Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/3bK4fqOM8lRrs6DQkf29E0DP6f4.roa
File: 3bK4fqOM8lRrs6DQkf29E0DP6f4.roa (raw, json)
Hash identifier: InPEcNb4sUjJzByRIBCBtGR0II0USjpbz3pZ/0xk09E=
Subject key identifier: DD:B2:B8:7E:A3:8C:F2:54:6B:B3:A0:D0:91:FD:BD:13:40:CF:E9:FE
Certificate issuer: /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial: 019EB5E7415BFB4DD82BC7C83C06F20E4C55
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/3bK4fqOM8lRrs6DQkf29E0DP6f4.roa
Signing time: Thu 11 Jun 2026 08:58:12 +0000
ROA not before: Thu 11 Jun 2026 08:58:12 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 210415
IP address blocks: 2.59.192.0/24 maxlen: 24
45.130.163.0/24 maxlen: 24
45.137.139.0/24 maxlen: 24
45.145.135.0/24 maxlen: 24
91.132.30.0/24 maxlen: 24
185.246.15.0/24 maxlen: 24
201.49.189.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 15:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:b5:e7:41:5b:fb:4d:d8:2b:c7:c8:3c:06:f2:0e:4c:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Validity
Not Before: Jun 11 08:58:12 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ddb2b87ea38cf2546bb3a0d091fdbd1340cfe9fe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:68:1b:32:5c:a7:5c:a9:26:a4:3a:87:0e:d6:
69:e7:74:b2:77:c1:84:31:18:66:e1:4d:2f:03:b0:
09:30:ab:cf:60:e9:67:80:e8:3a:7c:d8:b0:75:2e:
a9:fc:15:d3:22:9f:40:74:79:52:29:2d:f2:ce:40:
f7:9a:06:9f:d8:a8:67:ac:f6:56:6b:81:42:59:d4:
15:61:51:85:c2:52:19:7a:f6:7f:4a:02:ae:f5:85:
9c:e1:d3:87:6c:0d:67:5e:ca:7f:58:8d:0b:1e:2e:
33:b9:a0:26:7d:83:4e:3c:75:8b:08:9c:4f:8e:8b:
be:ee:d4:ed:8f:0a:ba:77:d6:7d:38:4b:23:3b:94:
d1:ef:70:01:38:d6:04:d9:b3:21:8b:2e:7c:48:4c:
7e:e4:34:bc:c1:b4:5c:1c:b1:8c:12:96:1b:9a:d7:
b3:d7:0b:6a:ad:34:58:93:60:09:69:2b:e7:a8:31:
7d:b4:39:90:4f:af:99:fc:96:72:ca:3d:ff:e6:e2:
af:92:27:48:64:64:a9:b1:33:c8:04:c5:14:ac:f5:
0c:2e:50:83:2b:3e:52:d3:08:f3:c5:78:d6:db:33:
74:81:7d:38:0b:b4:9f:b0:44:22:d7:ef:8c:93:ae:
3f:fb:7f:82:04:40:4f:ec:ed:90:ef:55:1e:9f:e3:
a8:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:B2:B8:7E:A3:8C:F2:54:6B:B3:A0:D0:91:FD:BD:13:40:CF:E9:FE
X509v3 Authority Key Identifier:
keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/3bK4fqOM8lRrs6DQkf29E0DP6f4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.192.0/24
45.130.163.0/24
45.137.139.0/24
45.145.135.0/24
91.132.30.0/24
185.246.15.0/24
201.49.189.0/24
Signature Algorithm: sha256WithRSAEncryption
06:35:5e:50:ac:1d:9b:92:34:03:1c:1a:24:77:8f:e5:33:de:
65:4c:87:de:6d:17:97:7f:8f:05:d8:b0:15:50:ff:bf:c1:95:
b3:24:13:fe:a5:50:7d:c9:1c:d1:ed:b9:a2:6e:d8:13:52:94:
0b:b9:d5:c9:82:08:f3:cd:f5:36:2d:b9:2d:5d:5e:43:32:c0:
1e:8c:4c:d7:3a:74:dd:7d:93:8c:4b:4a:f4:22:8e:c6:43:a5:
bb:a9:a0:d6:db:2b:ff:be:e8:a5:be:d4:6e:c9:b7:60:68:ac:
54:b9:a6:b6:0f:9d:c7:e2:eb:30:a3:c0:10:71:c0:90:5a:ad:
69:0d:49:5b:e7:df:ca:da:e6:3f:db:a5:9c:47:ec:21:7d:df:
5b:bf:5b:37:b5:5e:f0:ab:f6:10:79:b0:a8:6d:d5:6b:86:b2:
89:96:0c:72:f4:d0:fc:3a:a1:9a:02:ce:c6:8f:8b:ec:9f:44:
99:0f:ef:2e:15:13:9b:14:eb:7b:13:af:2e:51:66:71:d7:c6:
d1:bb:67:65:f4:f5:65:f2:42:6b:90:40:48:e7:89:56:0c:f5:
88:35:86:85:41:a2:26:bc:5f:5a:70:bd:b0:52:b4:0c:c5:06:
e8:b3:0b:ff:1e:96:20:85:3f:37:ba:17:98:fb:97:16:b1:5b:
c9:be:e1:fe
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZ6150Fb+03YK8fIPAbyDkxVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwNjExMDg1ODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGIyYjg3ZWEzOGNmMjU0NmJiM2EwZDA5MWZkYmQxMzQwY2ZlOWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA42gbMlynXKkmpDqHDtZp53Syd8GE
MRhm4U0vA7AJMKvPYOlngOg6fNiwdS6p/BXTIp9AdHlSKS3yzkD3mgaf2KhnrPZW
a4FCWdQVYVGFwlIZevZ/SgKu9YWc4dOHbA1nXsp/WI0LHi4zuaAmfYNOPHWLCJxP
jou+7tTtjwq6d9Z9OEsjO5TR73ABONYE2bMhiy58SEx+5DS8wbRcHLGMEpYbmtez
1wtqrTRYk2AJaSvnqDF9tDmQT6+Z/JZyyj3/5uKvkidIZGSpsTPIBMUUrPUMLlCD
Kz5S0wjzxXjW2zN0gX04C7SfsEQi1++Mk64/+3+CBEBP7O2Q71Uen+OoaQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFN2yuH6jjPJUa7Og0JH9vRNAz+n+MB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvM2JLNGZxT004bFJyczZEUWtmMjlFMERQNmY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAAjvAAwQA
LYKjAwQALYmLAwQALZGHAwQAW4QeAwQAufYPAwQAyTG9MA0GCSqGSIb3DQEBCwUA
A4IBAQAGNV5QrB2bkjQDHBokd4/lM95lTIfebReXf48F2LAVUP+/wZWzJBP+pVB9
yRzR7bmibtgTUpQLudXJggjzzfU2LbktXV5DMsAejEzXOnTdfZOMS0r0Io7GQ6W7
qaDW2yv/vuilvtRuybdgaKxUuaa2D53H4uswo8AQccCQWq1pDUlb59/K2uY/26Wc
R+whfd9bv1s3tV7wq/YQebCobdVrhrKJlgxy9ND8OqGaAs7Gj4vsn0SZD+8uFROb
FOt7E68uUWZx18bRu2dl9PVl8kJrkEBI54lWDPWINYaFQaImvF9acL2wUrQMxQbo
swv/HpYghT83uheY+5cWsVvJvuH+
-----END CERTIFICATE-----
Generated at Sat Jun 13 21:52:29 2026 by rpki-client