Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/Jgwn3B02uc3mfVfMOZv45UmGgtY.roa
File: Jgwn3B02uc3mfVfMOZv45UmGgtY.roa (raw, json)
Hash identifier: nMSpgFycYN/khqI7U1mF+BBHpG7nf5LdJdR+FjJMiU0=
Subject key identifier: 26:0C:27:DC:1D:36:B9:CD:E6:7D:57:CC:39:9B:F8:E5:49:86:82:D6
Certificate issuer: /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial: 019D68436AB9C6D09140D847EE94F3823087
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/Jgwn3B02uc3mfVfMOZv45UmGgtY.roa
Signing time: Tue 07 Apr 2026 14:05:41 +0000
ROA not before: Tue 07 Apr 2026 14:05:41 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 812
IP address blocks: 152.163.108.0/23 maxlen: 23
185.145.216.0/22 maxlen: 22
189.104.0.0/23 maxlen: 23
189.104.10.0/23 maxlen: 23
189.104.100.0/23 maxlen: 23
205.188.104.0/22 maxlen: 22
205.188.112.0/22 maxlen: 22
205.188.120.0/22 maxlen: 22
205.188.128.0/22 maxlen: 22
205.188.136.0/22 maxlen: 22
205.188.144.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 02:01:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:68:43:6a:b9:c6:d0:91:40:d8:47:ee:94:f3:82:30:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
Validity
Not Before: Apr 7 14:05:41 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=260c27dc1d36b9cde67d57cc399bf8e5498682d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:d8:a3:c5:1d:1f:b6:92:4d:2d:70:89:b2:65:
88:41:ca:bc:47:b5:b7:42:55:37:41:3b:41:d0:70:
7f:5f:c2:dd:9f:ca:cf:fe:90:73:ce:e0:89:2e:1f:
4d:a4:4a:96:2b:82:7d:de:37:71:df:ab:4c:a9:d1:
0f:f6:dd:e3:20:d6:cf:46:e4:0e:4b:a5:a3:99:19:
87:72:e5:0c:3b:14:31:8a:16:4a:e9:97:46:1a:40:
d4:bc:95:3c:b8:69:65:4c:91:b3:73:40:67:06:ed:
46:9d:e7:9e:33:7d:4c:96:bb:98:59:15:83:4c:bb:
0f:73:b7:6f:80:9e:d1:57:e6:4e:45:65:3e:98:36:
17:ee:c6:4c:d2:cd:67:26:59:55:61:ab:93:83:6e:
d6:56:89:c3:22:7a:b8:d8:77:ec:3c:c8:cc:d6:08:
80:d5:ca:17:a4:20:91:aa:ec:64:76:d7:93:ef:8d:
91:66:95:da:87:61:79:d0:5f:63:a5:fb:52:38:53:
28:17:f9:fa:bd:0d:ca:2f:ae:de:64:25:c9:6a:33:
80:95:e8:61:c2:10:e7:ca:3d:70:8e:ef:94:3a:8f:
d0:1e:23:59:8d:c2:9e:0e:c8:a0:25:d3:94:e1:fc:
12:1b:df:f9:3f:9d:8b:00:82:99:d4:67:b7:b6:13:
ff:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:0C:27:DC:1D:36:B9:CD:E6:7D:57:CC:39:9B:F8:E5:49:86:82:D6
X509v3 Authority Key Identifier:
keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/Jgwn3B02uc3mfVfMOZv45UmGgtY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.163.108.0/23
