Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/X1sqaOrwTlRea4PTO-bEVyyZxO4.roa
File: X1sqaOrwTlRea4PTO-bEVyyZxO4.roa (raw, json)
Hash identifier: 4Hp7TjPy2qpQAZmmlctfISCQD880xKjDbZIgwRkmGhg=
Subject key identifier: 5F:5B:2A:68:EA:F0:4E:54:5E:6B:83:D3:3B:E6:C4:57:2C:99:C4:EE
Certificate issuer: /CN=5270786f17c41bd01626f72db239f208b5189bb0
Certificate serial: 019B7EA74350BB731EDD139C41B64880E23C
Authority key identifier: 52:70:78:6F:17:C4:1B:D0:16:26:F7:2D:B2:39:F2:08:B5:18:9B:B0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UnB4bxfEG9AWJvctsjnyCLUYm7A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/X1sqaOrwTlRea4PTO-bEVyyZxO4.roa
Signing time: Fri 02 Jan 2026 12:20:49 +0000
ROA not before: Fri 02 Jan 2026 12:20:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 34814
IP address blocks: 193.0.204.0/22 maxlen: 24
193.46.201.0/24 maxlen: 24
195.191.58.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/UnB4bxfEG9AWJvctsjnyCLUYm7A.crl
rsync://rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/UnB4bxfEG9AWJvctsjnyCLUYm7A.mft
rsync://rpki.ripe.net/repository/DEFAULT/UnB4bxfEG9AWJvctsjnyCLUYm7A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7e:a7:43:50:bb:73:1e:dd:13:9c:41:b6:48:80:e2:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5270786f17c41bd01626f72db239f208b5189bb0
Validity
Not Before: Jan 2 12:20:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5f5b2a68eaf04e545e6b83d33be6c4572c99c4ee
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:0b:79:d9:d6:ef:46:8c:16:9d:ac:ed:08:f9:
9a:9c:f2:a4:12:1a:fe:82:c1:45:9b:a5:f1:9d:21:
64:f2:5c:94:52:7b:8f:c9:e0:5e:e3:79:d9:52:ac:
e5:d5:14:e1:84:2c:d2:fe:c1:6f:9b:e3:57:c7:c4:
e4:e5:f2:69:f9:d8:fa:dc:dc:2c:38:72:b4:9c:14:
57:fd:7e:30:e4:c0:59:38:76:9f:71:18:84:b3:7b:
bc:2f:16:50:fd:25:ab:a7:63:64:99:86:e8:13:c8:
d9:d1:3e:a8:9a:68:36:15:0e:1c:c2:ec:26:db:6f:
ac:a3:b7:d5:fe:00:c5:5c:17:a4:cb:de:67:86:f3:
e2:2b:41:bf:4f:07:89:79:24:30:78:bd:45:1f:3c:
23:cd:e2:df:29:fa:98:4c:18:75:fd:c2:0c:f6:26:
c5:18:8f:0d:1a:63:be:d8:c4:45:2f:77:5e:17:ef:
52:87:aa:9a:d4:b4:9f:0c:e8:56:4b:74:ff:37:9e:
44:8b:fa:be:36:07:e6:fb:b8:6f:5b:11:0a:dc:dc:
bc:40:60:d5:30:8e:08:93:00:16:8c:fa:d1:df:e3:
50:1d:a9:e9:c7:f2:5f:15:8a:a9:b7:be:51:67:a8:
3c:8b:ac:50:44:aa:b0:f4:7b:43:f5:56:2b:b7:8e:
5f:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:5B:2A:68:EA:F0:4E:54:5E:6B:83:D3:3B:E6:C4:57:2C:99:C4:EE
X509v3 Authority Key Identifier:
keyid:52:70:78:6F:17:C4:1B:D0:16:26:F7:2D:B2:39:F2:08:B5:18:9B:B0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UnB4bxfEG9AWJvctsjnyCLUYm7A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/X1sqaOrwTlRea4PTO-bEVyyZxO4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/UnB4bxfEG9AWJvctsjnyCLUYm7A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.204.0/22
