Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/tgh5XJm0kiOQ3QAGAjWZifdn-Io.roa
File: tgh5XJm0kiOQ3QAGAjWZifdn-Io.roa (raw, json)
Hash identifier: +syP7hVTFpD5IZUSbZgn452Nf7yvjXQt20LMYgGe5VU=
Subject key identifier: B6:08:79:5C:99:B4:92:23:90:DD:00:06:02:35:99:89:F7:67:F8:8A
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 019D87468C986754934836C28C030970031F
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/tgh5XJm0kiOQ3QAGAjWZifdn-Io.roa
Signing time: Mon 13 Apr 2026 14:37:20 +0000
ROA not before: Mon 13 Apr 2026 14:37:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 209737
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.51.0/24 maxlen: 24
185.254.28.0/24 maxlen: 24
193.35.155.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:87:46:8c:98:67:54:93:48:36:c2:8c:03:09:70:03:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Apr 13 14:37:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b608795c99b4922390dd000602359989f767f88a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:8b:bc:e0:9b:7e:9f:b8:04:08:fc:c5:2f:6b:
5b:b7:75:c5:18:7a:04:8c:03:ff:0d:a1:ec:89:22:
c2:cd:c0:b2:66:8b:2a:3a:82:fb:15:7a:ff:c3:60:
e9:87:e0:1a:06:ea:e7:62:1f:04:1c:30:65:4b:ad:
30:0d:1a:80:c5:bd:95:e1:e8:46:78:04:80:7b:8e:
ce:43:ce:a8:d5:a0:56:6e:1b:bd:f0:28:f2:72:91:
00:01:2a:a3:f2:35:49:ee:15:1d:4e:f8:0e:73:6f:
97:ab:68:18:8b:6f:f9:46:cd:e8:e6:7d:3b:7d:70:
d0:ba:35:d9:4c:c6:b5:de:31:0c:4d:60:45:3f:48:
df:e7:b6:c9:a8:f3:bc:b7:7e:d7:6a:de:99:e1:c7:
a7:ac:13:bc:37:2a:ad:a2:9f:3a:5b:d5:5b:0e:0a:
a2:c3:0d:50:a0:13:45:44:62:19:b6:21:d6:87:57:
2a:ee:8f:c6:bb:bf:0a:e3:e1:e0:87:fa:e1:65:d9:
24:01:31:60:8b:bb:30:86:be:5b:59:b8:90:7d:b4:
fc:aa:87:79:ad:4d:9e:48:e2:96:96:ab:99:62:7c:
f1:c5:b2:8b:ef:24:2e:b3:6c:0d:c6:e6:31:88:7c:
b7:7b:c4:5a:76:82:48:ea:c6:16:7e:6f:d7:f2:b0:
b9:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:08:79:5C:99:B4:92:23:90:DD:00:06:02:35:99:89:F7:67:F8:8A
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/tgh5XJm0kiOQ3QAGAjWZifdn-Io.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0/24
109.236.51.0/24
185.254.28.0/24
193.35.155.0/24
Signature Algorithm: sha256WithRSAEncryption
73:f3:7a:d6:77:01:19:e9:29:b8:c1:ce:aa:50:27:00:95:0d:
3f:e5:9e:2b:a0:f5:8e:f6:64:51:79:14:00:3b:3a:39:80:41:
0a:06:96:db:1c:be:44:3a:6d:5c:bd:a5:df:01:47:f9:a0:19:
05:0c:85:78:6e:b0:34:bf:c9:fd:95:5c:ff:4c:59:bb:e1:c7:
58:f6:6b:c7:e9:e1:65:05:09:f5:a4:1f:e5:21:8f:45:b1:a5:
da:ae:64:e2:76:02:6e:0b:15:83:06:82:65:92:89:5c:81:30:
dd:21:73:4f:b3:a8:9c:cb:8b:fe:23:62:79:78:26:f7:e1:87:
b4:d9:12:59:e3:c8:3b:b5:b2:27:f8:2d:af:66:eb:0e:92:3f:
83:c3:36:cc:5b:ad:e4:d6:ce:97:2e:9c:9c:95:d4:ab:61:65:
fc:33:c9:01:be:e3:8a:8f:02:e5:8c:f1:65:e6:00:88:07:c5:
e4:97:a4:e3:b4:43:de:dd:b2:3a:22:92:05:59:14:15:09:6e:
4e:79:13:e8:6a:4c:1b:1b:c7:d8:7c:dc:da:1a:6f:38:1b:16:
25:3c:8a:ba:a3:d7:a6:58:80:da:59:11:70:6e:f1:98:25:a6:
9a:8d:61:ee:44:ec:1f:f3:f8:93:bd:5c:72:92:0d:c6:15:c0:
93:bf:6a:fc
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ2HRoyYZ1STSDbCjAMJcAMfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwNDEzMTQzNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjA4Nzk1Yzk5YjQ5MjIzOTBkZDAwMDYwMjM1OTk4OWY3NjdmODhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4u84Jt+n7gECPzFL2tbt3XFGHoE
jAP/DaHsiSLCzcCyZosqOoL7FXr/w2Dph+AaBurnYh8EHDBlS60wDRqAxb2V4ehG
eASAe47OQ86o1aBWbhu98CjycpEAASqj8jVJ7hUdTvgOc2+Xq2gYi2/5Rs3o5n07
fXDQujXZTMa13jEMTWBFP0jf57bJqPO8t37Xat6Z4cenrBO8Nyqtop86W9VbDgqi
ww1QoBNFRGIZtiHWh1cq7o/Gu78K4+Hgh/rhZdkkATFgi7swhr5bWbiQfbT8qod5
rU2eSOKWlquZYnzxxbKL7yQus2wNxuYxiHy3e8RadoJI6sYWfm/X8rC5iwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFLYIeVyZtJIjkN0ABgI1mYn3Z/iKMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvdGdoNVhKbTBraU9RM1FBR0FqV1ppZmRuLUlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAbewxAwQA
bewzAwQAuf4cAwQAwSObMA0GCSqGSIb3DQEBCwUAA4IBAQBz83rWdwEZ6Sm4wc6q
UCcAlQ0/5Z4roPWO9mRReRQAOzo5gEEKBpbbHL5EOm1cvaXfAUf5oBkFDIV4brA0
v8n9lVz/TFm74cdY9mvH6eFlBQn1pB/lIY9FsaXarmTidgJuCxWDBoJlkolcgTDd
IXNPs6icy4v+I2J5eCb34Ye02RJZ48g7tbIn+C2vZusOkj+DwzbMW63k1s6XLpyc
ldSrYWX8M8kBvuOKjwLljPFl5gCIB8Xkl6TjtEPe3bI6IpIFWRQVCW5OeRPoakwb
G8fYfNzaGm84GxYlPIq6o9emWIDaWRFwbvGYJaaajWHuROwf8/iTvVxykg3GFcCT
v2r8
-----END CERTIFICATE-----
Generated at Fri Apr 17 14:20:47 2026 by rpki-client