Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/IauAxs74tysYNqUuPq3mwgGVBQY.roa
File: IauAxs74tysYNqUuPq3mwgGVBQY.roa (raw, json)
Hash identifier: I4y1ed39yJsl3DkGtY/KgIMLvKWqfNhrhjl/qeS45rw=
Subject key identifier: 21:AB:80:C6:CE:F8:B7:2B:18:36:A5:2E:3E:AD:E6:C2:01:95:05:06
Certificate issuer: /CN=896a82a725ed22bb46847ae568912078de25c108
Certificate serial: 019D4461DA0F18BF409BBBF48CA16D84F3DD
Authority key identifier: 89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/IauAxs74tysYNqUuPq3mwgGVBQY.roa
Signing time: Tue 31 Mar 2026 14:52:36 +0000
ROA not before: Tue 31 Mar 2026 14:52:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 44431
IP address blocks: 77.70.176.0/22 maxlen: 24
77.70.181.0/24 maxlen: 24
77.70.184.0/21 maxlen: 24
193.220.160.0/24 maxlen: 24
193.220.162.0/23 maxlen: 24
193.220.162.0/24 maxlen: 24
193.220.163.0/24 maxlen: 24
193.220.224.0/20 maxlen: 24
193.220.225.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.crl
rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.mft
rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:44:61:da:0f:18:bf:40:9b:bb:f4:8c:a1:6d:84:f3:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=896a82a725ed22bb46847ae568912078de25c108
Validity
Not Before: Mar 31 14:52:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=21ab80c6cef8b72b1836a52e3eade6c201950506
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:2d:24:c1:f6:0e:a0:6a:02:d0:9c:51:50:65:
46:14:f2:7e:a6:f1:76:7f:87:78:83:b5:19:f1:ff:
89:01:d5:bf:e9:d3:34:9b:1f:ac:fc:c9:90:e2:f5:
1d:34:1f:75:14:29:c7:22:50:68:0f:b6:eb:64:10:
c2:75:1f:20:6f:ce:84:1e:35:4b:c0:3f:11:62:37:
0e:e6:e9:e1:c9:2c:7c:62:bd:30:88:79:de:f7:d2:
a0:db:c1:f3:0c:34:fb:bc:bf:2b:3b:f1:36:4e:92:
05:b9:ce:ed:a2:31:ed:3d:66:83:cb:a2:ef:74:62:
4d:1f:26:f4:c9:1c:a3:c3:bf:e1:4e:ab:88:d2:8c:
dc:c1:45:65:08:9c:2e:15:52:4c:de:18:08:73:a4:
4a:1b:7a:cf:53:36:63:12:90:42:18:38:73:f8:f2:
ad:1b:ef:55:d6:02:b5:a7:ee:90:73:bd:ca:92:ba:
30:0c:3a:11:d8:90:44:56:31:20:ed:9a:24:e8:61:
21:4c:ed:33:4c:66:8a:36:be:0b:ef:4b:1b:b9:73:
39:c4:ab:b8:1d:23:4f:35:04:84:39:e0:0d:5a:c2:
91:29:39:3d:b1:f9:76:db:56:ea:67:01:df:05:dc:
3c:72:99:cc:e1:de:c3:d7:77:db:97:d7:1d:47:37:
4a:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:AB:80:C6:CE:F8:B7:2B:18:36:A5:2E:3E:AD:E6:C2:01:95:05:06
X509v3 Authority Key Identifier:
keyid:89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/IauAxs74tysYNqUuPq3mwgGVBQY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.70.176.0/22
