Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/ChfnxGz0VKQRsVnjHyIAinMMsIk.roa
File: ChfnxGz0VKQRsVnjHyIAinMMsIk.roa (raw, json)
Hash identifier: eW5OJ9VGVnnfrTZ+gpRAKAP747DliU0KHrN7X11TVIw=
Subject key identifier: 0A:17:E7:C4:6C:F4:54:A4:11:B1:59:E3:1F:22:00:8A:73:0C:B0:89
Certificate issuer: /CN=b343514630dc17f3fe9b51dd434184d0b62b03c0
Certificate serial: 019C9D338BF54974A55DF1FE1B710752980C
Authority key identifier: B3:43:51:46:30:DC:17:F3:FE:9B:51:DD:43:41:84:D0:B6:2B:03:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/ChfnxGz0VKQRsVnjHyIAinMMsIk.roa
Signing time: Fri 27 Feb 2026 03:45:26 +0000
ROA not before: Fri 27 Feb 2026 03:45:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 12555
IP address blocks: 45.135.92.0/22 maxlen: 22
45.135.92.0/24 maxlen: 24
45.135.93.0/24 maxlen: 24
45.135.94.0/24 maxlen: 24
45.135.95.0/24 maxlen: 24
81.29.128.0/20 maxlen: 24
81.29.128.0/24 maxlen: 24
81.29.129.0/24 maxlen: 24
81.29.130.0/24 maxlen: 24
81.29.131.0/24 maxlen: 24
81.29.132.0/24 maxlen: 24
81.29.134.0/24 maxlen: 24
81.29.135.0/24 maxlen: 24
81.29.136.0/24 maxlen: 24
81.29.138.0/24 maxlen: 24
81.29.139.0/24 maxlen: 24
81.29.140.0/24 maxlen: 24
81.29.141.0/24 maxlen: 24
81.29.143.0/24 maxlen: 24
93.189.144.0/21 maxlen: 21
93.189.144.0/24 maxlen: 24
93.189.145.0/24 maxlen: 24
93.189.146.0/24 maxlen: 24
93.189.147.0/24 maxlen: 24
93.189.149.0/24 maxlen: 24
93.189.150.0/24 maxlen: 24
93.189.151.0/24 maxlen: 24
185.37.62.0/24 maxlen: 24
185.37.63.0/24 maxlen: 24
2a00:f2a0::/32 maxlen: 32
2a0e:8f40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.crl
rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.mft
rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 06:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:9d:33:8b:f5:49:74:a5:5d:f1:fe:1b:71:07:52:98:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b343514630dc17f3fe9b51dd434184d0b62b03c0
Validity
Not Before: Feb 27 03:45:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0a17e7c46cf454a411b159e31f22008a730cb089
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:24:ec:51:b4:89:cc:b3:10:cd:9a:5d:50:85:
20:8f:25:8f:a7:d5:2d:06:9e:6f:fe:a5:4a:b6:6c:
8a:9e:27:a7:c9:fe:60:df:17:c1:29:40:29:67:08:
63:d3:36:bd:a4:00:c1:b2:ee:89:cb:98:65:b5:09:
34:6f:8f:47:d6:62:a2:4a:34:12:7d:a0:92:e9:18:
75:34:63:58:c2:d0:16:96:a6:94:42:18:1d:c4:3a:
33:bb:9b:63:e2:4f:4b:8b:3b:bd:79:75:da:ea:df:
05:8d:a0:73:5e:ad:99:0f:23:d6:a9:3b:73:01:2c:
5b:8c:fc:81:b4:bc:b0:10:d2:51:f8:e5:1b:82:a9:
2d:49:91:38:d8:51:48:60:8d:c3:ea:49:c5:71:d8:
88:b2:6f:b6:b5:42:1c:80:b7:f6:12:9d:a7:97:56:
41:81:8b:c0:14:b8:2b:ab:fa:48:82:5f:54:8e:d9:
e0:79:14:a6:a5:dc:83:cb:d2:e9:e8:2c:2a:ea:9d:
c9:ac:24:bb:53:a2:c4:48:e0:0c:31:60:8f:f1:df:
87:63:f5:35:a3:4c:19:ca:c9:ee:44:fd:80:01:61:
85:4c:ad:8b:e5:09:0a:6d:b9:a5:1d:57:1c:ca:7a:
2d:bf:a9:3b:15:8b:4c:b5:6e:a1:dd:51:4a:a2:bd:
cf:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:17:E7:C4:6C:F4:54:A4:11:B1:59:E3:1F:22:00:8A:73:0C:B0:89
