Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/5C25KZetp9CQvM7jkMHqpxMRJX8.roa
File: 5C25KZetp9CQvM7jkMHqpxMRJX8.roa (raw, json)
Hash identifier: qhg9yCfPS4WkYu8XISfYzSz0IG2LsdjiOuwRQMabrBs=
Subject key identifier: E4:2D:B9:29:97:AD:A7:D0:90:BC:CE:E3:90:C1:EA:A7:13:11:25:7F
Certificate issuer: /CN=b14aba8b60749393478e83c360e6cbd75d156f89
Certificate serial: 019D92B92549205FD1347AAF892CEA41413B
Authority key identifier: B1:4A:BA:8B:60:74:93:93:47:8E:83:C3:60:E6:CB:D7:5D:15:6F:89
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/5C25KZetp9CQvM7jkMHqpxMRJX8.roa
Signing time: Wed 15 Apr 2026 19:58:20 +0000
ROA not before: Wed 15 Apr 2026 19:58:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 44565
IP address blocks: 79.171.16.0/24 maxlen: 24
79.171.17.0/24 maxlen: 24
79.171.18.0/24 maxlen: 24
79.171.19.0/24 maxlen: 24
79.171.20.0/24 maxlen: 24
79.171.21.0/24 maxlen: 24
93.186.113.0/24 maxlen: 24
93.186.115.0/24 maxlen: 24
93.186.116.0/24 maxlen: 24
93.186.117.0/24 maxlen: 24
93.186.118.0/24 maxlen: 24
93.186.119.0/24 maxlen: 24
93.186.120.0/24 maxlen: 24
93.186.121.0/24 maxlen: 24
93.186.122.0/24 maxlen: 24
93.186.123.0/24 maxlen: 24
93.186.124.0/24 maxlen: 24
93.186.126.0/24 maxlen: 24
93.186.127.0/24 maxlen: 24
185.93.248.0/24 maxlen: 24
188.124.1.0/24 maxlen: 24
188.124.2.0/24 maxlen: 24
188.124.3.0/24 maxlen: 24
188.124.4.0/24 maxlen: 24
188.124.7.0/24 maxlen: 24
188.124.8.0/24 maxlen: 24
188.124.9.0/24 maxlen: 24
188.124.10.0/24 maxlen: 24
188.124.11.0/24 maxlen: 24
188.124.12.0/24 maxlen: 24
188.124.13.0/24 maxlen: 24
188.124.14.0/24 maxlen: 24
188.124.15.0/24 maxlen: 24
188.124.16.0/24 maxlen: 24
188.124.17.0/24 maxlen: 24
188.124.18.0/24 maxlen: 24
188.124.19.0/24 maxlen: 24
188.124.20.0/24 maxlen: 24
188.124.21.0/24 maxlen: 24
188.124.22.0/24 maxlen: 24
188.124.23.0/24 maxlen: 24
188.124.24.0/24 maxlen: 24
188.124.25.0/24 maxlen: 24
188.124.26.0/24 maxlen: 24
188.124.27.0/24 maxlen: 24
188.124.28.0/24 maxlen: 24
188.124.29.0/24 maxlen: 24
188.124.30.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.crl
rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.mft
rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:92:b9:25:49:20:5f:d1:34:7a:af:89:2c:ea:41:41:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b14aba8b60749393478e83c360e6cbd75d156f89
Validity
Not Before: Apr 15 19:58:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=e42db92997ada7d090bccee390c1eaa71311257f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:89:dc:0b:e0:67:66:00:8d:93:c9:c9:de:33:
05:3a:6d:7d:17:55:b9:67:f3:79:da:18:37:21:30:
6c:7c:06:d5:a2:c2:32:44:42:48:eb:04:a2:cb:1f:
e9:94:d8:93:88:7b:86:f0:ee:f6:79:41:49:90:b2:
6f:bd:75:53:2a:76:f7:44:1a:17:b1:34:70:14:a4:
48:54:d1:77:85:50:a2:ec:e1:74:16:0d:74:15:0c:
51:01:70:d4:40:85:4f:39:ca:5d:43:91:ab:5f:5f:
f4:fa:9a:46:6d:5a:57:82:f2:30:2a:6f:cb:03:1b:
9a:54:90:1c:58:21:78:82:45:c7:82:b5:04:d1:3f:
cc:66:3b:cd:fe:60:33:fb:f1:31:00:35:1d:00:5a:
18:24:7c:e3:b5:6a:dd:b4:09:bf:62:85:1d:36:75:
54:72:8d:47:06:9e:11:c0:bb:75:ae:c2:74:90:9d:
b9:f0:3a:db:29:28:49:20:cc:6e:c1:a9:d0:3f:b0:
b1:2e:b7:4b:7d:52:48:b6:28:2d:9b:ac:62:81:86:
e7:db:9e:a4:a5:f2:bb:99:23:b7:74:27:06:95:35:
ba:57:c2:fa:98:bf:6b:bb:27:b4:80:76:a9:99:6e:
81:e5:41:eb:e1:98:5b:8f:71:53:4f:82:5d:fe:78:
04:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:2D:B9:29:97:AD:A7:D0:90:BC:CE:E3:90:C1:EA:A7:13:11:25:7F
X509v3 Authority Key Identifier:
keyid:B1:4A:BA:8B:60:74:93:93:47:8E:83:C3:60:E6:CB:D7:5D:15:6F:89
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/5C25KZetp9CQvM7jkMHqpxMRJX8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.171.16.0-79.171.21.255
93.186.113.0/24
93.186.115.0-93.186.124.255
93.186.126.0/23
185.93.248.0/24
188.124.1.0-188.124.4.255
188.124.7.0-188.124.30.255
Signature Algorithm: sha256WithRSAEncryption
04:32:0d:79:30:ca:26:8a:7d:78:a1:88:e0:80:bc:88:62:e2:
45:8b:ee:a5:db:6e:e6:b7:69:4a:99:2a:a4:fb:ad:4f:52:e3:
b4:0a:51:c4:90:93:5a:1d:89:72:fb:35:ea:27:86:38:07:27:
ea:70:2c:76:07:1f:a1:95:16:84:71:f0:68:0e:72:13:3a:cc:
c9:00:c9:e0:8e:4f:80:9e:f4:c9:37:e5:83:28:fc:45:f2:4a:
e4:81:15:f0:26:87:05:90:93:e0:7c:d2:27:d8:78:43:0a:83:
84:de:e4:85:fc:ed:ee:41:1e:6c:7b:1e:2d:f9:62:c4:1e:8e:
f8:91:d8:25:6f:74:9d:cf:81:24:8b:69:75:90:9a:6e:16:99:
94:19:ab:73:7a:9a:99:54:b5:98:6e:42:b6:58:dd:c1:1c:f3:
45:3b:d7:a0:f5:9a:4e:2b:48:e7:41:b8:fa:c9:7f:19:3b:95:
15:b1:b5:20:73:4f:c5:53:20:8e:94:e5:89:a8:6a:47:1c:f0:
93:55:96:96:4b:00:80:14:34:0d:97:f7:91:c9:56:d5:48:aa:
21:0b:90:a1:09:bf:f8:6d:34:0f:79:3f:a5:ec:f2:5a:13:73:
ae:ba:5a:e5:1f:14:94:45:8a:48:fd:aa:11:d5:46:97:c2:06:
9b:d0:5d:11
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZ2SuSVJIF/RNHqviSzqQUE7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNGFiYThiNjA3NDkzOTM0NzhlODNjMzYwZTZjYmQ3NWQx
NTZmODkwHhcNMjYwNDE1MTk1ODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDJkYjkyOTk3YWRhN2QwOTBiY2NlZTM5MGMxZWFhNzEzMTEyNTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIncC+BnZgCNk8nJ3jMFOm19F1W5
Z/N52hg3ITBsfAbVosIyREJI6wSiyx/plNiTiHuG8O72eUFJkLJvvXVTKnb3RBoX
sTRwFKRIVNF3hVCi7OF0Fg10FQxRAXDUQIVPOcpdQ5GrX1/0+ppGbVpXgvIwKm/L
AxuaVJAcWCF4gkXHgrUE0T/MZjvN/mAz+/ExADUdAFoYJHzjtWrdtAm/YoUdNnVU
co1HBp4RwLt1rsJ0kJ258DrbKShJIMxuwanQP7CxLrdLfVJItigtm6xigYbn256k
pfK7mSO3dCcGlTW6V8L6mL9ruye0gHapmW6B5UHr4Zhbj3FTT4Jd/ngEDQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFOQtuSmXrafQkLzO45DB6qcTESV/MB8GA1UdIwQY
MBaAFLFKuotgdJOTR46Dw2Dmy9ddFW+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1VxNmkyQjBrNU5Iam9QRFlPYkwxMTBWYjRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi80NjE2ODUtMDczZS00MWFmLTliYjYt
Y2Y2YzMwNTIxMmViLzEvNUMyNUtaZXRwOUNRdk03amtNSHFweE1SSlg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi80NjE2ODUtMDczZS00MWFmLTliYjYtY2Y2YzMwNTIxMmVi
LzEvc1VxNmkyQjBrNU5Iam9QRFlPYkwxMTBWYjRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKMAwDBARPqxAD
BAFPqxQDBABdunEwDAMEAF26cwMEAF26fAMEAV26fgMEALld+DAMAwQAvHwBAwQA
vHwEMAwDBAC8fAcDBAC8fB4wDQYJKoZIhvcNAQELBQADggEBAAQyDXkwyiaKfXih
iOCAvIhi4kWL7qXbbua3aUqZKqT7rU9S47QKUcSQk1odiXL7NeonhjgHJ+pwLHYH
H6GVFoRx8GgOchM6zMkAyeCOT4Ce9Mk35YMo/EXySuSBFfAmhwWQk+B80ifYeEMK
g4Te5IX87e5BHmx7Hi35YsQejviR2CVvdJ3PgSSLaXWQmm4WmZQZq3N6mplUtZhu
QrZY3cEc80U716D1mk4rSOdBuPrJfxk7lRWxtSBzT8VTII6U5Ymoakcc8JNVlpZL
AIAUNA2X95HJVtVIqiELkKEJv/htNA95P6Xs8loTc666WuUfFJRFikj9qhHVRpfC
BpvQXRE=
-----END CERTIFICATE-----
Generated at Fri Apr 17 13:44:58 2026 by rpki-client