Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/649af0-132c-4533-9fbc-3b250ae18936/1/3dytCQRLOyyF8BB1A5B-6F1xVBM.roa
File: 3dytCQRLOyyF8BB1A5B-6F1xVBM.roa (raw, json)
Hash identifier: WNCavQmenTSfXPZnZ/JnExGVfMwWPV0krWA6OaC4XXk=
Subject key identifier: DD:DC:AD:09:04:4B:3B:2C:85:F0:10:75:03:90:7E:E8:5D:71:54:13
Certificate issuer: /CN=dcca522196fd09bae739b6bd2322e5eb90da4fb9
Certificate serial: 019B79ECAB92A39540C6CFC7FE4D6A048CC6
Authority key identifier: DC:CA:52:21:96:FD:09:BA:E7:39:B6:BD:23:22:E5:EB:90:DA:4F:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3MpSIZb9CbrnOba9IyLl65DaT7k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4f/649af0-132c-4533-9fbc-3b250ae18936/1/3dytCQRLOyyF8BB1A5B-6F1xVBM.roa
Signing time: Thu 01 Jan 2026 14:18:32 +0000
ROA not before: Thu 01 Jan 2026 14:18:32 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 216031
IP address blocks: 194.49.111.0/24 maxlen: 24
194.49.115.0/24 maxlen: 24
194.49.116.0/24 maxlen: 24
194.50.3.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4f/649af0-132c-4533-9fbc-3b250ae18936/1/3MpSIZb9CbrnOba9IyLl65DaT7k.crl
rsync://rpki.ripe.net/repository/DEFAULT/4f/649af0-132c-4533-9fbc-3b250ae18936/1/3MpSIZb9CbrnOba9IyLl65DaT7k.mft
rsync://rpki.ripe.net/repository/DEFAULT/3MpSIZb9CbrnOba9IyLl65DaT7k.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 05:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:79:ec:ab:92:a3:95:40:c6:cf:c7:fe:4d:6a:04:8c:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dcca522196fd09bae739b6bd2322e5eb90da4fb9
Validity
Not Before: Jan 1 14:18:32 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=dddcad09044b3b2c85f0107503907ee85d715413
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:d6:aa:0f:c6:fa:bd:30:f6:86:52:b1:9c:c8:
9d:43:e0:ef:3d:be:6d:8d:d1:61:4f:ab:e8:b0:52:
1f:76:cf:10:a0:ac:01:d9:1f:33:6a:8a:50:70:95:
87:dc:c3:22:32:9f:c4:9b:ec:5f:f8:36:c9:e9:00:
27:ba:ab:f8:9d:5c:b4:ea:49:73:23:a5:de:59:1f:
d7:30:c5:c5:b8:7c:94:dd:cf:4e:67:77:bb:06:75:
d3:75:b0:3f:ba:b5:a7:fd:ac:c7:0d:84:a6:ee:ab:
8f:c0:0e:86:be:db:fc:82:ed:6c:f9:70:b9:38:e0:
27:f7:a7:99:1b:60:bd:11:b4:e4:3c:ca:ae:6a:cd:
d3:b9:88:fd:fa:55:19:f1:35:c1:74:b0:7e:a0:72:
56:b4:bb:08:9e:43:ec:be:eb:10:2b:7b:23:c9:be:
7d:b4:d4:a4:c8:2d:ce:9d:d0:44:2d:0b:7e:0d:46:
f4:b2:34:1a:a8:4a:47:1d:78:ad:3f:90:86:b6:4a:
6a:d6:98:14:32:58:65:65:ea:72:e8:b2:9e:8e:75:
b0:bf:15:bc:6a:60:07:63:77:b4:fc:b0:07:3a:88:
aa:64:a9:6f:17:a5:3b:de:c9:87:57:ad:0f:60:b9:
2c:d9:33:d1:7c:c8:9c:99:e1:ee:93:62:5c:23:5a:
b1:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:DC:AD:09:04:4B:3B:2C:85:F0:10:75:03:90:7E:E8:5D:71:54:13
X509v3 Authority Key Identifier:
