Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/FuFNaEGpCgejYN4pUx8MOxOGnJQ.roa
File: FuFNaEGpCgejYN4pUx8MOxOGnJQ.roa (raw, json)
Hash identifier: qqzAUELMLxOeovFJTTw1VzAOUup03v0ml8fpZORmHDo=
Subject key identifier: 16:E1:4D:68:41:A9:0A:07:A3:60:DE:29:53:1F:0C:3B:13:86:9C:94
Certificate issuer: /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial: 019D9106442085B82E6E4283B91B802CEDB6
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/FuFNaEGpCgejYN4pUx8MOxOGnJQ.roa
Signing time: Wed 15 Apr 2026 12:03:20 +0000
ROA not before: Wed 15 Apr 2026 12:03:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 206150
IP address blocks: 158.173.48.0/24 maxlen: 24
158.173.50.0/24 maxlen: 24
158.173.98.0/24 maxlen: 24
158.173.99.0/24 maxlen: 24
158.173.100.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 02:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:91:06:44:20:85:b8:2e:6e:42:83:b9:1b:80:2c:ed:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Validity
Not Before: Apr 15 12:03:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=16e14d6841a90a07a360de29531f0c3b13869c94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f9:d1:cb:0d:99:b7:d3:f5:55:37:9a:fa:fe:80:
9d:b9:2b:3d:82:a2:3c:7e:e7:b8:19:06:69:08:0b:
ba:26:f8:3c:f6:98:12:40:46:d6:1a:da:90:61:40:
21:32:cb:43:2c:a5:ac:00:d2:cd:10:e5:c5:a6:de:
12:00:38:7b:f2:57:ca:93:d2:62:93:88:4a:75:12:
f6:35:64:b0:f0:04:31:16:08:df:7f:00:0a:0f:5d:
a9:6c:40:0b:1c:ab:be:a3:4c:9f:9f:35:b9:2b:32:
07:e0:de:97:12:22:2a:3b:55:12:89:c1:f5:81:23:
83:f7:ef:ba:07:14:d3:41:8e:cd:b9:0b:c1:73:a2:
c7:4b:87:49:09:cb:11:b0:6b:43:32:4b:49:db:7a:
92:7f:77:db:77:01:41:7d:76:57:d6:bc:0b:d3:5b:
c6:40:de:38:2c:1d:4c:7c:32:53:a2:a1:7c:2f:7d:
56:36:da:f8:b7:19:27:7a:46:09:49:16:76:42:3b:
5b:81:f3:f0:8d:9e:89:b7:49:3e:41:a2:6c:b7:4f:
fd:52:0a:2f:68:1d:ab:a6:6a:59:a6:03:8c:39:16:
44:7a:5a:e3:09:b4:d8:b8:8f:cd:52:b2:9e:05:80:
c6:3c:82:eb:67:c6:c5:bb:4f:54:33:54:35:e6:36:
34:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:E1:4D:68:41:A9:0A:07:A3:60:DE:29:53:1F:0C:3B:13:86:9C:94
X509v3 Authority Key Identifier:
keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/FuFNaEGpCgejYN4pUx8MOxOGnJQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
158.173.48.0/24
158.173.50.0/24
158.173.98.0-158.173.100.255
Signature Algorithm: sha256WithRSAEncryption
97:56:b8:14:c3:bf:d9:4e:8c:76:e0:32:9d:3b:93:dd:66:e3:
f1:17:52:69:6f:06:f0:50:fe:db:a3:8d:39:cf:d0:2b:37:69:
24:30:35:21:aa:9b:af:c9:75:a2:8a:87:9d:ac:e0:cd:c4:c4:
82:05:f9:7d:83:bc:d2:4b:f4:72:d6:fb:84:ca:01:1e:71:4c:
5c:4a:75:e5:a0:a8:8a:d9:78:4a:db:46:70:f3:f2:c7:ff:cd:
b8:c9:6d:40:35:f8:40:72:35:05:bc:44:09:16:c3:dc:0f:15:
c9:70:5f:5a:f8:12:39:d6:5c:69:01:10:7f:79:81:d4:a5:4a:
b7:66:e6:94:09:ac:8b:38:30:43:04:01:88:c8:e2:42:f0:4e:
e3:d8:20:ee:d3:34:ad:2d:c3:8d:c1:df:5b:4e:19:a6:34:a6:
d8:af:1b:43:f7:e6:17:64:04:db:ea:6b:dc:ee:18:a1:6f:7c:
b0:64:fa:d6:60:58:59:b8:f1:13:01:c6:bc:21:21:ba:95:4f:
28:27:e9:03:28:02:53:27:16:81:be:c3:a2:fb:09:5e:21:7c:
e4:aa:3c:bb:69:1d:eb:e0:60:65:ca:21:0a:84:16:71:58:e1:
0b:7c:b4:b0:51:4b:af:63:b8:57:21:6a:b8:cb:8f:96:5e:82:
c4:9f:f7:f4
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZ2RBkQghbgubkKDuRuALO22MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwNDE1MTIwMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmUxNGQ2ODQxYTkwYTA3YTM2MGRlMjk1MzFmMGMzYjEzODY5Yzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+dHLDZm30/VVN5r6/oCduSs9gqI8
fue4GQZpCAu6Jvg89pgSQEbWGtqQYUAhMstDLKWsANLNEOXFpt4SADh78lfKk9Ji
k4hKdRL2NWSw8AQxFgjffwAKD12pbEALHKu+o0yfnzW5KzIH4N6XEiIqO1USicH1
gSOD9++6BxTTQY7NuQvBc6LHS4dJCcsRsGtDMktJ23qSf3fbdwFBfXZX1rwL01vG
QN44LB1MfDJToqF8L31WNtr4txknekYJSRZ2QjtbgfPwjZ6Jt0k+QaJst0/9Ugov
aB2rpmpZpgOMORZEelrjCbTYuI/NUrKeBYDGPILrZ8bFu09UM1Q15jY0oQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFBbhTWhBqQoHo2DeKVMfDDsThpyUMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvRnVGTmFFR3BDZ2VqWU40cFV4OE1PeE9HbkpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAnq0wAwQA
nq0yMAwDBAGerWIDBACerWQwDQYJKoZIhvcNAQELBQADggEBAJdWuBTDv9lOjHbg
Mp07k91m4/EXUmlvBvBQ/tujjTnP0Cs3aSQwNSGqm6/JdaKKh52s4M3ExIIF+X2D
vNJL9HLW+4TKAR5xTFxKdeWgqIrZeErbRnDz8sf/zbjJbUA1+EByNQW8RAkWw9wP
FclwX1r4EjnWXGkBEH95gdSlSrdm5pQJrIs4MEMEAYjI4kLwTuPYIO7TNK0tw43B
31tOGaY0ptivG0P35hdkBNvqa9zuGKFvfLBk+tZgWFm48RMBxrwhIbqVTygn6QMo
AlMnFoG+w6L7CV4hfOSqPLtpHevgYGXKIQqEFnFY4Qt8tLBRS69juFcharjLj5Ze
gsSf9/Q=
-----END CERTIFICATE-----
Generated at Sun Apr 19 10:14:25 2026 by rpki-client