Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/1GWKutvP5wqE4NwHAG48iVSQ7PA.roa
File: 1GWKutvP5wqE4NwHAG48iVSQ7PA.roa (raw, json)
Hash identifier: zqS2gc00NkqFjgmG9FJ6uA0+J1taXCi+tvVpRWDaifE=
Subject key identifier: D4:65:8A:BA:DB:CF:E7:0A:84:E0:DC:07:00:6E:3C:89:54:90:EC:F0
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 019C056D8872A281B5CDD4B0EA2A08801E14
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/1GWKutvP5wqE4NwHAG48iVSQ7PA.roa
Signing time: Wed 28 Jan 2026 16:26:30 +0000
ROA not before: Wed 28 Jan 2026 16:26:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 6134
IP address blocks: 45.10.68.0/24 maxlen: 24
45.83.236.0/24 maxlen: 24
45.150.198.0/23 maxlen: 24
91.208.104.0/24 maxlen: 24
91.213.200.0/24 maxlen: 24
91.216.169.0/24 maxlen: 24
91.216.190.0/24 maxlen: 24
2a12:ab80::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 09:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:05:6d:88:72:a2:81:b5:cd:d4:b0:ea:2a:08:80:1e:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: Jan 28 16:26:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d4658abadbcfe70a84e0dc07006e3c895490ecf0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:62:ce:b2:30:8c:8a:3a:fc:41:67:f1:c8:79:
bd:f6:98:3d:d8:83:0e:93:f6:2b:44:15:18:98:f9:
02:09:52:1e:e8:3b:e1:67:c8:fe:cd:98:8c:74:65:
96:a5:de:ad:a2:b6:aa:38:4d:9b:b4:6a:a9:62:7c:
24:4f:fc:e4:77:f2:49:9d:63:48:98:f5:15:23:1f:
3b:32:a1:f5:ba:94:e5:89:98:c6:17:88:fd:38:e7:
65:bc:45:70:d1:43:c1:c5:b6:de:ae:50:73:12:c6:
38:aa:03:72:02:9f:a4:2e:32:18:e6:2a:60:85:99:
2a:fc:42:28:07:a2:b1:29:0c:6d:f7:5b:7d:98:0f:
0e:ed:79:3d:65:cf:0c:73:46:d8:ee:b3:aa:0b:c4:
39:f9:8b:b8:3e:5a:3e:c9:bc:69:f5:8b:96:9e:1d:
65:b5:50:fe:13:f0:da:39:81:c8:4b:93:77:b5:e4:
24:b9:46:79:dc:cb:c6:5c:ff:61:d4:30:17:fd:6f:
e2:22:55:30:c9:42:b7:55:7e:a6:9e:3a:82:52:14:
c4:ff:45:7f:71:f7:e5:1d:9c:54:19:5a:e6:e3:25:
a1:d4:ef:5c:77:5a:a4:be:d2:f1:96:43:88:54:87:
3d:6e:2f:cc:54:4c:12:87:c8:f3:c8:78:e3:99:a0:
2f:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:65:8A:BA:DB:CF:E7:0A:84:E0:DC:07:00:6E:3C:89:54:90:EC:F0
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/1GWKutvP5wqE4NwHAG48iVSQ7PA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.10.68.0/24
45.83.236.0/24
45.150.198.0/23
91.208.104.0/24
91.213.200.0/24
91.216.169.0/24
91.216.190.0/24
IPv6:
2a12:ab80::/29
Signature Algorithm: sha256WithRSAEncryption
01:8a:42:63:47:f0:c2:d2:9d:69:18:68:fa:17:a8:ca:13:69:
fe:bb:21:b2:49:70:61:8a:3e:1b:54:a1:c7:cd:77:ea:b1:f8:
a4:a4:44:f5:70:4b:6f:91:1a:33:b2:2e:e6:9a:6f:e5:7d:48:
92:16:05:e7:fd:12:23:31:c7:ad:59:12:0d:66:78:b7:51:c8:
79:20:b7:b5:08:20:09:0b:8e:6b:c9:3b:ac:84:98:62:85:65:
b6:9c:2c:c7:7b:62:df:bb:12:a0:d4:84:50:a1:a3:41:88:83:
98:88:27:99:76:c4:72:3b:07:ba:84:f1:a1:fd:26:20:15:6e:
a4:23:b1:dc:f6:a9:e7:ab:56:59:1d:27:d2:e7:1d:e2:05:24:
14:95:32:d5:b6:60:14:8f:6b:bc:67:6d:45:34:f5:3f:f9:e5:
fb:98:9f:69:16:5d:c1:cf:57:ef:51:ec:bb:09:94:09:86:dc:
88:cb:9c:fd:24:5c:ea:5f:2b:88:3c:ac:76:a8:dd:7a:c4:a0:
74:91:70:b4:30:16:7a:3a:da:65:c3:69:f2:23:a1:d5:06:22:
bc:84:64:bb:da:d5:71:91:a5:8f:65:bf:59:fe:27:81:76:d4:
4a:e7:8f:81:02:04:03:d7:eb:ca:13:f0:fb:8a:37:93:a7:fa:
c0:e0:85:91
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZwFbYhyooG1zdSw6ioIgB4UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjYwMTI4MTYyNjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDY1OGFiYWRiY2ZlNzBhODRlMGRjMDcwMDZlM2M4OTU0OTBlY2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2LOsjCMijr8QWfxyHm99pg92IMO
k/YrRBUYmPkCCVIe6DvhZ8j+zZiMdGWWpd6toraqOE2btGqpYnwkT/zkd/JJnWNI
mPUVIx87MqH1upTliZjGF4j9OOdlvEVw0UPBxbberlBzEsY4qgNyAp+kLjIY5ipg
hZkq/EIoB6KxKQxt91t9mA8O7Xk9Zc8Mc0bY7rOqC8Q5+Yu4Plo+ybxp9YuWnh1l
tVD+E/DaOYHIS5N3teQkuUZ53MvGXP9h1DAX/W/iIlUwyUK3VX6mnjqCUhTE/0V/
cfflHZxUGVrm4yWh1O9cd1qkvtLxlkOIVIc9bi/MVEwSh8jzyHjjmaAvyQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFNRlirrbz+cKhODcBwBuPIlUkOzwMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvMUdXS3V0dlA1d3FFNE53SEFHNDhpVlNRN1BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQALQpEAwQA
LVPsAwQBLZbGAwQAW9BoAwQAW9XIAwQAW9ipAwQAW9i+MA0EAgACMAcDBQMqEquA
MA0GCSqGSIb3DQEBCwUAA4IBAQABikJjR/DC0p1pGGj6F6jKE2n+uyGySXBhij4b
VKHHzXfqsfikpET1cEtvkRozsi7mmm/lfUiSFgXn/RIjMcetWRINZni3Uch5ILe1
CCAJC45ryTushJhihWW2nCzHe2LfuxKg1IRQoaNBiIOYiCeZdsRyOwe6hPGh/SYg
FW6kI7Hc9qnnq1ZZHSfS5x3iBSQUlTLVtmAUj2u8Z21FNPU/+eX7mJ9pFl3Bz1fv
Uey7CZQJhtyIy5z9JFzqXyuIPKx2qN16xKB0kXC0MBZ6Otplw2nyI6HVBiK8hGS7
2tVxkaWPZb9Z/ieBdtRK54+BAgQD1+vKE/D7ijeTp/rA4IWR
-----END CERTIFICATE-----
Generated at Mon Mar 2 13:17:21 2026 by rpki-client