Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/PS9MTZzdBifx0im1Vrq3VgjsS5s.roa
File: PS9MTZzdBifx0im1Vrq3VgjsS5s.roa (raw, json)
Hash identifier: 0ux5UJNrhxWM198AZ/GNCpoKgSg8gWm9eiQUOhAki7I=
Subject key identifier: 3D:2F:4C:4D:9C:DD:06:27:F1:D2:29:B5:56:BA:B7:56:08:EC:4B:9B
Certificate issuer: /CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Certificate serial: 019CE161D52C4DE0E53D1A70557693D2EFA4
Authority key identifier: C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/PS9MTZzdBifx0im1Vrq3VgjsS5s.roa
Signing time: Thu 12 Mar 2026 09:30:11 +0000
ROA not before: Thu 12 Mar 2026 09:30:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 141738
IP address blocks: 95.155.168.0/24 maxlen: 24
95.155.169.0/24 maxlen: 24
95.155.170.0/24 maxlen: 24
95.155.171.0/24 maxlen: 24
95.155.172.0/24 maxlen: 24
95.155.173.0/24 maxlen: 24
95.155.174.0/24 maxlen: 24
95.155.175.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 14 Mar 2026 21:00:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:e1:61:d5:2c:4d:e0:e5:3d:1a:70:55:76:93:d2:ef:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Validity
Not Before: Mar 12 09:30:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3d2f4c4d9cdd0627f1d229b556bab75608ec4b9b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:2c:98:41:b7:72:13:d3:4a:6d:ed:46:fc:8c:
b2:d8:88:3c:85:ee:19:49:0e:a6:7f:4d:a3:2d:b1:
b8:58:83:23:07:7e:b1:8c:f5:f4:ab:03:dc:89:4c:
ca:1f:ea:88:2a:f5:c0:da:bd:f6:c2:f4:63:d9:70:
f0:ac:8b:af:00:c0:9f:71:de:ca:a1:7c:58:ad:13:
3e:d6:92:0b:eb:79:cf:f2:b5:a1:66:1f:63:b8:94:
02:18:ec:5b:6f:70:b1:2c:4a:84:36:d6:05:84:b5:
17:5a:62:b9:db:43:23:3e:56:43:60:89:c8:86:9c:
84:36:de:2e:6c:30:c5:7f:4d:00:af:b5:40:0f:64:
6f:6d:35:b6:be:00:83:fa:59:f5:11:a0:61:ed:3d:
86:eb:9b:e6:ad:c4:83:38:54:e5:40:4a:2c:23:d3:
47:e7:ac:42:74:5d:97:a0:6a:59:0d:9a:f4:3f:2c:
72:ff:90:90:50:66:b1:82:5f:cc:45:03:ec:fd:52:
dc:08:8c:e1:2c:b9:a2:a2:a1:8f:7f:c8:e6:1e:a4:
3d:87:52:20:75:92:1b:f5:43:c1:a4:27:c7:e0:e7:
d7:1d:e7:11:ab:6d:db:29:f3:66:44:d4:39:e7:42:
64:1a:a8:63:4c:ea:d3:9a:68:12:f6:00:68:9d:e7:
72:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:2F:4C:4D:9C:DD:06:27:F1:D2:29:B5:56:BA:B7:56:08:EC:4B:9B
X509v3 Authority Key Identifier:
keyid:C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/PS9MTZzdBifx0im1Vrq3VgjsS5s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.155.168.0/21
