Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/rdJ8xXk5mnbp3JUsMack9bv5xiI.roa
File: rdJ8xXk5mnbp3JUsMack9bv5xiI.roa (raw, json)
Hash identifier: D2xipsYNPUahyWKXqjJrN51ikNliYwMKQLyig70LUbA=
Subject key identifier: AD:D2:7C:C5:79:39:9A:76:E9:DC:95:2C:31:A7:24:F5:BB:F9:C6:22
Certificate issuer: /CN=2c887302d1e740f5f98481fb4b7a461696bfe5c1
Certificate serial: 019C095808DA0442A42BBC671196E2ED1582
Authority key identifier: 2C:88:73:02:D1:E7:40:F5:F9:84:81:FB:4B:7A:46:16:96:BF:E5:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LIhzAtHnQPX5hIH7S3pGFpa_5cE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/rdJ8xXk5mnbp3JUsMack9bv5xiI.roa
Signing time: Thu 29 Jan 2026 10:41:30 +0000
ROA not before: Thu 29 Jan 2026 10:41:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 2595
IP address blocks: 194.116.100.0/24 maxlen: 24
2001:848:100::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/LIhzAtHnQPX5hIH7S3pGFpa_5cE.crl
rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/LIhzAtHnQPX5hIH7S3pGFpa_5cE.mft
rsync://rpki.ripe.net/repository/DEFAULT/LIhzAtHnQPX5hIH7S3pGFpa_5cE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:09:58:08:da:04:42:a4:2b:bc:67:11:96:e2:ed:15:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2c887302d1e740f5f98481fb4b7a461696bfe5c1
Validity
Not Before: Jan 29 10:41:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=add27cc579399a76e9dc952c31a724f5bbf9c622
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:04:2c:25:30:67:10:2e:1d:77:3d:67:2a:41:
c2:b8:11:eb:90:9e:9d:c2:50:c4:25:b9:c0:2f:34:
b3:a2:c5:6e:3a:52:25:38:1d:c0:00:e0:74:82:8d:
38:62:78:9e:f7:60:05:c3:20:cc:a4:61:2f:2d:6b:
4a:fc:4a:97:f2:e4:7b:c7:77:86:60:54:dc:77:68:
f2:d6:82:5b:6a:5b:1a:23:64:eb:bf:7c:9a:4c:b2:
2c:84:47:e2:4c:e8:6c:ed:04:f4:85:0b:a5:47:91:
10:81:89:70:e9:9e:a4:4d:16:24:5a:17:77:ae:18:
e5:1b:37:a4:2e:fb:b6:64:66:9f:ec:1f:43:1e:3a:
79:0e:45:db:7e:ba:0f:b8:c6:bd:94:5d:e6:65:a7:
84:dd:39:02:8e:a3:91:40:cb:9d:34:45:f7:2a:9b:
2c:37:4c:38:26:55:0e:3e:9b:f1:67:95:e3:85:cf:
f9:3b:84:10:1d:ad:47:5e:a7:40:6a:9f:a5:0b:83:
43:da:a8:4e:82:a2:a5:bf:b2:d0:fe:f3:51:c3:81:
ee:35:64:37:bb:74:00:46:0b:ba:30:18:db:de:47:
d4:ff:88:d6:54:2e:e5:ed:cf:6b:a2:e7:2d:26:35:
0e:8d:33:d4:a9:48:21:68:26:03:84:54:2b:94:74:
6c:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:D2:7C:C5:79:39:9A:76:E9:DC:95:2C:31:A7:24:F5:BB:F9:C6:22
X509v3 Authority Key Identifier:
keyid:2C:88:73:02:D1:E7:40:F5:F9:84:81:FB:4B:7A:46:16:96:BF:E5:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LIhzAtHnQPX5hIH7S3pGFpa_5cE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/rdJ8xXk5mnbp3JUsMack9bv5xiI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/LIhzAtHnQPX5hIH7S3pGFpa_5cE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.116.100.0/24
