Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/48ac2a-0a5e-40c4-b3d4-675dcb39e77a/1/iHf5pzR2G0Z6T_ZJi-EaUcBL-Pg.roa
File: iHf5pzR2G0Z6T_ZJi-EaUcBL-Pg.roa (raw, json)
Hash identifier: xmsgXuBrJTw5PmZn+vLgj/qAwG4jTdhGkBSvr8O5tbU=
Subject key identifier: 88:77:F9:A7:34:76:1B:46:7A:4F:F6:49:8B:E1:1A:51:C0:4B:F8:F8
Certificate issuer: /CN=505cec09bfd85db2762696345d68871d09d5e8bd
Certificate serial: 019D864AC4703365CA0FC533370AA7532F99
Authority key identifier: 50:5C:EC:09:BF:D8:5D:B2:76:26:96:34:5D:68:87:1D:09:D5:E8:BD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UFzsCb_YXbJ2JpY0XWiHHQnV6L0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/48ac2a-0a5e-40c4-b3d4-675dcb39e77a/1/iHf5pzR2G0Z6T_ZJi-EaUcBL-Pg.roa
Signing time: Mon 13 Apr 2026 10:02:20 +0000
ROA not before: Mon 13 Apr 2026 10:02:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43647
IP address blocks: 130.49.168.0/23 maxlen: 24
130.49.170.0/23 maxlen: 24
157.22.128.0/20 maxlen: 24
157.22.144.0/21 maxlen: 24
157.22.208.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/48ac2a-0a5e-40c4-b3d4-675dcb39e77a/1/UFzsCb_YXbJ2JpY0XWiHHQnV6L0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/48ac2a-0a5e-40c4-b3d4-675dcb39e77a/1/UFzsCb_YXbJ2JpY0XWiHHQnV6L0.mft
rsync://rpki.ripe.net/repository/DEFAULT/UFzsCb_YXbJ2JpY0XWiHHQnV6L0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 13:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:86:4a:c4:70:33:65:ca:0f:c5:33:37:0a:a7:53:2f:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=505cec09bfd85db2762696345d68871d09d5e8bd
Validity
Not Before: Apr 13 10:02:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8877f9a734761b467a4ff6498be11a51c04bf8f8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:4f:2b:17:2d:fc:50:05:10:bd:97:1c:f9:4c:
7a:9b:8c:d3:80:b4:e3:ab:b3:20:a1:7d:02:bd:72:
e9:ea:a0:26:46:02:ca:f4:48:fd:38:0f:3f:af:b2:
c1:93:de:72:ba:a3:f6:7f:c6:d3:de:1d:07:d8:d6:
5b:37:db:8a:41:a5:3d:4c:36:fd:c9:b1:73:a1:57:
d2:e8:99:2f:82:d7:5b:e3:70:b6:cf:96:c2:3d:0c:
1d:9d:e0:92:21:47:b3:8b:74:d0:62:bb:26:33:7e:
34:04:da:77:c1:7b:43:55:7d:e4:dc:ab:22:ac:58:
f2:28:bb:e5:29:9c:c3:dc:47:65:a1:66:13:37:74:
77:1a:7a:66:b2:35:b6:9b:c7:26:e0:47:be:4b:80:
c9:ae:ca:1d:8d:7d:f3:60:ec:e4:27:90:72:8c:70:
ac:f0:f8:52:a4:0a:37:ad:62:f8:02:2a:e5:ac:47:
a1:08:f1:d2:96:19:73:90:6e:4d:f6:4b:ca:3c:6d:
e2:31:20:4d:8d:3f:24:a6:94:c3:5f:95:ff:45:16:
c3:bf:c0:3e:d3:b8:08:fa:10:d2:3a:46:cc:00:fe:
46:34:de:7d:e1:a1:78:a9:65:94:73:1e:dc:ac:a8:
5f:1c:0c:9b:cd:e6:39:c0:a3:7f:c3:fe:6e:97:84:
09:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:77:F9:A7:34:76:1B:46:7A:4F:F6:49:8B:E1:1A:51:C0:4B:F8:F8
X509v3 Authority Key Identifier:
keyid:50:5C:EC:09:BF:D8:5D:B2:76:26:96:34:5D:68:87:1D:09:D5:E8:BD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFzsCb_YXbJ2JpY0XWiHHQnV6L0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/48ac2a-0a5e-40c4-b3d4-675dcb39e77a/1/iHf5pzR2G0Z6T_ZJi-EaUcBL-Pg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/48ac2a-0a5e-40c4-b3d4-675dcb39e77a/1/UFzsCb_YXbJ2JpY0XWiHHQnV6L0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
130.49.168.0/22
157.22.128.0-157.22.151.255
157.22.208.0/21
Signature Algorithm: sha256WithRSAEncryption
65:94:18:70:24:ea:3f:7e:5c:2b:78:cb:3c:8e:0e:f0:c3:f1:
82:1c:06:ab:1f:27:ba:7f:a9:8b:5c:8b:fc:e3:80:f5:77:56:
a3:f8:0e:6a:83:84:fb:fd:e8:17:05:29:04:1a:ea:3e:56:aa:
aa:0e:0e:76:c5:cc:ac:c7:11:67:37:12:bf:4f:88:91:e7:15:
48:76:f2:71:36:6d:0f:1c:3f:32:36:8d:21:a4:6c:20:51:6c:
ef:f3:8e:d7:36:7d:6d:01:58:ff:7d:e6:de:2d:02:29:24:9e:
6b:52:75:37:28:6f:08:1e:76:b7:1d:44:19:66:5e:7a:b8:63:
f5:e8:28:f1:e5:c2:f9:3a:cd:16:31:6b:6b:99:50:aa:74:74:
32:aa:bd:ef:ce:ab:3d:f5:34:e8:13:03:c5:80:cf:c7:79:9a:
a9:ec:bd:99:4a:12:ad:1b:c8:02:d3:95:0c:67:7b:e3:0f:0a:
bf:46:67:06:98:8f:99:fd:3a:bc:64:18:4f:0d:bf:d4:15:52:
68:3a:7d:ac:dc:23:7f:14:c0:dd:6a:1d:8a:cd:2f:60:29:08:
22:5a:89:8e:82:a9:54:71:6c:4d:80:07:96:9b:61:3f:ae:dc:
5a:fd:7c:36:6c:7a:e9:47:d7:5a:8c:c7:ba:be:52:ad:bc:ff:
27:0b:02:25
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZ2GSsRwM2XKD8UzNwqnUy+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNWNlYzA5YmZkODVkYjI3NjI2OTYzNDVkNjg4NzFkMDlk
NWU4YmQwHhcNMjYwNDEzMTAwMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODc3ZjlhNzM0NzYxYjQ2N2E0ZmY2NDk4YmUxMWE1MWMwNGJmOGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv08rFy38UAUQvZcc+Ux6m4zTgLTj
q7MgoX0CvXLp6qAmRgLK9Ej9OA8/r7LBk95yuqP2f8bT3h0H2NZbN9uKQaU9TDb9
ybFzoVfS6Jkvgtdb43C2z5bCPQwdneCSIUezi3TQYrsmM340BNp3wXtDVX3k3Ksi
rFjyKLvlKZzD3EdloWYTN3R3GnpmsjW2m8cm4Ee+S4DJrsodjX3zYOzkJ5ByjHCs
8PhSpAo3rWL4AirlrEehCPHSlhlzkG5N9kvKPG3iMSBNjT8kppTDX5X/RRbDv8A+
07gI+hDSOkbMAP5GNN594aF4qWWUcx7crKhfHAybzeY5wKN/w/5ul4QJvwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFIh3+ac0dhtGek/2SYvhGlHAS/j4MB8GA1UdIwQY
MBaAFFBc7Am/2F2ydiaWNF1ohx0J1ei9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZ6c0NiX1lYYkoySnBZMFhXaUhIUW5WNkwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy80OGFjMmEtMGE1ZS00MGM0LWIzZDQt
Njc1ZGNiMzllNzdhLzEvaUhmNXB6UjJHMFo2VF9aSmktRWFVY0JMLVBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy80OGFjMmEtMGE1ZS00MGM0LWIzZDQtNjc1ZGNiMzllNzdh
LzEvVUZ6c0NiX1lYYkoySnBZMFhXaUhIUW5WNkwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCgjGoMAwD
BAedFoADBAOdFpADBAOdFtAwDQYJKoZIhvcNAQELBQADggEBAGWUGHAk6j9+XCt4
yzyODvDD8YIcBqsfJ7p/qYtci/zjgPV3VqP4DmqDhPv96BcFKQQa6j5WqqoODnbF
zKzHEWc3Er9PiJHnFUh28nE2bQ8cPzI2jSGkbCBRbO/zjtc2fW0BWP995t4tAikk
nmtSdTcobwgedrcdRBlmXnq4Y/XoKPHlwvk6zRYxa2uZUKp0dDKqve/Oqz31NOgT
A8WAz8d5mqnsvZlKEq0byALTlQxne+MPCr9GZwaYj5n9OrxkGE8Nv9QVUmg6fazc
I38UwN1qHYrNL2ApCCJaiY6CqVRxbE2AB5abYT+u3Fr9fDZseulH11qMx7q+Uq28
/ycLAiU=
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:43:04 2026 by rpki-client