Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/soaunGStxbPkormQ76za44o5oUE.roa
File: soaunGStxbPkormQ76za44o5oUE.roa (raw, json)
Hash identifier: GnwJgdmCBWw6c8ZiKcOlp3PjKm7Zw2JGkgTThgk6lKE=
Subject key identifier: B2:86:AE:9C:64:AD:C5:B3:E4:A2:B9:90:EF:AC:DA:E3:8A:39:A1:41
Certificate issuer: /CN=668e9b2eefb205342382b6072a903f9d9837071a
Certificate serial: 019D8ADCCFE6C7EBB19380E99DAE11C8DA5D
Authority key identifier: 66:8E:9B:2E:EF:B2:05:34:23:82:B6:07:2A:90:3F:9D:98:37:07:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/soaunGStxbPkormQ76za44o5oUE.roa
Signing time: Tue 14 Apr 2026 07:20:20 +0000
ROA not before: Tue 14 Apr 2026 07:20:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 44056
IP address blocks: 31.135.224.0/20 maxlen: 24
31.135.226.0/23 maxlen: 23
31.135.227.0/24 maxlen: 24
31.135.228.0/22 maxlen: 22
31.135.232.0/22 maxlen: 22
31.135.236.0/23 maxlen: 23
31.135.236.0/24 maxlen: 24
46.148.128.0/20 maxlen: 20
46.148.128.0/22 maxlen: 22
46.148.129.0/24 maxlen: 24
46.148.130.0/24 maxlen: 24
46.148.132.0/22 maxlen: 22
46.148.143.0/24 maxlen: 24
83.97.104.0/21 maxlen: 21
91.195.130.0/23 maxlen: 23
91.230.146.0/24 maxlen: 24
91.237.186.0/23 maxlen: 23
91.237.186.0/24 maxlen: 24
91.237.187.0/24 maxlen: 24
109.196.64.0/20 maxlen: 24
109.196.64.0/22 maxlen: 22
109.196.64.0/24 maxlen: 24
109.196.65.0/24 maxlen: 24
109.196.67.0/24 maxlen: 24
109.196.68.0/22 maxlen: 22
109.196.68.0/24 maxlen: 24
109.196.69.0/24 maxlen: 24
109.196.72.0/22 maxlen: 22
109.196.72.0/24 maxlen: 24
109.196.73.0/24 maxlen: 24
109.196.74.0/24 maxlen: 24
109.196.75.0/24 maxlen: 24
109.196.76.0/22 maxlen: 22
109.196.76.0/24 maxlen: 24
109.196.77.0/24 maxlen: 24
109.196.78.0/24 maxlen: 24
109.196.79.0/24 maxlen: 24
176.125.192.0/19 maxlen: 19
176.125.192.0/24 maxlen: 24
176.125.194.0/24 maxlen: 24
176.125.195.0/24 maxlen: 24
176.125.196.0/24 maxlen: 24
195.2.238.0/23 maxlen: 23
195.244.24.0/23 maxlen: 23
195.244.25.0/24 maxlen: 24
2a13:2940::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.crl
rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:8a:dc:cf:e6:c7:eb:b1:93:80:e9:9d:ae:11:c8:da:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=668e9b2eefb205342382b6072a903f9d9837071a
Validity
Not Before: Apr 14 07:20:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b286ae9c64adc5b3e4a2b990efacdae38a39a141
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:a1:15:c2:d8:4f:b4:5b:34:13:95:6f:65:fa:
ca:ba:73:c9:81:8b:90:a7:a3:a8:81:92:12:47:0b:
96:38:b2:0a:7c:89:46:33:4a:c6:f8:51:86:6c:15:
a4:30:00:ff:ec:26:23:fb:6c:2e:bd:fd:21:62:54:
a9:e8:51:dd:d8:c4:32:eb:2d:8c:a0:be:ae:20:1f:
4b:b7:64:40:35:01:62:52:10:c8:f2:5a:e6:f7:36:
09:c4:99:0a:c6:ac:58:cd:4c:87:bd:f1:d8:9b:5b:
61:71:50:a4:72:29:c5:2f:64:23:82:4f:28:02:dd:
ce:43:ec:0e:3e:e2:f1:8e:bc:98:c9:3c:2d:10:12:
86:7a:f5:b0:f3:28:57:07:bf:00:ee:7b:58:8c:af:
1a:ce:ec:e9:fd:2f:fa:28:b4:fe:d6:78:72:f9:80:
ca:db:8a:0e:78:51:ca:90:e4:b8:6b:b2:f4:b8:a1:
e1:5b:e6:3b:43:74:66:a2:e5:9d:66:6e:3d:fd:eb:
37:93:a6:28:07:9b:55:a0:a8:c8:1a:7d:bf:18:a4:
14:f8:ed:2a:af:38:28:79:66:51:04:31:2e:8b:41:
76:bd:07:f0:4c:1a:99:93:68:de:ab:6c:a6:e3:6a:
63:b9:b9:da:5d:aa:1a:7c:31:a1:ac:55:7c:66:cb:
91:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:86:AE:9C:64:AD:C5:B3:E4:A2:B9:90:EF:AC:DA:E3:8A:39:A1:41
X509v3 Authority Key Identifier:
keyid:66:8E:9B:2E:EF:B2:05:34:23:82:B6:07:2A:90:3F:9D:98:37:07:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/soaunGStxbPkormQ76za44o5oUE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.135.224.0/20
46.148.128.0/20
83.97.104.0/21
91.195.130.0/23
91.230.146.0/24
91.237.186.0/23
109.196.64.0/20
176.125.192.0/19
195.2.238.0/23
195.244.24.0/23
IPv6:
2a13:2940::/32
Signature Algorithm: sha256WithRSAEncryption
33:28:cb:8a:ab:3c:00:40:c6:37:b1:91:cc:f9:c4:d6:2c:a3:
ed:70:14:f5:83:13:42:e0:20:31:d9:cc:21:fe:47:18:2c:c2:
af:cf:cd:4b:c2:18:51:e8:e9:67:fd:2d:9a:e9:b1:bd:ce:61:
ce:64:da:79:79:88:a2:6b:12:22:dd:c0:60:ac:e1:14:49:e1:
37:cf:0d:4a:2a:5d:3a:ae:21:2c:95:63:ea:8e:ad:c9:33:0a:
dd:ac:34:93:fd:b1:d6:69:2f:a4:e3:24:25:ed:9e:22:90:56:
f1:8d:c5:d6:87:e8:79:11:4d:6b:43:bc:87:b2:fe:6a:6a:f9:
ae:a3:9e:d5:da:82:f8:e5:48:b7:06:19:c1:9f:2a:f3:19:ef:
3c:44:4b:4b:53:ef:02:42:9c:7f:c2:a8:36:88:4e:3d:22:1b:
57:23:17:6b:cd:b2:ea:e0:73:39:7c:29:88:5d:72:1c:da:b0:
c5:2a:6e:67:41:86:21:23:05:19:5f:a1:b0:a7:bc:48:78:73:
88:f1:cb:69:1f:57:c1:f0:d3:5e:3b:a9:68:2d:e9:33:fa:06:
15:87:c4:32:d1:5e:67:91:86:1b:38:52:46:95:fb:37:7a:55:
81:7b:9a:2d:f9:1c:f0:cc:57:65:73:30:69:de:5d:5e:3a:2b:
46:1d:4b:b6
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZ2K3M/mx+uxk4Dpna4RyNpdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OGU5YjJlZWZiMjA1MzQyMzgyYjYwNzJhOTAzZjlkOTgz
NzA3MWEwHhcNMjYwNDE0MDcyMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjg2YWU5YzY0YWRjNWIzZTRhMmI5OTBlZmFjZGFlMzhhMzlhMTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy6EVwthPtFs0E5VvZfrKunPJgYuQ
p6OogZISRwuWOLIKfIlGM0rG+FGGbBWkMAD/7CYj+2wuvf0hYlSp6FHd2MQy6y2M
oL6uIB9Lt2RANQFiUhDI8lrm9zYJxJkKxqxYzUyHvfHYm1thcVCkcinFL2Qjgk8o
At3OQ+wOPuLxjryYyTwtEBKGevWw8yhXB78A7ntYjK8azuzp/S/6KLT+1nhy+YDK
24oOeFHKkOS4a7L0uKHhW+Y7Q3RmouWdZm49/es3k6YoB5tVoKjIGn2/GKQU+O0q
rzgoeWZRBDEui0F2vQfwTBqZk2jeq2ym42pjubnaXaoafDGhrFV8ZsuRkQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFLKGrpxkrcWz5KK5kO+s2uOKOaFBMB8GA1UdIwQY
MBaAFGaOmy7vsgU0I4K2ByqQP52YNwcaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm82Ykx1LXlCVFFqZ3JZSEtwQV9uWmczQnhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC80YTEzMDUtMzkxYy00NDZjLTlhMzMt
NGMwOGZmZTEwMDc2LzEvc29hdW5HU3R4YlBrb3JtUTc2emE0NG81b1VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC80YTEzMDUtMzkxYy00NDZjLTlhMzMtNGMwOGZmZTEwMDc2
LzEvWm82Ykx1LXlCVFFqZ3JZSEtwQV9uWmczQnhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQEH4fgAwQE
LpSAAwQDU2FoAwQBW8OCAwQAW+aSAwQBW+26AwQEbcRAAwQFsH3AAwQBwwLuAwQB
w/QYMA0EAgACMAcDBQAqEylAMA0GCSqGSIb3DQEBCwUAA4IBAQAzKMuKqzwAQMY3
sZHM+cTWLKPtcBT1gxNC4CAx2cwh/kcYLMKvz81LwhhR6Oln/S2a6bG9zmHOZNp5
eYiiaxIi3cBgrOEUSeE3zw1KKl06riEslWPqjq3JMwrdrDST/bHWaS+k4yQl7Z4i
kFbxjcXWh+h5EU1rQ7yHsv5qavmuo57V2oL45Ui3BhnBnyrzGe88REtLU+8CQpx/
wqg2iE49IhtXIxdrzbLq4HM5fCmIXXIc2rDFKm5nQYYhIwUZX6Gwp7xIeHOI8ctp
H1fB8NNeO6loLekz+gYVh8Qy0V5nkYYbOFJGlfs3elWBe5ot+RzwzFdlczBp3l1e
OitGHUu2
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:28:26 2026 by rpki-client