Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/NmBTha17lkXBZf0rZlejpRRTlRE.roa
File: NmBTha17lkXBZf0rZlejpRRTlRE.roa (raw, json)
Hash identifier: i02xI4zp1qhQFY3VPYmeJRVGjecPRLxmojn582llJIY=
Subject key identifier: 36:60:53:85:AD:7B:96:45:C1:65:FD:2B:66:57:A3:A5:14:53:95:11
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 019C2CC6D1D14C8264355AFF51D1C0B7F6A3
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/NmBTha17lkXBZf0rZlejpRRTlRE.roa
Signing time: Thu 05 Feb 2026 07:49:13 +0000
ROA not before: Thu 05 Feb 2026 07:49:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 204770
IP address blocks: 84.32.32.0/24 maxlen: 24
84.32.34.0/24 maxlen: 24
84.32.48.0/24 maxlen: 24
84.32.63.0/24 maxlen: 24
84.32.70.0/24 maxlen: 24
84.32.71.0/24 maxlen: 24
84.32.128.0/22 maxlen: 32
84.32.220.0/24 maxlen: 24
88.216.39.0/24 maxlen: 24
88.216.68.0/24 maxlen: 24
88.216.184.0/24 maxlen: 24
88.216.198.0/24 maxlen: 24
88.216.210.0/24 maxlen: 24
88.216.222.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:2c:c6:d1:d1:4c:82:64:35:5a:ff:51:d1:c0:b7:f6:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Feb 5 07:49:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=36605385ad7b9645c165fd2b6657a3a514539511
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:53:16:bb:2e:a8:ba:12:a9:39:73:ed:72:fd:
06:2d:be:2d:4c:55:a2:5b:32:62:74:1d:55:d7:89:
0c:8a:a9:67:34:31:81:25:cf:bf:ef:b9:fa:b6:31:
8b:1d:9d:57:71:91:86:fc:62:2b:16:d9:32:99:49:
69:1a:6a:d7:3c:f5:09:d9:10:ea:65:8d:a4:41:64:
c9:14:04:6a:fa:14:5c:5d:d1:76:dd:57:ea:c3:b7:
bd:78:24:4e:66:9c:d9:3c:ad:32:08:bd:d3:a0:bf:
db:d8:ae:cb:fb:fe:ac:b9:0e:78:1c:f5:47:dc:ae:
62:21:20:f6:d4:35:89:d5:22:b6:ac:0a:28:ca:2b:
79:2f:93:b0:2f:52:cc:b9:ab:94:3c:08:f2:9b:c4:
16:b4:80:60:ef:33:ff:d2:4c:9b:f0:02:74:8d:99:
c7:73:8d:bf:58:51:2a:af:81:ad:fa:dd:f6:ea:fc:
a4:d3:4b:38:81:1a:d8:ad:f7:7f:9c:14:22:cc:0b:
d5:31:f8:4a:2b:3b:83:32:38:29:c5:21:8a:85:42:
f9:80:2f:78:e0:d5:29:55:a3:40:03:f4:1d:ee:ec:
e4:24:7d:5a:0f:04:89:cb:31:78:21:1f:ef:69:4c:
11:63:80:61:93:14:3a:62:d3:d2:6b:8e:c7:e0:d6:
79:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:60:53:85:AD:7B:96:45:C1:65:FD:2B:66:57:A3:A5:14:53:95:11
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/NmBTha17lkXBZf0rZlejpRRTlRE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.32.0/24
84.32.34.0/24
84.32.48.0/24
84.32.63.0/24
84.32.70.0/23
