Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/tNJERrvO3zhjhPwdVcnqoZVqBKk.roa
File: tNJERrvO3zhjhPwdVcnqoZVqBKk.roa (raw, json)
Hash identifier: m9AeDxO7J4dstZSVyK+IZ8igaFWz+KT/ygfhxcM2Uyk=
Subject key identifier: B4:D2:44:46:BB:CE:DF:38:63:84:FC:1D:55:C9:EA:A1:95:6A:04:A9
Certificate issuer: /CN=fc4d06978969a8bdab6d6359062d7781e03449ca
Certificate serial: 019E92590D0157DD6BC9A9C2FB1D7556272D
Authority key identifier: FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/tNJERrvO3zhjhPwdVcnqoZVqBKk.roa
Signing time: Thu 04 Jun 2026 11:16:09 +0000
ROA not before: Thu 04 Jun 2026 11:16:09 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 21412
IP address blocks: 5.20.0.0/20 maxlen: 20
5.20.16.0/20 maxlen: 20
5.20.32.0/19 maxlen: 19
5.20.64.0/19 maxlen: 19
5.20.96.0/21 maxlen: 21
5.20.104.0/21 maxlen: 21
5.20.112.0/21 maxlen: 21
5.20.120.0/21 maxlen: 21
5.20.128.0/19 maxlen: 19
5.20.160.0/19 maxlen: 19
5.20.192.0/19 maxlen: 19
5.20.224.0/21 maxlen: 21
5.20.232.0/21 maxlen: 21
5.20.240.0/20 maxlen: 20
37.157.144.0/21 maxlen: 21
46.251.32.0/19 maxlen: 19
77.87.8.0/21 maxlen: 21
77.221.64.0/19 maxlen: 19
79.133.224.0/19 maxlen: 19
80.240.0.0/20 maxlen: 20
81.29.16.0/20 maxlen: 20
87.239.112.0/21 maxlen: 21
87.247.64.0/18 maxlen: 18
91.187.160.0/19 maxlen: 19
178.16.32.0/20 maxlen: 20
178.250.32.0/21 maxlen: 21
185.26.132.0/22 maxlen: 22
185.198.32.0/22 maxlen: 22
212.52.32.0/19 maxlen: 19
212.117.0.0/19 maxlen: 19
217.17.80.0/20 maxlen: 20
2a00:7600::/32 maxlen: 32
2a01:a1c0::/32 maxlen: 32
2a04:ce00::/29 maxlen: 29
2a04:eb00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl
rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.mft
rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 17:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:92:59:0d:01:57:dd:6b:c9:a9:c2:fb:1d:75:56:27:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fc4d06978969a8bdab6d6359062d7781e03449ca
Validity
Not Before: Jun 4 11:16:09 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b4d24446bbcedf386384fc1d55c9eaa1956a04a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:96:d9:68:1b:46:aa:d3:51:e3:43:36:a0:2f:
a1:a6:8b:30:fe:4f:bc:70:22:ac:8f:fa:3b:31:67:
83:bc:d8:b7:3f:41:9e:6f:89:33:a7:03:02:01:04:
6c:12:0b:9b:97:80:e6:bf:42:af:a9:90:f7:eb:a3:
3b:4b:4a:6b:dc:ea:81:5a:7c:21:e2:33:c0:a6:90:
5e:b5:9a:87:60:e4:bf:77:41:86:58:53:ff:d4:ac:
27:67:5b:1c:3b:ca:0c:6b:6c:08:15:89:94:43:e1:
60:0e:42:84:58:4b:8f:bb:33:ec:33:23:31:1d:c4:
bf:82:16:f2:e8:36:ef:7a:17:53:10:35:be:40:e9:
1d:e6:0a:dd:2e:3f:5f:f3:94:60:13:b8:d6:e8:fc:
28:b6:9f:a0:3b:2d:e6:46:e2:8b:63:6f:c1:1f:b6:
ed:43:4d:0e:0f:bd:8e:7c:ad:54:3d:82:ad:cc:bb:
60:43:49:61:5c:65:d1:8a:47:4e:87:d3:40:87:0e:
ea:1b:8b:1f:4c:cb:61:16:1f:de:ed:4f:b7:43:99:
be:fc:29:36:79:2a:97:10:c0:e2:5e:a4:76:b2:1d:
09:b0:e2:9b:ef:c0:64:d1:cc:31:2e:af:13:0a:85:
ef:39:16:20:24:bf:d1:f2:a0:25:a8:87:6a:7c:5a:
a2:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:D2:44:46:BB:CE:DF:38:63:84:FC:1D:55:C9:EA:A1:95:6A:04:A9
X509v3 Authority Key Identifier:
keyid:FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/tNJERrvO3zhjhPwdVcnqoZVqBKk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.20.0.0/16
37.157.144.0/21
46.251.32.0/19
77.87.8.0/21
77.221.64.0/19
79.133.224.0/19
80.240.0.0/20
81.29.16.0/20
87.239.112.0/21
87.247.64.0/18
91.187.160.0/19
178.16.32.0/20
178.250.32.0/21
185.26.132.0/22
185.198.32.0/22
212.52.32.0/19
212.117.0.0/19
217.17.80.0/20
IPv6:
2a00:7600::/32
2a01:a1c0::/32
2a04:ce00::/29
2a04:eb00::/29
Signature Algorithm: sha256WithRSAEncryption
ba:2e:da:55:4f:2f:20:27:cf:d0:7a:05:f7:aa:a8:51:bf:7d:
e5:fe:dd:4d:0b:f6:e3:f2:f2:94:69:9b:19:ca:1e:4d:b5:51:
16:db:ea:b2:a9:61:e0:b9:d8:e4:bd:d3:90:c3:04:bf:aa:35:
f0:41:8d:3c:22:80:d9:d8:b9:da:8e:c5:9e:e3:05:32:8f:b7:
5d:29:a6:c5:e7:b4:38:34:16:a5:6e:d7:4e:fd:29:6a:0e:41:
01:4a:9e:f2:51:4f:cd:e7:5d:f2:84:ec:43:3f:e3:12:16:b0:
2b:04:f2:8e:1a:c6:12:0d:92:e5:52:ea:4a:a6:d9:d8:ae:97:
ba:16:c2:cd:fd:9b:5c:e4:c7:c9:92:3a:da:4f:57:3c:87:80:
3b:cc:c4:c5:64:4d:d0:57:c9:6e:db:3f:51:f0:2a:5f:f4:e3:
27:90:a2:d9:8f:90:c9:66:a6:6b:75:e0:21:33:f5:d0:87:15:
e3:41:38:43:77:0a:6e:14:e8:de:1e:aa:87:6a:72:0a:3e:8f:
8e:3c:29:60:d4:eb:ce:95:eb:16:8c:f3:18:23:ed:22:ed:d1:
f6:38:de:df:28:e5:ef:e1:be:67:17:84:b0:e0:d9:d4:4a:4e:
68:df:08:45:b5:28:90:72:0c:82:98:cb:3e:25:20:92:fd:c0:
56:1f:cf:0f
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAZ6SWQ0BV91ryanC+x11VictMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNGQwNjk3ODk2OWE4YmRhYjZkNjM1OTA2MmQ3NzgxZTAz
NDQ5Y2EwHhcNMjYwNjA0MTExNjA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGQyNDQ0NmJiY2VkZjM4NjM4NGZjMWQ1NWM5ZWFhMTk1NmEwNGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZbZaBtGqtNR40M2oC+hposw/k+8
cCKsj/o7MWeDvNi3P0Geb4kzpwMCAQRsEgubl4Dmv0KvqZD366M7S0pr3OqBWnwh
4jPAppBetZqHYOS/d0GGWFP/1KwnZ1scO8oMa2wIFYmUQ+FgDkKEWEuPuzPsMyMx
HcS/ghby6DbvehdTEDW+QOkd5grdLj9f85RgE7jW6Pwotp+gOy3mRuKLY2/BH7bt
Q00OD72OfK1UPYKtzLtgQ0lhXGXRikdOh9NAhw7qG4sfTMthFh/e7U+3Q5m+/Ck2
eSqXEMDiXqR2sh0JsOKb78Bk0cwxLq8TCoXvORYgJL/R8qAlqIdqfFqimwIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFLTSREa7zt84Y4T8HVXJ6qGVagSpMB8GA1UdIwQY
MBaAFPxNBpeJaai9q21jWQYtd4HgNEnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEt
ZGEwM2JmN2EyZWMyLzEvdE5KRVJydk8zemhqaFB3ZFZjbnFvWlZxQktrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEtZGEwM2JmN2EyZWMy
LzEvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGqBggrBgEFBQcBBwEB/wSBmjCBlzBxBAIAATBrAwMABRQD
BAMlnZADBAUu+yADBANNVwgDBAVN3UADBAVPheADBARQ8AADBARRHRADBANX73AD
BAZX90ADBAVbu6ADBASyECADBAOy+iADBAK5GoQDBAK5xiADBAXUNCADBAXUdQAD
BATZEVAwIgQCAAIwHAMFACoAdgADBQAqAaHAAwUDKgTOAAMFAyoE6wAwDQYJKoZI
hvcNAQELBQADggEBALou2lVPLyAnz9B6BfeqqFG/feX+3U0L9uPy8pRpmxnKHk21
URbb6rKpYeC52OS905DDBL+qNfBBjTwigNnYudqOxZ7jBTKPt10ppsXntDg0FqVu
1079KWoOQQFKnvJRT83nXfKE7EM/4xIWsCsE8o4axhINkuVS6kqm2diul7oWws39
m1zkx8mSOtpPVzyHgDvMxMVkTdBXyW7bP1HwKl/04yeQotmPkMlmpmt14CEz9dCH
FeNBOEN3Cm4U6N4eqodqcgo+j448KWDU686V6xaM8xgj7SLt0fY43t8o5e/hvmcX
hLDg2dRKTmjfCEW1KJByDIKYyz4lIJL9wFYfzw8=
-----END CERTIFICATE-----
Generated at Sat Jun 13 23:25:35 2026 by rpki-client