Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Rsy3HcU7mquxb13uIu-5Bk0AYFI.roa
File: Rsy3HcU7mquxb13uIu-5Bk0AYFI.roa (raw, json)
Hash identifier: vdY80Jt6qLhmx6OKGOyWsc1G7/zZWlc//Y0bqfb97E8=
Subject key identifier: 46:CC:B7:1D:C5:3B:9A:AB:B1:6F:5D:EE:22:EF:B9:06:4D:00:60:52
Certificate issuer: /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial: 019D3F34CC730856586F6230987FD48696BB
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Rsy3HcU7mquxb13uIu-5Bk0AYFI.roa
Signing time: Mon 30 Mar 2026 14:45:18 +0000
ROA not before: Mon 30 Mar 2026 14:45:18 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 16262
IP address blocks: 46.8.52.0/23 maxlen: 32
46.8.153.0/24 maxlen: 24
109.248.168.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 08:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:3f:34:cc:73:08:56:58:6f:62:30:98:7f:d4:86:96:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
Validity
Not Before: Mar 30 14:45:18 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=46ccb71dc53b9aabb16f5dee22efb9064d006052
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:df:7b:b9:f6:95:c8:9c:ec:8c:97:7f:f7:3f:
ba:18:33:82:11:3d:c9:e9:f8:5d:86:45:2c:b2:d7:
d7:5e:d0:20:84:e0:19:09:24:14:4f:55:5e:21:86:
0c:06:87:28:5a:4a:43:2a:85:3e:58:d2:b1:66:e4:
5f:9d:c1:98:08:d8:74:8f:48:5c:6e:c9:61:c0:fd:
d9:b7:f0:00:1e:15:e0:ef:86:35:48:f2:5a:2c:43:
dd:8c:02:e7:e4:67:82:65:dd:d1:72:e1:3c:e6:d0:
16:20:2b:5e:1e:96:f4:02:3e:31:cc:64:f6:f1:0f:
93:2a:5d:41:76:25:ee:b0:46:7b:49:eb:92:07:20:
05:16:5d:34:9a:8d:54:6b:b3:5a:2c:a4:8a:f5:52:
f9:07:fc:09:79:f3:6a:54:14:e2:bd:fe:a2:2b:58:
5a:54:ed:0a:95:11:a4:b1:da:82:82:02:07:33:b7:
d3:c0:6d:2a:02:28:e0:eb:e3:d3:0e:72:76:ad:45:
e5:51:71:82:ff:9c:89:aa:f3:4b:85:b5:16:74:ca:
5a:43:cf:39:74:e8:0b:d9:c3:e2:72:81:ba:35:56:
86:71:93:6f:76:4f:59:8e:bf:dc:95:81:66:b2:cf:
20:09:6f:96:0e:5e:6d:77:9a:4d:aa:46:4c:77:c6:
80:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:CC:B7:1D:C5:3B:9A:AB:B1:6F:5D:EE:22:EF:B9:06:4D:00:60:52
X509v3 Authority Key Identifier:
keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Rsy3HcU7mquxb13uIu-5Bk0AYFI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.8.52.0/23
46.8.153.0/24
109.248.168.0/24
Signature Algorithm: sha256WithRSAEncryption
b9:ee:b4:06:13:d8:9a:84:d0:d0:45:5d:3d:7a:f2:29:fc:8e:
e4:50:53:10:3a:68:0f:fe:f0:a8:5f:42:d8:08:02:7d:cf:db:
33:06:fa:22:03:cf:a6:9f:5e:95:33:e7:4a:74:1b:00:18:e7:
2e:35:af:ce:93:79:d0:d8:03:ba:fc:fc:e9:9c:1c:d2:c4:aa:
28:af:56:9d:4a:0b:01:96:6e:6c:70:e7:35:f2:2e:a2:44:79:
23:80:57:0e:c6:0a:62:11:de:69:39:09:ce:44:70:59:da:43:
25:94:ac:bd:0f:d9:8e:ef:a1:25:ed:9d:b1:f5:e9:79:05:dc:
23:ef:b7:4a:f3:88:42:02:33:d7:7d:cd:b5:51:4f:d1:65:19:
65:4a:89:ac:c0:19:7d:f8:09:37:5a:c1:98:43:cf:83:e3:d9:
3b:23:3a:23:8a:53:8c:4c:e3:c6:00:88:09:46:ef:7a:14:2a:
92:3b:87:aa:3d:ab:7d:ea:f1:03:3e:ac:81:fa:a7:28:d3:00:
06:d7:7a:4d:08:23:7c:e7:e6:f5:be:a9:3d:46:0a:1b:2b:ef:
d5:b4:e3:4e:d3:a2:9f:a3:0d:4a:a1:57:bd:f6:4e:5f:36:c1:
29:a3:b4:2f:3b:9b:5b:e4:fc:da:9c:ba:6a:5a:7f:1c:e3:66:
79:03:43:cf
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0/NMxzCFZYb2IwmH/Uhpa7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwMzMwMTQ0NTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmNjYjcxZGM1M2I5YWFiYjE2ZjVkZWUyMmVmYjkwNjRkMDA2MDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs997ufaVyJzsjJd/9z+6GDOCET3J
6fhdhkUsstfXXtAghOAZCSQUT1VeIYYMBocoWkpDKoU+WNKxZuRfncGYCNh0j0hc
bslhwP3Zt/AAHhXg74Y1SPJaLEPdjALn5GeCZd3RcuE85tAWICteHpb0Aj4xzGT2
8Q+TKl1BdiXusEZ7SeuSByAFFl00mo1Ua7NaLKSK9VL5B/wJefNqVBTivf6iK1ha
VO0KlRGksdqCggIHM7fTwG0qAijg6+PTDnJ2rUXlUXGC/5yJqvNLhbUWdMpaQ885
dOgL2cPicoG6NVaGcZNvdk9Zjr/clYFmss8gCW+WDl5td5pNqkZMd8aA5wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEbMtx3FO5qrsW9d7iLvuQZNAGBSMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvUnN5M0hjVTdtcXV4YjEzdUl1LTVCazBBWUZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLgg0AwQA
LgiZAwQAbfioMA0GCSqGSIb3DQEBCwUAA4IBAQC57rQGE9iahNDQRV09evIp/I7k
UFMQOmgP/vCoX0LYCAJ9z9szBvoiA8+mn16VM+dKdBsAGOcuNa/Ok3nQ2AO6/Pzp
nBzSxKoor1adSgsBlm5scOc18i6iRHkjgFcOxgpiEd5pOQnORHBZ2kMllKy9D9mO
76El7Z2x9el5Bdwj77dK84hCAjPXfc21UU/RZRllSomswBl9+Ak3WsGYQ8+D49k7
IzojilOMTOPGAIgJRu96FCqSO4eqPat96vEDPqyB+qco0wAG13pNCCN85+b1vqk9
RgobK+/VtONO06Kfow1KoVe99k5fNsEpo7QvO5tb5PzanLpqWn8c42Z5A0PP
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:42:28 2026 by rpki-client