84.32.128.0/22
84.32.220.0/24
88.216.39.0/24
88.216.68.0/24
88.216.184.0/24
88.216.198.0/24
88.216.210.0/24
88.216.222.0/24
Signature Algorithm: sha256WithRSAEncryption
20:a3:85:4a:ca:e9:17:83:3c:db:88:af:89:8b:53:45:70:68:
9f:6a:52:97:61:30:36:da:f9:9b:8e:e4:63:e7:7b:9b:38:60:
c0:60:f9:d2:04:c2:6e:7a:f0:39:80:ee:42:d6:d5:e1:85:76:
43:97:1a:d5:09:be:89:20:9c:2b:dc:bb:1b:a8:14:e6:de:fa:
12:d3:ea:5f:82:95:b3:78:d9:fc:52:0b:d2:a6:8f:a7:8e:de:
1c:38:7b:6e:12:d9:3d:5b:42:ea:ca:89:2a:c9:1b:82:0d:69:
27:76:d3:07:a9:e1:66:51:8a:0a:15:0b:bf:41:1c:61:e8:f4:
f7:98:fd:9a:8a:51:55:ce:03:85:dc:a9:f1:26:1c:a8:d3:c1:
51:b0:94:b9:a5:b7:3e:64:0c:1f:1a:e3:72:d9:c1:68:2f:ac:
e2:b3:55:09:63:4a:96:27:52:d8:84:52:84:b0:89:d4:05:12:
8a:52:da:7e:4e:cf:79:b8:3d:4d:6d:77:58:5a:ae:81:66:73:
46:3a:59:f2:e1:e8:98:22:58:c8:a8:21:e2:76:66:a0:88:ef:
9a:66:35:5f:0b:14:62:e9:66:99:53:46:66:c0:93:55:0a:76:
69:df:67:7b:42:44:94:fc:3d:07:1c:e6:2b:84:6a:97:40:0f:
aa:f5:b0:bb
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZwsxtHRTIJkNVr/UdHAt/ajMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjYwMjA1MDc0OTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjYwNTM4NWFkN2I5NjQ1YzE2NWZkMmI2NjU3YTNhNTE0NTM5NTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0lMWuy6ouhKpOXPtcv0GLb4tTFWi
WzJidB1V14kMiqlnNDGBJc+/77n6tjGLHZ1XcZGG/GIrFtkymUlpGmrXPPUJ2RDq
ZY2kQWTJFARq+hRcXdF23Vfqw7e9eCROZpzZPK0yCL3ToL/b2K7L+/6suQ54HPVH
3K5iISD21DWJ1SK2rAooyit5L5OwL1LMuauUPAjym8QWtIBg7zP/0kyb8AJ0jZnH
c42/WFEqr4Gt+t326vyk00s4gRrYrfd/nBQizAvVMfhKKzuDMjgpxSGKhUL5gC94
4NUpVaNAA/Qd7uzkJH1aDwSJyzF4IR/vaUwRY4BhkxQ6YtPSa47H4NZ5EQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFDZgU4Wte5ZFwWX9K2ZXo6UUU5URMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvTm1CVGhhMTdsa1hCWmYwclpsZWpwUlJUbFJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAVCAgAwQA
VCAiAwQAVCAwAwQAVCA/AwQBVCBGAwQCVCCAAwQAVCDcAwQAWNgnAwQAWNhEAwQA
WNi4AwQAWNjGAwQAWNjSAwQAWNjeMA0GCSqGSIb3DQEBCwUAA4IBAQAgo4VKyukX
gzzbiK+Ji1NFcGifalKXYTA22vmbjuRj53ubOGDAYPnSBMJuevA5gO5C1tXhhXZD
lxrVCb6JIJwr3LsbqBTm3voS0+pfgpWzeNn8UgvSpo+njt4cOHtuEtk9W0Lqyokq
yRuCDWkndtMHqeFmUYoKFQu/QRxh6PT3mP2ailFVzgOF3KnxJhyo08FRsJS5pbc+
ZAwfGuNy2cFoL6zis1UJY0qWJ1LYhFKEsInUBRKKUtp+Ts95uD1NbXdYWq6BZnNG
Olny4eiYIljIqCHidmagiO+aZjVfCxRi6WaZU0ZmwJNVCnZp32d7QkSU/D0HHOYr
hGqXQA+q9bC7
-----END CERTIFICATE-----
Generated at Mon Mar 2 00:03:36 2026 by rpki-client