X509v3 Authority Key Identifier:
keyid:B3:43:51:46:30:DC:17:F3:FE:9B:51:DD:43:41:84:D0:B6:2B:03:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/ChfnxGz0VKQRsVnjHyIAinMMsIk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.135.92.0/22
81.29.128.0/20
93.189.144.0/21
185.37.62.0/23
IPv6:
2a00:f2a0::/32
2a0e:8f40::/29
Signature Algorithm: sha256WithRSAEncryption
a6:d8:f7:29:e5:f5:ad:2c:2e:c3:08:f7:9a:9e:73:96:5b:a0:
e4:09:ee:fc:73:7b:6a:c2:a0:26:ab:64:24:4c:97:16:bf:3e:
df:0f:9e:b5:ac:50:2c:21:eb:94:f7:06:dd:8a:3a:2d:53:01:
aa:12:3d:4b:56:78:24:df:0f:30:ad:02:f4:40:49:74:39:90:
f8:a4:30:ad:56:11:37:3c:ed:f1:d0:0a:75:f3:3c:83:21:f1:
93:34:04:be:0f:ef:3d:23:0a:0f:4a:a4:6c:dd:9b:22:48:58:
5a:f6:69:18:67:a8:0a:2b:59:73:d0:fd:80:2c:a5:46:4a:65:
a6:ab:6c:3e:7d:b4:35:91:82:83:d1:53:7d:e9:ac:e7:a4:17:
cb:ab:61:56:35:b8:c3:34:78:97:8b:fd:e5:80:45:84:7a:82:
6b:7f:04:b4:c0:40:a2:46:5c:11:a4:14:03:25:ff:8b:0f:a3:
7e:91:26:35:72:b1:62:fe:83:c9:d6:08:79:a9:b0:0d:a1:65:
80:42:c1:b8:56:cc:c4:f5:9f:00:57:06:6f:f0:b7:74:ce:45:
cd:af:76:c5:61:e0:91:ad:d1:30:0f:7e:aa:0a:1a:03:57:51:
98:bb:21:27:f9:53:77:f0:33:0d:7f:5d:2b:5a:32:4e:2d:6c:
d7:15:91:81
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZydM4v1SXSlXfH+G3EHUpgMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNDM1MTQ2MzBkYzE3ZjNmZTliNTFkZDQzNDE4NGQwYjYy
YjAzYzAwHhcNMjYwMjI3MDM0NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTE3ZTdjNDZjZjQ1NGE0MTFiMTU5ZTMxZjIyMDA4YTczMGNiMDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiTsUbSJzLMQzZpdUIUgjyWPp9Ut
Bp5v/qVKtmyKnienyf5g3xfBKUApZwhj0za9pADBsu6Jy5hltQk0b49H1mKiSjQS
faCS6Rh1NGNYwtAWlqaUQhgdxDozu5tj4k9Lizu9eXXa6t8FjaBzXq2ZDyPWqTtz
ASxbjPyBtLywENJR+OUbgqktSZE42FFIYI3D6knFcdiIsm+2tUIcgLf2Ep2nl1ZB
gYvAFLgrq/pIgl9UjtngeRSmpdyDy9Lp6Cwq6p3JrCS7U6LESOAMMWCP8d+HY/U1
o0wZysnuRP2AAWGFTK2L5QkKbbmlHVccynotv6k7FYtMtW6h3VFKor3PJQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFAoX58Rs9FSkEbFZ4x8iAIpzDLCJMB8GA1UdIwQY
MBaAFLNDUUYw3Bfz/ptR3UNBhNC2KwPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczBOUlJqRGNGX1AtbTFIZFEwR0UwTFlyQThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMzgwNDYtN2JlMC00MDE3LWE5OGIt
YTcyNDdlOWQ1ZjNhLzEvQ2hmbnhHejBWS1FSc1Zuakh5SUFpbk1Nc0lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMzgwNDYtN2JlMC00MDE3LWE5OGItYTcyNDdlOWQ1ZjNh
LzEvczBOUlJqRGNGX1AtbTFIZFEwR0UwTFlyQThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQCLYdcAwQE
UR2AAwQDXb2QAwQBuSU+MBQEAgACMA4DBQAqAPKgAwUDKg6PQDANBgkqhkiG9w0B
AQsFAAOCAQEAptj3KeX1rSwuwwj3mp5zllug5Anu/HN7asKgJqtkJEyXFr8+3w+e
taxQLCHrlPcG3Yo6LVMBqhI9S1Z4JN8PMK0C9EBJdDmQ+KQwrVYRNzzt8dAKdfM8
gyHxkzQEvg/vPSMKD0qkbN2bIkhYWvZpGGeoCitZc9D9gCylRkplpqtsPn20NZGC
g9FTfems56QXy6thVjW4wzR4l4v95YBFhHqCa38EtMBAokZcEaQUAyX/iw+jfpEm
NXKxYv6DydYIeamwDaFlgELBuFbMxPWfAFcGb/C3dM5Fza92xWHgka3RMA9+qgoa
A1dRmLshJ/lTd/AzDX9dK1oyTi1s1xWRgQ==
-----END CERTIFICATE-----
Generated at Sun Mar 1 14:42:10 2026 by rpki-client