Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/4gN6zBi78OBSrRzQCuH8bXeFoVI.roa
File: 4gN6zBi78OBSrRzQCuH8bXeFoVI.roa (raw, json)
Hash identifier: U9nKlZ5jvkxT1z9dBEzIRMaUeCcnxY8Qs0aa6wmXI+4=
Subject key identifier: E2:03:7A:CC:18:BB:F0:E0:52:AD:1C:D0:0A:E1:FC:6D:77:85:A1:52
Certificate issuer: /CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
Certificate serial: 019EEF694C3948CD5E0992E323889D727FC6
Authority key identifier: D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/4gN6zBi78OBSrRzQCuH8bXeFoVI.roa
Signing time: Mon 22 Jun 2026 12:58:35 +0000
ROA not before: Mon 22 Jun 2026 12:58:35 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 197961
IP address blocks: 89.46.144.0/21 maxlen: 21
103.203.84.0/24 maxlen: 24
155.133.111.0/24 maxlen: 24
2a10:f780:fffe::/48 maxlen: 48
2a10:f782::/48 maxlen: 56
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.mft
rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 01 Jul 2026 09:01:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:ef:69:4c:39:48:cd:5e:09:92:e3:23:88:9d:72:7f:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
Validity
Not Before: Jun 22 12:58:35 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=e2037acc18bbf0e052ad1cd00ae1fc6d7785a152
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:33:96:7f:a2:c8:cd:bc:d3:97:59:ce:d8:e7:
f6:2d:5d:e7:01:95:0e:cc:08:78:9f:c1:79:9f:c4:
f3:28:50:fb:bc:5e:31:95:d8:9f:96:bf:b0:4c:17:
ee:f2:aa:8e:29:a6:f7:7f:17:5b:23:b1:c9:04:e5:
59:07:5b:1f:e1:c1:16:9d:f0:cb:6a:1b:7d:93:3c:
1b:11:c8:18:a9:41:8a:a2:ec:39:29:3f:9c:83:06:
f1:a4:40:ac:88:ba:12:e7:a4:9d:56:e0:10:b8:26:
c1:cb:01:2d:d5:57:f7:ac:09:d1:ea:43:86:15:a6:
fb:54:ea:82:aa:5e:87:d5:81:a2:87:7d:a3:ed:6c:
7a:e0:80:8f:0e:bb:0a:39:8e:a2:e3:11:57:e6:9e:
e2:0d:d1:de:1b:a4:d5:c2:f0:b1:51:ac:75:b5:8c:
dc:f3:c4:d3:98:ee:28:b1:29:9f:4b:ba:1e:d6:8d:
cf:94:0a:81:25:ac:73:17:b8:c0:ad:83:5e:02:ff:
ef:ee:f0:94:b0:03:18:aa:6d:50:66:c3:3e:c0:ee:
7d:dd:5c:c7:c3:55:ad:d5:25:71:77:b9:fe:ab:b2:
86:61:cd:2c:ca:dc:e0:e6:63:b7:29:b2:5c:aa:bd:
88:27:97:1d:fc:13:0d:16:f0:12:6b:10:5d:6d:55:
34:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:03:7A:CC:18:BB:F0:E0:52:AD:1C:D0:0A:E1:FC:6D:77:85:A1:52
X509v3 Authority Key Identifier:
keyid:D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/4gN6zBi78OBSrRzQCuH8bXeFoVI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.144.0/21
103.203.84.0/24
155.133.111.0/24
IPv6:
2a10:f780:fffe::/48
