Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/cFVAK4Rr7dzQgpURz6ErhW-a6uQ.roa
File: cFVAK4Rr7dzQgpURz6ErhW-a6uQ.roa (raw, json)
Hash identifier: ChetHwgAUANEPoqsVi2wXLnS3I1hXnJB9ZWw45C9B9I=
Subject key identifier: 70:55:40:2B:84:6B:ED:DC:D0:82:95:11:CF:A1:2B:85:6F:9A:EA:E4
Certificate issuer: /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial: 019EBC814FE8E8D3379FBB3855D0DE18EE41
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/cFVAK4Rr7dzQgpURz6ErhW-a6uQ.roa
Signing time: Fri 12 Jun 2026 15:44:11 +0000
ROA not before: Fri 12 Jun 2026 15:44:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 42821
IP address blocks: 77.90.128.0/24 maxlen: 24
77.90.129.0/24 maxlen: 24
77.90.130.0/24 maxlen: 24
77.90.132.0/24 maxlen: 24
77.90.133.0/24 maxlen: 24
77.90.134.0/24 maxlen: 24
77.90.136.0/24 maxlen: 24
77.90.137.0/24 maxlen: 24
77.90.139.0/24 maxlen: 24
77.90.140.0/24 maxlen: 24
77.90.143.0/24 maxlen: 24
77.90.144.0/24 maxlen: 24
77.90.146.0/24 maxlen: 24
77.90.147.0/24 maxlen: 24
77.90.148.0/24 maxlen: 24
77.90.156.0/24 maxlen: 24
77.90.157.0/24 maxlen: 24
77.90.159.0/24 maxlen: 24
77.90.160.0/24 maxlen: 24
77.90.161.0/24 maxlen: 24
77.90.162.0/24 maxlen: 24
77.90.163.0/24 maxlen: 24
77.90.166.0/24 maxlen: 24
77.90.169.0/24 maxlen: 24
77.90.170.0/24 maxlen: 24
77.90.171.0/24 maxlen: 24
77.90.172.0/24 maxlen: 24
77.90.173.0/24 maxlen: 24
77.90.190.0/24 maxlen: 24
77.90.191.0/24 maxlen: 24
213.209.138.0/24 maxlen: 24
213.209.139.0/24 maxlen: 24
213.209.147.0/24 maxlen: 24
213.209.158.0/24 maxlen: 24
2a04:29c2::/32 maxlen: 32
2a04:29c7::/32 maxlen: 32
2a04:29c7:1280:24::/64 maxlen: 64
2a04:29c7:1280:27::/64 maxlen: 64
2a04:29c7:1290:24::/64 maxlen: 64
2a04:29c7:1300:24::/64 maxlen: 64
2a04:29c7:1371:6027::/64 maxlen: 64
2a04:29c7:1420::/48 maxlen: 48
2a04:29c7:1880:24::/64 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 17:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:bc:81:4f:e8:e8:d3:37:9f:bb:38:55:d0:de:18:ee:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Validity
Not Before: Jun 12 15:44:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=7055402b846beddcd0829511cfa12b856f9aeae4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:9f:43:c6:5e:05:d2:96:a9:b8:7b:e7:99:80:
6e:01:b3:11:d9:3a:ac:a7:97:a8:14:15:dd:9d:da:
ff:01:73:1e:76:c6:f4:50:34:e8:af:c1:8b:f0:61:
61:27:36:a4:0f:00:2b:cd:18:c2:20:41:30:2c:4f:
e9:22:bc:68:25:62:96:46:1c:94:b8:1f:7a:29:aa:
95:34:bd:7c:93:ae:79:fe:98:04:0f:43:fa:91:0a:
00:1e:9b:51:69:da:7e:ad:83:35:0f:4c:2d:89:47:
07:33:e8:32:c1:e5:92:42:8c:b9:bf:8b:6c:49:9d:
a5:6d:1e:2a:88:22:4d:ef:da:8d:e3:34:97:31:69:
0d:ce:60:be:f5:15:65:ba:3e:9e:5b:ed:22:a0:f3:
ad:c2:ee:6b:2b:04:d3:21:e1:54:c5:4c:1b:a5:a7:
ae:d6:33:3b:88:b7:5c:6c:f7:0c:31:1e:17:25:97:
3f:fc:ef:53:06:8a:4b:e3:80:60:f9:57:c9:ef:cf:
b0:59:53:e1:9c:1f:97:ca:66:f4:11:8a:09:9c:41:
be:bf:13:7a:3a:24:9a:c2:33:69:1e:03:00:08:1c:
d2:bc:8a:b8:7e:6d:6f:a4:37:df:55:a6:f0:fc:45:
a8:b2:50:a9:36:26:4f:d2:71:f5:e8:17:e8:63:b6:
37:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:55:40:2B:84:6B:ED:DC:D0:82:95:11:CF:A1:2B:85:6F:9A:EA:E4
X509v3 Authority Key Identifier:
keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/cFVAK4Rr7dzQgpURz6ErhW-a6uQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.90.128.0-77.90.130.255
77.90.132.0-77.90.134.255
77.90.136.0/23
77.90.139.0-77.90.140.255
77.90.143.0-77.90.144.255
77.90.146.0-77.90.148.255
77.90.156.0/23
77.90.159.0-77.90.163.255
77.90.166.0/24
77.90.169.0-77.90.173.255
77.90.190.0/23
213.209.138.0/23
213.209.147.0/24
213.209.158.0/24
IPv6:
2a04:29c2::/32
2a04:29c7::/32
Signature Algorithm: sha256WithRSAEncryption
71:d8:74:4a:b6:aa:73:4b:92:e9:f7:ac:3b:9b:37:59:b7:e9:
36:6a:1f:be:f6:86:c0:83:26:1b:1e:8b:d8:ee:d4:d1:3b:ce:
7e:09:a6:f6:82:89:5d:c3:74:98:08:2f:fc:29:d1:c3:08:86:
2f:7f:d9:0d:df:e8:13:33:19:5b:0e:0c:3f:6b:ef:7b:bc:3b:
32:ce:c2:4d:ca:ec:dd:e4:26:9c:ac:61:82:7f:36:13:2d:94:
77:a6:7a:ce:72:8c:73:56:b0:5c:39:99:a6:43:49:5b:34:c8:
20:60:cc:90:e9:06:79:ef:b5:fa:d9:06:6d:ea:11:ed:b4:75:
b1:b8:5e:79:cf:8c:df:67:56:4e:f0:08:8b:aa:97:83:0b:18:
c2:bb:00:fd:ff:57:1d:dc:41:06:0d:67:10:16:fd:9f:d1:55:
54:0d:27:ee:e1:a4:93:76:9f:31:d0:0c:d6:4f:b7:2d:d0:2c:
d9:51:cd:b9:e9:1d:c7:c5:61:50:61:8e:58:f9:4e:bf:60:ad:
d4:59:90:62:ed:27:c3:63:94:7f:b4:85:ce:7e:56:6e:34:ae:
9c:63:c1:01:6f:09:9e:cf:f0:f0:37:ca:9b:da:f9:bd:8b:cb:
b8:59:30:58:26:46:0d:59:cd:51:66:c6:9b:92:31:64:b1:7f:
da:3a:3f:a9
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgISAZ68gU/o6NM3n7s4VdDeGO5BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjYwNjEyMTU0NDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDU1NDAyYjg0NmJlZGRjZDA4Mjk1MTFjZmExMmI4NTZmOWFlYWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZ9Dxl4F0papuHvnmYBuAbMR2Tqs
p5eoFBXdndr/AXMedsb0UDTor8GL8GFhJzakDwArzRjCIEEwLE/pIrxoJWKWRhyU
uB96KaqVNL18k655/pgED0P6kQoAHptRadp+rYM1D0wtiUcHM+gyweWSQoy5v4ts
SZ2lbR4qiCJN79qN4zSXMWkNzmC+9RVluj6eW+0ioPOtwu5rKwTTIeFUxUwbpaeu
1jM7iLdcbPcMMR4XJZc//O9TBopL44Bg+VfJ78+wWVPhnB+Xymb0EYoJnEG+vxN6
OiSawjNpHgMACBzSvIq4fm1vpDffVabw/EWoslCpNiZP0nH16BfoY7Y3nQIDAQAB
o4ICqjCCAqYwHQYDVR0OBBYEFHBVQCuEa+3c0IKVEc+hK4VvmurkMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvY0ZWQUs0UnI3ZHpRZ3BVUno2RXJoVy1hNnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG/BggrBgEFBQcBBwEB/wSBrzCBrDCBkwQCAAEwgYwwDAME
B01agAMEAE1agjAMAwQCTVqEAwQATVqGAwQBTVqIMAwDBABNWosDBABNWowwDAME
AE1ajwMEAE1akDAMAwQBTVqSAwQATVqUAwQBTVqcMAwDBABNWp8DBAJNWqADBABN
WqYwDAMEAE1aqQMEAU1arAMEAU1avgMEAdXRigMEANXRkwMEANXRnjAUBAIAAjAO
AwUAKgQpwgMFACoEKccwDQYJKoZIhvcNAQELBQADggEBAHHYdEq2qnNLkun3rDub
N1m36TZqH772hsCDJhsei9ju1NE7zn4JpvaCiV3DdJgIL/wp0cMIhi9/2Q3f6BMz
GVsODD9r73u8OzLOwk3K7N3kJpysYYJ/NhMtlHemes5yjHNWsFw5maZDSVs0yCBg
zJDpBnnvtfrZBm3qEe20dbG4XnnPjN9nVk7wCIuql4MLGMK7AP3/Vx3cQQYNZxAW
/Z/RVVQNJ+7hpJN2nzHQDNZPty3QLNlRzbnpHcfFYVBhjlj5Tr9grdRZkGLtJ8Nj
lH+0hc5+Vm40rpxjwQFvCZ7P8PA3ypva+b2Ly7hZMFgmRg1ZzVFmxpuSMWSxf9o6
P6k=
-----END CERTIFICATE-----
Generated at Sat Jun 13 21:32:10 2026 by rpki-client