193.46.201.0/24
195.191.58.0/23
Signature Algorithm: sha256WithRSAEncryption
a4:b1:80:5d:14:b7:42:23:af:aa:e2:55:cd:9b:67:be:2b:3d:
53:df:2d:26:a2:c7:12:b2:43:3f:97:c4:bf:8f:a8:3f:e4:8d:
13:8b:9e:ef:0d:56:18:f0:fc:ae:a0:f8:3d:b8:2f:28:ae:fa:
e7:9a:34:98:86:7b:ce:c3:42:88:ac:9f:f4:b6:a2:86:6d:1d:
1d:c4:8f:65:5e:06:67:c0:e2:f1:1c:10:20:82:fb:fe:49:5d:
8d:c4:35:62:c9:e0:f0:a3:98:5a:1b:6d:14:33:05:45:ff:83:
e0:9d:68:f8:19:62:b6:14:5b:19:89:f2:bb:86:bf:a7:de:ee:
a8:8b:0c:4a:21:ec:1f:f2:ec:6a:e4:6a:2c:0b:6e:9d:76:20:
d4:0a:56:77:15:26:19:70:00:b5:e2:a6:dc:77:9f:4b:43:3d:
5b:cc:22:69:9e:e7:16:f0:0d:54:c5:5e:57:1e:64:83:45:d8:
38:a3:e0:65:ae:f7:34:6a:fd:c5:d4:72:7e:c1:00:b1:99:d8:
cb:e1:c6:cc:44:dd:8b:03:f8:88:e3:7a:d3:63:7e:07:71:f2:
7f:1a:6d:4d:c9:1b:9a:10:b2:f3:20:a9:90:4d:2b:4a:54:02:
37:53:3d:17:5a:03:fe:78:9e:00:a9:32:0b:21:9f:90:3d:65:
36:f7:77:89
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt+p0NQu3Me3ROcQbZIgOI8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNzA3ODZmMTdjNDFiZDAxNjI2ZjcyZGIyMzlmMjA4YjUx
ODliYjAwHhcNMjYwMTAyMTIyMDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjViMmE2OGVhZjA0ZTU0NWU2YjgzZDMzYmU2YzQ1NzJjOTljNGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwt52dbvRowWnaztCPmanPKkEhr+
gsFFm6XxnSFk8lyUUnuPyeBe43nZUqzl1RThhCzS/sFvm+NXx8Tk5fJp+dj63Nws
OHK0nBRX/X4w5MBZOHafcRiEs3u8LxZQ/SWrp2NkmYboE8jZ0T6ommg2FQ4cwuwm
22+so7fV/gDFXBeky95nhvPiK0G/TweJeSQweL1FHzwjzeLfKfqYTBh1/cIM9ibF
GI8NGmO+2MRFL3deF+9Sh6qa1LSfDOhWS3T/N55Ei/q+Ngfm+7hvWxEK3Ny8QGDV
MI4IkwAWjPrR3+NQHanpx/JfFYqpt75RZ6g8i6xQRKqw9HtD9VYrt45ffwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFF9bKmjq8E5UXmuD0zvmxFcsmcTuMB8GA1UdIwQY
MBaAFFJweG8XxBvQFib3LbI58gi1GJuwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW5CNGJ4ZkVHOUFXSnZjdHNqbnlDTFVZbTdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC85ZDQzY2ItODQxYy00MGYyLTlkOWYt
NzVmNDdmMDdjNGUzLzEvWDFzcWFPcndUbFJlYTRQVE8tYkVWeXlaeE80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC85ZDQzY2ItODQxYy00MGYyLTlkOWYtNzVmNDdmMDdjNGUz
LzEvVW5CNGJ4ZkVHOUFXSnZjdHNqbnlDTFVZbTdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCwQDMAwQA
wS7JAwQBw786MA0GCSqGSIb3DQEBCwUAA4IBAQCksYBdFLdCI6+q4lXNm2e+Kz1T
3y0moscSskM/l8S/j6g/5I0Ti57vDVYY8PyuoPg9uC8orvrnmjSYhnvOw0KIrJ/0
tqKGbR0dxI9lXgZnwOLxHBAggvv+SV2NxDViyeDwo5haG20UMwVF/4PgnWj4GWK2
FFsZifK7hr+n3u6oiwxKIewf8uxq5GosC26ddiDUClZ3FSYZcAC14qbcd59LQz1b
zCJpnucW8A1UxV5XHmSDRdg4o+Blrvc0av3F1HJ+wQCxmdjL4cbMRN2LA/iI43rT
Y34HcfJ/Gm1NyRuaELLzIKmQTStKVAI3Uz0XWgP+eJ4AqTILIZ+QPWU293eJ
-----END CERTIFICATE-----
Generated at Mon Mar 2 08:22:42 2026 by rpki-client