Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/1d575d-7b22-47c7-a17e-8a136cb0dd5c/1/4TPc3m07IptozaAS-Sg6u70wBY8.roa
File: 4TPc3m07IptozaAS-Sg6u70wBY8.roa (raw, json)
Hash identifier: Ub9VBi2JJ0n1uK8GpU4txhHGzf/S6oXYoNYi6ksYIpM=
Subject key identifier: E1:33:DC:DE:6D:3B:22:9B:68:CD:A0:12:F9:28:3A:BB:BD:30:05:8F
Certificate issuer: /CN=37c48b789cc7ffe7be09444643fdb86bdb573f7d
Certificate serial: 019B77593F853F3CBE4E9AEB36D07457A769
Authority key identifier: 37:C4:8B:78:9C:C7:FF:E7:BE:09:44:46:43:FD:B8:6B:DB:57:3F:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N8SLeJzH_-e-CURGQ_24a9tXP30.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/56/1d575d-7b22-47c7-a17e-8a136cb0dd5c/1/4TPc3m07IptozaAS-Sg6u70wBY8.roa
Signing time: Thu 01 Jan 2026 02:18:16 +0000
ROA not before: Thu 01 Jan 2026 02:18:16 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202373
IP address blocks: 84.38.76.0/23 maxlen: 23
194.55.96.0/22 maxlen: 22
194.55.96.0/24 maxlen: 24
194.55.97.0/24 maxlen: 24
194.55.98.0/24 maxlen: 24
194.55.99.0/24 maxlen: 24
2a0c:cac0::/29 maxlen: 29
2a0c:cac1::/32 maxlen: 32
2a0c:cac2::/32 maxlen: 32
2a0c:cac6:1000::/36 maxlen: 36
2a0c:cac6:2000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/56/1d575d-7b22-47c7-a17e-8a136cb0dd5c/1/N8SLeJzH_-e-CURGQ_24a9tXP30.crl
rsync://rpki.ripe.net/repository/DEFAULT/56/1d575d-7b22-47c7-a17e-8a136cb0dd5c/1/N8SLeJzH_-e-CURGQ_24a9tXP30.mft
rsync://rpki.ripe.net/repository/DEFAULT/N8SLeJzH_-e-CURGQ_24a9tXP30.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 02:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:77:59:3f:85:3f:3c:be:4e:9a:eb:36:d0:74:57:a7:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37c48b789cc7ffe7be09444643fdb86bdb573f7d
Validity
Not Before: Jan 1 02:18:16 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=e133dcde6d3b229b68cda012f9283abbbd30058f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:4f:f1:bb:83:e1:f6:5e:c1:ef:c3:c0:62:ae:
ac:86:04:ff:10:5f:de:38:c6:82:8d:23:5f:53:b7:
d9:6b:01:19:01:c5:8a:32:f5:67:f2:00:f5:16:05:
e8:ec:c7:5d:94:c6:fa:e3:fa:28:0d:f1:8e:9a:17:
f9:21:91:fb:12:71:5a:65:35:7c:70:b4:9b:50:28:
96:8c:99:a2:06:a1:d7:27:15:22:cf:eb:42:dc:f3:
dd:9a:fa:bf:cc:4c:4b:76:ba:01:f5:77:0a:b0:4d:
b1:35:9a:90:ee:cf:4b:3e:b8:56:2d:dc:1a:bb:35:
56:d2:72:fd:8b:3f:37:89:f5:36:79:d2:eb:2c:bb:
a9:61:fd:1f:6d:8e:18:dc:7a:05:6b:a6:c3:dd:0c:
36:8b:a2:b9:e5:8c:02:1b:6b:ef:96:1e:70:f9:85:
08:17:b4:6a:10:c8:84:92:dd:6e:91:72:56:82:ff:
76:7f:15:9f:be:6f:8f:55:5e:ad:4d:e3:8f:d0:49:
61:d4:76:ec:f3:63:36:a6:a1:9b:01:76:8b:31:94:
c1:c2:2c:6d:71:a2:df:6f:25:66:b5:dc:84:17:6a:
4d:41:90:48:27:8c:a9:20:df:c0:d4:cb:c8:b9:d7:
f0:77:6d:30:dd:cc:d5:53:89:a6:56:62:9b:19:2e:
b2:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:33:DC:DE:6D:3B:22:9B:68:CD:A0:12:F9:28:3A:BB:BD:30:05:8F
X509v3 Authority Key Identifier:
keyid:37:C4:8B:78:9C:C7:FF:E7:BE:09:44:46:43:FD:B8:6B:DB:57:3F:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N8SLeJzH_-e-CURGQ_24a9tXP30.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/1d575d-7b22-47c7-a17e-8a136cb0dd5c/1/4TPc3m07IptozaAS-Sg6u70wBY8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/56/1d575d-7b22-47c7-a17e-8a136cb0dd5c/1/N8SLeJzH_-e-CURGQ_24a9tXP30.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.38.76.0/23
194.55.96.0/22
IPv6:
2a0c:cac0::/29
Signature Algorithm: sha256WithRSAEncryption
4f:b8:f5:8d:8d:72:41:b3:fd:4e:b7:0e:95:13:57:06:95:4f:
b1:80:b1:c0:9a:8d:56:64:90:c4:fb:4d:bb:a9:bc:c8:e3:6b:
cd:d3:ca:56:18:04:04:fa:06:83:a6:28:a2:5f:c6:89:9c:56:
32:35:b6:19:1b:27:d0:04:43:bc:de:42:6d:4a:3f:71:68:e7:
78:21:3d:ce:12:35:7b:b0:38:d7:64:72:3f:b8:64:37:85:aa:
7d:4c:d0:9e:37:00:17:cf:9e:de:6f:1f:73:b9:7e:84:80:6e:
d7:5c:39:41:fc:c5:95:ef:ae:f2:3d:79:35:14:eb:69:d6:6f:
7c:f1:b9:d6:9d:72:59:1b:11:8f:97:a1:bc:9a:4c:17:14:34:
47:f8:a4:c3:d0:ba:e4:9b:54:d4:50:36:9f:25:08:85:5a:18:
eb:6c:c7:c9:6b:b1:64:e3:c1:3c:a2:b1:bf:b2:b7:cb:42:ce:
c9:16:4f:c6:59:39:74:f1:16:47:35:69:b3:e4:c7:a2:35:ce:
ce:fe:67:19:b3:53:fc:b9:31:96:ba:fe:15:a9:96:27:6d:6d:
3f:bc:12:10:64:da:21:f5:bf:12:cc:3d:54:8f:cf:8f:bb:62:
44:84:76:3f:5e:a9:f7:a3:1b:12:c3:93:ab:fc:0e:1d:95:93:
3d:fe:f5:55
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt3WT+FPzy+TprrNtB0V6dpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3YzQ4Yjc4OWNjN2ZmZTdiZTA5NDQ0NjQzZmRiODZiZGI1
NzNmN2QwHhcNMjYwMTAxMDIxODE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTMzZGNkZTZkM2IyMjliNjhjZGEwMTJmOTI4M2FiYmJkMzAwNThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArE/xu4Ph9l7B78PAYq6shgT/EF/e
OMaCjSNfU7fZawEZAcWKMvVn8gD1FgXo7MddlMb64/ooDfGOmhf5IZH7EnFaZTV8
cLSbUCiWjJmiBqHXJxUiz+tC3PPdmvq/zExLdroB9XcKsE2xNZqQ7s9LPrhWLdwa
uzVW0nL9iz83ifU2edLrLLupYf0fbY4Y3HoFa6bD3Qw2i6K55YwCG2vvlh5w+YUI
F7RqEMiEkt1ukXJWgv92fxWfvm+PVV6tTeOP0Elh1Hbs82M2pqGbAXaLMZTBwixt
caLfbyVmtdyEF2pNQZBIJ4ypIN/A1MvIudfwd20w3czVU4mmVmKbGS6y3wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOEz3N5tOyKbaM2gEvkoOru9MAWPMB8GA1UdIwQY
MBaAFDfEi3icx//nvglERkP9uGvbVz99MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjhTTGVKekhfLWUtQ1VSR1FfMjRhOXRYUDMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8xZDU3NWQtN2IyMi00N2M3LWExN2Ut
OGExMzZjYjBkZDVjLzEvNFRQYzNtMDdJcHRvemFBUy1TZzZ1NzB3Qlk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8xZDU3NWQtN2IyMi00N2M3LWExN2UtOGExMzZjYjBkZDVj
LzEvTjhTTGVKekhfLWUtQ1VSR1FfMjRhOXRYUDMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBVCZMAwQC
wjdgMA0EAgACMAcDBQMqDMrAMA0GCSqGSIb3DQEBCwUAA4IBAQBPuPWNjXJBs/1O
tw6VE1cGlU+xgLHAmo1WZJDE+027qbzI42vN08pWGAQE+gaDpiiiX8aJnFYyNbYZ
GyfQBEO83kJtSj9xaOd4IT3OEjV7sDjXZHI/uGQ3hap9TNCeNwAXz57ebx9zuX6E
gG7XXDlB/MWV767yPXk1FOtp1m988bnWnXJZGxGPl6G8mkwXFDRH+KTD0Lrkm1TU
UDafJQiFWhjrbMfJa7Fk48E8orG/srfLQs7JFk/GWTl08RZHNWmz5MeiNc7O/mcZ
s1P8uTGWuv4VqZYnbW0/vBIQZNoh9b8SzD1Uj8+Pu2JEhHY/Xqn3oxsSw5Or/A4d
lZM9/vVV
-----END CERTIFICATE-----
Generated at Mon Mar 2 12:53:49 2026 by rpki-client