Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/CtUb_khJo3kUaPz7Tczh3fTMkSI.roa
File: CtUb_khJo3kUaPz7Tczh3fTMkSI.roa (raw, json)
Hash identifier: TmMbi1KebbnPaU2uYcFYkbumiWNa51w3Bfk/CmEIg48=
Subject key identifier: 0A:D5:1B:FE:48:49:A3:79:14:68:FC:FB:4D:CC:E1:DD:F4:CC:91:22
Certificate issuer: /CN=72bbd2fa18319639e25ffbf4bdbfa008660158ae
Certificate serial: 019D3F6ACF9F5223126819F0C12F65ADB7F5
Authority key identifier: 72:BB:D2:FA:18:31:96:39:E2:5F:FB:F4:BD:BF:A0:08:66:01:58:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/crvS-hgxljniX_v0vb-gCGYBWK4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/CtUb_khJo3kUaPz7Tczh3fTMkSI.roa
Signing time: Mon 30 Mar 2026 15:44:17 +0000
ROA not before: Mon 30 Mar 2026 15:44:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43458
IP address blocks: 185.17.248.0/24 maxlen: 24
213.159.136.0/24 maxlen: 24
213.159.137.0/24 maxlen: 24
213.159.138.0/24 maxlen: 24
213.159.140.0/24 maxlen: 24
2a0a:d7c0:33::/48 maxlen: 48
2a0a:d7c0:724::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/crvS-hgxljniX_v0vb-gCGYBWK4.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/crvS-hgxljniX_v0vb-gCGYBWK4.mft
rsync://rpki.ripe.net/repository/DEFAULT/crvS-hgxljniX_v0vb-gCGYBWK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 21:23:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:3f:6a:cf:9f:52:23:12:68:19:f0:c1:2f:65:ad:b7:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72bbd2fa18319639e25ffbf4bdbfa008660158ae
Validity
Not Before: Mar 30 15:44:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0ad51bfe4849a3791468fcfb4dcce1ddf4cc9122
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:25:30:9a:30:58:0a:90:f2:62:8e:fc:3d:c9:
bb:cb:af:9b:b7:a8:fd:5b:96:b4:c1:8c:66:ef:c0:
ba:a1:41:3a:be:4f:8c:84:c9:a2:a2:3d:bb:04:ba:
30:fb:5b:30:b6:64:b8:17:98:cc:ac:a6:a3:12:13:
56:65:32:2d:ef:07:1e:c9:18:f0:17:9f:e9:e2:e3:
af:f9:ce:22:d3:15:f0:0e:18:fa:d1:c1:61:a3:1f:
dc:59:2d:7b:eb:e8:41:4a:e5:41:50:60:47:0b:e9:
b1:f9:df:22:bb:e2:78:70:9f:b4:9d:e6:bb:5e:53:
55:f4:6b:d4:86:f6:75:0e:cb:45:02:bd:76:6a:ab:
50:22:e8:64:27:5d:5e:79:b9:fe:06:ab:e2:6e:88:
4e:0d:e6:3a:24:44:2b:ce:55:b4:81:c2:48:e6:ff:
48:3f:21:41:32:02:24:c3:59:d7:67:0d:d1:2f:fd:
aa:63:ff:75:30:e8:cf:2c:00:1d:60:25:ca:fd:ef:
e4:69:aa:d1:1d:2e:53:0b:d3:83:fa:ae:b4:f5:a5:
d5:3b:83:84:d3:16:cd:59:9e:cb:60:96:e6:29:97:
2a:8e:65:16:73:eb:95:19:1f:15:ca:98:c7:bf:f4:
2e:25:b3:48:d7:00:f0:7e:7e:f5:de:a9:83:54:80:
0f:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:D5:1B:FE:48:49:A3:79:14:68:FC:FB:4D:CC:E1:DD:F4:CC:91:22
X509v3 Authority Key Identifier:
keyid:72:BB:D2:FA:18:31:96:39:E2:5F:FB:F4:BD:BF:A0:08:66:01:58:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crvS-hgxljniX_v0vb-gCGYBWK4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/CtUb_khJo3kUaPz7Tczh3fTMkSI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/crvS-hgxljniX_v0vb-gCGYBWK4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.17.248.0/24
