Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3IhQ9wCG2kFgIc1sRSmFBXb-ZM8.roa
File: 3IhQ9wCG2kFgIc1sRSmFBXb-ZM8.roa (raw, json)
Hash identifier: EnSG/XC3DgOI7LrlldCKIVaACW2nlS27dHb6c+JrbfU=
Subject key identifier: DC:88:50:F7:00:86:DA:41:60:21:CD:6C:45:29:85:05:76:FE:64:CF
Certificate issuer: /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial: 019D69395D7169A4F8912EE363E0B604113E
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3IhQ9wCG2kFgIc1sRSmFBXb-ZM8.roa
Signing time: Tue 07 Apr 2026 18:34:20 +0000
ROA not before: Tue 07 Apr 2026 18:34:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 42821
IP address blocks: 77.90.128.0/24 maxlen: 24
77.90.129.0/24 maxlen: 24
77.90.130.0/24 maxlen: 24
77.90.132.0/24 maxlen: 24
77.90.133.0/24 maxlen: 24
77.90.134.0/24 maxlen: 24
77.90.136.0/24 maxlen: 24
77.90.137.0/24 maxlen: 24
77.90.139.0/24 maxlen: 24
77.90.140.0/24 maxlen: 24
77.90.143.0/24 maxlen: 24
77.90.144.0/24 maxlen: 24
77.90.146.0/24 maxlen: 24
77.90.147.0/24 maxlen: 24
213.209.138.0/24 maxlen: 24
2a04:29c2::/32 maxlen: 32
2a04:29c7::/32 maxlen: 32
2a04:29c7:1280:24::/64 maxlen: 64
2a04:29c7:1280:27::/64 maxlen: 64
2a04:29c7:1290:24::/64 maxlen: 64
2a04:29c7:1300:24::/64 maxlen: 64
2a04:29c7:1371:6027::/64 maxlen: 64
2a04:29c7:1420::/48 maxlen: 48
2a04:29c7:1880:24::/64 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:69:39:5d:71:69:a4:f8:91:2e:e3:63:e0:b6:04:11:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Validity
Not Before: Apr 7 18:34:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=dc8850f70086da416021cd6c4529850576fe64cf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:47:a2:b7:cb:bd:d7:d8:a1:98:4b:40:a0:b2:
2a:21:13:f7:b5:c6:96:e2:c3:bc:d8:8f:6a:fb:51:
5e:91:05:7c:6e:5b:6c:75:18:cd:46:4d:82:8e:13:
b1:30:b6:1e:f0:e4:07:7b:9f:65:2e:50:28:28:e9:
85:2e:be:38:e6:64:dc:b2:f0:d5:42:5a:21:72:b1:
21:88:86:b5:e2:99:c6:de:50:0e:c3:21:31:7c:ce:
4e:ab:2f:11:b7:78:e5:64:bb:5f:3d:58:6f:08:e2:
b3:56:e7:3c:f0:2f:d6:9a:fd:4f:49:5d:30:67:9d:
01:ab:0a:8a:26:1a:0d:bb:7a:32:68:d5:cc:b6:21:
f4:09:cc:65:c6:16:c6:94:e7:d2:2e:74:e1:84:e8:
33:53:ad:b2:e8:66:8e:de:34:d2:e3:7a:97:e9:f4:
cc:5e:dd:d6:8d:af:f9:77:91:8d:cc:93:12:4c:15:
44:67:7f:72:4f:73:33:be:16:74:98:1a:4a:97:6a:
cb:84:1d:d0:a8:16:39:3a:c9:c0:ef:03:f3:2d:9b:
e0:10:1a:a7:56:7d:38:91:85:e4:03:bf:e8:cf:f2:
ba:88:b0:75:8d:00:56:fe:3f:4d:a5:82:6b:00:29:
67:e1:ef:be:46:0f:51:af:b4:fe:e8:fb:29:2b:47:
eb:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:88:50:F7:00:86:DA:41:60:21:CD:6C:45:29:85:05:76:FE:64:CF
X509v3 Authority Key Identifier:
keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3IhQ9wCG2kFgIc1sRSmFBXb-ZM8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.90.128.0-77.90.130.255
77.90.132.0-77.90.134.255
77.90.136.0/23
77.90.139.0-77.90.140.255
77.90.143.0-77.90.144.255
77.90.146.0/23
213.209.138.0/24
IPv6:
2a04:29c2::/32
2a04:29c7::/32
Signature Algorithm: sha256WithRSAEncryption
6b:54:e2:e3:3c:b4:d2:6c:dd:8e:68:15:c5:00:9c:c8:fd:d6:
c2:aa:55:32:5b:2f:49:b0:81:a2:2b:d3:1e:7a:9c:c7:19:e1:
0c:73:3b:14:c9:3f:80:5b:0f:1d:5b:78:dd:81:47:76:7d:e0:
dd:f8:f4:f5:7f:0b:63:ae:7b:95:27:8a:d4:49:c9:d5:31:58:
40:f2:e3:5d:1a:d5:f5:ce:33:57:e6:4b:4e:11:8e:54:66:09:
4a:3d:78:a8:93:8e:32:e3:0c:5b:23:12:5a:83:3f:57:f0:5c:
ad:b6:f4:bd:99:a2:20:e8:ef:09:99:e6:f1:9b:a7:db:36:20:
2c:53:a6:36:0a:87:4e:3b:8d:7d:1e:30:3b:98:7d:0c:7d:25:
83:e7:8c:38:df:74:02:32:fc:56:e7:dc:18:05:4a:c5:dd:62:
46:97:58:5b:3d:81:38:2f:54:2a:3e:a6:d0:92:66:b6:d3:7a:
e7:a0:1f:a0:60:b8:41:13:62:8d:2b:29:ff:00:0b:43:8a:4e:
65:70:b0:ba:59:fc:a1:02:c8:8d:d7:a1:38:14:0e:bc:24:31:
7e:a8:d5:31:ab:15:7f:22:7b:37:c4:cd:ad:e5:c7:02:20:8a:
e4:c3:16:58:af:23:df:a3:42:dd:4a:30:05:ae:73:e2:40:0e:
83:ae:3b:e5
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAZ1pOV1xaaT4kS7jY+C2BBE+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjYwNDA3MTgzNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzg4NTBmNzAwODZkYTQxNjAyMWNkNmM0NTI5ODUwNTc2ZmU2NGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA70eit8u919ihmEtAoLIqIRP3tcaW
4sO82I9q+1FekQV8bltsdRjNRk2CjhOxMLYe8OQHe59lLlAoKOmFLr445mTcsvDV
QlohcrEhiIa14pnG3lAOwyExfM5Oqy8Rt3jlZLtfPVhvCOKzVuc88C/Wmv1PSV0w
Z50BqwqKJhoNu3oyaNXMtiH0CcxlxhbGlOfSLnThhOgzU62y6GaO3jTS43qX6fTM
Xt3Wja/5d5GNzJMSTBVEZ39yT3MzvhZ0mBpKl2rLhB3QqBY5OsnA7wPzLZvgEBqn
Vn04kYXkA7/oz/K6iLB1jQBW/j9NpYJrACln4e++Rg9Rr7T+6PspK0fr7QIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFNyIUPcAhtpBYCHNbEUphQV2/mTPMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvM0loUTl3Q0cya0ZnSWMxc1JTbUZCWGItWk04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBQBAIAATBKMAwDBAdNWoAD
BABNWoIwDAMEAk1ahAMEAE1ahgMEAU1aiDAMAwQATVqLAwQATVqMMAwDBABNWo8D
BABNWpADBAFNWpIDBADV0YowFAQCAAIwDgMFACoEKcIDBQAqBCnHMA0GCSqGSIb3
DQEBCwUAA4IBAQBrVOLjPLTSbN2OaBXFAJzI/dbCqlUyWy9JsIGiK9MeepzHGeEM
czsUyT+AWw8dW3jdgUd2feDd+PT1fwtjrnuVJ4rUScnVMVhA8uNdGtX1zjNX5ktO
EY5UZglKPXiok44y4wxbIxJagz9X8FyttvS9maIg6O8Jmebxm6fbNiAsU6Y2CodO
O419HjA7mH0MfSWD54w433QCMvxW59wYBUrF3WJGl1hbPYE4L1QqPqbQkma203rn
oB+gYLhBE2KNKyn/AAtDik5lcLC6WfyhAsiN16E4FA68JDF+qNUxqxV/Ins3xM2t
5ccCIIrkwxZYryPfo0LdSjAFrnPiQA6Drjvl
-----END CERTIFICATE-----
Generated at Fri Apr 17 15:07:43 2026 by rpki-client