Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/PLkoNtx5mgq-B2vobNBDkIL4VAE.roa
File: PLkoNtx5mgq-B2vobNBDkIL4VAE.roa (raw, json)
Hash identifier: +3HUjbRPlkh6fV0PfOSOdwpdaIzJpoh7nyXw41VKiWg=
Subject key identifier: 3C:B9:28:36:DC:79:9A:0A:BE:07:6B:E8:6C:D0:43:90:82:F8:54:01
Certificate issuer: /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial: 019D8C83B58858AC4D095AAD9ED1FA4855DE
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/PLkoNtx5mgq-B2vobNBDkIL4VAE.roa
Signing time: Tue 14 Apr 2026 15:02:15 +0000
ROA not before: Tue 14 Apr 2026 15:02:15 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 402187
IP address blocks: 147.90.225.0/24 maxlen: 24
147.90.229.0/24 maxlen: 24
158.173.215.0/24 maxlen: 24
158.173.220.0/24 maxlen: 24
158.173.221.0/24 maxlen: 24
158.173.222.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:8c:83:b5:88:58:ac:4d:09:5a:ad:9e:d1:fa:48:55:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
Validity
Not Before: Apr 14 15:02:15 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3cb92836dc799a0abe076be86cd0439082f85401
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:12:4d:10:3d:40:62:f0:03:2d:20:70:fd:39:
87:5a:4d:7e:53:47:f9:d7:1f:ae:67:a9:d3:a0:cc:
4d:2b:a7:c8:6c:f7:68:a2:d7:f8:63:50:5c:14:fc:
e5:35:56:04:ea:27:0c:4b:f2:ed:f2:a7:2d:5a:aa:
f9:6a:0e:3a:eb:9b:85:ca:62:ef:44:b6:7c:75:78:
7a:91:ae:ea:c1:7d:92:d3:64:e7:21:b2:28:b9:64:
27:74:8d:10:4a:0b:b1:a2:6a:5d:1a:29:fc:a7:8e:
6e:f4:a8:18:dc:02:9f:d4:af:e0:ec:d7:7a:6c:7c:
cf:eb:0a:1c:36:90:62:63:21:c7:74:28:90:b8:15:
6b:14:4c:da:b3:a2:e4:8a:4c:3f:42:85:b7:33:b1:
b2:51:8c:2f:ed:e7:70:7b:e5:d9:80:11:f6:1f:51:
df:e5:86:c8:3e:eb:38:6b:e7:c0:b1:ac:5a:49:01:
38:55:de:c9:dd:7d:c7:7f:37:73:bb:64:b1:a7:10:
b0:81:bd:8e:03:1a:9f:e7:dc:bc:31:53:fb:63:59:
f1:58:ce:d6:4d:40:4f:c4:ed:4f:99:89:07:c8:42:
e9:b5:49:ff:c6:5a:83:f2:d4:aa:7a:eb:c0:27:83:
0b:54:5d:c5:b2:0a:98:d1:bb:47:59:35:d5:1b:bb:
0a:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:B9:28:36:DC:79:9A:0A:BE:07:6B:E8:6C:D0:43:90:82:F8:54:01
X509v3 Authority Key Identifier:
keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/PLkoNtx5mgq-B2vobNBDkIL4VAE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.90.225.0/24
147.90.229.0/24
158.173.215.0/24
158.173.220.0-158.173.222.255
Signature Algorithm: sha256WithRSAEncryption
18:a4:3b:70:e6:18:ea:13:ee:6f:6a:31:27:d1:51:cb:b2:e9:
f6:76:e4:f3:12:d7:c7:df:82:a5:87:55:93:a8:04:98:6f:25:
e5:ef:17:34:cf:db:ba:66:bb:d2:c7:18:f8:a8:c5:9d:5b:1e:
d6:51:25:03:50:92:f6:ca:23:d3:6c:c5:68:b1:34:4a:75:ab:
d0:87:62:10:4c:4c:a9:00:2e:2b:c2:1c:00:52:e0:c6:c0:55:
7c:91:08:75:35:e2:59:a5:2f:95:ea:4a:aa:5d:65:68:dd:14:
8e:07:99:76:38:13:57:5b:5a:39:72:ee:64:b1:e7:02:11:c2:
2d:74:52:58:1b:75:5f:e2:03:1b:3a:6a:af:6a:09:af:88:81:
c1:4a:48:db:46:66:40:b4:f3:60:e5:7c:15:d0:c7:26:42:a8:
f9:0b:8b:2d:13:27:fe:db:21:29:45:55:c2:b9:75:6d:69:5d:
88:8b:16:b1:9e:80:4f:e1:da:28:86:79:3e:eb:b3:18:b0:03:
99:46:29:82:ee:10:c4:72:42:d5:96:2f:09:a5:62:8b:c7:f2:
85:c7:b4:d9:d3:23:a0:b4:c5:0f:d6:7a:1a:08:ed:01:da:79:
92:57:5c:59:8b:73:d9:4a:ec:cf:48:92:64:26:e5:11:4b:21:
a8:95:70:a6
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ2Mg7WIWKxNCVqtntH6SFXeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNDE0MTUwMjE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2I5MjgzNmRjNzk5YTBhYmUwNzZiZTg2Y2QwNDM5MDgyZjg1NDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6xJNED1AYvADLSBw/TmHWk1+U0f5
1x+uZ6nToMxNK6fIbPdootf4Y1BcFPzlNVYE6icMS/Lt8qctWqr5ag4665uFymLv
RLZ8dXh6ka7qwX2S02TnIbIouWQndI0QSguxompdGin8p45u9KgY3AKf1K/g7Nd6
bHzP6wocNpBiYyHHdCiQuBVrFEzas6Lkikw/QoW3M7GyUYwv7edwe+XZgBH2H1Hf
5YbIPus4a+fAsaxaSQE4Vd7J3X3Hfzdzu2SxpxCwgb2OAxqf59y8MVP7Y1nxWM7W
TUBPxO1PmYkHyELptUn/xlqD8tSqeuvAJ4MLVF3FsgqY0btHWTXVG7sKXwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFDy5KDbceZoKvgdr6GzQQ5CC+FQBMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvUExrb050eDVtZ3EtQjJ2b2JOQkRrSUw0VkFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAk1rhAwQA
k1rlAwQAnq3XMAwDBAKerdwDBACerd4wDQYJKoZIhvcNAQELBQADggEBABikO3Dm
GOoT7m9qMSfRUcuy6fZ25PMS18ffgqWHVZOoBJhvJeXvFzTP27pmu9LHGPioxZ1b
HtZRJQNQkvbKI9NsxWixNEp1q9CHYhBMTKkALivCHABS4MbAVXyRCHU14lmlL5Xq
SqpdZWjdFI4HmXY4E1dbWjly7mSx5wIRwi10UlgbdV/iAxs6aq9qCa+IgcFKSNtG
ZkC082DlfBXQxyZCqPkLiy0TJ/7bISlFVcK5dW1pXYiLFrGegE/h2iiGeT7rsxiw
A5lGKYLuEMRyQtWWLwmlYovH8oXHtNnTI6C0xQ/WehoI7QHaeZJXXFmLc9lK7M9I
kmQm5RFLIaiVcKY=
-----END CERTIFICATE-----
Generated at Fri Apr 17 14:53:04 2026 by rpki-client