185.145.216.0/22
189.104.0.0/23
189.104.10.0/23
189.104.100.0/23
205.188.104.0/22
205.188.112.0/22
205.188.120.0/22
205.188.128.0/22
205.188.136.0/22
205.188.144.0/22
Signature Algorithm: sha256WithRSAEncryption
4d:eb:8f:91:e3:c5:b9:06:c5:a2:0d:55:26:a8:ca:a0:18:fe:
3b:91:e9:0b:87:49:e5:6d:97:da:d8:b8:dc:87:95:37:c7:75:
ca:08:d0:c0:b7:5e:06:7c:0c:b1:34:33:fa:11:aa:03:98:ec:
68:0e:b7:71:88:d6:3a:17:83:26:ae:52:45:73:9c:18:e6:ed:
c4:ec:c6:d1:c5:7c:c3:2f:27:20:9b:c5:fe:9e:d2:6c:50:2c:
11:c2:de:3b:b8:cb:53:71:aa:ff:d4:5d:8d:d4:3d:da:48:a0:
6e:13:57:1e:b4:32:1d:3d:7b:37:88:ee:ac:e3:9d:4e:dd:2a:
e0:f7:74:4a:7e:d3:19:14:c6:0d:ed:37:bf:0e:b6:74:3b:c3:
1f:89:e8:28:57:60:14:99:ad:d8:ff:c6:53:9f:e3:1e:bb:d1:
2c:91:7c:1a:30:32:7b:10:24:4d:ff:e0:08:48:08:81:ee:99:
7e:0b:76:86:1e:07:5d:5c:f6:22:6a:be:2b:71:c4:de:8f:99:
7b:fe:42:c2:fc:4e:55:29:ce:ed:9f:76:bf:95:de:26:06:fe:
95:8e:a8:b7:3c:d1:6b:0e:c5:09:77:62:74:ea:6a:70:b0:9f:
43:43:09:09:e7:76:09:65:87:56:fd:09:a4:0d:2b:3a:24:63:
04:cc:e9:47
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZ1oQ2q5xtCRQNhH7pTzgjCHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjYwNDA3MTQwNTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjBjMjdkYzFkMzZiOWNkZTY3ZDU3Y2MzOTliZjhlNTQ5ODY4MmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NijxR0ftpJNLXCJsmWIQcq8R7W3
QlU3QTtB0HB/X8Ldn8rP/pBzzuCJLh9NpEqWK4J93jdx36tMqdEP9t3jINbPRuQO
S6WjmRmHcuUMOxQxihZK6ZdGGkDUvJU8uGllTJGzc0BnBu1GneeeM31MlruYWRWD
TLsPc7dvgJ7RV+ZORWU+mDYX7sZM0s1nJllVYauTg27WVonDInq42HfsPMjM1giA
1coXpCCRquxkdteT742RZpXah2F50F9jpftSOFMoF/n6vQ3KL67eZCXJajOAlehh
whDnyj1wju+UOo/QHiNZjcKeDsigJdOU4fwSG9/5P52LAIKZ1Ge3thP/6QIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFCYMJ9wdNrnN5n1XzDmb+OVJhoLWMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvSmd3bjNCMDJ1YzNtZlZmTU9adjQ1VW1HZ3RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQBmKNsAwQC
uZHYAwQBvWgAAwQBvWgKAwQBvWhkAwQCzbxoAwQCzbxwAwQCzbx4AwQCzbyAAwQC
zbyIAwQCzbyQMA0GCSqGSIb3DQEBCwUAA4IBAQBN64+R48W5BsWiDVUmqMqgGP47
kekLh0nlbZfa2Ljch5U3x3XKCNDAt14GfAyxNDP6EaoDmOxoDrdxiNY6F4MmrlJF
c5wY5u3E7MbRxXzDLycgm8X+ntJsUCwRwt47uMtTcar/1F2N1D3aSKBuE1cetDId
PXs3iO6s451O3Srg93RKftMZFMYN7Te/DrZ0O8MfiegoV2AUma3Y/8ZTn+Meu9Es
kXwaMDJ7ECRN/+AISAiB7pl+C3aGHgddXPYiar4rccTej5l7/kLC/E5VKc7tn3a/
ld4mBv6Vjqi3PNFrDsUJd2J06mpwsJ9DQwkJ53YJZYdW/QmkDSs6JGMEzOlH
-----END CERTIFICATE-----
Generated at Fri Apr 17 11:59:50 2026 by rpki-client