Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/836431-b90d-4a98-be2c-955f5cb09893/1/t4HjfG6eZKqXLJ1kAoyez48wDnc.roa
File: t4HjfG6eZKqXLJ1kAoyez48wDnc.roa (raw, json)
Hash identifier: w/ZlHvwsuOBr7+Ux+UZvLFbXnBLp7Oaw4HBnlqwDp7E=
Subject key identifier: B7:81:E3:7C:6E:9E:64:AA:97:2C:9D:64:02:8C:9E:CF:8F:30:0E:77
Certificate issuer: /CN=b7871f290fff0e04260c6753e387c9efb75be296
Certificate serial: 019E49CFD1AD001CD8F55FA3680F46956069
Authority key identifier: B7:87:1F:29:0F:FF:0E:04:26:0C:67:53:E3:87:C9:EF:B7:5B:E2:96
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/t4cfKQ__DgQmDGdT44fJ77db4pY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/43/836431-b90d-4a98-be2c-955f5cb09893/1/t4HjfG6eZKqXLJ1kAoyez48wDnc.roa
Signing time: Thu 21 May 2026 09:13:36 +0000
ROA not before: Thu 21 May 2026 09:13:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 51346
IP address blocks: 89.104.121.0/24 maxlen: 24
91.218.160.0/22 maxlen: 22
91.218.160.0/24 maxlen: 24
91.218.161.0/24 maxlen: 24
91.218.162.0/24 maxlen: 24
91.218.163.0/24 maxlen: 24
185.177.0.0/22 maxlen: 22
185.177.0.0/24 maxlen: 24
185.177.1.0/24 maxlen: 24
185.177.2.0/24 maxlen: 24
2a0a:2980::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/43/836431-b90d-4a98-be2c-955f5cb09893/1/t4cfKQ__DgQmDGdT44fJ77db4pY.crl
rsync://rpki.ripe.net/repository/DEFAULT/43/836431-b90d-4a98-be2c-955f5cb09893/1/t4cfKQ__DgQmDGdT44fJ77db4pY.mft
rsync://rpki.ripe.net/repository/DEFAULT/t4cfKQ__DgQmDGdT44fJ77db4pY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 15:00:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:49:cf:d1:ad:00:1c:d8:f5:5f:a3:68:0f:46:95:60:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b7871f290fff0e04260c6753e387c9efb75be296
Validity
Not Before: May 21 09:13:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b781e37c6e9e64aa972c9d64028c9ecf8f300e77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:3f:92:89:fc:0d:1a:b3:96:9f:1d:bd:a4:f8:
c1:11:f0:1d:74:c7:dc:23:4b:50:99:72:ff:89:a8:
cd:7a:10:01:94:86:ca:bf:0e:4d:a8:71:0f:a9:26:
d2:8d:16:0f:7a:4d:4d:f8:5b:db:12:b5:63:a8:c9:
07:2e:ad:f3:95:9b:ee:16:f6:32:aa:76:cd:c5:83:
0a:79:76:a0:8c:4c:d2:ef:6e:3c:9d:41:af:94:62:
4a:11:0d:c7:47:81:f1:95:a9:47:6a:7f:0d:fe:2e:
3a:92:bf:05:d3:39:63:5d:91:18:5c:2c:8d:3a:82:
16:f3:93:41:92:e9:7c:e1:78:14:3e:7d:53:f3:00:
6a:6f:f1:bf:9b:56:7a:e7:ab:76:57:bc:11:53:b6:
b8:ae:bb:d0:4d:ad:a0:b0:c1:01:3c:a0:2b:c9:7f:
ce:5e:f2:23:50:03:8b:ed:db:9c:a5:60:22:08:77:
77:86:48:e3:6e:13:40:61:59:68:ea:71:74:0f:bb:
75:28:42:4c:2a:33:08:7d:f0:5d:a3:80:5f:c8:cd:
4f:4e:d8:52:2a:25:56:bc:90:f4:ab:ee:d0:b4:5f:
b6:70:71:45:91:f9:8b:c4:f5:64:d4:08:cb:0c:53:
7e:7f:33:3c:25:7e:37:91:ed:a3:14:4c:db:8f:d4:
8e:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:81:E3:7C:6E:9E:64:AA:97:2C:9D:64:02:8C:9E:CF:8F:30:0E:77
X509v3 Authority Key Identifier:
keyid:B7:87:1F:29:0F:FF:0E:04:26:0C:67:53:E3:87:C9:EF:B7:5B:E2:96
