Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/N07DYIFv3xqgyomuGHFgGcsx7lk.roa
File: N07DYIFv3xqgyomuGHFgGcsx7lk.roa (raw, json)
Hash identifier: fN+WhDdgQjJRbbGF33NE6ZNpEbEDoV3Db8A2xN59eWc=
Subject key identifier: 37:4E:C3:60:81:6F:DF:1A:A0:CA:89:AE:18:71:60:19:CB:31:EE:59
Certificate issuer: /CN=4ba7b24f87ea51446d519afd4fe60419198ec012
Certificate serial: 019D6B6C6991BC09B1B0CF66ED0092EB0602
Authority key identifier: 4B:A7:B2:4F:87:EA:51:44:6D:51:9A:FD:4F:E6:04:19:19:8E:C0:12
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S6eyT4fqUURtUZr9T-YEGRmOwBI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/N07DYIFv3xqgyomuGHFgGcsx7lk.roa
Signing time: Wed 08 Apr 2026 04:49:20 +0000
ROA not before: Wed 08 Apr 2026 04:49:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 49010
IP address blocks: 84.252.76.0/22 maxlen: 22
86.62.24.0/22 maxlen: 22
91.207.2.0/23 maxlen: 23
109.232.72.0/21 maxlen: 21
151.216.128.0/18 maxlen: 18
185.20.140.0/22 maxlen: 22
193.187.164.0/22 maxlen: 22
2a00:19f8::/32 maxlen: 32
2a09:5500::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/S6eyT4fqUURtUZr9T-YEGRmOwBI.crl
rsync://rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/S6eyT4fqUURtUZr9T-YEGRmOwBI.mft
rsync://rpki.ripe.net/repository/DEFAULT/S6eyT4fqUURtUZr9T-YEGRmOwBI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:6b:6c:69:91:bc:09:b1:b0:cf:66:ed:00:92:eb:06:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4ba7b24f87ea51446d519afd4fe60419198ec012
Validity
Not Before: Apr 8 04:49:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=374ec360816fdf1aa0ca89ae18716019cb31ee59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:ce:6e:12:6e:c4:fa:a8:5c:da:a3:3f:5c:90:
27:ab:f0:5e:e2:bb:cb:78:3d:a5:04:a6:de:c0:d1:
27:e8:1a:21:02:50:cd:80:6f:b2:37:d5:7e:f3:ea:
0a:25:7c:33:43:7e:22:eb:b1:d5:b3:29:38:10:39:
29:03:41:40:e0:86:1e:21:11:5c:e8:6f:ee:98:0d:
4a:ec:9f:b3:79:6f:c3:28:4f:77:7d:a5:36:75:3e:
ad:b9:eb:6e:8a:12:2a:32:a3:12:74:5c:23:e9:5e:
77:d8:62:07:43:9c:a5:9f:62:4f:b5:8a:64:47:a4:
b1:a2:8a:b0:5f:74:70:31:09:ad:c3:ae:47:59:d2:
6a:87:6a:fb:47:70:6f:22:1c:79:87:1e:55:27:93:
9c:f2:6e:54:0e:97:be:b1:33:81:38:ba:b1:93:32:
5e:2c:bc:cd:78:23:4d:b6:28:dc:d3:fe:57:fe:19:
5a:6a:7b:57:4d:69:43:bb:71:60:1b:ef:f0:32:87:
c8:2c:fd:a1:52:2e:12:ff:6c:74:e8:ca:d7:d7:97:
62:bf:b1:42:be:c5:37:b9:e1:4f:58:fb:33:30:3b:
d0:f0:99:ad:d3:87:af:55:e3:6b:df:c2:3e:98:98:
4c:4b:40:2f:cf:6d:10:a5:d3:4f:4c:04:c3:9e:31:
74:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:4E:C3:60:81:6F:DF:1A:A0:CA:89:AE:18:71:60:19:CB:31:EE:59
X509v3 Authority Key Identifier:
keyid:4B:A7:B2:4F:87:EA:51:44:6D:51:9A:FD:4F:E6:04:19:19:8E:C0:12
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S6eyT4fqUURtUZr9T-YEGRmOwBI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/N07DYIFv3xqgyomuGHFgGcsx7lk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/S6eyT4fqUURtUZr9T-YEGRmOwBI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.252.76.0/22
