Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/FKKjc28_cZwUJO1xCAUbMduAXKU.roa
File: FKKjc28_cZwUJO1xCAUbMduAXKU.roa (raw, json)
Hash identifier: 9j1ZvxIboMGFHG2XPsMZZrpotaMyXcob7hVQ+vW8T/E=
Subject key identifier: 14:A2:A3:73:6F:3F:71:9C:14:24:ED:71:08:05:1B:31:DB:80:5C:A5
Certificate issuer: /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial: 019D346352BC807F2D9A394E1E923D772143
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/FKKjc28_cZwUJO1xCAUbMduAXKU.roa
Signing time: Sat 28 Mar 2026 12:20:17 +0000
ROA not before: Sat 28 Mar 2026 12:20:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 44208
IP address blocks: 31.170.48.0/23 maxlen: 23
31.170.50.0/23 maxlen: 23
31.170.52.0/23 maxlen: 23
31.170.54.0/24 maxlen: 24
31.170.55.0/24 maxlen: 24
31.170.56.0/23 maxlen: 23
31.170.58.0/23 maxlen: 23
31.170.60.0/22 maxlen: 22
37.49.148.0/24 maxlen: 24
94.74.128.0/23 maxlen: 23
94.74.128.0/24 maxlen: 24
94.74.129.0/24 maxlen: 24
94.74.130.0/23 maxlen: 23
94.74.132.0/22 maxlen: 22
94.74.136.0/24 maxlen: 24
94.74.138.0/23 maxlen: 23
94.74.141.0/24 maxlen: 24
94.74.142.0/23 maxlen: 23
94.74.144.0/24 maxlen: 24
94.74.146.0/24 maxlen: 24
94.74.148.0/23 maxlen: 23
94.74.150.0/23 maxlen: 23
94.74.152.0/22 maxlen: 22
94.74.160.0/22 maxlen: 22
94.74.165.0/24 maxlen: 24
94.74.166.0/23 maxlen: 23
94.74.168.0/23 maxlen: 24
94.74.170.0/24 maxlen: 24
94.74.172.0/24 maxlen: 24
94.74.174.0/23 maxlen: 23
94.74.176.0/22 maxlen: 22
94.74.180.0/23 maxlen: 23
94.74.182.0/23 maxlen: 23
94.74.186.0/23 maxlen: 23
94.74.188.0/23 maxlen: 23
94.74.190.0/24 maxlen: 24
94.74.191.0/24 maxlen: 24
176.46.134.0/24 maxlen: 24
176.46.138.0/23 maxlen: 23
176.46.141.0/24 maxlen: 24
176.46.144.0/24 maxlen: 24
176.46.147.0/24 maxlen: 24
176.46.148.0/23 maxlen: 23
176.46.152.0/22 maxlen: 22
176.46.156.0/23 maxlen: 23
176.46.158.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 02:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:34:63:52:bc:80:7f:2d:9a:39:4e:1e:92:3d:77:21:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Validity
Not Before: Mar 28 12:20:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=14a2a3736f3f719c1424ed7108051b31db805ca5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:de:95:6b:3b:31:8e:ae:83:50:6c:89:31:dd:
00:59:98:0c:40:4d:dd:bd:e2:b4:22:b5:28:18:0f:
3b:c8:ac:dc:eb:bd:99:d5:67:0f:10:da:b1:a5:f3:
ad:2e:3c:93:47:e6:c6:33:db:8a:94:15:d7:7e:60:
9f:45:35:e9:0a:fe:23:f3:af:25:70:f3:46:22:fa:
6b:77:9c:8b:32:fa:5b:b8:c4:f5:a7:3c:c2:47:7f:
4c:2b:67:1f:7c:bb:39:46:a6:99:cc:e5:67:3f:ce:
22:df:00:eb:93:8a:81:3a:c6:66:0e:64:81:78:75:
36:13:49:63:83:ac:31:a8:fb:6e:5b:c1:97:90:7f:
57:18:b1:9d:a7:ac:f2:a7:5d:79:fa:3c:66:16:43:
e4:8e:b1:d5:e6:55:66:5f:8d:59:7e:a2:77:56:fa:
ab:4d:75:bb:3a:da:58:75:d9:a7:e9:40:ed:08:3e:
82:cd:78:a5:d0:88:c9:0c:1e:db:e8:80:c3:f3:2b:
eb:df:12:1b:c4:0a:f5:56:eb:94:19:ed:5a:ad:7d:
45:36:97:e4:ac:20:a7:71:ad:b2:e5:89:ee:04:ba:
5d:5e:09:8b:8a:e3:bd:a7:af:1b:4e:89:7c:06:94:
cd:ac:8a:5c:6c:26:be:b2:d4:65:99:db:91:c4:f0:
84:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:A2:A3:73:6F:3F:71:9C:14:24:ED:71:08:05:1B:31:DB:80:5C:A5
X509v3 Authority Key Identifier:
keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/FKKjc28_cZwUJO1xCAUbMduAXKU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.170.48.0/20
37.49.148.0/24
94.74.128.0-94.74.136.255
94.74.138.0/23
94.74.141.0-94.74.144.255
94.74.146.0/24
94.74.148.0-94.74.155.255
94.74.160.0/22
94.74.165.0-94.74.170.255
94.74.172.0/24
94.74.174.0-94.74.183.255
94.74.186.0-94.74.191.255
176.46.134.0/24
176.46.138.0/23
176.46.141.0/24
176.46.144.0/24
176.46.147.0-176.46.149.255
176.46.152.0-176.46.158.255
Signature Algorithm: sha256WithRSAEncryption
33:0d:2b:f6:c8:80:d2:33:bb:b9:e0:48:0a:1c:d0:c0:de:51:
50:e7:9f:ee:3b:1c:00:00:b7:8d:ae:e4:61:bf:00:38:3a:9e:
46:c1:b7:02:79:e6:1e:29:3e:ef:20:6c:c6:77:01:6f:c3:30:
cf:20:b2:33:1d:fb:7e:d2:5b:cf:ac:57:b0:0e:91:08:3e:f3:
f6:50:02:d8:7d:04:9b:8c:ac:2b:0d:f6:8b:bc:f1:db:01:69:
61:54:ad:94:a8:06:b4:6e:8a:b8:6f:d2:ec:89:64:b1:07:c9:
09:6e:2c:0d:10:a4:78:03:df:ef:35:01:fc:8b:88:3a:3d:4b:
b5:cb:5d:14:a1:64:0d:84:86:55:a1:99:0f:8b:53:a4:59:8f:
cd:be:89:04:ce:53:8c:79:9c:bf:d4:89:c2:43:96:86:30:41:
22:10:15:c2:54:a6:aa:3a:5d:0b:5e:a7:1c:64:bf:d3:70:53:
52:1c:e0:a4:e6:62:59:14:7e:10:8b:0a:ab:fa:c1:03:62:16:
f8:82:df:3d:f0:b2:2a:59:26:5d:46:5f:f4:48:c9:50:bc:e8:
eb:c8:ae:cf:79:a9:d8:d1:28:c0:10:12:3a:e7:11:01:ff:a7:
58:2e:2d:32:61:5b:bd:cd:2a:68:08:0f:4c:1d:d4:4e:cf:0f:
54:9e:e9:0f
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgISAZ00Y1K8gH8tmjlOHpI9dyFDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjYwMzI4MTIyMDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGEyYTM3MzZmM2Y3MTljMTQyNGVkNzEwODA1MWIzMWRiODA1Y2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn96Vazsxjq6DUGyJMd0AWZgMQE3d
veK0IrUoGA87yKzc672Z1WcPENqxpfOtLjyTR+bGM9uKlBXXfmCfRTXpCv4j868l
cPNGIvprd5yLMvpbuMT1pzzCR39MK2cffLs5RqaZzOVnP84i3wDrk4qBOsZmDmSB
eHU2E0ljg6wxqPtuW8GXkH9XGLGdp6zyp115+jxmFkPkjrHV5lVmX41ZfqJ3Vvqr
TXW7OtpYddmn6UDtCD6CzXil0IjJDB7b6IDD8yvr3xIbxAr1VuuUGe1arX1FNpfk
rCCnca2y5YnuBLpdXgmLiuO9p68bTol8BpTNrIpcbCa+stRlmduRxPCEAQIDAQAB
o4ICtDCCArAwHQYDVR0OBBYEFBSio3NvP3GcFCTtcQgFGzHbgFylMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvRktLamMyOF9jWndVSk8xeENBVWJNZHVBWEtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHJBggrBgEFBQcBBwEB/wSBuTCBtjCBswQCAAEwgawDBAQf
qjADBAAlMZQwDAMEB15KgAMEAF5KiAMEAV5KijAMAwQAXkqNAwQAXkqQAwQAXkqS
MAwDBAJeSpQDBAJeSpgDBAJeSqAwDAMEAF5KpQMEAF5KqgMEAF5KrDAMAwQBXkqu
AwQDXkqwMAwDBAFeSroDBAZeSoADBACwLoYDBAGwLooDBACwLo0DBACwLpAwDAME
ALAukwMEAbAulDAMAwQDsC6YAwQAsC6eMA0GCSqGSIb3DQEBCwUAA4IBAQAzDSv2
yIDSM7u54EgKHNDA3lFQ55/uOxwAALeNruRhvwA4Op5GwbcCeeYeKT7vIGzGdwFv
wzDPILIzHft+0lvPrFewDpEIPvP2UALYfQSbjKwrDfaLvPHbAWlhVK2UqAa0boq4
b9LsiWSxB8kJbiwNEKR4A9/vNQH8i4g6PUu1y10UoWQNhIZVoZkPi1OkWY/NvokE
zlOMeZy/1InCQ5aGMEEiEBXCVKaqOl0LXqccZL/TcFNSHOCk5mJZFH4Qiwqr+sED
Yhb4gt898LIqWSZdRl/0SMlQvOjryK7PeanY0SjAEBI65xEB/6dYLi0yYVu9zSpo
CA9MHdROzw9UnukP
-----END CERTIFICATE-----
Generated at Sun Apr 19 08:48:20 2026 by rpki-client