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t4cfKQ__DgQmDGdT44fJ77db4pY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/836431-b90d-4a98-be2c-955f5cb09893/1/t4HjfG6eZKqXLJ1kAoyez48wDnc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/43/836431-b90d-4a98-be2c-955f5cb09893/1/t4cfKQ__DgQmDGdT44fJ77db4pY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.104.121.0/24
91.218.160.0/22
185.177.0.0/22
IPv6:
2a0a:2980::/29
Signature Algorithm: sha256WithRSAEncryption
23:24:75:93:49:6a:8b:2b:d2:42:4a:ec:89:67:ff:53:e1:8a:
6f:68:e4:e5:a7:3b:5a:d3:dc:59:9b:96:53:dc:fb:41:5f:cd:
78:bf:98:5e:c8:a2:55:7c:56:d8:4b:de:d3:ba:4d:07:12:0e:
42:32:27:8f:64:d8:85:fc:a7:58:97:c1:5e:a0:d1:b1:9a:dc:
3f:7a:db:cd:a7:39:b5:ef:3e:d9:a1:d2:2a:66:25:5d:72:87:
db:1a:69:c2:42:88:e8:9a:7a:80:72:01:60:c4:9e:80:09:3d:
e5:8a:da:59:8e:3f:da:4f:e4:67:8f:85:14:44:d6:8c:2f:73:
a4:62:07:70:65:24:cc:df:df:59:7a:31:8b:d1:a0:58:c6:6b:
4c:f2:84:e8:ee:cb:24:72:72:3d:26:a6:bb:3f:f0:26:71:a2:
6c:7b:b4:c9:3d:b1:b2:91:6e:eb:24:08:95:81:3a:57:a5:ff:
0b:c3:1b:ab:0a:03:c3:fe:a9:90:15:db:07:56:48:f6:94:b9:
5e:3c:77:d3:a8:5e:64:e1:97:65:8e:3a:52:a7:52:c1:ae:40:
2c:33:dc:97:28:2a:47:a3:3c:19:8e:c1:ce:58:e0:38:2c:e5:
35:0e:49:b4:1c:cd:22:a6:ab:37:03:a1:c0:c2:72:5f:01:86:
5a:d4:d3:7c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZ5Jz9GtABzY9V+jaA9GlWBpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3ODcxZjI5MGZmZjBlMDQyNjBjNjc1M2UzODdjOWVmYjc1
YmUyOTYwHhcNMjYwNTIxMDkxMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzgxZTM3YzZlOWU2NGFhOTcyYzlkNjQwMjhjOWVjZjhmMzAwZTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5D+SifwNGrOWnx29pPjBEfAddMfc
I0tQmXL/iajNehABlIbKvw5NqHEPqSbSjRYPek1N+FvbErVjqMkHLq3zlZvuFvYy
qnbNxYMKeXagjEzS7248nUGvlGJKEQ3HR4HxlalHan8N/i46kr8F0zljXZEYXCyN
OoIW85NBkul84XgUPn1T8wBqb/G/m1Z656t2V7wRU7a4rrvQTa2gsMEBPKAryX/O
XvIjUAOL7ducpWAiCHd3hkjjbhNAYVlo6nF0D7t1KEJMKjMIffBdo4BfyM1PTthS
KiVWvJD0q+7QtF+2cHFFkfmLxPVk1AjLDFN+fzM8JX43ke2jFEzbj9SOSwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFLeB43xunmSqlyydZAKMns+PMA53MB8GA1UdIwQY
MBaAFLeHHykP/w4EJgxnU+OHye+3W+KWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDRjZktRX19EZ1FtREdkVDQ0Zko3N2RiNHBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My84MzY0MzEtYjkwZC00YTk4LWJlMmMt
OTU1ZjVjYjA5ODkzLzEvdDRIamZHNmVaS3FYTEoxa0FveWV6NDh3RG5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My84MzY0MzEtYjkwZC00YTk4LWJlMmMtOTU1ZjVjYjA5ODkz
LzEvdDRjZktRX19EZ1FtREdkVDQ0Zko3N2RiNHBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAWWh5AwQC
W9qgAwQCubEAMA0EAgACMAcDBQMqCimAMA0GCSqGSIb3DQEBCwUAA4IBAQAjJHWT
SWqLK9JCSuyJZ/9T4YpvaOTlpzta09xZm5ZT3PtBX814v5heyKJVfFbYS97Tuk0H
Eg5CMiePZNiF/KdYl8FeoNGxmtw/etvNpzm17z7ZodIqZiVdcofbGmnCQojomnqA
cgFgxJ6ACT3litpZjj/aT+Rnj4UURNaML3OkYgdwZSTM399ZejGL0aBYxmtM8oTo
7sskcnI9Jqa7P/AmcaJse7TJPbGykW7rJAiVgTpXpf8LwxurCgPD/qmQFdsHVkj2
lLlePHfTqF5k4ZdljjpSp1LBrkAsM9yXKCpHozwZjsHOWOA4LOU1Dkm0HM0ipqs3
A6HAwnJfAYZa1NN8
-----END CERTIFICATE-----
Generated at Sat Jun 13 23:03:07 2026 by rpki-client