Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/1nfCihSTwlJIQ4nvsiCslekY7NM.roa
File: 1nfCihSTwlJIQ4nvsiCslekY7NM.roa (raw, json)
Hash identifier: 4kEXXYbaPTR9rMQ4lw9zYV/v1K+AlDu09MYuRsUIkjU=
Subject key identifier: D6:77:C2:8A:14:93:C2:52:48:43:89:EF:B2:20:AC:95:E9:18:EC:D3
Certificate issuer: /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial: 019CA8AC8F31142852124BC5E74018A65292
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/1nfCihSTwlJIQ4nvsiCslekY7NM.roa
Signing time: Sun 01 Mar 2026 09:13:26 +0000
ROA not before: Sun 01 Mar 2026 09:13:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 205960
IP address blocks: 2.59.152.0/22 maxlen: 22
2.59.152.0/24 maxlen: 24
2.59.153.0/24 maxlen: 24
2.59.154.0/24 maxlen: 24
45.91.224.0/22 maxlen: 22
45.91.225.0/24 maxlen: 24
45.91.226.0/24 maxlen: 24
45.91.227.0/24 maxlen: 24
45.142.152.0/22 maxlen: 22
91.204.224.0/22 maxlen: 22
91.204.224.0/24 maxlen: 24
91.204.225.0/24 maxlen: 24
91.204.226.0/24 maxlen: 24
91.204.227.0/24 maxlen: 24
185.202.100.0/22 maxlen: 22
185.202.101.0/24 maxlen: 24
185.202.103.0/24 maxlen: 24
193.239.150.0/23 maxlen: 23
193.239.150.0/24 maxlen: 24
193.239.151.0/24 maxlen: 24
193.239.154.0/23 maxlen: 23
193.239.154.0/24 maxlen: 24
194.126.202.0/24 maxlen: 24
194.126.215.0/24 maxlen: 24
194.126.219.0/24 maxlen: 24
194.126.227.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl
rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.mft
rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:a8:ac:8f:31:14:28:52:12:4b:c5:e7:40:18:a6:52:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
Validity
Not Before: Mar 1 09:13:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d677c28a1493c252484389efb220ac95e918ecd3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:99:01:0c:50:3d:8a:ad:61:c8:ef:1e:80:84:
87:ee:f1:23:c3:6d:b4:15:65:58:01:46:2a:6e:19:
72:d1:f3:9f:10:fd:a5:50:fb:d4:2e:e4:68:a2:1a:
8b:23:6b:07:83:f3:66:4c:c3:66:c2:05:70:e8:c4:
8c:cb:69:4c:3e:fb:95:6c:b9:93:95:b0:65:a4:3e:
29:61:85:b2:08:7f:97:ef:f7:58:4f:65:4c:8d:ae:
a2:bc:27:29:cd:32:38:8b:7f:13:18:37:0e:51:c1:
33:6d:59:8b:f2:48:20:25:b7:1d:91:5d:90:83:c2:
74:b6:46:36:ca:36:7c:04:65:41:fc:80:8d:24:77:
2b:bd:d0:e8:50:df:82:1a:1e:da:95:7e:ce:14:2d:
7f:2a:bc:34:e6:49:37:5c:30:b6:92:37:d4:f7:dd:
e8:53:8b:68:0d:36:31:bb:df:ca:fb:39:85:e3:83:
82:ee:ff:1f:e1:56:4e:cd:75:d5:7d:5f:4d:e8:0a:
58:38:5d:5f:01:eb:e5:a1:2b:01:b1:da:2d:17:2d:
4b:11:02:a8:28:89:68:66:c8:3d:b9:71:b4:19:55:
48:2f:3e:d9:ec:fd:54:c3:45:dc:ba:bc:ac:23:37:
e1:78:6a:2a:77:bc:f0:d9:9f:bd:74:7b:f7:12:92:
b5:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:77:C2:8A:14:93:C2:52:48:43:89:EF:B2:20:AC:95:E9:18:EC:D3
