Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/ICWA0Yw9snqw_mk_ULH0QiCchxI.roa
File: ICWA0Yw9snqw_mk_ULH0QiCchxI.roa (raw, json)
Hash identifier: 1JCU6FhHcvXTjlVQ+zsiTK2AvVX7TMgKV4zAC2jZGyE=
Subject key identifier: 20:25:80:D1:8C:3D:B2:7A:B0:FE:69:3F:50:B1:F4:42:20:9C:87:12
Certificate issuer: /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial: 019D8783E40EF40054410F9A4B347D03F90C
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/ICWA0Yw9snqw_mk_ULH0QiCchxI.roa
Signing time: Mon 13 Apr 2026 15:44:20 +0000
ROA not before: Mon 13 Apr 2026 15:44:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 214025
IP address blocks: 194.231.129.0/24 maxlen: 24
194.231.134.0/24 maxlen: 24
194.231.137.0/24 maxlen: 24
194.231.153.0/24 maxlen: 24
194.231.157.0/24 maxlen: 24
194.231.158.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 12:01:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:87:83:e4:0e:f4:00:54:41:0f:9a:4b:34:7d:03:f9:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Validity
Not Before: Apr 13 15:44:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=202580d18c3db27ab0fe693f50b1f442209c8712
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:ad:f2:a0:e6:b7:56:ca:88:79:5e:4f:35:83:
52:ff:3c:fb:c4:c0:c1:1b:bc:36:cb:1d:93:cc:2b:
ff:8e:d3:69:4f:f3:c8:07:eb:48:90:2e:32:b1:69:
ab:c4:c0:76:24:cf:07:f5:6d:c5:11:0c:f7:b4:ef:
d4:29:3a:9b:8e:a8:3c:6a:10:7d:a2:1d:d4:2a:d7:
a4:43:da:32:8d:82:dd:fd:d4:08:f8:bd:43:9a:1e:
f6:03:9a:f0:00:d5:a2:65:fc:63:b6:d8:31:4f:be:
d0:cb:95:24:17:81:23:eb:ed:45:61:d3:11:48:da:
83:42:48:af:ec:47:d9:31:0f:40:43:bb:cb:bd:ca:
68:b9:67:f7:2b:e0:7c:1c:c8:1b:79:ae:57:49:27:
fc:39:4d:2f:ba:92:fd:8c:5c:05:f2:cf:bd:aa:e5:
bf:da:d6:ff:e0:db:1c:e7:0a:86:4c:d7:5c:fd:22:
13:30:c7:80:80:46:ad:16:48:ee:6e:9e:e2:71:bc:
65:fa:a7:2a:dd:79:03:da:19:66:38:74:6d:38:a9:
45:27:c0:37:4f:b0:43:98:7d:3e:9b:f5:62:c2:22:
94:f4:41:b0:d9:e7:c3:b2:82:01:c3:33:90:53:f9:
34:6c:87:22:f8:d7:2a:4b:45:2b:44:31:64:6c:ca:
05:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:25:80:D1:8C:3D:B2:7A:B0:FE:69:3F:50:B1:F4:42:20:9C:87:12
X509v3 Authority Key Identifier:
keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/ICWA0Yw9snqw_mk_ULH0QiCchxI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.231.129.0/24
194.231.134.0/24
194.231.137.0/24
194.231.153.0/24
194.231.157.0-194.231.158.255
Signature Algorithm: sha256WithRSAEncryption
aa:af:7e:72:a1:f0:bf:87:95:ae:3d:7b:aa:b2:99:18:7b:ae:
03:72:f0:42:40:b2:19:eb:da:51:ee:a9:a2:2c:ee:fb:43:cb:
0c:3c:a0:44:1f:e9:46:1e:77:e0:e4:29:58:b9:7e:e5:11:7c:
5b:3f:a8:5b:1a:2d:0e:95:52:74:eb:58:fd:c5:8a:7a:7b:12:
07:63:8e:ed:7b:bb:69:1a:23:ee:21:f6:f1:4e:57:4c:a9:35:
54:c8:cb:6d:65:fc:a6:34:2b:57:3d:76:0e:9c:ef:66:96:05:
a3:6f:92:71:f5:dc:23:54:e9:60:e5:e0:0b:f2:33:4d:db:84:
92:c0:54:e1:ef:5d:eb:5e:33:e7:b2:0b:a3:c4:a6:fd:cf:8a:
25:36:07:35:25:e6:43:12:3c:d3:25:ca:76:06:cd:78:88:3e:
2a:3f:27:0f:af:ea:9a:c5:58:77:bd:34:f1:19:92:60:87:5f:
07:04:07:cf:01:fa:76:54:f3:06:25:10:8c:98:bb:1d:a4:1f:
4d:51:34:97:d7:12:7c:2f:90:41:18:cd:7b:50:bb:79:3b:32:
66:a8:f3:f5:b8:cb:05:4b:cc:98:16:7d:cd:03:c8:e6:71:d6:
16:02:ef:3d:82:51:a0:05:c5:5a:65:3f:28:0f:82:b1:e2:53:
6e:ff:b6:eb
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZ2Hg+QO9ABUQQ+aSzR9A/kMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNDEzMTU0NDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDI1ODBkMThjM2RiMjdhYjBmZTY5M2Y1MGIxZjQ0MjIwOWM4NzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3a3yoOa3VsqIeV5PNYNS/zz7xMDB
G7w2yx2TzCv/jtNpT/PIB+tIkC4ysWmrxMB2JM8H9W3FEQz3tO/UKTqbjqg8ahB9
oh3UKtekQ9oyjYLd/dQI+L1Dmh72A5rwANWiZfxjttgxT77Qy5UkF4Ej6+1FYdMR
SNqDQkiv7EfZMQ9AQ7vLvcpouWf3K+B8HMgbea5XSSf8OU0vupL9jFwF8s+9quW/
2tb/4Nsc5wqGTNdc/SITMMeAgEatFkjubp7icbxl+qcq3XkD2hlmOHRtOKlFJ8A3
T7BDmH0+m/ViwiKU9EGw2efDsoIBwzOQU/k0bIci+NcqS0UrRDFkbMoFrQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFCAlgNGMPbJ6sP5pP1Cx9EIgnIcSMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvSUNXQTBZdzlzbnF3X21rX1VMSDBRaUNjaHhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAwueBAwQA
wueGAwQAwueJAwQAwueZMAwDBADC550DBADC554wDQYJKoZIhvcNAQELBQADggEB
AKqvfnKh8L+Hla49e6qymRh7rgNy8EJAshnr2lHuqaIs7vtDyww8oEQf6UYed+Dk
KVi5fuURfFs/qFsaLQ6VUnTrWP3Finp7Egdjju17u2kaI+4h9vFOV0ypNVTIy21l
/KY0K1c9dg6c72aWBaNvknH13CNU6WDl4AvyM03bhJLAVOHvXeteM+eyC6PEpv3P
iiU2BzUl5kMSPNMlynYGzXiIPio/Jw+v6prFWHe9NPEZkmCHXwcEB88B+nZU8wYl
EIyYux2kH01RNJfXEnwvkEEYzXtQu3k7Mmao8/W4ywVLzJgWfc0DyOZx1hYC7z2C
UaAFxVplPygPgrHiU27/tus=
-----END CERTIFICATE-----
Generated at Fri Apr 17 18:07:08 2026 by rpki-client