86.62.24.0/22
91.207.2.0/23
109.232.72.0/21
151.216.128.0/18
185.20.140.0/22
193.187.164.0/22
IPv6:
2a00:19f8::/32
2a09:5500::/29
Signature Algorithm: sha256WithRSAEncryption
4a:8c:69:66:26:5a:75:6b:f7:7c:aa:ac:a5:50:16:2b:f2:b8:
09:10:0e:b6:84:ce:94:28:af:42:28:14:19:c4:27:5e:b1:ca:
14:3f:e0:53:a0:8c:6f:a8:15:37:f4:eb:a9:12:ef:55:1c:ec:
d0:e6:0b:b1:55:cc:37:d9:26:44:48:13:a3:cc:ac:19:d6:22:
42:15:cd:8a:5b:01:f5:a5:0b:44:3d:24:5a:fc:3f:ca:85:5d:
d5:47:64:f8:eb:33:83:0e:7d:4b:77:b8:9a:aa:cb:68:bd:7c:
91:5f:72:f7:a2:39:47:41:5d:97:06:f6:68:f7:b0:8a:9f:00:
09:b1:7b:56:23:09:90:f8:78:71:ea:cd:79:a1:ea:78:dc:fd:
43:b0:cf:89:ca:01:65:39:b8:0e:1c:58:09:a3:8e:b7:3a:18:
55:82:77:5f:62:b0:a9:7a:25:61:41:1a:ae:30:05:cb:fa:47:
cd:0e:ed:66:11:fb:4f:99:e5:b5:13:42:50:ce:90:bb:84:a0:
82:02:6b:cc:27:b8:9e:0b:a7:bf:ce:17:ea:31:61:d7:e7:be:
99:14:f4:fc:ae:83:35:19:b8:dd:f9:6b:4e:52:58:26:c0:c2:
bb:11:79:fa:15:b3:2d:25:80:fe:f7:69:4e:1a:78:5f:6f:ab:
9c:85:86:2e
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZ1rbGmRvAmxsM9m7QCS6wYCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiYTdiMjRmODdlYTUxNDQ2ZDUxOWFmZDRmZTYwNDE5MTk4
ZWMwMTIwHhcNMjYwNDA4MDQ0OTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzRlYzM2MDgxNmZkZjFhYTBjYTg5YWUxODcxNjAxOWNiMzFlZTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus5uEm7E+qhc2qM/XJAnq/Be4rvL
eD2lBKbewNEn6BohAlDNgG+yN9V+8+oKJXwzQ34i67HVsyk4EDkpA0FA4IYeIRFc
6G/umA1K7J+zeW/DKE93faU2dT6tuetuihIqMqMSdFwj6V532GIHQ5yln2JPtYpk
R6SxooqwX3RwMQmtw65HWdJqh2r7R3BvIhx5hx5VJ5Oc8m5UDpe+sTOBOLqxkzJe
LLzNeCNNtijc0/5X/hlaantXTWlDu3FgG+/wMofILP2hUi4S/2x06MrX15div7FC
vsU3ueFPWPszMDvQ8Jmt04evVeNr38I+mJhMS0Avz20QpdNPTATDnjF00wIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFDdOw2CBb98aoMqJrhhxYBnLMe5ZMB8GA1UdIwQY
MBaAFEunsk+H6lFEbVGa/U/mBBkZjsASMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzZleVQ0ZnFVVVJ0VVpyOVQtWUVHUm1Pd0JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi8zMWZkZWQtNmZkZS00NWNlLWIzNTgt
YTI2ODg5ZWUyMmMyLzEvTjA3RFlJRnYzeHFneW9tdUdIRmdHY3N4N2xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi8zMWZkZWQtNmZkZS00NWNlLWIzNTgtYTI2ODg5ZWUyMmMy
LzEvUzZleVQ0ZnFVVVJ0VVpyOVQtWUVHUm1Pd0JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQCVPxMAwQC
Vj4YAwQBW88CAwQDbehIAwQGl9iAAwQCuRSMAwQCwbukMBQEAgACMA4DBQAqABn4
AwUDKglVADANBgkqhkiG9w0BAQsFAAOCAQEASoxpZiZadWv3fKqspVAWK/K4CRAO
toTOlCivQigUGcQnXrHKFD/gU6CMb6gVN/TrqRLvVRzs0OYLsVXMN9kmREgTo8ys
GdYiQhXNilsB9aULRD0kWvw/yoVd1Udk+Oszgw59S3e4mqrLaL18kV9y96I5R0Fd
lwb2aPewip8ACbF7ViMJkPh4cerNeaHqeNz9Q7DPicoBZTm4DhxYCaOOtzoYVYJ3
X2KwqXolYUEarjAFy/pHzQ7tZhH7T5nltRNCUM6Qu4SgggJrzCe4ngunv84X6jFh
1+e+mRT0/K6DNRm43flrTlJYJsDCuxF5+hWzLSWA/vdpThp4X2+rnIWGLg==
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:11:50 2026 by rpki-client