X509v3 Authority Key Identifier:
keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/1nfCihSTwlJIQ4nvsiCslekY7NM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.152.0/22
45.91.224.0/22
45.142.152.0/22
91.204.224.0/22
185.202.100.0/22
193.239.150.0/23
193.239.154.0/23
194.126.202.0/24
194.126.215.0/24
194.126.219.0/24
194.126.227.0/24
Signature Algorithm: sha256WithRSAEncryption
30:d6:55:39:fc:14:31:cf:9e:ed:f8:de:ae:e5:3b:3e:b4:5c:
8b:7f:42:73:1a:a1:90:86:0c:bc:9e:19:44:1e:7a:67:93:6e:
02:2a:79:ad:29:aa:23:cd:b2:35:5f:49:06:da:c6:75:41:25:
fe:a4:72:68:e0:16:e1:bb:dd:bd:77:9b:38:43:3a:6e:d2:f9:
07:41:3d:03:7d:d4:fd:5f:e1:84:66:2a:30:41:b1:86:ac:80:
3f:d2:d4:05:10:f4:aa:5e:4c:e7:9d:4b:0d:a4:97:21:d1:1a:
96:02:0a:60:1e:f2:e8:b8:8e:5b:a7:7d:22:b0:83:14:b2:f3:
42:e9:0a:63:36:2f:28:40:df:a0:96:89:b6:6d:d2:18:73:4a:
d3:00:9d:21:97:49:b2:61:6d:ca:f7:d9:ca:1e:23:08:0c:e8:
a7:45:69:15:eb:0e:f0:e5:9e:42:1f:0e:14:b1:13:eb:a4:af:
61:36:b0:6a:9f:54:ff:2b:55:4f:b0:9d:45:02:55:11:c9:96:
74:16:01:95:a6:d0:fa:74:29:31:5a:30:4c:f4:69:b4:06:12:
6e:28:c9:e2:d4:2e:cf:f6:6e:ec:c8:0d:e0:e2:b5:ae:c6:ec:
f4:e8:cd:0f:dc:44:44:3f:93:d4:61:38:bd:8c:de:dc:27:f3:
52:72:2c:57
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZyorI8xFChSEkvF50AYplKSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjYwMzAxMDkxMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjc3YzI4YTE0OTNjMjUyNDg0Mzg5ZWZiMjIwYWM5NWU5MThlY2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspkBDFA9iq1hyO8egISH7vEjw220
FWVYAUYqbhly0fOfEP2lUPvULuRoohqLI2sHg/NmTMNmwgVw6MSMy2lMPvuVbLmT
lbBlpD4pYYWyCH+X7/dYT2VMja6ivCcpzTI4i38TGDcOUcEzbVmL8kggJbcdkV2Q
g8J0tkY2yjZ8BGVB/ICNJHcrvdDoUN+CGh7alX7OFC1/Krw05kk3XDC2kjfU993o
U4toDTYxu9/K+zmF44OC7v8f4VZOzXXVfV9N6ApYOF1fAevloSsBsdotFy1LEQKo
KIloZsg9uXG0GVVILz7Z7P1Uw0XcurysIzfheGoqd7zw2Z+9dHv3EpK1BQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFNZ3wooUk8JSSEOJ77IgrJXpGOzTMB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEvMW5mQ2loU1R3bEpJUTRudnNpQ3NsZWtZN05NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQCAjuYAwQC
LVvgAwQCLY6YAwQCW8zgAwQCucpkAwQBwe+WAwQBwe+aAwQAwn7KAwQAwn7XAwQA
wn7bAwQAwn7jMA0GCSqGSIb3DQEBCwUAA4IBAQAw1lU5/BQxz57t+N6u5Ts+tFyL
f0JzGqGQhgy8nhlEHnpnk24CKnmtKaojzbI1X0kG2sZ1QSX+pHJo4Bbhu929d5s4
Qzpu0vkHQT0DfdT9X+GEZiowQbGGrIA/0tQFEPSqXkznnUsNpJch0RqWAgpgHvLo
uI5bp30isIMUsvNC6QpjNi8oQN+glom2bdIYc0rTAJ0hl0myYW3K99nKHiMIDOin
RWkV6w7w5Z5CHw4UsRPrpK9hNrBqn1T/K1VPsJ1FAlURyZZ0FgGVptD6dCkxWjBM
9Gm0BhJuKMni1C7P9m7syA3g4rWuxuz06M0P3EREP5PUYTi9jN7cJ/NScixX
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:28:46 2026 by rpki-client