Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/OY7VggLlS6S8taEQZwxA_9MJ9Jc.roa
File: OY7VggLlS6S8taEQZwxA_9MJ9Jc.roa (raw, json)
Hash identifier: hj2ioa7d+yEki0gbVFILdu22LUXQHhfHdLKTOV3RU+k=
Subject key identifier: 39:8E:D5:82:02:E5:4B:A4:BC:B5:A1:10:67:0C:40:FF:D3:09:F4:97
Certificate issuer: /CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
Certificate serial: 019D381D4D5F20C73C7E01584F99F7E81432
Authority key identifier: F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/OY7VggLlS6S8taEQZwxA_9MJ9Jc.roa
Signing time: Sun 29 Mar 2026 05:42:17 +0000
ROA not before: Sun 29 Mar 2026 05:42:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 395092
IP address blocks: 45.95.16.0/22 maxlen: 22
45.155.36.0/22 maxlen: 22
85.155.112.0/22 maxlen: 24
94.124.160.0/24 maxlen: 24
109.104.106.0/23 maxlen: 24
168.222.248.0/22 maxlen: 24
185.93.220.0/22 maxlen: 24
193.17.56.0/22 maxlen: 22
195.58.136.0/22 maxlen: 24
195.58.140.0/23 maxlen: 23
213.108.246.0/23 maxlen: 23
213.139.204.0/22 maxlen: 22
217.195.152.0/22 maxlen: 22
2a0d:9ec0::/48 maxlen: 48
2a0d:9ec1::/48 maxlen: 48
2a0d:9ec2::/48 maxlen: 48
2a0d:9ec3::/48 maxlen: 48
2a0d:9ec4::/48 maxlen: 48
2a0d:9ec5::/48 maxlen: 48
2a0d:9ec6::/48 maxlen: 48
2a0d:d8c0::/48 maxlen: 48
2a0d:d8c0:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl
rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.mft
rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:38:1d:4d:5f:20:c7:3c:7e:01:58:4f:99:f7:e8:14:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
Validity
Not Before: Mar 29 05:42:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=398ed58202e54ba4bcb5a110670c40ffd309f497
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:6c:d7:f2:0b:71:81:67:43:4f:cb:4c:88:72:
8c:2c:bc:39:b0:ad:38:e0:b2:19:55:16:ae:5e:f4:
fa:cd:bf:20:1d:29:ff:e4:6b:cb:58:aa:0e:35:29:
fc:e8:59:00:02:3f:1e:74:06:de:1c:33:1d:19:18:
af:13:84:5d:1b:b4:3e:37:37:2b:bd:6c:7c:dc:b7:
62:aa:cd:d1:46:fa:b4:ae:bb:c6:68:97:23:4a:ec:
40:00:d0:ce:f7:7e:d3:c8:3a:ba:e8:5f:57:65:e4:
f9:14:d4:14:e3:af:fd:0e:7b:e9:29:f7:4e:ec:a8:
1a:60:12:03:a3:76:d2:48:0c:e5:b0:fa:28:73:6e:
b4:e5:ec:50:cd:62:b1:9d:fc:0f:1b:a5:fd:f5:d1:
91:3d:35:14:b8:e4:a6:3c:b6:ac:48:f5:91:0a:b3:
ba:75:a8:26:23:8f:7c:0f:11:c3:34:0d:9d:6c:80:
db:a9:f1:d6:4c:0c:f4:84:f1:e0:6f:c1:46:ea:58:
e1:f3:c0:79:85:80:55:b2:b2:0d:06:ae:be:5c:fc:
08:43:31:e2:9b:f8:74:83:14:b2:a6:6e:56:e6:a5:
07:05:16:cb:30:e5:58:0c:9e:15:ce:90:18:8f:cc:
c8:52:1f:ba:0e:db:80:90:ec:74:30:5d:69:e0:a6:
76:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:8E:D5:82:02:E5:4B:A4:BC:B5:A1:10:67:0C:40:FF:D3:09:F4:97
X509v3 Authority Key Identifier:
keyid:F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/OY7VggLlS6S8taEQZwxA_9MJ9Jc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.95.16.0/22
45.155.36.0/22
85.155.112.0/22
94.124.160.0/24
109.104.106.0/23
