Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/cN9-QkcDeRmmddqpx80fjE4LD7s.roa
File: cN9-QkcDeRmmddqpx80fjE4LD7s.roa (raw, json)
Hash identifier: O0DZXiBII2s8che4/ZMrj0hj9juscGV08AllWCCgxdM=
Subject key identifier: 70:DF:7E:42:47:03:79:19:A6:75:DA:A9:C7:CD:1F:8C:4E:0B:0F:BB
Certificate issuer: /CN=4b98127943e7175734964010c89ef821416a31b3
Certificate serial: 019CDE0AB9F0B84340F201C3D17757C151D5
Authority key identifier: 4B:98:12:79:43:E7:17:57:34:96:40:10:C8:9E:F8:21:41:6A:31:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S5gSeUPnF1c0lkAQyJ74IUFqMbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/cN9-QkcDeRmmddqpx80fjE4LD7s.roa
Signing time: Wed 11 Mar 2026 17:56:10 +0000
ROA not before: Wed 11 Mar 2026 17:56:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 2856
IP address blocks: 31.90.0.0/15 maxlen: 15
31.92.0.0/15 maxlen: 15
31.94.0.0/16 maxlen: 16
31.96.0.0/16 maxlen: 16
31.100.0.0/14 maxlen: 14
31.104.0.0/16 maxlen: 16
31.106.0.0/15 maxlen: 15
31.112.0.0/14 maxlen: 14
31.116.0.0/14 maxlen: 14
31.116.0.0/16 maxlen: 16
31.117.0.0/16 maxlen: 16
31.118.0.0/16 maxlen: 16
31.119.0.0/16 maxlen: 16
31.120.0.0/16 maxlen: 16
31.121.0.0/16 maxlen: 16
31.122.0.0/15 maxlen: 15
31.124.0.0/16 maxlen: 16
31.126.0.0/15 maxlen: 15
46.68.0.0/15 maxlen: 15
46.68.66.0/24 maxlen: 24
87.237.16.0/21 maxlen: 21
91.111.0.0/16 maxlen: 16
95.144.0.0/13 maxlen: 13
109.180.0.0/15 maxlen: 15
109.249.0.0/16 maxlen: 16
149.254.0.0/16 maxlen: 16
149.254.1.0/24 maxlen: 24
193.35.128.0/20 maxlen: 20
193.36.78.0/23 maxlen: 23
193.36.80.0/22 maxlen: 22
193.36.80.0/24 maxlen: 24
194.35.183.0/24 maxlen: 24
213.205.192.0/18 maxlen: 18
213.205.208.0/20 maxlen: 20
2a01:4c8::/29 maxlen: 29
2a01:4c8:f400::/48 maxlen: 48
2a01:4c8:f401::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/S5gSeUPnF1c0lkAQyJ74IUFqMbM.crl
rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/S5gSeUPnF1c0lkAQyJ74IUFqMbM.mft
rsync://rpki.ripe.net/repository/DEFAULT/S5gSeUPnF1c0lkAQyJ74IUFqMbM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 14 Mar 2026 00:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:de:0a:b9:f0:b8:43:40:f2:01:c3:d1:77:57:c1:51:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b98127943e7175734964010c89ef821416a31b3
Validity
Not Before: Mar 11 17:56:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=70df7e4247037919a675daa9c7cd1f8c4e0b0fbb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:2c:57:d4:0a:cd:aa:81:0c:07:00:82:81:0a:
f4:b0:31:cb:1c:db:fe:86:82:2e:af:21:2f:2b:52:
ef:2b:3a:4c:c3:a1:59:5b:df:7a:6c:70:98:f4:31:
2c:b0:a0:c9:fa:e8:1e:a2:e4:f6:cd:4d:fb:91:b1:
1b:34:71:98:f1:b5:e6:23:a8:73:44:ce:63:45:39:
cb:18:b2:e9:3d:67:f7:47:32:00:e1:ce:e4:f6:1d:
ae:b8:5a:29:fc:26:b7:cb:91:a7:2a:46:66:86:65:
e8:73:92:7b:65:bf:14:43:6e:24:1a:20:2c:fe:1c:
f9:74:f6:bf:f2:e1:0f:34:5f:b2:41:dd:d4:17:5d:
0b:d6:c6:7f:a6:da:f6:42:d5:29:3e:27:48:9c:49:
cc:a0:ab:23:ee:2a:9e:34:d7:2f:7c:c9:02:32:10:
98:bd:bb:11:e9:fd:f1:42:b2:3e:92:ce:ba:49:67:
fb:e1:6a:1b:ce:19:bc:bb:ca:c1:c6:a7:7b:4a:83:
31:a7:7a:88:af:e5:2d:a0:6e:9d:e2:97:95:fe:19:
ee:57:2d:dd:e3:db:0c:b2:a1:b4:59:ef:15:ef:17:
9a:04:6b:6e:a1:0b:5b:38:fa:2e:aa:97:24:ae:75:
2e:63:d9:aa:6c:d9:1b:b7:ad:22:4b:4f:92:5d:be:
18:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:DF:7E:42:47:03:79:19:A6:75:DA:A9:C7:CD:1F:8C:4E:0B:0F:BB
X509v3 Authority Key Identifier:
keyid:4B:98:12:79:43:E7:17:57:34:96:40:10:C8:9E:F8:21:41:6A:31:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5gSeUPnF1c0lkAQyJ74IUFqMbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/cN9-QkcDeRmmddqpx80fjE4LD7s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/S5gSeUPnF1c0lkAQyJ74IUFqMbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.90.0.0-31.94.255.255
31.96.0.0/16
31.100.0.0-31.104.255.255
31.106.0.0/15
31.112.0.0-31.124.255.255
31.126.0.0/15
46.68.0.0/15
87.237.16.0/21
91.111.0.0/16
95.144.0.0/13
109.180.0.0/15
109.249.0.0/16
149.254.0.0/16
193.35.128.0/20
193.36.78.0-193.36.83.255
194.35.183.0/24
213.205.192.0/18
IPv6:
2a01:4c8::/29
Signature Algorithm: sha256WithRSAEncryption
b2:3c:9a:62:a8:f6:38:8c:6e:18:0c:fb:ea:32:75:d8:23:73:
99:5a:f7:81:ca:b2:a7:76:ce:a2:28:fc:0e:13:a5:4c:ee:7f:
2b:2f:77:78:10:7c:99:56:70:c1:5e:0c:00:8f:a9:c8:56:96:
f4:5b:79:86:8a:72:1a:94:e1:bd:56:40:50:bb:2c:1c:09:8e:
54:65:c9:d7:cb:44:69:d4:9d:9c:13:25:52:87:42:ef:02:74:
68:5e:4d:21:db:c2:94:0e:8a:fc:4d:b6:e1:bf:b9:dd:d0:fc:
6d:3b:9c:46:43:8f:6c:c8:d7:a0:c9:8b:d2:08:d8:d7:ca:e9:
29:b7:af:78:ab:cc:69:da:21:04:e7:66:b2:31:d6:2d:55:24:
5a:0a:d0:3f:29:2d:d5:5f:20:99:cc:86:b5:1b:c6:c4:a1:24:
0e:1f:77:04:f4:1d:05:46:d7:0e:f8:4a:56:ee:92:9e:28:29:
0c:f3:ba:2d:eb:e0:8e:83:f9:71:21:e1:55:d9:f1:db:5c:14:
61:72:a4:6c:22:61:21:6f:84:49:54:74:ec:bc:94:46:11:0f:
81:6a:08:72:ad:05:a6:21:7c:69:8b:9f:ce:68:11:03:8d:a0:
c9:e8:ef:c9:82:c0:87:b9:16:59:89:5c:f7:f0:91:8c:ed:cd:
d3:c3:8d:52
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgISAZzeCrnwuENA8gHD0XdXwVHVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTgxMjc5NDNlNzE3NTczNDk2NDAxMGM4OWVmODIxNDE2
YTMxYjMwHhcNMjYwMzExMTc1NjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGRmN2U0MjQ3MDM3OTE5YTY3NWRhYTljN2NkMWY4YzRlMGIwZmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCxX1ArNqoEMBwCCgQr0sDHLHNv+
hoIuryEvK1LvKzpMw6FZW996bHCY9DEssKDJ+ugeouT2zU37kbEbNHGY8bXmI6hz
RM5jRTnLGLLpPWf3RzIA4c7k9h2uuFop/Ca3y5GnKkZmhmXoc5J7Zb8UQ24kGiAs
/hz5dPa/8uEPNF+yQd3UF10L1sZ/ptr2QtUpPidInEnMoKsj7iqeNNcvfMkCMhCY
vbsR6f3xQrI+ks66SWf74Wobzhm8u8rBxqd7SoMxp3qIr+UtoG6d4peV/hnuVy3d
49sMsqG0We8V7xeaBGtuoQtbOPouqpckrnUuY9mqbNkbt60iS0+SXb4YTwIDAQAB
o4ICjDCCAogwHQYDVR0OBBYEFHDffkJHA3kZpnXaqcfNH4xOCw+7MB8GA1UdIwQY
MBaAFEuYEnlD5xdXNJZAEMie+CFBajGzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVnU2VVUG5GMWMwbGtBUXlKNzRJVUZxTWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9mMjBkZjMtMjc1My00MzUzLWE2Njgt
NjIxNzkyZjdlNTZhLzEvY045LVFrY0RlUm1tZGRxcHg4MGZqRTRMRDdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9mMjBkZjMtMjc1My00MzUzLWE2NjgtNjIxNzkyZjdlNTZh
LzEvUzVnU2VVUG5GMWMwbGtBUXlKNzRJVUZxTWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGhBggrBgEFBQcBBwEB/wSBkTCBjjB9BAIAATB3MAoDAwEf
WgMDAB9eAwMAH2AwCgMDAh9kAwMAH2gDAwEfajAKAwMEH3ADAwAffAMDAR9+AwMB
LkQDBANX7RADAwBbbwMDA1+QAwMBbbQDAwBt+QMDAJX+AwQEwSOAMAwDBAHBJE4D
BALBJFADBADCI7cDBAbVzcAwDQQCAAIwBwMFAyoBBMgwDQYJKoZIhvcNAQELBQAD
ggEBALI8mmKo9jiMbhgM++oyddgjc5la94HKsqd2zqIo/A4TpUzufysvd3gQfJlW
cMFeDACPqchWlvRbeYaKchqU4b1WQFC7LBwJjlRlydfLRGnUnZwTJVKHQu8CdGhe
TSHbwpQOivxNtuG/ud3Q/G07nEZDj2zI16DJi9II2NfK6Sm3r3irzGnaIQTnZrIx
1i1VJFoK0D8pLdVfIJnMhrUbxsShJA4fdwT0HQVG1w74Slbukp4oKQzzui3r4I6D
+XEh4VXZ8dtcFGFypGwiYSFvhElUdOy8lEYRD4FqCHKtBaYhfGmLn85oEQONoMno
78mCwIe5FlmJXPfwkYztzdPDjVI=
-----END CERTIFICATE-----
Generated at Fri Mar 13 09:53:05 2026 by rpki-client