Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mDL0qfNxSTfvrO5drMz2M2ItzoQ.roa
File: mDL0qfNxSTfvrO5drMz2M2ItzoQ.roa (raw, json)
Hash identifier: dCqKCkWTWRvf6MRBJ9yyopM8XITgacQ/erxkrWLqMwk=
Subject key identifier: 98:32:F4:A9:F3:71:49:37:EF:AC:EE:5D:AC:CC:F6:33:62:2D:CE:84
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 019C8A2B1DB32B9B1484D563852701B8BD97
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mDL0qfNxSTfvrO5drMz2M2ItzoQ.roa
Signing time: Mon 23 Feb 2026 11:03:27 +0000
ROA not before: Mon 23 Feb 2026 11:03:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 834
IP address blocks: 84.32.7.0/24 maxlen: 24
84.32.20.0/22 maxlen: 24
84.32.46.0/24 maxlen: 24
84.32.47.0/24 maxlen: 24
84.32.61.0/24 maxlen: 24
84.32.148.0/23 maxlen: 24
84.32.150.0/23 maxlen: 24
84.32.151.0/24 maxlen: 24
84.32.174.0/23 maxlen: 24
84.32.214.0/23 maxlen: 24
84.32.230.0/24 maxlen: 24
84.32.244.0/23 maxlen: 24
84.32.246.0/23 maxlen: 24
88.216.22.0/23 maxlen: 24
88.216.44.0/24 maxlen: 24
88.216.45.0/24 maxlen: 24
88.216.66.0/23 maxlen: 24
88.216.72.0/22 maxlen: 24
88.216.92.0/23 maxlen: 24
88.216.130.0/23 maxlen: 24
88.216.134.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:8a:2b:1d:b3:2b:9b:14:84:d5:63:85:27:01:b8:bd:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Feb 23 11:03:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9832f4a9f3714937efacee5dacccf633622dce84
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:71:5b:96:12:73:db:87:27:fc:45:fc:df:34:
f2:92:22:6c:22:08:44:f5:a8:9d:f8:9e:b5:4d:1c:
29:53:de:d0:ed:9f:38:18:35:0f:cf:ce:d0:e2:36:
ec:96:fc:d0:a6:03:26:1d:c4:69:49:7a:4a:56:1e:
79:ca:ea:61:8c:9e:25:58:2f:70:0f:b6:6b:2a:07:
37:25:33:c6:b2:b6:d3:8c:17:0b:b3:50:37:8c:11:
a4:71:fd:d9:31:35:6b:63:50:ac:eb:74:dd:59:5f:
bc:4a:6a:41:37:69:e0:b2:ca:4f:a6:41:a8:9d:58:
3b:40:09:8d:02:b0:d7:79:d3:94:60:1f:b0:48:8d:
42:50:01:0c:9d:94:30:90:ba:53:2d:e7:36:0b:d2:
51:0a:b9:e0:b6:bf:ac:34:ca:b7:d9:da:e4:eb:6d:
94:b2:e8:30:fd:e5:0d:68:32:38:a9:48:58:48:f6:
c5:b6:9d:a7:b0:80:6f:0b:35:36:e3:7f:b8:8a:1e:
72:6a:48:ee:6f:56:bf:15:c5:5d:d6:26:25:fe:3c:
b4:72:5e:8b:2d:57:6a:2e:11:86:70:1d:14:d0:16:
0d:45:3e:cb:02:09:71:bb:e4:5b:4b:45:e8:7e:1b:
92:9c:50:0e:8a:2d:9f:d4:7d:46:e1:b5:6b:45:75:
af:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:32:F4:A9:F3:71:49:37:EF:AC:EE:5D:AC:CC:F6:33:62:2D:CE:84
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mDL0qfNxSTfvrO5drMz2M2ItzoQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.7.0/24