Signature Algorithm: sha256WithRSAEncryption
22:1e:96:2b:3c:43:62:51:a0:b6:02:d7:14:3d:71:97:a1:7f:
86:b1:e2:2b:4a:6c:2e:55:b4:27:68:24:6b:bc:4e:00:0d:47:
2f:81:a5:b3:b5:9d:9f:6c:dc:40:56:da:4f:82:e3:9e:ff:5a:
6f:b1:8a:a1:e2:33:d4:dc:10:6a:40:16:9c:27:89:e9:32:0b:
7e:de:9a:09:04:5f:c5:fe:6a:ce:2f:29:1e:4e:c0:01:15:b1:
ad:71:2f:be:cb:ee:ec:bf:79:08:00:2c:23:aa:2f:c6:2c:c7:
42:dd:5d:cd:0c:b5:de:c4:b5:a7:ac:59:a7:ed:0d:ad:f7:98:
3f:9a:ae:fb:b4:5f:f5:2f:ae:ea:41:92:3d:c0:ec:14:59:80:
dd:87:37:cb:e8:7b:27:28:e3:69:05:e8:fa:49:57:5b:82:3a:
a2:31:af:44:9f:8b:6d:f1:a3:6c:2f:86:21:ea:25:28:de:07:
7c:bf:e6:b1:b2:a8:8c:b6:0b:59:73:be:2b:7f:2b:ed:b2:fe:
b5:1d:c6:84:c6:6e:a0:31:8f:a4:72:b4:04:57:cd:45:4a:58:
df:4e:a9:ef:bd:cd:a8:6c:bd:c8:31:7f:3f:f5:f0:4d:c7:82:
d7:8e:2b:e4:83:a6:7e:2f:f6:ef:7d:da:c2:93:67:77:34:6c:
d6:28:6f:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzhYdUsTeDlPRpwVXaT0u+kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTI0OWEwZWFjZDhhYmNiZWEwZDgyZWY3MTAxNmQzODZl
OGVmOTQwHhcNMjYwMzEyMDkzMDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDJmNGM0ZDljZGQwNjI3ZjFkMjI5YjU1NmJhYjc1NjA4ZWM0YjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2yyYQbdyE9NKbe1G/Iyy2Ig8he4Z
SQ6mf02jLbG4WIMjB36xjPX0qwPciUzKH+qIKvXA2r32wvRj2XDwrIuvAMCfcd7K
oXxYrRM+1pIL63nP8rWhZh9juJQCGOxbb3CxLEqENtYFhLUXWmK520MjPlZDYInI
hpyENt4ubDDFf00Ar7VAD2RvbTW2vgCD+ln1EaBh7T2G65vmrcSDOFTlQEosI9NH
56xCdF2XoGpZDZr0Pyxy/5CQUGaxgl/MRQPs/VLcCIzhLLmioqGPf8jmHqQ9h1Ig
dZIb9UPBpCfH4OfXHecRq23bKfNmRNQ550JkGqhjTOrTmmgS9gBonedyUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD0vTE2c3QYn8dIptVa6t1YI7EubMB8GA1UdIwQY
MBaAFMaiSaDqzYq8vqDYLvcQFtOG6O+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2Ut
MjEwNTdkMjI4ZDA1LzEvUFM5TVRaemRCaWZ4MGltMVZycTNWZ2pzUzVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2UtMjEwNTdkMjI4ZDA1
LzEveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDX5uoMA0G
CSqGSIb3DQEBCwUAA4IBAQAiHpYrPENiUaC2AtcUPXGXoX+GseIrSmwuVbQnaCRr
vE4ADUcvgaWztZ2fbNxAVtpPguOe/1pvsYqh4jPU3BBqQBacJ4npMgt+3poJBF/F
/mrOLykeTsABFbGtcS++y+7sv3kIACwjqi/GLMdC3V3NDLXexLWnrFmn7Q2t95g/
mq77tF/1L67qQZI9wOwUWYDdhzfL6HsnKONpBej6SVdbgjqiMa9En4tt8aNsL4Yh
6iUo3gd8v+axsqiMtgtZc74rfyvtsv61HcaExm6gMY+kcrQEV81FSljfTqnvvc2o
bL3IMX8/9fBNx4LXjivkg6Z+L/bvfdrCk2d3NGzWKG/8
-----END CERTIFICATE-----
Generated at Sat Mar 14 04:15:51 2026 by rpki-client