Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/3DoTaNKP9DXg2EXbrrSz95vvqow.roa
File: 3DoTaNKP9DXg2EXbrrSz95vvqow.roa (raw, json)
Hash identifier: 5EzHlmRsOh42vC+7cQ4USrqwxdSUXMIwztbgpIFyZjE=
Subject key identifier: DC:3A:13:68:D2:8F:F4:35:E0:D8:45:DB:AE:B4:B3:F7:9B:EF:AA:8C
Certificate issuer: /CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Certificate serial: 019F0FAF063B079890AF39A3B6B12D754668
Authority key identifier: C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/3DoTaNKP9DXg2EXbrrSz95vvqow.roa
Signing time: Sun 28 Jun 2026 19:22:36 +0000
ROA not before: Sun 28 Jun 2026 19:22:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 834
IP address blocks: 37.148.128.0/22 maxlen: 24
37.148.128.0/24 maxlen: 24
37.148.129.0/24 maxlen: 24
37.148.130.0/24 maxlen: 24
37.148.131.0/24 maxlen: 24
45.157.158.0/23 maxlen: 24
93.88.153.0/24 maxlen: 24
93.88.154.0/24 maxlen: 24
93.88.157.0/24 maxlen: 24
93.88.158.0/24 maxlen: 24
95.155.128.0/23 maxlen: 24
95.155.128.0/24 maxlen: 24
95.155.129.0/24 maxlen: 24
95.155.131.0/24 maxlen: 24
95.155.133.0/24 maxlen: 24
95.155.134.0/24 maxlen: 24
95.155.136.0/24 maxlen: 24
95.155.137.0/24 maxlen: 24
95.155.139.0/24 maxlen: 24
95.155.140.0/24 maxlen: 24
95.155.145.0/24 maxlen: 24
95.155.146.0/23 maxlen: 24
95.155.146.0/24 maxlen: 24
95.155.147.0/24 maxlen: 24
95.155.148.0/23 maxlen: 24
95.155.149.0/24 maxlen: 24
95.155.152.0/22 maxlen: 24
95.155.152.0/24 maxlen: 24
95.155.153.0/24 maxlen: 24
95.155.156.0/24 maxlen: 24
95.155.160.0/20 maxlen: 24
95.155.176.0/21 maxlen: 24
152.89.84.0/24 maxlen: 24
152.89.87.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 30 Jun 2026 02:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9f:0f:af:06:3b:07:98:90:af:39:a3:b6:b1:2d:75:46:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Validity
Not Before: Jun 28 19:22:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=dc3a1368d28ff435e0d845dbaeb4b3f79befaa8c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:dc:f9:66:db:70:a3:a4:8d:e3:74:22:87:5a:
52:a5:da:7a:6c:08:b8:8d:4e:89:c3:71:56:2b:7d:
46:d5:a1:b9:31:28:5b:88:c1:de:e1:11:26:41:a8:
3f:cc:8a:82:01:75:7d:43:9a:9b:cc:7e:31:1c:d9:
55:4a:5a:26:7f:37:b9:cb:46:89:08:f4:7e:cd:4f:
74:62:51:4b:64:a3:39:fd:db:c8:b6:76:6a:10:a5:
88:09:98:b4:00:29:52:6e:82:ae:b5:4b:bc:45:8e:
d2:24:b8:7a:1e:b8:e9:b2:59:87:ae:07:40:09:26:
2d:79:f8:f0:51:87:6f:5f:8b:6d:c7:fc:7a:3b:3d:
f6:32:f6:52:1e:e4:a4:bc:10:58:94:60:d1:58:43:
ab:dd:76:fd:b9:4a:0b:b5:71:01:ec:9c:37:98:a7:
c0:33:58:86:73:bf:4b:82:6e:39:08:53:da:16:2c:
9d:6e:24:4c:a9:7b:90:be:f9:00:f6:71:f6:80:0e:
71:e5:fc:c7:54:25:8f:23:1b:18:2e:a5:97:05:fc:
e5:31:7b:05:68:d6:c9:cb:91:fe:21:7c:0b:60:c0:
ce:b5:bb:9b:aa:88:c1:92:37:7d:2c:bf:2c:09:35:
13:ab:a1:de:61:45:e1:cf:4c:17:af:44:c9:19:0f:
95:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:3A:13:68:D2:8F:F4:35:E0:D8:45:DB:AE:B4:B3:F7:9B:EF:AA:8C
X509v3 Authority Key Identifier:
keyid:C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/3DoTaNKP9DXg2EXbrrSz95vvqow.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.148.128.0/22
45.157.158.0/23
93.88.153.0-93.88.154.255
93.88.157.0-93.88.158.255
95.155.128.0/23
95.155.131.0/24
95.155.133.0-95.155.134.255
95.155.136.0/23
95.155.139.0-95.155.140.255
95.155.145.0-95.155.149.255
95.155.152.0-95.155.156.255
95.155.160.0-95.155.183.255
152.89.84.0/24
152.89.87.0/24
Signature Algorithm: sha256WithRSAEncryption
48:e5:32:e5:35:68:94:92:c9:d1:6b:f6:98:2e:03:4f:f7:85:
c2:38:e2:35:d6:89:73:1e:d7:21:cc:12:e2:d1:6e:ad:3d:fb:
47:dc:9b:d6:fd:50:a4:7e:13:0e:8d:d2:cd:c1:3d:8d:99:54:
10:06:68:66:b5:a1:bd:e7:2c:4f:a6:5e:ee:f1:26:f0:63:b8:
a2:71:2c:d1:c5:8c:c4:f9:30:ed:e9:7d:c7:b9:aa:66:2b:24:
f8:49:56:c4:04:a2:a8:a6:6e:77:17:ae:58:d9:cf:e5:db:b3:
c1:ea:45:62:0c:eb:57:02:5d:87:87:c1:ea:f9:5a:62:09:6d:
0e:8b:fd:a2:02:11:e6:aa:ea:77:36:58:f4:80:3a:d0:ed:01:
ea:49:65:8d:83:bf:3e:00:2c:ce:b7:2d:f5:5a:32:11:b1:c9:
83:d0:74:de:bc:55:29:34:e0:b6:be:a3:67:62:db:62:0d:28:
37:e8:91:75:51:47:9b:eb:96:1d:c2:67:81:58:4a:fc:b2:5d:
e8:3e:c5:ed:d4:ae:15:99:bd:67:02:95:3b:5e:44:09:65:73:
f3:7c:b7:d4:2c:8a:e6:0d:6f:7f:5f:9c:33:51:30:3a:7c:5c:
e6:77:79:0d:29:38:f5:4a:2e:fa:b5:cb:40:06:b3:6f:d9:8b:
42:b5:5e:0f
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAZ8PrwY7B5iQrzmjtrEtdUZoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTI0OWEwZWFjZDhhYmNiZWEwZDgyZWY3MTAxNmQzODZl
OGVmOTQwHhcNMjYwNjI4MTkyMjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzNhMTM2OGQyOGZmNDM1ZTBkODQ1ZGJhZWI0YjNmNzliZWZhYThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudz5Zttwo6SN43Qih1pSpdp6bAi4
jU6Jw3FWK31G1aG5MShbiMHe4REmQag/zIqCAXV9Q5qbzH4xHNlVSlomfze5y0aJ
CPR+zU90YlFLZKM5/dvItnZqEKWICZi0AClSboKutUu8RY7SJLh6HrjpslmHrgdA
CSYtefjwUYdvX4ttx/x6Oz32MvZSHuSkvBBYlGDRWEOr3Xb9uUoLtXEB7Jw3mKfA
M1iGc79Lgm45CFPaFiydbiRMqXuQvvkA9nH2gA5x5fzHVCWPIxsYLqWXBfzlMXsF
aNbJy5H+IXwLYMDOtbubqojBkjd9LL8sCTUTq6HeYUXhz0wXr0TJGQ+VtwIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFNw6E2jSj/Q14NhF2660s/eb76qMMB8GA1UdIwQY
MBaAFMaiSaDqzYq8vqDYLvcQFtOG6O+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2Ut
MjEwNTdkMjI4ZDA1LzEvM0RvVGFOS1A5RFhnMkVYYnJyU3o5NXZ2cW93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2UtMjEwNTdkMjI4ZDA1
LzEveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGpBggrBgEFBQcBBwEB/wSBmTCBljCBkwQCAAEwgYwDBAIl
lIADBAEtnZ4wDAMEAF1YmQMEAF1YmjAMAwQAXVidAwQAXVieAwQBX5uAAwQAX5uD
MAwDBABfm4UDBABfm4YDBAFfm4gwDAMEAF+biwMEAF+bjDAMAwQAX5uRAwQBX5uU
MAwDBANfm5gDBABfm5wwDAMEBV+boAMEA1+bsAMEAJhZVAMEAJhZVzANBgkqhkiG
9w0BAQsFAAOCAQEASOUy5TVolJLJ0Wv2mC4DT/eFwjjiNdaJcx7XIcwS4tFurT37
R9yb1v1QpH4TDo3SzcE9jZlUEAZoZrWhvecsT6Ze7vEm8GO4onEs0cWMxPkw7el9
x7mqZisk+ElWxASiqKZudxeuWNnP5duzwepFYgzrVwJdh4fB6vlaYgltDov9ogIR
5qrqdzZY9IA60O0B6klljYO/PgAszrct9VoyEbHJg9B03rxVKTTgtr6jZ2LbYg0o
N+iRdVFHm+uWHcJngVhK/LJd6D7F7dSuFZm9ZwKVO15ECWVz83y31CyK5g1vf1+c
M1EwOnxc5nd5DSk49Uou+rXLQAazb9mLQrVeDw==
-----END CERTIFICATE-----
Generated at Mon Jun 29 09:59:51 2026 by rpki-client