84.32.20.0/22
84.32.46.0/23
84.32.61.0/24
84.32.148.0/22
84.32.174.0/23
84.32.214.0/23
84.32.230.0/24
84.32.244.0/22
88.216.22.0/23
88.216.44.0/23
88.216.66.0/23
88.216.72.0/22
88.216.92.0/23
88.216.130.0/23
88.216.134.0/23
Signature Algorithm: sha256WithRSAEncryption
22:65:3c:a4:e5:17:01:11:de:40:2b:e2:d8:2c:c7:f1:fe:77:
e2:de:1b:17:59:92:f6:f1:23:a9:36:45:11:02:ce:f4:c3:1d:
19:f9:f4:b1:f4:27:e7:50:b7:57:7b:1f:d3:5a:fa:9d:b2:d3:
2e:0f:92:b4:4f:94:f4:a6:0a:82:69:c1:36:15:29:5c:aa:d3:
78:55:90:f9:20:82:14:b2:3c:b2:1c:56:16:47:3d:0a:da:72:
ed:62:a8:5d:74:11:99:86:3f:69:85:90:5f:94:e1:e1:30:4e:
56:df:0d:47:45:3a:dc:0d:5e:91:f2:39:c1:ea:42:5b:60:9f:
d5:0d:ca:9e:e5:59:f5:c8:2f:25:72:08:05:7c:25:57:d3:14:
cf:c5:fe:03:a4:bc:4c:6d:58:d7:be:e3:8f:9a:f1:eb:50:4d:
27:95:b2:ff:d8:90:d1:d0:de:84:d1:25:fe:12:66:ca:ba:a3:
e0:b2:ee:6e:a9:26:aa:a4:bc:10:c9:f4:1f:9f:9b:0f:6e:9a:
fe:62:1c:5c:fd:58:6f:d0:5c:c6:a3:cb:fe:ac:87:de:9e:54:
ce:39:ed:a1:19:8e:c5:54:c1:db:d5:5b:64:c0:08:ff:da:d1:
1a:2d:fa:2b:af:1a:61:49:93:96:6f:5a:28:8e:e7:48:1a:6e:
06:3e:3f:c8
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAZyKKx2zK5sUhNVjhScBuL2XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjYwMjIzMTEwMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODMyZjRhOWYzNzE0OTM3ZWZhY2VlNWRhY2NjZjYzMzYyMmRjZTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHFblhJz24cn/EX83zTykiJsIghE
9aid+J61TRwpU97Q7Z84GDUPz87Q4jbslvzQpgMmHcRpSXpKVh55yuphjJ4lWC9w
D7ZrKgc3JTPGsrbTjBcLs1A3jBGkcf3ZMTVrY1Cs63TdWV+8SmpBN2ngsspPpkGo
nVg7QAmNArDXedOUYB+wSI1CUAEMnZQwkLpTLec2C9JRCrngtr+sNMq32drk622U
sugw/eUNaDI4qUhYSPbFtp2nsIBvCzU243+4ih5yakjub1a/FcVd1iYl/jy0cl6L
LVdqLhGGcB0U0BYNRT7LAglxu+RbS0XofhuSnFAOii2f1H1G4bVrRXWvswIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFJgy9KnzcUk376zuXazM9jNiLc6EMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvbURMMHFmTnhTVGZ2ck81ZHJNejJNMkl0em9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQAVCAHAwQC
VCAUAwQBVCAuAwQAVCA9AwQCVCCUAwQBVCCuAwQBVCDWAwQAVCDmAwQCVCD0AwQB
WNgWAwQBWNgsAwQBWNhCAwQCWNhIAwQBWNhcAwQBWNiCAwQBWNiGMA0GCSqGSIb3
DQEBCwUAA4IBAQAiZTyk5RcBEd5AK+LYLMfx/nfi3hsXWZL28SOpNkURAs70wx0Z
+fSx9CfnULdXex/TWvqdstMuD5K0T5T0pgqCacE2FSlcqtN4VZD5IIIUsjyyHFYW
Rz0K2nLtYqhddBGZhj9phZBflOHhME5W3w1HRTrcDV6R8jnB6kJbYJ/VDcqe5Vn1
yC8lcggFfCVX0xTPxf4DpLxMbVjXvuOPmvHrUE0nlbL/2JDR0N6E0SX+EmbKuqPg
su5uqSaqpLwQyfQfn5sPbpr+Yhxc/Vhv0FzGo8v+rIfenlTOOe2hGY7FVMHb1Vtk
wAj/2tEaLforrxphSZOWb1oojudIGm4GPj/I
-----END CERTIFICATE-----
Generated at Sun Mar 1 22:05:51 2026 by rpki-client