Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/c771c3-ca90-4fd2-99ac-04c82ed6ed4c/1/S9un40BglrRD8oUoRwpeEoCPKzQ.roa
File: S9un40BglrRD8oUoRwpeEoCPKzQ.roa (raw, json)
Hash identifier: 63quj0FUggFB47Cme3ZNE0Mctu62nOnwW9NKWHljeOQ=
Subject key identifier: 4B:DB:A7:E3:40:60:96:B4:43:F2:85:28:47:0A:5E:12:80:8F:2B:34
Certificate issuer: /CN=41fb6b1708335006b0a6aac650bfaff3fc8d292c
Certificate serial: 019B8E444AA4C436E1E13F7406343FBF7B5B
Authority key identifier: 41:FB:6B:17:08:33:50:06:B0:A6:AA:C6:50:BF:AF:F3:FC:8D:29:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QftrFwgzUAawpqrGUL-v8_yNKSw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/c771c3-ca90-4fd2-99ac-04c82ed6ed4c/1/S9un40BglrRD8oUoRwpeEoCPKzQ.roa
Signing time: Mon 05 Jan 2026 13:06:38 +0000
ROA not before: Mon 05 Jan 2026 13:06:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 41296
IP address blocks: 5.159.248.0/21 maxlen: 21
5.159.252.0/24 maxlen: 24
193.32.57.0/24 maxlen: 24
193.41.225.0/24 maxlen: 24
194.24.168.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1e/c771c3-ca90-4fd2-99ac-04c82ed6ed4c/1/QftrFwgzUAawpqrGUL-v8_yNKSw.crl
rsync://rpki.ripe.net/repository/DEFAULT/1e/c771c3-ca90-4fd2-99ac-04c82ed6ed4c/1/QftrFwgzUAawpqrGUL-v8_yNKSw.mft
rsync://rpki.ripe.net/repository/DEFAULT/QftrFwgzUAawpqrGUL-v8_yNKSw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 10:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:8e:44:4a:a4:c4:36:e1:e1:3f:74:06:34:3f:bf:7b:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=41fb6b1708335006b0a6aac650bfaff3fc8d292c
Validity
Not Before: Jan 5 13:06:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4bdba7e3406096b443f28528470a5e12808f2b34
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:e5:31:47:76:5e:d2:a7:12:79:35:09:7a:0e:
ca:3e:b7:31:01:86:1b:db:49:d6:f6:8f:e5:36:28:
d6:ce:f3:17:f5:ac:f3:9c:d6:6e:cc:49:e5:ab:ac:
fa:a9:79:80:3d:4d:1b:0c:3d:c9:45:30:b6:42:73:
d4:31:69:67:54:99:dd:97:a4:90:82:4f:4e:4b:89:
69:f8:36:ea:ce:ff:c2:ec:60:eb:47:07:da:db:6f:
ca:24:0d:62:60:c0:80:c8:e3:19:03:3b:80:d3:8b:
1a:0c:d6:e6:27:49:2d:48:a1:ee:56:79:2a:7f:21:
f9:b5:40:ba:18:9d:77:1c:3b:8a:06:e3:50:7b:82:
f8:a4:a9:4c:03:60:31:4b:18:2d:ec:75:3b:95:10:
1e:00:7f:6b:9c:cb:f9:c4:89:be:b4:6d:f8:4c:fe:
1d:08:9f:53:21:2d:44:d0:74:98:f6:31:d5:ff:b1:
50:1f:83:f6:85:fa:05:30:1e:0d:78:54:76:f2:06:
ee:b0:b7:a7:0e:a6:6a:cc:68:25:f5:b2:3f:f5:f2:
3e:e1:cb:73:e5:a6:fa:b0:62:f1:c9:4e:ae:3f:14:
3d:72:c4:f9:bd:da:40:b9:71:fb:8d:a6:33:6d:3c:
db:f5:ee:d7:f0:0f:38:45:79:1f:0d:d4:4a:a7:8f:
ed:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:DB:A7:E3:40:60:96:B4:43:F2:85:28:47:0A:5E:12:80:8F:2B:34
X509v3 Authority Key Identifier:
keyid:41:FB:6B:17:08:33:50:06:B0:A6:AA:C6:50:BF:AF:F3:FC:8D:29:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QftrFwgzUAawpqrGUL-v8_yNKSw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/c771c3-ca90-4fd2-99ac-04c82ed6ed4c/1/S9un40BglrRD8oUoRwpeEoCPKzQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/c771c3-ca90-4fd2-99ac-04c82ed6ed4c/1/QftrFwgzUAawpqrGUL-v8_yNKSw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.159.248.0/21
193.32.57.0/24
193.41.225.0/24
194.24.168.0/23
Signature Algorithm: sha256WithRSAEncryption
0a:2d:20:cf:68:a4:9a:17:25:ca:09:39:3e:13:58:7c:43:cc:
91:58:d4:be:9e:a7:4a:17:88:9e:8b:6d:ec:3c:3b:86:85:ec:
46:45:d6:00:db:a2:5a:25:9e:e7:6a:7f:6f:7e:7e:0c:23:48:
4f:3d:26:2e:d0:98:ca:37:7b:fb:81:67:63:7d:2d:9c:de:a2:
4d:2c:8c:b7:65:3a:71:ce:30:30:c3:50:fa:70:cb:24:9f:1e:
52:30:48:e1:7a:d1:c0:41:1e:2c:c6:af:37:26:31:1b:44:6d:
cf:32:35:86:df:3f:b4:22:ee:f6:6e:92:06:3c:75:07:be:2f:
07:c5:16:0f:4b:15:80:c7:ce:73:06:04:f6:d8:42:a9:a8:d3:
8e:ed:57:8f:b7:74:f9:b1:c5:d9:5f:cd:df:44:5f:77:b0:82:
60:99:6d:2e:ec:0e:67:9c:b0:26:13:b7:bc:0e:ba:01:7b:b9:
c8:68:16:34:09:95:72:a2:15:f7:16:10:65:9b:52:62:b3:c5:
01:4a:17:6f:23:4b:2f:e4:a0:23:5d:c3:f4:d1:d4:c0:a1:58:
4d:bf:b1:9e:88:48:f5:ff:f9:95:d8:4c:c1:b7:6d:3d:5b:01:
c9:a5:7f:a1:33:5e:24:a9:0d:ec:c0:89:57:71:60:65:41:b1:
4e:4f:9a:4f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZuOREqkxDbh4T90BjQ/v3tbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZmI2YjE3MDgzMzUwMDZiMGE2YWFjNjUwYmZhZmYzZmM4
ZDI5MmMwHhcNMjYwMTA1MTMwNjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmRiYTdlMzQwNjA5NmI0NDNmMjg1Mjg0NzBhNWUxMjgwOGYyYjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuUxR3Ze0qcSeTUJeg7KPrcxAYYb
20nW9o/lNijWzvMX9azznNZuzEnlq6z6qXmAPU0bDD3JRTC2QnPUMWlnVJndl6SQ
gk9OS4lp+Dbqzv/C7GDrRwfa22/KJA1iYMCAyOMZAzuA04saDNbmJ0ktSKHuVnkq
fyH5tUC6GJ13HDuKBuNQe4L4pKlMA2AxSxgt7HU7lRAeAH9rnMv5xIm+tG34TP4d
CJ9TIS1E0HSY9jHV/7FQH4P2hfoFMB4NeFR28gbusLenDqZqzGgl9bI/9fI+4ctz
5ab6sGLxyU6uPxQ9csT5vdpAuXH7jaYzbTzb9e7X8A84RXkfDdRKp4/tqwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEvbp+NAYJa0Q/KFKEcKXhKAjys0MB8GA1UdIwQY
MBaAFEH7axcIM1AGsKaqxlC/r/P8jSksMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWZ0ckZ3Z3pVQWF3cHFyR1VMLXY4X3lOS1N3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9jNzcxYzMtY2E5MC00ZmQyLTk5YWMt
MDRjODJlZDZlZDRjLzEvUzl1bjQwQmdsclJEOG9Vb1J3cGVFb0NQS3pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9jNzcxYzMtY2E5MC00ZmQyLTk5YWMtMDRjODJlZDZlZDRj
LzEvUWZ0ckZ3Z3pVQWF3cHFyR1VMLXY4X3lOS1N3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDBZ/4AwQA
wSA5AwQAwSnhAwQBwhioMA0GCSqGSIb3DQEBCwUAA4IBAQAKLSDPaKSaFyXKCTk+
E1h8Q8yRWNS+nqdKF4iei23sPDuGhexGRdYA26JaJZ7nan9vfn4MI0hPPSYu0JjK
N3v7gWdjfS2c3qJNLIy3ZTpxzjAww1D6cMsknx5SMEjhetHAQR4sxq83JjEbRG3P
MjWG3z+0Iu72bpIGPHUHvi8HxRYPSxWAx85zBgT22EKpqNOO7VePt3T5scXZX83f
RF93sIJgmW0u7A5nnLAmE7e8DroBe7nIaBY0CZVyohX3FhBlm1Jis8UBShdvI0sv
5KAjXcP00dTAoVhNv7GeiEj1//mV2EzBt209WwHJpX+hM14kqQ3swIlXcWBlQbFO
T5pP
-----END CERTIFICATE-----
Generated at Mon Mar 2 17:19:49 2026 by rpki-client