 6 03:20:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4fd6e8c23617104af0a1a558455d3970f8503586
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:89:34:6d:23:92:40:1c:1a:e3:94:90:f2:b9:
ff:1a:6b:79:8e:39:60:d0:bf:07:eb:8b:f1:92:2d:
6a:1b:d9:40:8a:bd:f7:1f:3d:5f:b5:b3:69:07:5d:
d1:08:e5:11:ea:36:94:c9:f1:8f:33:80:56:a5:bd:
f5:c9:87:5d:de:92:b0:4e:36:aa:12:86:06:e5:0e:
e0:e8:fd:95:92:f8:e8:b3:f1:77:ed:57:1a:36:79:
6d:b6:b8:b9:24:87:5a:5c:e7:5b:99:46:90:07:17:
3c:65:6a:8a:c6:b2:e7:75:0e:ef:e2:d3:a1:0f:23:
cb:ef:b5:fe:13:b1:e8:20:e2:15:c5:60:9f:5e:07:
73:b7:0e:2d:60:72:1d:4f:1d:de:c3:4e:9b:2e:3f:
9b:72:55:2d:8c:0b:eb:78:95:59:65:6f:34:da:2d:
9f:63:f5:bd:96:02:f9:86:70:a2:e1:fe:59:fc:c5:
72:b5:93:04:42:a8:2e:2a:80:2a:20:a3:2d:30:59:
f1:08:4b:7e:0c:28:a0:a2:f5:19:13:31:75:26:c4:
f0:74:99:6b:f6:5a:52:09:7a:71:b2:2b:31:41:74:
bc:c9:a0:81:86:bf:4f:0a:06:4a:1e:38:e3:10:af:
3b:60:bb:f5:41:e7:57:26:96:40:de:4e:9e:5a:b4:
60:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:D6:E8:C2:36:17:10:4A:F0:A1:A5:58:45:5D:39:70:F8:50:35:86
X509v3 Authority Key Identifier:
keyid:3A:5D:4A:32:97:02:E2:C9:83:1C:D3:62:62:BB:B7:FA:7B:97:DE:37
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ol1KMpcC4smDHNNiYru3-nuX3jc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/T9bowjYXEErwoaVYRV05cPhQNYY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/Ol1KMpcC4smDHNNiYru3-nuX3jc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.154.178.0/24
103.143.178.0/23
172.96.38.0/23
192.198.184.0/23
193.148.95.0/24
195.246.194.0/24
198.13.22.0/23
199.36.102.0/23
Signature Algorithm: sha256WithRSAEncryption
3a:ed:3b:64:f2:e6:f5:09:b8:fa:b3:7a:62:53:3f:33:40:ac:
2f:f6:9e:10:43:b5:08:52:fe:56:ae:a8:47:ad:31:b2:3d:c3:
98:63:dd:ae:e0:ad:1d:14:28:a7:0f:ed:a7:13:9d:d3:b5:4a:
ac:fc:72:08:ff:af:5d:d7:59:16:54:10:a2:78:e2:7d:b5:fa:
ff:22:14:27:30:69:be:f1:21:1e:19:1d:f0:37:6d:95:cc:bb:
49:c0:be:91:a4:f8:62:81:b6:67:51:13:ea:55:ba:e0:19:73:
9b:19:f3:56:87:e1:86:b2:11:f3:b5:b8:b8:81:89:46:3a:67:
d5:f7:41:dc:cd:ac:26:e5:c5:63:8b:59:49:5e:33:c6:d0:10:
71:6b:c0:64:af:7c:1a:6e:84:b5:4c:6a:24:6b:1f:74:99:48:
3c:6f:18:43:a9:dd:57:55:89:00:5b:fe:d4:56:f4:10:0a:d3:
48:a1:60:2a:ba:6e:40:d4:c0:75:06:f0:04:29:04:c2:08:69:
d0:2b:c9:5d:e8:e0:cd:67:b7:36:96:56:7c:7f:51:40:3b:32:
0a:57:29:2f:45:af:44:75:f2:8f:f2:c0:c5:12:0c:95:53:6e:
93:df:85:3f:d1:80:28:ea:b9:f0:5c:85:ac:ac:48:5c:14:bc:
2a:68:26:18
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZzBKS1UeIOWaUa7GbxNEh1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNWQ0YTMyOTcwMmUyYzk4MzFjZDM2MjYyYmJiN2ZhN2I5
N2RlMzcwHhcNMjYwMzA2MDMyMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmQ2ZThjMjM2MTcxMDRhZjBhMWE1NTg0NTVkMzk3MGY4NTAzNTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIk0bSOSQBwa45SQ8rn/Gmt5jjlg
0L8H64vxki1qG9lAir33Hz1ftbNpB13RCOUR6jaUyfGPM4BWpb31yYdd3pKwTjaq
EoYG5Q7g6P2Vkvjos/F37VcaNnlttri5JIdaXOdbmUaQBxc8ZWqKxrLndQ7v4tOh
DyPL77X+E7HoIOIVxWCfXgdztw4tYHIdTx3ew06bLj+bclUtjAvreJVZZW802i2f
Y/W9lgL5hnCi4f5Z/MVytZMEQqguKoAqIKMtMFnxCEt+DCigovUZEzF1JsTwdJlr
9lpSCXpxsisxQXS8yaCBhr9PCgZKHjjjEK87YLv1QedXJpZA3k6eWrRgTQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFE/W6MI2FxBK8KGlWEVdOXD4UDWGMB8GA1UdIwQY
MBaAFDpdSjKXAuLJgxzTYmK7t/p7l943MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2wxS01wY0M0c21ESE5OaVlydTMtbnVYM2pjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS80YmQ2NjEtOWIwYy00NTYwLWIxZDEt
MmNlYThlMTUzNjMyLzEvVDlib3dqWVhFRXJ3b2FWWVJWMDVjUGhRTllZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS80YmQ2NjEtOWIwYy00NTYwLWIxZDEtMmNlYThlMTUzNjMy
LzEvT2wxS01wY0M0c21ESE5OaVlydTMtbnVYM2pjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAXpqyAwQB
Z4+yAwQBrGAmAwQBwMa4AwQAwZRfAwQAw/bCAwQBxg0WAwQBxyRmMA0GCSqGSIb3
DQEBCwUAA4IBAQA67Ttk8ub1Cbj6s3piUz8zQKwv9p4QQ7UIUv5WrqhHrTGyPcOY
Y92u4K0dFCinD+2nE53TtUqs/HII/69d11kWVBCieOJ9tfr/IhQnMGm+8SEeGR3w
N22VzLtJwL6RpPhigbZnURPqVbrgGXObGfNWh+GGshHztbi4gYlGOmfV90Hczawm
5cVji1lJXjPG0BBxa8Bkr3waboS1TGokax90mUg8bxhDqd1XVYkAW/7UVvQQCtNI
oWAqum5A1MB1BvAEKQTCCGnQK8ld6ODNZ7c2llZ8f1FAOzIKVykvRa9EdfKP8sDF
EgyVU26T34U/0YAo6rnwXIWsrEhcFLwqaCYY
-----END CERTIFICATE-----
Generated at Fri Mar 6 22:48:56 2026 by rpki-client