Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/3a8dd0-3875-4eb2-b633-e2665d447d32/1/i3LjlTv0cqfO8U47iFQcI5yeNfw.roa
File: i3LjlTv0cqfO8U47iFQcI5yeNfw.roa (raw, json)
Hash identifier: NUcR9PJxIM36308L6r/104nGPX7janujjExA79MiVJY=
Subject key identifier: 8B:72:E3:95:3B:F4:72:A7:CE:F1:4E:3B:88:54:1C:23:9C:9E:35:FC
Certificate issuer: /CN=9ae07c94a8a6af7a5d18f4eaaea79e26df932214
Certificate serial: 019B7DCA0A57DCA5872138C86A0ADB91EB9C
Authority key identifier: 9A:E0:7C:94:A8:A6:AF:7A:5D:18:F4:EA:AE:A7:9E:26:DF:93:22:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/muB8lKimr3pdGPTqrqeeJt-TIhQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/3a8dd0-3875-4eb2-b633-e2665d447d32/1/i3LjlTv0cqfO8U47iFQcI5yeNfw.roa
Signing time: Fri 02 Jan 2026 08:19:11 +0000
ROA not before: Fri 02 Jan 2026 08:19:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 8462
IP address blocks: 46.249.128.0/19 maxlen: 19
77.110.128.0/19 maxlen: 19
77.110.160.0/19 maxlen: 19
77.111.128.0/18 maxlen: 18
79.121.104.0/21 maxlen: 21
79.121.112.0/21 maxlen: 21
91.146.128.0/18 maxlen: 18
95.168.32.0/19 maxlen: 19
95.168.64.0/19 maxlen: 19
185.3.136.0/22 maxlen: 22
185.165.108.0/22 maxlen: 22
185.166.132.0/22 maxlen: 22
185.166.136.0/22 maxlen: 22
185.170.84.0/22 maxlen: 22
185.172.44.0/22 maxlen: 22
185.187.248.0/22 maxlen: 22
185.195.52.0/22 maxlen: 22
185.202.136.0/22 maxlen: 22
185.214.28.0/22 maxlen: 22
185.235.112.0/22 maxlen: 22
193.151.116.0/22 maxlen: 22
193.218.98.0/24 maxlen: 24
193.227.196.0/22 maxlen: 22
194.37.88.0/22 maxlen: 22
195.128.232.0/23 maxlen: 23
212.16.128.0/19 maxlen: 19
2a01:5d0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/78/3a8dd0-3875-4eb2-b633-e2665d447d32/1/muB8lKimr3pdGPTqrqeeJt-TIhQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/78/3a8dd0-3875-4eb2-b633-e2665d447d32/1/muB8lKimr3pdGPTqrqeeJt-TIhQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/muB8lKimr3pdGPTqrqeeJt-TIhQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 14:00:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7d:ca:0a:57:dc:a5:87:21:38:c8:6a:0a:db:91:eb:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9ae07c94a8a6af7a5d18f4eaaea79e26df932214
Validity
Not Before: Jan 2 08:19:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8b72e3953bf472a7cef14e3b88541c239c9e35fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:9a:dd:d4:d9:97:a4:31:20:03:1a:e5:82:30:
6c:f8:96:6b:b9:23:40:ee:ec:9f:ac:79:39:e4:1a:
4f:15:1b:3a:cd:5f:95:ff:7d:86:3c:07:b7:4e:fa:
3e:15:fe:cb:0b:fa:f8:ec:74:30:25:c2:1b:e8:3d:
30:87:08:e4:15:bb:51:70:48:60:0c:31:7c:67:62:
25:8f:1a:2c:0d:d3:b2:fc:4c:5b:67:7d:3d:4c:0b:
1d:42:78:d2:a7:18:b6:80:a9:0d:c3:81:4b:4b:57:
4f:d0:f6:64:96:5e:08:45:41:71:dc:31:d5:6f:6c:
17:7f:c1:1d:c8:cf:b2:a3:3f:52:69:88:b5:94:f8:
05:1e:aa:6d:3d:7a:ec:96:cf:7f:a4:af:8e:93:cb:
93:94:71:3b:bf:9e:50:f0:4e:21:df:34:e3:45:24:
cf:e4:ef:2d:19:ce:ad:dc:10:ec:a8:1d:f4:aa:81:
87:2e:09:9c:47:9a:77:79:bb:77:46:6b:03:21:d2:
5d:d6:6a:fa:20:86:18:02:be:37:a6:c0:fc:47:c9:
b3:46:4b:37:bd:ab:49:5b:b5:06:22:77:77:89:49:
ca:cd:9e:e5:b1:cc:57:6a:fd:af:84:fa:1e:8a:1a:
68:45:63:6b:e1:39:6c:ac:68:38:aa:b0:12:84:f3:
68:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:72:E3:95:3B:F4:72:A7:CE:F1:4E:3B:88:54:1C:23:9C:9E:35:FC
X509v3 Authority Key Identifier:
keyid:9A:E0:7C:94:A8:A6:AF:7A:5D:18:F4:EA:AE:A7:9E:26:DF:93:22:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/muB8lKimr3pdGPTqrqeeJt-TIhQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/3a8dd0-3875-4eb2-b633-e2665d447d32/1/i3LjlTv0cqfO8U47iFQcI5yeNfw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/3a8dd0-3875-4eb2-b633-e2665d447d32/1/muB8lKimr3pdGPTqrqeeJt-TIhQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.249.128.0/19
77.110.128.0/18
77.111.128.0/18
79.121.104.0-79.121.119.255
91.146.128.0/18
95.168.32.0-95.168.95.255
185.3.136.0/22
185.165.108.0/22
185.166.132.0-185.166.139.255
185.170.84.0/22
185.172.44.0/22
185.187.248.0/22
185.195.52.0/22
185.202.136.0/22
185.214.28.0/22
185.235.112.0/22
193.151.116.0/22
193.218.98.0/24
193.227.196.0/22
194.37.88.0/22
195.128.232.0/23
212.16.128.0/19
IPv6:
2a01:5d0::/32
Signature Algorithm: sha256WithRSAEncryption
0e:bc:9c:5c:9f:da:07:82:df:cb:bf:60:03:39:18:df:03:c6:
a4:bb:65:d6:a5:f2:9f:e8:f6:00:71:6d:7a:40:af:65:a8:ba:
76:4f:b2:0a:45:11:ef:2b:7a:54:5f:25:8c:12:89:55:b0:23:
0e:81:ff:5a:fc:cc:2c:4b:f5:fb:76:91:b1:92:77:54:33:3b:
c4:1a:c9:27:e3:55:5a:00:b5:1d:4e:eb:28:0d:f1:4c:1d:5c:
ee:a5:8b:f6:cd:34:e2:52:b7:47:ff:fc:7d:a3:cb:4c:44:c5:
68:37:77:62:39:7f:f9:91:72:44:2f:7f:89:c4:e8:e3:a7:db:
0d:f7:7b:dc:45:26:f4:b8:42:de:ea:cf:3f:fb:03:d5:a9:e0:
d5:53:a9:b3:1f:6b:f0:c6:3b:28:00:9d:e3:bd:9c:50:d6:14:
36:d0:c1:b0:6a:32:10:b9:37:40:b3:df:79:39:37:52:67:90:
62:c3:26:6b:14:4d:65:c3:33:e9:4c:f2:b9:b3:7f:75:52:e0:
67:8e:db:e8:c9:17:b6:60:29:e6:e3:24:98:d1:e0:25:39:94:
bf:93:dc:0b:de:80:36:cf:48:3e:c7:d1:ca:4c:d8:17:45:78:
b6:d1:5f:d8:6a:1e:36:ee:25:04:92:fd:25:bd:f1:b7:cd:49:
bf:45:24:02
-----BEGIN CERTIFICATE-----
MIIFpzCCBI+gAwIBAgISAZt9ygpX3KWHITjIagrbkeucMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZTA3Yzk0YThhNmFmN2E1ZDE4ZjRlYWFlYTc5ZTI2ZGY5
MzIyMTQwHhcNMjYwMTAyMDgxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjcyZTM5NTNiZjQ3MmE3Y2VmMTRlM2I4ODU0MWMyMzljOWUzNWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Jrd1NmXpDEgAxrlgjBs+JZruSNA
7uyfrHk55BpPFRs6zV+V/32GPAe3Tvo+Ff7LC/r47HQwJcIb6D0whwjkFbtRcEhg
DDF8Z2IljxosDdOy/ExbZ309TAsdQnjSpxi2gKkNw4FLS1dP0PZkll4IRUFx3DHV
b2wXf8EdyM+yoz9SaYi1lPgFHqptPXrsls9/pK+Ok8uTlHE7v55Q8E4h3zTjRSTP
5O8tGc6t3BDsqB30qoGHLgmcR5p3ebt3RmsDIdJd1mr6IIYYAr43psD8R8mzRks3
vatJW7UGInd3iUnKzZ7lscxXav2vhPoeihpoRWNr4TlsrGg4qrAShPNonwIDAQAB
o4ICszCCAq8wHQYDVR0OBBYEFIty45U79HKnzvFOO4hUHCOcnjX8MB8GA1UdIwQY
MBaAFJrgfJSopq96XRj06q6nnibfkyIUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXVCOGxLaW1yM3BkR1BUcXJxZWVKdC1USWhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8zYThkZDAtMzg3NS00ZWIyLWI2MzMt
ZTI2NjVkNDQ3ZDMyLzEvaTNMamxUdjBjcWZPOFU0N2lGUWNJNXllTmZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8zYThkZDAtMzg3NS00ZWIyLWI2MzMtZTI2NjVkNDQ3ZDMy
LzEvbXVCOGxLaW1yM3BkR1BUcXJxZWVKdC1USWhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHIBggrBgEFBQcBBwEB/wSBuDCBtTCBowQCAAEwgZwDBAUu
+YADBAZNboADBAZNb4AwDAMEA095aAMEA095cAMEBluSgDAMAwQFX6ggAwQFX6hA
AwQCuQOIAwQCuaVsMAwDBAK5poQDBAK5pogDBAK5qlQDBAK5rCwDBAK5u/gDBAK5
wzQDBAK5yogDBAK51hwDBAK563ADBALBl3QDBADB2mIDBALB48QDBALCJVgDBAHD
gOgDBAXUEIAwDQQCAAIwBwMFACoBBdAwDQYJKoZIhvcNAQELBQADggEBAA68nFyf
2geC38u/YAM5GN8DxqS7Zdal8p/o9gBxbXpAr2WounZPsgpFEe8relRfJYwSiVWw
Iw6B/1r8zCxL9ft2kbGSd1QzO8QaySfjVVoAtR1O6ygN8UwdXO6li/bNNOJSt0f/
/H2jy0xExWg3d2I5f/mRckQvf4nE6OOn2w33e9xFJvS4Qt7qzz/7A9Wp4NVTqbMf
a/DGOygAneO9nFDWFDbQwbBqMhC5N0Cz33k5N1JnkGLDJmsUTWXDM+lM8rmzf3VS
4GeO2+jJF7ZgKebjJJjR4CU5lL+T3AvegDbPSD7H0cpM2BdFeLbRX9hqHjbuJQSS
/SW98bfNSb9FJAI=
-----END CERTIFICATE-----
Generated at Mon Mar 2 18:26:13 2026 by rpki-client