Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/ICnXf_-P4YXpOb6ZjyXTZ_msN-k.roa
File: ICnXf_-P4YXpOb6ZjyXTZ_msN-k.roa (raw, json)
Hash identifier: 3D4zEGy/FsPIqxHMTFOVIKU0MUectvNEvVPQNjn9vUM=
Subject key identifier: 20:29:D7:7F:FF:8F:E1:85:E9:39:BE:99:8F:25:D3:67:F9:AC:37:E9
Certificate issuer: /CN=43ca7f3f65d2947af94f398bb3c7c9c320019084
Certificate serial: 019E44C22D1A259CD2722468B87380FECA73
Authority key identifier: 43:CA:7F:3F:65:D2:94:7A:F9:4F:39:8B:B3:C7:C9:C3:20:01:90:84
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/ICnXf_-P4YXpOb6ZjyXTZ_msN-k.roa
Signing time: Wed 20 May 2026 09:40:36 +0000
ROA not before: Wed 20 May 2026 09:40:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 42093
IP address blocks: 37.72.108.0/24 maxlen: 24
93.190.185.0/24 maxlen: 24
146.19.214.0/24 maxlen: 24
178.251.24.0/21 maxlen: 21
185.10.156.0/22 maxlen: 24
185.10.158.0/24 maxlen: 24
185.218.224.0/24 maxlen: 24
195.22.100.0/22 maxlen: 22
195.253.199.0/24 maxlen: 24
195.253.241.0/24 maxlen: 24
213.232.253.0/24 maxlen: 24
2a00:1938::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 00:00:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:44:c2:2d:1a:25:9c:d2:72:24:68:b8:73:80:fe:ca:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43ca7f3f65d2947af94f398bb3c7c9c320019084
Validity
Not Before: May 20 09:40:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2029d77fff8fe185e939be998f25d367f9ac37e9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:4b:c8:9a:7d:92:ea:ef:3e:a9:e4:3e:1c:33:
f3:f9:bc:4d:48:31:dc:a3:66:8b:9d:3e:4d:bc:19:
2d:27:a2:0b:8e:44:f4:da:8a:7a:ff:4b:74:bb:b9:
d6:6d:ad:5b:58:9b:1f:5c:1f:09:fe:c5:96:1e:fa:
9e:65:b2:29:f5:4e:72:03:9f:31:e5:be:d4:8a:49:
6c:6a:92:c9:73:03:96:d9:f4:96:d4:6c:bd:7c:9b:
a1:e4:31:a4:5a:9e:b2:d0:e6:64:0d:44:42:99:d1:
6b:91:c0:c6:e2:fe:87:77:ad:ad:4e:ee:52:94:5e:
de:aa:61:ab:e7:3e:64:9e:00:1d:03:7e:c3:83:85:
74:8d:4d:da:67:62:24:c9:fe:15:b5:6d:80:88:95:
19:e2:26:e4:64:7c:02:56:9d:e2:a6:77:4d:88:6a:
04:87:08:f1:66:2b:81:54:4e:46:1c:dc:32:93:cc:
e2:7b:ac:87:8b:52:a0:24:79:7a:ae:9c:83:62:9c:
40:0c:83:a6:d7:f4:07:c7:c3:07:a0:cb:67:b9:86:
67:2c:52:3d:4c:e4:c7:56:a6:28:0b:f8:a0:b6:94:
07:c1:25:bc:0a:61:ab:91:de:55:c5:6b:97:fd:36:
4a:da:9e:3a:86:a8:0b:cd:77:13:7c:be:4d:b6:c8:
b5:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:29:D7:7F:FF:8F:E1:85:E9:39:BE:99:8F:25:D3:67:F9:AC:37:E9
X509v3 Authority Key Identifier:
keyid:43:CA:7F:3F:65:D2:94:7A:F9:4F:39:8B:B3:C7:C9:C3:20:01:90:84
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/ICnXf_-P4YXpOb6ZjyXTZ_msN-k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.72.108.0/24
93.190.185.0/24
146.19.214.0/24
178.251.24.0/21
185.10.156.0/22
185.218.224.0/24