2a10:f782::/48
Signature Algorithm: sha256WithRSAEncryption
13:d2:b4:d1:a0:f6:fd:aa:03:2b:98:2b:0e:eb:fb:ce:98:a8:
3e:13:6d:74:29:cc:d7:b0:f3:bd:1e:1e:47:e8:d5:04:f0:d5:
ff:40:97:7b:51:04:48:3d:c2:31:ac:37:89:cd:3d:7f:28:bc:
64:81:fb:e4:d1:47:4a:9d:91:95:0c:90:f4:73:0a:8a:de:7f:
2b:96:8d:06:62:53:e9:8b:03:ff:a3:74:fd:29:b8:40:90:90:
c7:7f:b8:76:86:ec:d8:94:b8:ad:a9:97:01:5d:01:b7:7f:eb:
fb:c3:86:e3:28:90:a5:fa:79:c4:e3:0f:5a:de:73:c8:da:58:
e7:bd:0f:b5:aa:44:d3:ba:8b:3b:49:ca:c1:0f:9c:af:f5:bd:
f6:a8:e2:ed:a3:c5:50:72:22:b5:d9:3f:3f:49:c9:5d:fd:f5:
de:71:ec:1c:c1:86:ba:75:88:84:9a:5c:6f:ee:ef:bd:08:d4:
b2:d4:71:f2:0b:22:dd:8b:cf:f2:e6:12:f1:fe:84:6b:3f:6b:
12:a3:ac:1d:f1:04:26:0e:0f:20:53:48:2c:9f:44:6d:85:5c:
ae:2a:89:dc:93:29:a4:51:bc:a2:17:63:dc:b1:6d:c5:6e:0f:
29:54:fe:b0:6d:33:b7:94:82:73:b6:5e:8f:5c:7f:b9:cc:68:
e8:98:64:27
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZ7vaUw5SM1eCZLjI4idcn/GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZDU2ZjA3YmUxODRjYmE1MmY2ZmRjMDQ5ZTgxMTRkMjYx
NmMzMmEwHhcNMjYwNjIyMTI1ODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjAzN2FjYzE4YmJmMGUwNTJhZDFjZDAwYWUxZmM2ZDc3ODVhMTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDOWf6LIzbzTl1nO2Of2LV3nAZUO
zAh4n8F5n8TzKFD7vF4xldiflr+wTBfu8qqOKab3fxdbI7HJBOVZB1sf4cEWnfDL
aht9kzwbEcgYqUGKouw5KT+cgwbxpECsiLoS56SdVuAQuCbBywEt1Vf3rAnR6kOG
Fab7VOqCql6H1YGih32j7Wx64ICPDrsKOY6i4xFX5p7iDdHeG6TVwvCxUax1tYzc
88TTmO4osSmfS7oe1o3PlAqBJaxzF7jArYNeAv/v7vCUsAMYqm1QZsM+wO593VzH
w1Wt1SVxd7n+q7KGYc0sytzg5mO3KbJcqr2IJ5cd/BMNFvASaxBdbVU0pQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFOIDeswYu/DgUq0c0Arh/G13haFSMB8GA1UdIwQY
MBaAFNPVbwe+GEy6Uvb9wEnoEU0mFsMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYt
MWIwNmQxYzcwNGMxLzEvNGdONnpCaTc4T0JTclJ6UUN1SDhiWGVGb1ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYtMWIwNmQxYzcwNGMx
LzEvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAYBAIAATASAwQDWS6QAwQA
Z8tUAwQAm4VvMBgEAgACMBIDBwAqEPeA//4DBwAqEPeCAAAwDQYJKoZIhvcNAQEL
BQADggEBABPStNGg9v2qAyuYKw7r+86YqD4TbXQpzNew870eHkfo1QTw1f9Al3tR
BEg9wjGsN4nNPX8ovGSB++TRR0qdkZUMkPRzCorefyuWjQZiU+mLA/+jdP0puECQ
kMd/uHaG7NiUuK2plwFdAbd/6/vDhuMokKX6ecTjD1rec8jaWOe9D7WqRNO6iztJ
ysEPnK/1vfao4u2jxVByIrXZPz9JyV399d5x7BzBhrp1iISaXG/u770I1LLUcfIL
It2Lz/LmEvH+hGs/axKjrB3xBCYODyBTSCyfRG2FXK4qidyTKaRRvKIXY9yxbcVu
DylU/rBtM7eUgnO2Xo9cf7nMaOiYZCc=
-----END CERTIFICATE-----
Generated at Tue Jun 30 19:26:50 2026 by rpki-client