Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rGIovrXr2PenpqE83Nj9eWB1x8s.roa
File: rGIovrXr2PenpqE83Nj9eWB1x8s.roa (raw, json)
Hash identifier: 34LCqWqcnvgQ4rKtRytxb38DA5KqQIpYL78rOxx5xLc=
Subject key identifier: AC:62:28:BE:B5:EB:D8:F7:A7:A6:A1:3C:DC:D8:FD:79:60:75:C7:CB
Certificate issuer: /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial: 019D54B33C75AEE965C2CC783B79E5CA0604
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rGIovrXr2PenpqE83Nj9eWB1x8s.roa
Signing time: Fri 03 Apr 2026 18:55:25 +0000
ROA not before: Fri 03 Apr 2026 18:55:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 208185
IP address blocks: 45.143.96.0/24 maxlen: 24
185.148.243.0/24 maxlen: 24
185.169.183.0/24 maxlen: 24
185.174.23.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 15:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:54:b3:3c:75:ae:e9:65:c2:cc:78:3b:79:e5:ca:06:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Validity
Not Before: Apr 3 18:55:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ac6228beb5ebd8f7a7a6a13cdcd8fd796075c7cb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:28:50:05:62:f4:61:34:6e:cc:5d:f2:54:6a:
69:96:15:7d:5e:cc:a7:3f:bf:40:5a:dd:16:9a:a0:
af:ee:0e:8a:27:05:12:da:bc:ea:12:b9:f0:53:fd:
96:ac:c1:f9:60:8a:ee:02:e6:81:11:75:66:28:97:
81:3e:11:98:29:49:20:0e:e9:24:29:87:3d:61:f1:
b4:df:d0:7c:ff:a7:a1:51:82:67:c4:b1:b3:da:24:
4d:d6:0e:e8:90:ca:09:f9:2b:29:ae:a4:51:64:de:
a9:97:ec:0b:08:16:09:98:ea:38:56:a7:48:b9:75:
cf:66:d0:4c:55:65:04:db:fb:1d:11:c6:ee:a9:1b:
c0:2d:c0:40:8b:4e:e2:ac:a2:62:2b:23:00:22:4e:
2c:7f:2f:35:0b:3f:9d:8f:64:48:17:49:9f:ed:f9:
2d:a2:be:9e:36:f5:46:69:79:74:d1:07:16:6e:d2:
90:5a:d5:6b:af:75:af:8a:c6:16:36:91:99:71:a2:
e2:3a:f7:17:c8:2d:86:ae:0a:64:90:b8:ea:66:d5:
aa:03:86:4f:5f:29:43:74:ef:aa:2f:ea:e0:99:25:
64:f0:8f:f5:76:f2:1f:15:88:90:a3:dd:a5:3a:36:
c2:66:47:24:83:b8:18:75:bc:e4:a9:cc:9d:ba:56:
5e:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:62:28:BE:B5:EB:D8:F7:A7:A6:A1:3C:DC:D8:FD:79:60:75:C7:CB
X509v3 Authority Key Identifier:
keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rGIovrXr2PenpqE83Nj9eWB1x8s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.143.96.0/24
185.148.243.0/24
185.169.183.0/24
185.174.23.0/24
Signature Algorithm: sha256WithRSAEncryption
1f:6a:13:5d:a0:a6:65:ad:07:0e:e1:4c:35:3e:bc:74:b8:cb:
d8:2d:a7:cc:b1:64:6a:34:31:58:b2:81:18:d2:1a:8c:1c:36:
96:5f:03:33:41:a0:f5:79:a7:b2:89:1d:93:66:20:80:f0:28:
e9:24:0d:f7:eb:0a:0d:fc:3a:d7:9a:34:23:63:81:b0:48:f8:
97:99:1e:dd:a4:39:61:13:1e:cc:ae:6b:1c:2d:93:ce:37:94:
56:44:87:1f:cc:a7:c8:d3:55:7e:20:c4:d1:b0:e6:1f:ce:04:
35:3b:b6:df:a4:6f:b9:1c:5c:bc:1a:f3:1e:d0:d4:f3:c4:02:
08:3a:66:1e:f5:23:5f:12:34:a4:be:a6:bd:ca:b5:7e:56:1a:
20:4e:e1:b9:ad:21:86:a3:46:71:c1:80:6b:a0:cc:04:3a:78:
fc:4e:f7:90:0f:50:ac:44:96:2f:9d:fe:c0:21:d8:76:a5:6d:
95:8c:1e:ff:54:43:fa:19:14:94:52:29:63:d6:28:07:75:21:
08:b5:fa:ca:73:ea:f5:4e:7e:a1:6c:76:cc:56:a0:09:88:3b:
92:fa:e5:83:74:1a:e5:9d:0a:7a:83:6e:d4:c5:8d:30:05:b3:
2f:1b:45:d7:81:f6:7f:f0:b9:7f:b3:1e:3c:fb:68:91:d6:e9:
31:52:84:97
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ1Uszx1rullwsx4O3nlygYEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjYwNDAzMTg1NTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzYyMjhiZWI1ZWJkOGY3YTdhNmExM2NkY2Q4ZmQ3OTYwNzVjN2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxChQBWL0YTRuzF3yVGpplhV9Xsyn
P79AWt0WmqCv7g6KJwUS2rzqErnwU/2WrMH5YIruAuaBEXVmKJeBPhGYKUkgDukk
KYc9YfG039B8/6ehUYJnxLGz2iRN1g7okMoJ+SsprqRRZN6pl+wLCBYJmOo4VqdI
uXXPZtBMVWUE2/sdEcbuqRvALcBAi07irKJiKyMAIk4sfy81Cz+dj2RIF0mf7fkt
or6eNvVGaXl00QcWbtKQWtVrr3WvisYWNpGZcaLiOvcXyC2GrgpkkLjqZtWqA4ZP
XylDdO+qL+rgmSVk8I/1dvIfFYiQo92lOjbCZkckg7gYdbzkqcydulZexQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKxiKL6169j3p6ahPNzY/XlgdcfLMB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvckdJb3ZyWHIyUGVucHFFODNOajllV0IxeDhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALY9gAwQA
uZTzAwQAuam3AwQAua4XMA0GCSqGSIb3DQEBCwUAA4IBAQAfahNdoKZlrQcO4Uw1
Prx0uMvYLafMsWRqNDFYsoEY0hqMHDaWXwMzQaD1eaeyiR2TZiCA8CjpJA336woN
/DrXmjQjY4GwSPiXmR7dpDlhEx7MrmscLZPON5RWRIcfzKfI01V+IMTRsOYfzgQ1
O7bfpG+5HFy8GvMe0NTzxAIIOmYe9SNfEjSkvqa9yrV+VhogTuG5rSGGo0ZxwYBr
oMwEOnj8TveQD1CsRJYvnf7AIdh2pW2VjB7/VEP6GRSUUilj1igHdSEItfrKc+r1
Tn6hbHbMVqAJiDuS+uWDdBrlnQp6g27UxY0wBbMvG0XXgfZ/8Ll/sx48+2iR1ukx
UoSX
-----END CERTIFICATE-----
Generated at Fri Apr 17 23:26:55 2026 by rpki-client