Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/nUTdbxJPgzkpoD6QTKh8nSqKnOU.roa
File: nUTdbxJPgzkpoD6QTKh8nSqKnOU.roa (raw, json)
Hash identifier: 0MbeyCra2x/Y3daHk9ukYCc98LSVSiOhW3oybDE0EDs=
Subject key identifier: 9D:44:DD:6F:12:4F:83:39:29:A0:3E:90:4C:A8:7C:9D:2A:8A:9C:E5
Certificate issuer: /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial: 019C1F3A2799CF5375D92F1614B7085B20E9
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/nUTdbxJPgzkpoD6QTKh8nSqKnOU.roa
Signing time: Mon 02 Feb 2026 16:40:30 +0000
ROA not before: Mon 02 Feb 2026 16:40:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 6079
IP address blocks: 9.142.0.0/16 maxlen: 24
9.142.64.0/20 maxlen: 20
9.142.76.0/23 maxlen: 23
9.142.78.0/24 maxlen: 24
9.142.79.0/24 maxlen: 24
9.142.80.0/21 maxlen: 21
9.142.92.0/23 maxlen: 23
9.142.94.0/24 maxlen: 24
9.142.95.0/24 maxlen: 24
9.142.128.0/19 maxlen: 19
9.142.160.0/19 maxlen: 19
9.142.224.0/20 maxlen: 20
9.142.224.0/21 maxlen: 21
9.142.236.0/23 maxlen: 23
9.142.238.0/24 maxlen: 24
9.142.239.0/24 maxlen: 24
9.142.240.0/21 maxlen: 21
9.142.248.0/22 maxlen: 22
9.142.252.0/23 maxlen: 23
9.142.254.0/24 maxlen: 24
9.142.255.0/24 maxlen: 24
135.132.0.0/19 maxlen: 24
135.132.160.0/20 maxlen: 20
138.226.32.0/20 maxlen: 20
138.226.80.0/21 maxlen: 21
138.226.120.0/21 maxlen: 21
138.226.128.0/18 maxlen: 18
138.226.200.0/21 maxlen: 21
158.120.49.0/24 maxlen: 24
158.120.51.0/24 maxlen: 24
158.120.53.0/24 maxlen: 24
158.120.55.0/24 maxlen: 24
158.120.57.0/24 maxlen: 24
158.120.59.0/24 maxlen: 24
158.120.61.0/24 maxlen: 24
158.120.63.0/24 maxlen: 24
192.46.184.0/21 maxlen: 21
192.46.184.0/22 maxlen: 22
192.46.188.0/24 maxlen: 24
192.46.200.0/22 maxlen: 22
192.53.64.0/22 maxlen: 22
192.53.68.0/22 maxlen: 22
192.53.136.0/22 maxlen: 22
192.53.140.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:1f:3a:27:99:cf:53:75:d9:2f:16:14:b7:08:5b:20:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Validity
Not Before: Feb 2 16:40:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9d44dd6f124f833929a03e904ca87c9d2a8a9ce5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:95:6b:b0:3b:3a:b9:8b:47:8d:46:90:5d:d0:
91:c9:8f:b8:91:e5:8b:94:da:dd:46:e8:56:b3:c5:
5b:cb:4f:3d:f8:91:6b:a6:7b:8f:d9:f5:b9:25:1d:
af:2a:59:a5:5b:e8:b5:fa:7b:32:ac:52:7c:1a:c3:
aa:82:8d:de:d2:69:6f:d7:74:95:62:bf:84:b6:3d:
35:1a:e4:3c:26:70:ee:8e:e5:a1:26:a5:b5:17:47:
8c:20:b7:9f:1f:69:d6:1b:d2:4e:a7:59:92:40:eb:
d5:43:4c:4e:8b:bf:a0:51:c2:c4:9e:91:8d:60:8c:
f8:7b:df:bf:e7:53:16:1c:72:23:7b:87:e8:fc:9c:
d1:d1:8e:ed:f9:84:91:eb:08:12:e5:74:7f:28:9d:
79:45:44:be:0c:33:86:7e:08:b3:70:4c:10:22:21:
ee:3b:ce:32:4f:93:c8:1e:55:3f:06:dc:d0:31:1d:
bb:95:9f:f8:72:dd:9c:be:90:0d:73:ea:ee:b2:bd:
90:7e:1a:05:69:d9:1c:a2:f9:f1:3e:f2:51:f9:f1:
62:5e:90:75:c4:00:65:f2:7f:cb:fc:b0:2c:f6:dc:
e8:9a:63:fd:8b:19:ba:9a:2a:8d:dd:f9:e0:3f:9e:
82:52:50:f4:db:dc:92:95:e4:4b:40:2f:31:f3:74:
88:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:44:DD:6F:12:4F:83:39:29:A0:3E:90:4C:A8:7C:9D:2A:8A:9C:E5
X509v3 Authority Key Identifier:
keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/nUTdbxJPgzkpoD6QTKh8nSqKnOU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
9.142.0.0/16
135.132.0.0/19
135.132.160.0/20
138.226.32.0/20
138.226.80.0/21
138.226.120.0-138.226.191.255
138.226.200.0/21
158.120.49.0/24
158.120.51.0/24
158.120.53.0/24
158.120.55.0/24
158.120.57.0/24
158.120.59.0/24
158.120.61.0/24
158.120.63.0/24
192.46.184.0/21
192.46.200.0/22
192.53.64.0/21
192.53.136.0/21
Signature Algorithm: sha256WithRSAEncryption
1b:91:5d:3b:f1:a4:cd:d4:c2:b4:9a:a1:90:4b:e5:6f:c8:8d:
54:7b:51:ad:98:b4:9f:bf:f5:bf:35:b4:b3:b5:42:35:93:42:
6d:51:13:ed:8e:ec:44:e2:61:49:39:9e:a2:e8:b6:7f:67:57:
9e:c4:da:16:ce:31:a7:dd:0c:fb:08:f9:ea:e4:90:94:e9:43:
16:d3:e5:fc:2a:b8:2a:91:69:57:ab:53:06:28:f9:01:65:3e:
cd:3d:6d:ce:d1:2d:3f:c6:bf:d2:9c:ad:f3:35:3c:ae:20:fa:
b3:bc:89:d8:1b:42:79:fb:60:13:c6:6b:4c:0b:93:04:2f:28:
0f:01:12:93:59:5d:22:cd:b8:58:b3:11:59:06:79:e7:c5:d7:
a2:19:a6:8e:fa:60:1e:5b:86:23:9e:1c:0c:ad:66:bd:2f:d5:
04:b2:55:3b:26:e2:82:83:56:cc:92:5e:9c:b0:d7:1c:66:f2:
22:e5:1f:d0:cd:46:d9:0a:a0:76:c1:78:89:51:cd:b0:0c:f4:
98:3a:f5:96:41:5a:63:ea:48:ad:83:df:86:96:11:97:2b:a6:
4f:46:25:b5:95:f0:c9:cc:a2:77:d7:14:c6:48:44:fb:4c:d8:
e3:4e:50:09:b8:c2:44:36:e6:d5:04:3e:cd:81:ef:84:61:00:
0c:e1:04:a8
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZwfOieZz1N12S8WFLcIWyDpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjYwMjAyMTY0MDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDQ0ZGQ2ZjEyNGY4MzM5MjlhMDNlOTA0Y2E4N2M5ZDJhOGE5Y2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5VrsDs6uYtHjUaQXdCRyY+4keWL
lNrdRuhWs8Vby089+JFrpnuP2fW5JR2vKlmlW+i1+nsyrFJ8GsOqgo3e0mlv13SV
Yr+Etj01GuQ8JnDujuWhJqW1F0eMILefH2nWG9JOp1mSQOvVQ0xOi7+gUcLEnpGN
YIz4e9+/51MWHHIje4fo/JzR0Y7t+YSR6wgS5XR/KJ15RUS+DDOGfgizcEwQIiHu
O84yT5PIHlU/BtzQMR27lZ/4ct2cvpANc+rusr2QfhoFadkcovnxPvJR+fFiXpB1
xABl8n/L/LAs9tzommP9ixm6miqN3fngP56CUlD029ySleRLQC8x83SIWwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFJ1E3W8ST4M5KaA+kEyofJ0qipzlMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvblVUZGJ4SlBnemtwb0Q2UVRLaDhuU3FLbk9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGUBggrBgEFBQcBBwEB/wSBhDCBgTB/BAIAATB5AwMACY4D
BAWHhAADBASHhKADBASK4iADBAOK4lAwDAMEA4rieAMEBorigAMEA4riyAMEAJ54
MQMEAJ54MwMEAJ54NQMEAJ54NwMEAJ54OQMEAJ54OwMEAJ54PQMEAJ54PwMEA8Au
uAMEAsAuyAMEA8A1QAMEA8A1iDANBgkqhkiG9w0BAQsFAAOCAQEAG5FdO/GkzdTC
tJqhkEvlb8iNVHtRrZi0n7/1vzW0s7VCNZNCbVET7Y7sROJhSTmeoui2f2dXnsTa
Fs4xp90M+wj56uSQlOlDFtPl/Cq4KpFpV6tTBij5AWU+zT1tztEtP8a/0pyt8zU8
riD6s7yJ2BtCeftgE8ZrTAuTBC8oDwESk1ldIs24WLMRWQZ558XXohmmjvpgHluG
I54cDK1mvS/VBLJVOybigoNWzJJenLDXHGbyIuUf0M1G2QqgdsF4iVHNsAz0mDr1
lkFaY+pIrYPfhpYRlyumT0YltZXwycyid9cUxkhE+0zY405QCbjCRDbm1QQ+zYHv
hGEADOEEqA==
-----END CERTIFICATE-----
Generated at Mon Mar 2 09:27:09 2026 by rpki-client