Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/TUeOCNWhVd8O5zPa3qd_BHP7vqA.roa
File: TUeOCNWhVd8O5zPa3qd_BHP7vqA.roa (raw, json)
Hash identifier: MnI1DWmQOBu59gydi5H0d6hzuefnDZXVAyw8JZRJmJo=
Subject key identifier: 4D:47:8E:08:D5:A1:55:DF:0E:E7:33:DA:DE:A7:7F:04:73:FB:BE:A0
Certificate issuer: /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial: 019E937972DABD3E9D3681CFD4FAD4D7E77D
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/TUeOCNWhVd8O5zPa3qd_BHP7vqA.roa
Signing time: Thu 04 Jun 2026 16:31:10 +0000
ROA not before: Thu 04 Jun 2026 16:31:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 8772
IP address blocks: 95.164.15.0/24 maxlen: 24
95.164.40.0/22 maxlen: 22
95.164.47.0/24 maxlen: 24
95.164.49.0/24 maxlen: 24
95.164.50.0/24 maxlen: 24
95.164.56.0/22 maxlen: 22
95.164.56.0/24 maxlen: 24
95.164.61.0/24 maxlen: 24
95.164.76.0/24 maxlen: 24
95.164.80.0/22 maxlen: 22
95.164.115.0/24 maxlen: 24
95.164.120.0/24 maxlen: 24
95.164.121.0/24 maxlen: 24
95.164.170.0/23 maxlen: 23
95.164.172.0/22 maxlen: 22
95.164.248.0/24 maxlen: 24
95.164.249.0/24 maxlen: 24
95.164.251.0/24 maxlen: 24
185.234.254.0/24 maxlen: 24
2a10:eb80::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Jun 2026 01:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:93:79:72:da:bd:3e:9d:36:81:cf:d4:fa:d4:d7:e7:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
Validity
Not Before: Jun 4 16:31:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4d478e08d5a155df0ee733dadea77f0473fbbea0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:47:b1:04:98:86:7a:01:91:59:73:72:4a:80:
6d:f6:15:da:d8:93:67:9e:7d:a4:19:e4:26:10:33:
5b:52:83:39:83:cb:6f:c5:de:2d:67:80:08:a7:19:
15:97:84:46:d8:68:b6:65:52:00:46:9e:6d:29:43:
0c:b3:d8:3a:c9:a0:50:17:89:62:aa:c5:3f:39:36:
d0:4e:ce:e2:7c:48:30:e3:80:c2:6b:2a:9a:38:6e:
62:bd:dc:0f:41:c3:d9:66:5c:4e:50:7c:04:e9:6e:
c4:60:32:4b:5f:1b:c3:e5:05:6c:61:8c:74:64:2c:
82:4b:6a:01:8d:08:a1:76:f6:48:9d:66:01:90:03:
c5:46:70:1d:f7:f8:56:e4:e3:01:17:2b:0e:86:42:
6e:e2:c1:44:d4:6f:bf:96:ed:cc:e4:c4:f1:ac:35:
8f:16:7e:c7:65:62:32:61:62:df:e1:a1:cc:ee:37:
98:29:92:ef:a9:2b:c7:cb:51:07:80:af:08:ee:19:
79:c7:7c:92:9d:66:aa:52:6b:c0:19:ed:2a:c0:cd:
fc:99:01:e8:f5:53:42:7c:1b:3b:ef:d0:25:12:1f:
63:2d:11:f4:27:46:e7:b0:2b:94:62:c5:bf:4f:8f:
a7:5f:99:26:f6:0d:c7:67:6d:04:86:aa:d3:34:2f:
d9:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:47:8E:08:D5:A1:55:DF:0E:E7:33:DA:DE:A7:7F:04:73:FB:BE:A0
X509v3 Authority Key Identifier:
keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/TUeOCNWhVd8O5zPa3qd_BHP7vqA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.164.15.0/24