keyid:DC:CA:52:21:96:FD:09:BA:E7:39:B6:BD:23:22:E5:EB:90:DA:4F:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3MpSIZb9CbrnOba9IyLl65DaT7k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/649af0-132c-4533-9fbc-3b250ae18936/1/3dytCQRLOyyF8BB1A5B-6F1xVBM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/649af0-132c-4533-9fbc-3b250ae18936/1/3MpSIZb9CbrnOba9IyLl65DaT7k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.49.111.0/24
194.49.115.0-194.49.116.255
194.50.3.0/24
Signature Algorithm: sha256WithRSAEncryption
5e:a1:f1:75:20:9b:20:8f:c0:b4:bd:44:ab:96:bd:cc:b6:a3:
30:d5:38:76:29:b4:97:45:ce:7f:b7:8e:7b:6b:9d:d7:4b:cc:
84:e4:14:18:c9:53:8d:50:6c:88:30:8a:5e:f9:2f:58:fe:d8:
d5:d7:4f:72:95:d0:e7:f8:e5:af:45:6c:79:ab:56:52:e8:eb:
53:3e:82:73:e6:89:d6:e1:d1:1a:fd:76:e4:90:27:24:b5:2c:
3b:b2:01:22:76:34:2f:3e:5a:7c:06:86:c0:cc:2e:07:d7:4d:
0e:ea:77:6d:21:4c:eb:d4:d4:93:e6:28:3d:84:bb:a5:67:c6:
dc:17:34:b4:af:e9:9b:29:07:81:94:0e:12:ba:15:4a:49:d2:
bc:fc:66:a1:34:12:80:68:db:c6:89:55:e1:28:4e:77:15:bf:
93:da:43:ae:1d:6f:be:85:c6:85:39:f6:23:ea:a1:ba:40:5b:
dc:3b:75:21:bc:9b:02:e5:c8:18:53:cd:df:63:50:51:89:bd:
71:2d:1d:27:b5:3d:e0:b3:3f:21:99:98:74:c4:22:40:52:f6:
dd:7e:ce:97:57:5e:b8:be:b5:96:7d:df:57:ab:b7:32:e4:12:
4d:be:84:f0:5a:61:e0:0c:9d:cc:30:13:d4:d7:88:4a:44:5f:
fb:7d:96:ff
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZt57KuSo5VAxs/H/k1qBIzGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjY2E1MjIxOTZmZDA5YmFlNzM5YjZiZDIzMjJlNWViOTBk
YTRmYjkwHhcNMjYwMTAxMTQxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGRjYWQwOTA0NGIzYjJjODVmMDEwNzUwMzkwN2VlODVkNzE1NDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9aqD8b6vTD2hlKxnMidQ+DvPb5t
jdFhT6vosFIfds8QoKwB2R8zaopQcJWH3MMiMp/Em+xf+DbJ6QAnuqv4nVy06klz
I6XeWR/XMMXFuHyU3c9OZ3e7BnXTdbA/urWn/azHDYSm7quPwA6Gvtv8gu1s+XC5
OOAn96eZG2C9EbTkPMquas3TuYj9+lUZ8TXBdLB+oHJWtLsInkPsvusQK3sjyb59
tNSkyC3OndBELQt+DUb0sjQaqEpHHXitP5CGtkpq1pgUMlhlZepy6LKejnWwvxW8
amAHY3e0/LAHOoiqZKlvF6U73smHV60PYLks2TPRfMicmeHuk2JcI1qxSwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFN3crQkESzsshfAQdQOQfuhdcVQTMB8GA1UdIwQY
MBaAFNzKUiGW/Qm65zm2vSMi5euQ2k+5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM01wU0laYjlDYnJuT2JhOUl5TGw2NURhVDdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi82NDlhZjAtMTMyYy00NTMzLTlmYmMt
M2IyNTBhZTE4OTM2LzEvM2R5dENRUkxPeXlGOEJCMUE1Qi02RjF4VkJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi82NDlhZjAtMTMyYy00NTMzLTlmYmMtM2IyNTBhZTE4OTM2
LzEvM01wU0laYjlDYnJuT2JhOUl5TGw2NURhVDdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAwjFvMAwD
BADCMXMDBADCMXQDBADCMgMwDQYJKoZIhvcNAQELBQADggEBAF6h8XUgmyCPwLS9
RKuWvcy2ozDVOHYptJdFzn+3jntrnddLzITkFBjJU41QbIgwil75L1j+2NXXT3KV
0Of45a9FbHmrVlLo61M+gnPmidbh0Rr9duSQJyS1LDuyASJ2NC8+WnwGhsDMLgfX
TQ7qd20hTOvU1JPmKD2Eu6VnxtwXNLSv6ZspB4GUDhK6FUpJ0rz8ZqE0EoBo28aJ
VeEoTncVv5PaQ64db76FxoU59iPqobpAW9w7dSG8mwLlyBhTzd9jUFGJvXEtHSe1
PeCzPyGZmHTEIkBS9t1+zpdXXri+tZZ931ertzLkEk2+hPBaYeAMncwwE9TXiEpE
X/t9lv8=
-----END CERTIFICATE-----
Generated at Mon Mar 2 14:39:08 2026 by rpki-client