Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/TikKdyhcJJHNVP2QcDSQnnbiCHs.roa
File: TikKdyhcJJHNVP2QcDSQnnbiCHs.roa (raw, json)
Hash identifier: neErNQQSzB6BBUr7/9orHxARcJ3yH0azsWxDsn+hb5M=
Subject key identifier: 4E:29:0A:77:28:5C:24:91:CD:54:FD:90:70:34:90:9E:76:E2:08:7B
Certificate issuer: /CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Certificate serial: 019C82CA615D41FB951330EF955AB9A15699
Authority key identifier: 52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/TikKdyhcJJHNVP2QcDSQnnbiCHs.roa
Signing time: Sun 22 Feb 2026 00:40:27 +0000
ROA not before: Sun 22 Feb 2026 00:40:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 6206
IP address blocks: 37.46.192.0/21 maxlen: 24
69.161.192.0/21 maxlen: 24
91.199.50.0/24 maxlen: 24
94.185.80.0/21 maxlen: 24
94.228.208.0/20 maxlen: 24
109.235.48.0/21 maxlen: 24
194.110.67.0/24 maxlen: 24
2a00:dd0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.mft
rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:82:ca:61:5d:41:fb:95:13:30:ef:95:5a:b9:a1:56:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Validity
Not Before: Feb 22 00:40:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4e290a77285c2491cd54fd907034909e76e2087b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:eb:76:ad:26:c1:a8:b3:a3:3d:98:38:cb:e9:
21:93:11:3d:a9:e0:9b:34:fe:28:01:f7:5a:61:3d:
b7:81:1a:32:68:8f:81:30:a3:13:17:b4:97:91:8f:
6c:b1:7d:62:aa:ad:fa:e2:44:b3:82:94:ce:61:c7:
4a:a6:bb:74:9f:9b:48:98:7f:72:39:00:4e:7e:6e:
cf:08:a1:80:6f:11:38:f1:38:ae:68:13:c1:64:10:
0e:68:c9:e3:6e:dc:bc:5e:f6:24:17:b4:33:03:d6:
df:de:9d:8a:68:4d:e8:77:bf:fa:5a:f5:b9:cb:80:
da:3c:59:0d:26:7d:c1:46:a2:7e:74:fd:14:f1:b6:
6e:e5:fd:64:12:da:75:03:a4:57:52:c0:74:5f:bf:
c7:65:b4:37:67:36:ed:e5:81:ad:9f:90:49:44:bb:
e4:5a:ea:cc:bd:00:e2:3f:87:5c:6c:3f:0e:67:ed:
a1:c4:c7:3d:9a:ae:cc:1f:d0:24:4c:30:94:36:61:
46:ac:ef:ba:a4:9e:6a:3b:3f:e0:43:46:e3:93:85:
bb:4d:03:2b:d0:73:4e:9f:9b:de:80:97:f8:c5:9f:
bd:7d:8f:2e:39:18:80:ca:7e:75:ed:f3:63:c9:ae:
bc:d4:72:a2:ac:73:3e:cf:40:a6:0b:8f:d0:a2:21:
97:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:29:0A:77:28:5C:24:91:CD:54:FD:90:70:34:90:9E:76:E2:08:7B
X509v3 Authority Key Identifier:
keyid:52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/TikKdyhcJJHNVP2QcDSQnnbiCHs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.46.192.0/21
69.161.192.0/21
91.199.50.0/24
94.185.80.0/21
94.228.208.0/20
109.235.48.0/21
194.110.67.0/24
