Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/ND1wbJkfmd-6YFovfgcdpyfs49U.roa
File: ND1wbJkfmd-6YFovfgcdpyfs49U.roa (raw, json)
Hash identifier: tdgo8wEctklj2boyPAERXfBj4wgVt3fHBPA8UY+wTV8=
Subject key identifier: 34:3D:70:6C:99:1F:99:DF:BA:60:5A:2F:7E:07:1D:A7:27:EC:E3:D5
Certificate issuer: /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial: 019D5C97CF546BEBC8FEF638D28005975F8D
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/ND1wbJkfmd-6YFovfgcdpyfs49U.roa
Signing time: Sun 05 Apr 2026 07:42:26 +0000
ROA not before: Sun 05 Apr 2026 07:42:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 209178
IP address blocks: 45.134.145.0/24 maxlen: 24
103.100.168.0/24 maxlen: 24
185.233.19.0/24 maxlen: 24
185.235.165.0/24 maxlen: 24
2a06:da40::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 02:00:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:5c:97:cf:54:6b:eb:c8:fe:f6:38:d2:80:05:97:5f:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Validity
Not Before: Apr 5 07:42:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=343d706c991f99dfba605a2f7e071da727ece3d5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:38:c0:d4:1a:d7:f1:84:58:33:1f:1b:b5:31:
15:ae:82:5c:f0:fa:57:1a:63:11:97:91:95:66:ed:
23:96:9f:65:29:a1:ea:51:80:8c:91:5e:a4:ae:b0:
80:12:ca:4a:2a:b7:7c:84:92:ba:60:45:6d:5b:20:
92:1d:f9:2f:fe:71:53:a5:5c:10:2b:ed:d2:93:fe:
07:be:b1:d0:05:4f:7d:73:38:09:68:7f:c3:43:56:
18:67:e4:40:ea:45:74:59:78:45:f7:2f:cc:7e:d2:
60:8a:a3:59:2e:26:e7:ee:99:52:2d:07:bf:58:a0:
d8:55:1e:94:9d:32:b5:04:33:a8:b2:49:2c:06:f7:
19:6d:fd:8b:9e:64:1e:86:5c:ff:ea:6e:32:28:1b:
96:a9:3a:8e:a3:cb:0d:6e:d1:4d:96:14:78:47:02:
3d:a0:b1:38:8f:08:bd:8b:2b:36:c4:19:63:db:68:
07:99:35:77:6c:82:42:4e:a2:fb:8c:7a:7c:c1:a9:
ca:b7:c8:29:2b:e5:ff:ad:39:60:c4:90:60:77:0c:
47:1d:5c:fd:63:f1:5b:a3:78:6b:44:67:45:7f:00:
84:d1:a8:dc:d4:4e:2d:e6:df:8a:57:a2:97:f6:07:
a9:8f:3c:d8:b8:05:c6:7a:36:3a:c2:b6:8f:28:35:
1d:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:3D:70:6C:99:1F:99:DF:BA:60:5A:2F:7E:07:1D:A7:27:EC:E3:D5
X509v3 Authority Key Identifier:
keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/ND1wbJkfmd-6YFovfgcdpyfs49U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.134.145.0/24
103.100.168.0/24
185.233.19.0/24
185.235.165.0/24
IPv6:
2a06:da40::/40
Signature Algorithm: sha256WithRSAEncryption
89:d9:c1:5f:1c:fc:3c:82:c8:c3:03:62:13:ee:99:aa:35:76:
2b:2c:94:42:1c:5a:13:f4:5d:45:c4:62:ed:fc:38:bb:6e:98:
5d:8d:27:bd:07:26:31:ff:ca:23:36:89:8c:33:df:49:d4:e9:
1a:2a:b1:4a:75:3e:fc:4b:5e:1d:cd:27:56:d3:ae:92:64:88:
03:a0:6c:0b:21:b5:20:c1:9f:94:ed:24:d1:11:ac:3a:2c:bb:
f9:3a:68:5a:cd:8f:b9:93:26:31:ff:6f:be:0d:c5:81:a9:18:
f7:b7:a1:59:1e:8f:38:07:a1:01:42:7e:66:7f:f8:f6:0e:17:
b8:54:62:b4:fa:e8:0a:65:c0:51:6b:a4:16:dc:b5:7a:8f:a7:
e0:44:8a:e3:36:a0:08:6c:cc:85:dc:19:aa:28:91:36:5a:ce:
79:a1:46:17:9e:bf:5b:e2:c7:d3:2b:b5:dc:75:3c:91:99:31:
40:d9:71:5a:fa:2d:ff:f4:ba:2a:96:b5:45:5c:ac:c2:2e:58:
b0:c7:e9:80:d9:dd:e7:5e:02:64:1d:6c:23:09:be:3c:16:da:
b7:3a:9e:65:cb:54:24:b1:6e:de:9e:25:62:b0:56:0f:d5:82:
a7:b0:6a:dd:b6:02:b8:da:79:43:b0:99:f7:ad:65:84:7a:a5:
53:ba:cd:ef
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZ1cl89Ua+vI/vY40oAFl1+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjYwNDA1MDc0MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDNkNzA2Yzk5MWY5OWRmYmE2MDVhMmY3ZTA3MWRhNzI3ZWNlM2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DjA1BrX8YRYMx8btTEVroJc8PpX
GmMRl5GVZu0jlp9lKaHqUYCMkV6krrCAEspKKrd8hJK6YEVtWyCSHfkv/nFTpVwQ
K+3Sk/4HvrHQBU99czgJaH/DQ1YYZ+RA6kV0WXhF9y/MftJgiqNZLibn7plSLQe/
WKDYVR6UnTK1BDOoskksBvcZbf2LnmQehlz/6m4yKBuWqTqOo8sNbtFNlhR4RwI9
oLE4jwi9iys2xBlj22gHmTV3bIJCTqL7jHp8wanKt8gpK+X/rTlgxJBgdwxHHVz9
Y/Fbo3hrRGdFfwCE0ajc1E4t5t+KV6KX9gepjzzYuAXGejY6wraPKDUdHwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFDQ9cGyZH5nfumBaL34HHacn7OPVMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvTkQxd2JKa2ZtZC02WUZvdmZnY2RweWZzNDlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAeBAIAATAYAwQALYaRAwQA
Z2SoAwQAuekTAwQAueulMA4EAgACMAgDBgAqBtpAADANBgkqhkiG9w0BAQsFAAOC
AQEAidnBXxz8PILIwwNiE+6ZqjV2KyyUQhxaE/RdRcRi7fw4u26YXY0nvQcmMf/K
IzaJjDPfSdTpGiqxSnU+/EteHc0nVtOukmSIA6BsCyG1IMGflO0k0RGsOiy7+Tpo
Ws2PuZMmMf9vvg3FgakY97ehWR6POAehAUJ+Zn/49g4XuFRitProCmXAUWukFty1
eo+n4ESK4zagCGzMhdwZqiiRNlrOeaFGF56/W+LH0yu13HU8kZkxQNlxWvot//S6
Kpa1RVyswi5YsMfpgNnd514CZB1sIwm+PBbatzqeZctUJLFu3p4lYrBWD9WCp7Bq
3bYCuNp5Q7CZ961lhHqlU7rN7w==
-----END CERTIFICATE-----
Generated at Fri Apr 17 10:10:15 2026 by rpki-client