195.22.100.0/22
195.253.199.0/24
195.253.241.0/24
213.232.253.0/24
IPv6:
2a00:1938::/32
Signature Algorithm: sha256WithRSAEncryption
b6:77:92:2d:c3:e1:f5:fc:21:3b:42:4e:61:ac:c8:ba:c4:ee:
dd:5e:fc:90:b6:6c:b5:17:d2:59:cf:d0:d8:62:cf:49:e8:29:
47:37:3d:78:a6:27:a8:ee:03:19:65:f4:b6:bf:b3:69:af:14:
0c:96:25:4f:58:5d:06:89:25:c1:76:73:ac:af:02:dd:a7:97:
8c:87:2b:1f:b5:66:25:4a:0f:d7:c8:27:d1:ee:dc:eb:c7:db:
9b:43:1c:c0:22:30:13:56:ae:d4:3e:f1:9b:66:16:58:7a:d7:
c0:55:e6:36:c6:d4:6a:ac:f4:75:6c:48:16:17:1f:a6:8b:3d:
c4:a2:c6:fb:3b:82:39:e5:05:5a:9e:a5:c2:70:f8:0d:2c:80:
6d:a9:3a:9f:82:79:41:b6:47:23:81:cf:0f:0d:59:4f:fc:12:
4b:74:9a:c1:8c:51:d5:c7:31:0a:d2:07:06:65:28:d2:85:5e:
38:fe:32:5b:66:1c:d2:b3:bf:c7:ec:2e:1d:f5:45:35:21:11:
69:ef:dc:f3:98:66:66:52:f0:04:85:af:80:fb:b6:b1:b8:71:
a8:4e:f8:b6:2e:43:f3:c1:91:2c:f3:c6:5e:b5:73:70:63:b5:
a3:78:e6:8a:77:7e:2c:c5:3d:c7:4a:f8:0d:bf:6c:7b:b8:5a:
74:51:bc:88
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZ5Ewi0aJZzSciRouHOA/spzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzY2E3ZjNmNjVkMjk0N2FmOTRmMzk4YmIzYzdjOWMzMjAw
MTkwODQwHhcNMjYwNTIwMDk0MDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDI5ZDc3ZmZmOGZlMTg1ZTkzOWJlOTk4ZjI1ZDM2N2Y5YWMzN2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEvImn2S6u8+qeQ+HDPz+bxNSDHc
o2aLnT5NvBktJ6ILjkT02op6/0t0u7nWba1bWJsfXB8J/sWWHvqeZbIp9U5yA58x
5b7UiklsapLJcwOW2fSW1Gy9fJuh5DGkWp6y0OZkDURCmdFrkcDG4v6Hd62tTu5S
lF7eqmGr5z5kngAdA37Dg4V0jU3aZ2Ikyf4VtW2AiJUZ4ibkZHwCVp3ipndNiGoE
hwjxZiuBVE5GHNwyk8zie6yHi1KgJHl6rpyDYpxADIOm1/QHx8MHoMtnuYZnLFI9
TOTHVqYoC/igtpQHwSW8CmGrkd5VxWuX/TZK2p46hqgLzXcTfL5Ntsi1twIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFCAp13//j+GF6Tm+mY8l02f5rDfpMB8GA1UdIwQY
MBaAFEPKfz9l0pR6+U85i7PHycMgAZCEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUThwX1AyWFNsSHI1VHptTHM4Zkp3eUFCa0lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9mNmNmNDQtNjZkMy00ZjBiLTgxMzIt
ZDUzODExZmJkN2IwLzEvSUNuWGZfLVA0WVhwT2I2Wmp5WFRaX21zTi1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9mNmNmNDQtNjZkMy00ZjBiLTgxMzItZDUzODExZmJkN2Iw
LzEvUThwX1AyWFNsSHI1VHptTHM4Zkp3eUFCa0lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQAJUhsAwQA
Xb65AwQAkhPWAwQDsvsYAwQCuQqcAwQAudrgAwQCwxZkAwQAw/3HAwQAw/3xAwQA
1ej9MA0EAgACMAcDBQAqABk4MA0GCSqGSIb3DQEBCwUAA4IBAQC2d5Itw+H1/CE7
Qk5hrMi6xO7dXvyQtmy1F9JZz9DYYs9J6ClHNz14pieo7gMZZfS2v7NprxQMliVP
WF0GiSXBdnOsrwLdp5eMhysftWYlSg/XyCfR7tzrx9ubQxzAIjATVq7UPvGbZhZY
etfAVeY2xtRqrPR1bEgWFx+miz3Eosb7O4I55QVanqXCcPgNLIBtqTqfgnlBtkcj
gc8PDVlP/BJLdJrBjFHVxzEK0gcGZSjShV44/jJbZhzSs7/H7C4d9UU1IRFp79zz
mGZmUvAEha+A+7axuHGoTvi2LkPzwZEs88ZetXNwY7WjeOaKd34sxT3HSvgNv2x7
uFp0UbyI
-----END CERTIFICATE-----
Generated at Sat Jun 13 10:20:22 2026 by rpki-client