Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/aq-ktoZPmRcIjkErg9Bo9nyWqkY.roa
File: aq-ktoZPmRcIjkErg9Bo9nyWqkY.roa (raw, json)
Hash identifier: cvjQALnJl89ZCIC/1pdahWKWxH4swLrUEYhqQkvcDLw=
Subject key identifier: 6A:AF:A4:B6:86:4F:99:17:08:8E:41:2B:83:D0:68:F6:7C:96:AA:46
Certificate issuer: /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial: 019D634B828EABFB2C7D1160A64A88E52CC3
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/aq-ktoZPmRcIjkErg9Bo9nyWqkY.roa
Signing time: Mon 06 Apr 2026 14:56:26 +0000
ROA not before: Mon 06 Apr 2026 14:56:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43991
IP address blocks: 84.252.70.0/24 maxlen: 24
95.215.57.0/24 maxlen: 24
193.19.190.0/24 maxlen: 24
193.187.107.0/24 maxlen: 24
193.228.130.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 00:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:63:4b:82:8e:ab:fb:2c:7d:11:60:a6:4a:88:e5:2c:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Validity
Not Before: Apr 6 14:56:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6aafa4b6864f9917088e412b83d068f67c96aa46
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:20:68:e9:7a:2b:fe:d2:81:93:da:67:6f:fb:
25:6e:dc:00:6a:09:3e:1c:c1:19:fb:1a:ec:7f:bc:
57:69:44:da:6f:84:37:a6:0e:84:f4:a6:cb:a3:e8:
4a:f9:4d:61:bd:86:1c:7b:2b:b6:de:53:52:30:7f:
10:46:65:da:2c:40:d1:85:38:66:67:a8:0a:9b:db:
ce:e2:56:62:87:88:18:7a:55:e3:b8:ba:7e:e7:36:
ae:30:e5:5d:85:22:26:54:8c:c7:14:f7:e6:49:40:
1b:00:43:f4:b3:62:0a:28:d1:5e:b0:a7:95:20:62:
18:e0:70:41:8f:e1:58:79:58:39:8c:a8:67:56:17:
74:ae:7a:d9:5a:29:a3:32:a3:8e:96:25:98:80:42:
04:61:c7:6c:ad:61:9f:e9:4f:e8:60:2c:cb:24:f3:
bb:5f:cf:02:10:91:eb:52:75:9a:74:9c:20:07:57:
99:58:e8:4d:74:97:cd:ec:95:4f:4e:6e:20:d9:f7:
d9:c8:45:d7:08:81:93:80:ef:c4:9e:25:16:9d:15:
96:27:d0:76:5e:07:13:6b:c0:bf:62:b7:50:fb:44:
12:df:11:61:37:ef:25:79:a7:9c:ab:57:38:bf:21:
f7:2c:bd:5f:b8:a6:8c:92:bd:d2:bd:20:52:e0:77:
e4:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:AF:A4:B6:86:4F:99:17:08:8E:41:2B:83:D0:68:F6:7C:96:AA:46
X509v3 Authority Key Identifier:
keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/aq-ktoZPmRcIjkErg9Bo9nyWqkY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.252.70.0/24
95.215.57.0/24
193.19.190.0/24
193.187.107.0/24
193.228.130.0/24
Signature Algorithm: sha256WithRSAEncryption
0d:9f:37:3f:ed:1f:df:64:0f:ad:1e:62:c3:4c:95:71:15:83:
74:ab:41:de:3e:7f:c4:1c:eb:20:67:d1:b2:88:cc:23:da:48:
fd:a5:1d:00:c6:1b:61:84:dd:3e:43:fc:0d:22:7a:9f:c6:c5:
a7:e5:dc:5c:14:b5:1c:cf:5b:65:42:99:db:33:e9:99:de:7e:
14:52:93:42:49:83:da:19:8b:bd:ff:6d:5a:95:9a:ac:97:63:
3f:2d:5f:4b:6f:7c:85:29:d5:47:54:79:5a:f0:d8:d9:8b:35:
d3:69:be:79:6e:3f:51:0d:d6:c7:72:78:37:24:e6:7f:e3:5f:
13:33:78:fe:65:db:3d:bc:5e:da:c4:d3:b0:51:60:79:d2:ee:
4a:3d:81:bf:bb:4e:fd:7a:6e:d2:7e:f0:82:c1:f7:f6:49:f5:
1d:75:74:fa:9e:25:54:e8:ff:3d:94:23:ea:42:5a:3f:23:79:
61:1f:c9:51:da:ed:f5:74:39:fa:95:f0:7f:7f:6b:1c:6c:98:
b6:d4:57:b7:66:71:6a:a9:f3:07:63:ff:16:51:57:b9:d2:89:
8a:bc:4e:81:5d:60:18:40:de:cb:38:0b:02:e1:98:83:07:5b:
4b:cf:b6:75:59:77:03:fe:6d:24:5e:c8:79:76:c4:1b:b1:d1:
9f:9b:cc:57
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZ1jS4KOq/ssfRFgpkqI5SzDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwNDA2MTQ1NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWFmYTRiNjg2NGY5OTE3MDg4ZTQxMmI4M2QwNjhmNjdjOTZhYTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkiBo6Xor/tKBk9pnb/slbtwAagk+
HMEZ+xrsf7xXaUTab4Q3pg6E9KbLo+hK+U1hvYYceyu23lNSMH8QRmXaLEDRhThm
Z6gKm9vO4lZih4gYelXjuLp+5zauMOVdhSImVIzHFPfmSUAbAEP0s2IKKNFesKeV
IGIY4HBBj+FYeVg5jKhnVhd0rnrZWimjMqOOliWYgEIEYcdsrWGf6U/oYCzLJPO7
X88CEJHrUnWadJwgB1eZWOhNdJfN7JVPTm4g2ffZyEXXCIGTgO/EniUWnRWWJ9B2
XgcTa8C/YrdQ+0QS3xFhN+8leaecq1c4vyH3LL1fuKaMkr3SvSBS4HfkRQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFGqvpLaGT5kXCI5BK4PQaPZ8lqpGMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvYXEta3RvWlBtUmNJamtFcmc5Qm85bnlXcWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAVPxGAwQA
X9c5AwQAwRO+AwQAwbtrAwQAweSCMA0GCSqGSIb3DQEBCwUAA4IBAQANnzc/7R/f
ZA+tHmLDTJVxFYN0q0HePn/EHOsgZ9GyiMwj2kj9pR0AxhthhN0+Q/wNInqfxsWn
5dxcFLUcz1tlQpnbM+mZ3n4UUpNCSYPaGYu9/21alZqsl2M/LV9Lb3yFKdVHVHla
8NjZizXTab55bj9RDdbHcng3JOZ/418TM3j+Zds9vF7axNOwUWB50u5KPYG/u079
em7SfvCCwff2SfUddXT6niVU6P89lCPqQlo/I3lhH8lR2u31dDn6lfB/f2scbJi2
1Fe3ZnFqqfMHY/8WUVe50omKvE6BXWAYQN7LOAsC4ZiDB1tLz7Z1WXcD/m0kXsh5
dsQbsdGfm8xX
-----END CERTIFICATE-----
Generated at Sun Apr 19 08:21:49 2026 by rpki-client