168.222.248.0/22
185.93.220.0/22
193.17.56.0/22
195.58.136.0-195.58.141.255
213.108.246.0/23
213.139.204.0/22
217.195.152.0/22
IPv6:
2a0d:9ec0::/48
2a0d:9ec1::/48
2a0d:9ec2::/48
2a0d:9ec3::/48
2a0d:9ec4::/48
2a0d:9ec5::/48
2a0d:9ec6::/48
2a0d:d8c0::/47
Signature Algorithm: sha256WithRSAEncryption
81:a8:7a:79:c5:ad:71:93:f7:f7:e7:67:fd:33:40:5d:77:88:
2e:e1:40:9e:b8:8f:c0:a2:5a:61:82:0b:8b:fb:13:e8:51:61:
9c:1f:c7:00:5e:81:e1:dc:ae:b8:53:42:43:e9:42:42:ca:f3:
0a:0e:89:1e:2e:b4:db:bb:a8:7b:18:03:71:9d:5f:27:b1:b6:
b0:75:aa:25:ec:64:a0:82:e8:74:83:ce:6e:7c:4c:d7:46:e4:
9e:79:ba:13:87:e1:a6:02:d3:15:52:ef:73:62:fc:42:68:03:
f7:c5:58:86:27:0a:10:4e:69:14:b7:40:ce:ae:4f:e8:16:dc:
31:e0:06:e8:eb:e8:d6:bd:b7:e0:48:a3:be:51:1f:be:6a:c0:
58:c7:7e:6a:76:f1:f0:1a:c5:45:5b:3d:b2:65:ae:ca:75:23:
42:2f:be:df:48:4d:1e:43:a0:5a:75:03:7c:e6:d5:fc:28:de:
bc:17:45:a6:5a:1f:08:a9:57:5a:73:2a:68:09:fc:f4:38:e0:
8f:01:60:1e:3b:f8:2e:35:0a:93:b1:49:ab:3c:18:98:ba:05:
76:49:c2:43:b5:ed:95:66:3e:f7:89:20:e6:bb:03:0d:6f:c0:
58:ee:da:f6:00:05:a0:b0:fe:9a:84:a8:e8:ba:3d:59:0e:66:
2e:5c:d0:d5
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgISAZ04HU1fIMc8fgFYT5n36BQyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZDA4YTFlMWNiYzkwOTI1NGU5ZTZiOWM5MzlmZDg1YTI2
OGIxZTEwHhcNMjYwMzI5MDU0MjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOThlZDU4MjAyZTU0YmE0YmNiNWExMTA2NzBjNDBmZmQzMDlmNDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWzX8gtxgWdDT8tMiHKMLLw5sK04
4LIZVRauXvT6zb8gHSn/5GvLWKoONSn86FkAAj8edAbeHDMdGRivE4RdG7Q+Nzcr
vWx83Ldiqs3RRvq0rrvGaJcjSuxAANDO937TyDq66F9XZeT5FNQU46/9DnvpKfdO
7KgaYBIDo3bSSAzlsPooc2605exQzWKxnfwPG6X99dGRPTUUuOSmPLasSPWRCrO6
dagmI498DxHDNA2dbIDbqfHWTAz0hPHgb8FG6ljh88B5hYBVsrINBq6+XPwIQzHi
m/h0gxSypm5W5qUHBRbLMOVYDJ4VzpAYj8zIUh+6DtuAkOx0MF1p4KZ2GwIDAQAB
o4ICpjCCAqIwHQYDVR0OBBYEFDmO1YIC5UukvLWhEGcMQP/TCfSXMB8GA1UdIwQY
MBaAFPTQih4cvJCSVOnmuck5/YWiaLHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2Ut
ZGNlOTQ3ZTI5NGI2LzEvT1k3VmdnTGxTNlM4dGFFUVp3eEFfOU1KOUpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2UtZGNlOTQ3ZTI5NGI2
LzEvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG7BggrBgEFBQcBBwEB/wSBqzCBqDBWBAIAATBQAwQCLV8Q
AwQCLZskAwQCVZtwAwQAXnygAwQBbWhqAwQCqN74AwQCuV3cAwQCwRE4MAwDBAPD
OogDBAHDOowDBAHVbPYDBALVi8wDBALZw5gwTgQCAAIwSAMHACoNnsAAAAMHACoN
nsEAAAMHACoNnsIAAAMHACoNnsMAAAMHACoNnsQAAAMHACoNnsUAAAMHACoNnsYA
AAMHASoN2MAAADANBgkqhkiG9w0BAQsFAAOCAQEAgah6ecWtcZP39+dn/TNAXXeI
LuFAnriPwKJaYYILi/sT6FFhnB/HAF6B4dyuuFNCQ+lCQsrzCg6JHi6027uoexgD
cZ1fJ7G2sHWqJexkoILodIPObnxM10bknnm6E4fhpgLTFVLvc2L8QmgD98VYhicK
EE5pFLdAzq5P6BbcMeAG6Ovo1r234EijvlEfvmrAWMd+anbx8BrFRVs9smWuynUj
Qi++30hNHkOgWnUDfObV/CjevBdFplofCKlXWnMqaAn89DjgjwFgHjv4LjUKk7FJ
qzwYmLoFdknCQ7XtlWY+94kg5rsDDW/AWO7a9gAFoLD+moSo6Lo9WQ5mLlzQ1Q==
-----END CERTIFICATE-----
Generated at Fri Apr 17 13:01:46 2026 by rpki-client