IPv6:
2001:848:100::/48
Signature Algorithm: sha256WithRSAEncryption
7e:d7:2c:a5:42:29:03:4e:a9:07:70:08:ca:71:1d:19:ac:5f:
89:17:31:31:a0:e8:a6:47:ec:c4:77:82:9d:bc:b8:82:c5:10:
f4:73:d4:2c:e4:7e:52:3c:62:3f:f7:82:1e:3b:9a:bd:61:7b:
33:2d:79:a2:eb:8c:54:37:06:71:ad:fc:d9:2e:f8:a0:8c:13:
44:ba:0c:95:4f:d6:0f:9a:92:3b:62:a2:d0:b9:d5:7a:a5:d5:
28:fa:74:bb:40:19:29:86:31:91:d2:ad:a4:b2:f1:5c:e3:ab:
d8:4d:eb:c8:82:31:80:67:8c:ce:2a:ff:af:6a:c3:ea:82:96:
e4:ca:2b:8f:9f:81:af:cc:7d:c1:75:4d:95:78:28:e5:0b:f5:
02:5f:02:4b:a0:c1:56:9c:45:1d:7a:00:2b:8a:d4:22:b6:f5:
b8:8b:c3:af:b3:93:6f:76:0c:9e:fb:c0:d2:aa:41:4e:e0:42:
0a:89:35:90:02:89:da:c5:58:12:2a:9d:e7:56:b8:43:66:fc:
a9:ac:16:bc:f3:39:3e:6d:d4:24:b7:d4:39:b7:d1:97:e0:67:
79:b9:df:dc:dd:93:f8:19:75:d1:98:42:c1:f0:b0:b4:95:c8:
fd:c9:bd:24:7c:a1:34:cb:c8:a6:41:76:02:81:ef:9d:27:26:
05:e8:19:54
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZwJWAjaBEKkK7xnEZbi7RWCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjODg3MzAyZDFlNzQwZjVmOTg0ODFmYjRiN2E0NjE2OTZi
ZmU1YzEwHhcNMjYwMTI5MTA0MTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGQyN2NjNTc5Mzk5YTc2ZTlkYzk1MmMzMWE3MjRmNWJiZjljNjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAQsJTBnEC4ddz1nKkHCuBHrkJ6d
wlDEJbnALzSzosVuOlIlOB3AAOB0go04Ynie92AFwyDMpGEvLWtK/EqX8uR7x3eG
YFTcd2jy1oJbalsaI2Trv3yaTLIshEfiTOhs7QT0hQulR5EQgYlw6Z6kTRYkWhd3
rhjlGzekLvu2ZGaf7B9DHjp5DkXbfroPuMa9lF3mZaeE3TkCjqORQMudNEX3Kpss
N0w4JlUOPpvxZ5Xjhc/5O4QQHa1HXqdAap+lC4ND2qhOgqKlv7LQ/vNRw4HuNWQ3
u3QARgu6MBjb3kfU/4jWVC7l7c9rouctJjUOjTPUqUghaCYDhFQrlHRscQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK3SfMV5OZp26dyVLDGnJPW7+cYiMB8GA1UdIwQY
MBaAFCyIcwLR50D1+YSB+0t6RhaWv+XBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEloekF0SG5RUFg1aElIN1MzcEdGcGFfNWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NDViNzQtZDhmYi00NDg4LWJiZmQt
YzAyOGQ5MWViYzljLzEvcmRKOHhYazVtbmJwM0pVc01hY2s5YnY1eGlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NDViNzQtZDhmYi00NDg4LWJiZmQtYzAyOGQ5MWViYzlj
LzEvTEloekF0SG5RUFg1aElIN1MzcEdGcGFfNWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwnRkMA8E
AgACMAkDBwAgAQhIAQAwDQYJKoZIhvcNAQELBQADggEBAH7XLKVCKQNOqQdwCMpx
HRmsX4kXMTGg6KZH7MR3gp28uILFEPRz1CzkflI8Yj/3gh47mr1hezMteaLrjFQ3
BnGt/Nku+KCME0S6DJVP1g+akjtiotC51Xql1Sj6dLtAGSmGMZHSraSy8Vzjq9hN
68iCMYBnjM4q/69qw+qCluTKK4+fga/MfcF1TZV4KOUL9QJfAkugwVacRR16ACuK
1CK29biLw6+zk292DJ77wNKqQU7gQgqJNZACidrFWBIqnedWuENm/KmsFrzzOT5t
1CS31Dm30ZfgZ3m539zdk/gZddGYQsHwsLSVyP3JvSR8oTTLyKZBdgKB750nJgXo
GVQ=
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:10:48 2026 by rpki-client