IPv6:
2a00:dd0::/32
Signature Algorithm: sha256WithRSAEncryption
24:cb:4e:fe:c4:4b:1c:1d:c5:13:a3:ea:7b:93:b6:2b:11:95:
68:27:e3:5a:10:e2:5b:d8:8c:af:0e:22:80:48:3c:4f:5e:c5:
84:e9:66:01:41:89:99:c0:d8:30:35:77:63:64:27:eb:e0:13:
db:77:d8:2a:45:34:07:83:35:3d:92:0c:96:b9:b4:97:48:b3:
d7:1c:8f:c3:6d:d4:a3:4f:e0:a8:b4:40:66:9d:a7:99:52:7f:
f9:1e:63:78:22:0c:60:da:f4:e2:96:28:66:73:5a:9e:84:c4:
75:00:af:00:50:85:8f:74:ed:3c:f8:e6:26:d0:96:6b:54:7c:
79:c2:a7:bf:ba:1b:27:13:15:a8:bc:7d:a6:10:d1:f2:1f:5e:
ed:d3:b0:33:34:e9:b3:70:09:4d:d8:e9:1c:47:3b:98:cb:5b:
75:7e:cd:9d:6e:e8:9c:a7:20:ee:2b:a8:de:95:7d:ad:60:17:
cc:c8:d7:9a:5f:77:e0:2a:ac:ea:5a:41:d9:c1:93:e3:04:be:
4c:00:09:ec:36:10:29:00:52:64:a7:c5:a4:ee:3d:1f:0e:33:
87:f1:33:cf:99:b3:35:cd:d9:4b:0b:b2:97:c3:25:e7:66:e7:
41:cc:ca:12:4f:ef:d4:cd:05:33:5f:84:94:65:c8:f7:d7:74:
79:f4:81:2d
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZyCymFdQfuVEzDvlVq5oVaZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZGM5YzIxOGI1MTBjMDdiYzY2NTliMDlmYmQzMmFmZTY4
YWJmZDIwHhcNMjYwMjIyMDA0MDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTI5MGE3NzI4NWMyNDkxY2Q1NGZkOTA3MDM0OTA5ZTc2ZTIwODdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOt2rSbBqLOjPZg4y+khkxE9qeCb
NP4oAfdaYT23gRoyaI+BMKMTF7SXkY9ssX1iqq364kSzgpTOYcdKprt0n5tImH9y
OQBOfm7PCKGAbxE48TiuaBPBZBAOaMnjbty8XvYkF7QzA9bf3p2KaE3od7/6WvW5
y4DaPFkNJn3BRqJ+dP0U8bZu5f1kEtp1A6RXUsB0X7/HZbQ3Zzbt5YGtn5BJRLvk
WurMvQDiP4dcbD8OZ+2hxMc9mq7MH9AkTDCUNmFGrO+6pJ5qOz/gQ0bjk4W7TQMr
0HNOn5vegJf4xZ+9fY8uORiAyn517fNjya681HKirHM+z0CmC4/QoiGXvQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFE4pCncoXCSRzVT9kHA0kJ524gh7MB8GA1UdIwQY
MBaAFFLcnCGLUQwHvGZZsJ+9Mq/mir/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYt
NTJmOTdiMjc3ZDFmLzEvVGlrS2R5aGNKSkhOVlAyUWNEU1FubmJpQ0hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYtNTJmOTdiMjc3ZDFm
LzEvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDJS7AAwQD
RaHAAwQAW8cyAwQDXrlQAwQEXuTQAwQDbeswAwQAwm5DMA0EAgACMAcDBQAqAA3Q
MA0GCSqGSIb3DQEBCwUAA4IBAQAky07+xEscHcUTo+p7k7YrEZVoJ+NaEOJb2Iyv
DiKASDxPXsWE6WYBQYmZwNgwNXdjZCfr4BPbd9gqRTQHgzU9kgyWubSXSLPXHI/D
bdSjT+CotEBmnaeZUn/5HmN4Igxg2vTilihmc1qehMR1AK8AUIWPdO08+OYm0JZr
VHx5wqe/uhsnExWovH2mENHyH17t07AzNOmzcAlN2OkcRzuYy1t1fs2dbuicpyDu
K6jelX2tYBfMyNeaX3fgKqzqWkHZwZPjBL5MAAnsNhApAFJkp8Wk7j0fDjOH8TPP
mbM1zdlLC7KXwyXnZudBzMoST+/UzQUzX4SUZcj313R59IEt
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:30:44 2026 by rpki-client