95.164.40.0/22
95.164.47.0/24
95.164.49.0-95.164.50.255
95.164.56.0/22
95.164.61.0/24
95.164.76.0/24
95.164.80.0/22
95.164.115.0/24
95.164.120.0/23
95.164.170.0-95.164.175.255
95.164.248.0/23
95.164.251.0/24
185.234.254.0/24
IPv6:
2a10:eb80::/29
Signature Algorithm: sha256WithRSAEncryption
a0:9f:e4:a8:ef:e7:0d:f9:0b:b2:c5:a6:09:e8:20:70:5d:c9:
3e:61:df:5b:ed:4b:53:09:97:fe:b6:b0:b8:87:1c:7d:b1:bb:
b9:44:1a:bc:f0:0b:95:61:11:81:a0:a8:1d:38:b9:2b:d7:72:
2d:ce:41:51:47:a5:08:93:f5:f8:97:1e:7e:bc:84:e8:95:a0:
d7:dd:a5:7c:3c:2d:09:bb:72:71:c0:d6:9e:f5:5f:f4:19:1f:
23:54:e4:b0:8c:03:bc:b0:3a:e8:99:65:f7:fb:49:08:61:6e:
28:f3:34:1a:09:6e:08:f7:fa:12:c7:bd:58:a6:02:d9:2b:7b:
e6:71:76:99:56:96:6e:fc:fd:be:93:0b:9e:17:68:b4:4c:65:
b4:67:ee:78:e2:6f:cd:13:94:bd:61:7a:78:ed:76:c5:f3:4a:
f3:7e:8a:4b:91:ac:8c:9b:7f:1f:6e:21:1c:e2:59:ea:08:ee:
fa:10:ff:48:31:dc:80:d6:0a:c5:07:de:ca:0c:73:ba:e5:b9:
c5:4f:6f:88:20:a7:5b:28:6f:33:6f:96:29:a8:43:c9:a3:bb:
0e:da:19:02:ce:04:b6:eb:55:0f:5d:c5:93:d5:f5:f4:19:8b:
98:92:d3:84:d6:b4:b3:ac:bb:20:86:4a:d5:e4:42:6f:c4:47:
03:77:63:c2
-----BEGIN CERTIFICATE-----
MIIFazCCBFOgAwIBAgISAZ6TeXLavT6dNoHP1PrU1+d9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjYwNjA0MTYzMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDQ3OGUwOGQ1YTE1NWRmMGVlNzMzZGFkZWE3N2YwNDczZmJiZWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UexBJiGegGRWXNySoBt9hXa2JNn
nn2kGeQmEDNbUoM5g8tvxd4tZ4AIpxkVl4RG2Gi2ZVIARp5tKUMMs9g6yaBQF4li
qsU/OTbQTs7ifEgw44DCayqaOG5ivdwPQcPZZlxOUHwE6W7EYDJLXxvD5QVsYYx0
ZCyCS2oBjQihdvZInWYBkAPFRnAd9/hW5OMBFysOhkJu4sFE1G+/lu3M5MTxrDWP
Fn7HZWIyYWLf4aHM7jeYKZLvqSvHy1EHgK8I7hl5x3ySnWaqUmvAGe0qwM38mQHo
9VNCfBs779AlEh9jLRH0J0bnsCuUYsW/T4+nX5km9g3HZ20EhqrTNC/ZOQIDAQAB
o4ICdzCCAnMwHQYDVR0OBBYEFE1HjgjVoVXfDucz2t6nfwRz+76gMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvVFVlT0NOV2hWZDhPNXpQYTNxZF9CSFA3dnFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGMBggrBgEFBQcBBwEB/wR9MHswagQCAAEwZAMEAF+kDwME
Al+kKAMEAF+kLzAMAwQAX6QxAwQAX6QyAwQCX6Q4AwQAX6Q9AwQAX6RMAwQCX6RQ
AwQAX6RzAwQBX6R4MAwDBAFfpKoDBARfpKADBAFfpPgDBABfpPsDBAC56v4wDQQC
AAIwBwMFAyoQ64AwDQYJKoZIhvcNAQELBQADggEBAKCf5Kjv5w35C7LFpgnoIHBd
yT5h31vtS1MJl/62sLiHHH2xu7lEGrzwC5VhEYGgqB04uSvXci3OQVFHpQiT9fiX
Hn68hOiVoNfdpXw8LQm7cnHA1p71X/QZHyNU5LCMA7ywOuiZZff7SQhhbijzNBoJ
bgj3+hLHvVimAtkre+ZxdplWlm78/b6TC54XaLRMZbRn7njib80TlL1henjtdsXz
SvN+ikuRrIybfx9uIRziWeoI7voQ/0gx3IDWCsUH3soMc7rlucVPb4ggp1sobzNv
limoQ8mjuw7aGQLOBLbrVQ9dxZPV9fQZi5iS04TWtLOsuyCGStXkQm/ERwN3Y8I=
-----END CERTIFICATE-----
Generated at Sat Jun 6 08:41:18 2026 by rpki-client