213.159.136.0-213.159.138.255
213.159.140.0/24
IPv6:
2a0a:d7c0:33::/48
2a0a:d7c0:724::/48
Signature Algorithm: sha256WithRSAEncryption
26:32:99:47:4f:aa:d7:48:e4:c8:83:12:24:26:f3:e3:b3:5c:
75:20:e5:11:62:1d:f4:fd:39:20:de:1d:86:dd:f8:1f:85:96:
6a:70:69:7f:94:ca:e6:59:75:79:a4:da:4b:8e:e0:9e:42:c2:
bd:04:bd:0f:5a:a9:65:26:4a:b4:04:af:13:a8:87:02:35:03:
99:b4:34:85:67:ee:c4:1b:11:15:e7:ab:c9:63:54:f5:d5:bb:
c4:46:8b:ef:8c:2f:22:53:9a:b3:7a:eb:43:c2:7d:91:3c:b3:
d7:9b:2d:e7:7c:80:27:48:e5:b9:13:89:d3:95:13:ad:21:df:
42:c0:84:c6:a6:ba:56:e6:ab:71:a4:36:c5:6c:31:ec:0e:55:
a2:b1:b0:be:8b:f1:bb:95:85:58:07:1d:85:df:68:e4:e3:fb:
66:e0:f1:cf:3f:e3:3c:92:c9:dd:59:0d:9f:bc:22:bd:1e:15:
93:37:b7:12:bc:65:86:00:cc:76:6e:58:3c:6a:64:47:b9:07:
81:9a:fc:cc:bb:c8:52:33:89:7c:94:25:61:fa:c8:06:86:95:
b2:f9:c6:e4:ba:92:58:b1:20:09:9d:35:2f:05:f3:e7:2f:3b:
61:fe:a7:f7:cf:b9:d3:6d:3b:83:db:bb:6d:dd:0d:05:fc:6b:
98:54:c9:0b
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZ0/as+fUiMSaBnwwS9lrbf1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYmJkMmZhMTgzMTk2MzllMjVmZmJmNGJkYmZhMDA4NjYw
MTU4YWUwHhcNMjYwMzMwMTU0NDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWQ1MWJmZTQ4NDlhMzc5MTQ2OGZjZmI0ZGNjZTFkZGY0Y2M5MTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyUwmjBYCpDyYo78Pcm7y6+bt6j9
W5a0wYxm78C6oUE6vk+MhMmioj27BLow+1swtmS4F5jMrKajEhNWZTIt7wceyRjw
F5/p4uOv+c4i0xXwDhj60cFhox/cWS176+hBSuVBUGBHC+mx+d8iu+J4cJ+0nea7
XlNV9GvUhvZ1DstFAr12aqtQIuhkJ11eebn+BqvibohODeY6JEQrzlW0gcJI5v9I
PyFBMgIkw1nXZw3RL/2qY/91MOjPLAAdYCXK/e/kaarRHS5TC9OD+q609aXVO4OE
0xbNWZ7LYJbmKZcqjmUWc+uVGR8VypjHv/QuJbNI1wDwfn713qmDVIAP1QIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFArVG/5ISaN5FGj8+03M4d30zJEiMB8GA1UdIwQY
MBaAFHK70voYMZY54l/79L2/oAhmAViuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3J2Uy1oZ3hsam5pWF92MHZiLWdDR1lCV0s0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9kYzQ0MjAtNDA2Mi00Nzc4LTkzNTgt
MGFmMmU1NDE2NDZjLzEvQ3RVYl9raEpvM2tVYVB6N1RjemgzZlRNa1NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9kYzQ0MjAtNDA2Mi00Nzc4LTkzNTgtMGFmMmU1NDE2NDZj
LzEvY3J2Uy1oZ3hsam5pWF92MHZiLWdDR1lCV0s0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAgBAIAATAaAwQAuRH4MAwD
BAPVn4gDBADVn4oDBADVn4wwGAQCAAIwEgMHACoK18AAMwMHACoK18AHJDANBgkq
hkiG9w0BAQsFAAOCAQEAJjKZR0+q10jkyIMSJCbz47NcdSDlEWId9P05IN4dht34
H4WWanBpf5TK5ll1eaTaS47gnkLCvQS9D1qpZSZKtASvE6iHAjUDmbQ0hWfuxBsR
FeeryWNU9dW7xEaL74wvIlOas3rrQ8J9kTyz15st53yAJ0jluROJ05UTrSHfQsCE
xqa6VuarcaQ2xWwx7A5VorGwvovxu5WFWAcdhd9o5OP7ZuDxzz/jPJLJ3VkNn7wi
vR4Vkze3ErxlhgDMdm5YPGpkR7kHgZr8zLvIUjOJfJQlYfrIBoaVsvnG5LqSWLEg
CZ01LwXz5y87Yf6n98+50207g9u7bd0NBfxrmFTJCw==
-----END CERTIFICATE-----
Generated at Sat Apr 18 04:13:34 2026 by rpki-client