77.70.181.0/24
77.70.184.0/21
193.220.160.0/24
193.220.162.0/23
193.220.224.0/20
Signature Algorithm: sha256WithRSAEncryption
18:bc:34:dc:ee:42:f9:20:4d:2c:6f:eb:3c:00:4a:86:19:5f:
ce:4b:bc:1b:0b:b3:53:8b:c1:4a:ad:d7:8d:d2:be:d1:db:7a:
5c:1f:5d:b5:4d:da:08:54:f3:05:e2:0d:11:09:0d:35:be:de:
1d:97:bb:27:b7:3f:ae:da:6a:18:b0:66:96:d7:9a:9d:04:b6:
59:b3:38:c5:1c:0f:d3:79:9f:85:98:2a:ce:ed:49:ab:aa:7b:
85:0d:21:3a:da:39:81:6c:07:06:f1:d1:5b:9e:14:18:0c:df:
9d:04:24:49:1b:9e:b1:71:b3:85:53:bc:27:a9:cd:b3:9b:e4:
73:6a:3f:28:23:5f:17:55:57:4b:ae:df:1b:c4:48:f6:13:95:
6f:e1:fd:83:b1:84:fc:f1:a1:b2:d6:76:97:ca:5f:38:f5:76:
5c:12:98:84:df:b5:0c:00:23:f3:bd:39:4e:08:08:1d:c0:ac:
81:55:f4:81:e1:8b:01:98:15:87:2f:b4:18:5d:b0:3a:0a:1d:
58:77:51:f3:08:ae:1a:05:56:85:c2:a8:20:79:69:1d:5f:8f:
35:fe:0e:29:0f:b8:a6:1b:5f:9e:51:d5:6a:c9:3e:5b:5f:eb:
ae:2c:87:86:0a:9a:ff:ea:43:5f:85:23:42:a7:b7:f2:f1:4e:
78:aa:3d:ef
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ1EYdoPGL9Am7v0jKFthPPdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmE4MmE3MjVlZDIyYmI0Njg0N2FlNTY4OTEyMDc4ZGUy
NWMxMDgwHhcNMjYwMzMxMTQ1MjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWFiODBjNmNlZjhiNzJiMTgzNmE1MmUzZWFkZTZjMjAxOTUwNTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuy0kwfYOoGoC0JxRUGVGFPJ+pvF2
f4d4g7UZ8f+JAdW/6dM0mx+s/MmQ4vUdNB91FCnHIlBoD7brZBDCdR8gb86EHjVL
wD8RYjcO5unhySx8Yr0wiHne99Kg28HzDDT7vL8rO/E2TpIFuc7tojHtPWaDy6Lv
dGJNHyb0yRyjw7/hTquI0ozcwUVlCJwuFVJM3hgIc6RKG3rPUzZjEpBCGDhz+PKt
G+9V1gK1p+6Qc73KkrowDDoR2JBEVjEg7Zok6GEhTO0zTGaKNr4L70sbuXM5xKu4
HSNPNQSEOeANWsKRKTk9sfl221bqZwHfBdw8cpnM4d7D13fbl9cdRzdKhwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFCGrgMbO+LcrGDalLj6t5sIBlQUGMB8GA1UdIwQY
MBaAFIlqgqcl7SK7RoR65WiRIHjeJcEIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUt
MDQwMTI3MTAyMjA5LzEvSWF1QXhzNzR0eXNZTnFVdVBxM213Z0dWQlFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUtMDQwMTI3MTAyMjA5
LzEvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCTUawAwQA
TUa1AwQDTUa4AwQAwdygAwQBwdyiAwQEwdzgMA0GCSqGSIb3DQEBCwUAA4IBAQAY
vDTc7kL5IE0sb+s8AEqGGV/OS7wbC7NTi8FKrdeN0r7R23pcH121TdoIVPMF4g0R
CQ01vt4dl7sntz+u2moYsGaW15qdBLZZszjFHA/TeZ+FmCrO7UmrqnuFDSE62jmB
bAcG8dFbnhQYDN+dBCRJG56xcbOFU7wnqc2zm+Rzaj8oI18XVVdLrt8bxEj2E5Vv
4f2DsYT88aGy1naXyl849XZcEpiE37UMACPzvTlOCAgdwKyBVfSB4YsBmBWHL7QY
XbA6Ch1Yd1HzCK4aBVaFwqggeWkdX481/g4pD7imG1+eUdVqyT5bX+uuLIeGCpr/
6kNfhSNCp7fy8U54qj3v
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:28:46 2026 by rpki-client