Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/0a4564-a525-4615-9a3a-8930ebb83e31/1/G3w3IwTc2U8pnBNF6x44NWWjw_4.roa
File: G3w3IwTc2U8pnBNF6x44NWWjw_4.roa (raw, json)
Hash identifier: wksFJWRYI5dSJWF4hYkgE71Ci7O2r0/roqHzdV32Uko=
Subject key identifier: 1B:7C:37:23:04:DC:D9:4F:29:9C:13:45:EB:1E:38:35:65:A3:C3:FE
Certificate issuer: /CN=9e25f8763aa351689b6ba336269ab21c4e0120b3
Certificate serial: 019B7A5B4C955D22DDE33966354F075322B9
Authority key identifier: 9E:25:F8:76:3A:A3:51:68:9B:6B:A3:36:26:9A:B2:1C:4E:01:20:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/niX4djqjUWiba6M2JpqyHE4BILM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/81/0a4564-a525-4615-9a3a-8930ebb83e31/1/G3w3IwTc2U8pnBNF6x44NWWjw_4.roa
Signing time: Thu 01 Jan 2026 16:19:22 +0000
ROA not before: Thu 01 Jan 2026 16:19:22 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202020
IP address blocks: 37.130.232.0/21 maxlen: 21
46.17.180.0/22 maxlen: 22
46.229.244.0/23 maxlen: 23
46.229.248.0/23 maxlen: 23
92.246.72.0/22 maxlen: 22
185.56.68.0/22 maxlen: 22
185.219.64.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/81/0a4564-a525-4615-9a3a-8930ebb83e31/1/niX4djqjUWiba6M2JpqyHE4BILM.crl
rsync://rpki.ripe.net/repository/DEFAULT/81/0a4564-a525-4615-9a3a-8930ebb83e31/1/niX4djqjUWiba6M2JpqyHE4BILM.mft
rsync://rpki.ripe.net/repository/DEFAULT/niX4djqjUWiba6M2JpqyHE4BILM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 16:01:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7a:5b:4c:95:5d:22:dd:e3:39:66:35:4f:07:53:22:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9e25f8763aa351689b6ba336269ab21c4e0120b3
Validity
Not Before: Jan 1 16:19:22 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1b7c372304dcd94f299c1345eb1e383565a3c3fe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:39:81:e1:11:7b:ff:4c:fd:18:b2:99:c9:3e:
7e:61:6d:5b:08:4c:d0:44:82:9c:02:53:0a:7a:95:
6a:6c:ff:da:62:17:1c:02:b3:27:9d:dd:e4:d6:2f:
9e:68:17:d9:71:a9:42:72:ba:b7:01:70:c7:31:d2:
a6:08:bc:c3:56:4e:fe:19:e1:50:34:8a:1e:fd:33:
8d:2c:96:3b:21:d2:c4:2f:1f:00:3c:94:d6:11:d0:
67:25:5b:3b:cd:69:5c:de:8a:56:06:e9:4c:db:d7:
b7:5d:7f:8f:8b:9a:c6:d5:55:ca:d3:a6:28:07:0d:
3c:ac:1e:cb:7f:a4:fa:de:da:b1:8e:9a:fa:a0:84:
5e:a5:83:79:7a:e3:f2:43:0c:b5:f2:84:60:36:6d:
dd:23:24:5f:e1:15:99:85:a4:0f:1b:68:98:54:10:
78:bf:8b:39:31:e8:d9:95:bd:a2:e6:94:c2:27:63:
e1:c2:f9:e3:8f:86:47:6a:c7:97:1d:a8:21:98:4f:
03:c6:76:6a:e0:6f:7c:b0:05:9b:37:27:72:06:f2:
70:a9:53:cc:f1:cc:64:02:80:23:05:37:d8:fb:1d:
ee:18:98:12:23:fd:6b:39:ab:5c:d1:4b:b5:a2:50:
eb:9d:65:75:61:45:a1:89:2c:3b:37:8c:ef:45:7c:
a3:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:7C:37:23:04:DC:D9:4F:29:9C:13:45:EB:1E:38:35:65:A3:C3:FE
X509v3 Authority Key Identifier:
keyid:9E:25:F8:76:3A:A3:51:68:9B:6B:A3:36:26:9A:B2:1C:4E:01:20:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/niX4djqjUWiba6M2JpqyHE4BILM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/0a4564-a525-4615-9a3a-8930ebb83e31/1/G3w3IwTc2U8pnBNF6x44NWWjw_4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/81/0a4564-a525-4615-9a3a-8930ebb83e31/1/niX4djqjUWiba6M2JpqyHE4BILM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.130.232.0/21
46.17.180.0/22
46.229.244.0/23
46.229.248.0/23
92.246.72.0/22
185.56.68.0/22
185.219.64.0/22
Signature Algorithm: sha256WithRSAEncryption
2f:be:a3:45:30:a1:11:68:5d:c3:14:ea:f4:68:20:f2:59:8c:
a4:ac:f0:45:e4:b6:56:d6:e5:a7:a6:05:00:43:30:26:ff:67:
b1:85:fe:5a:5e:8d:a7:42:fb:47:eb:15:1e:71:c1:f1:c6:f8:
e1:10:b8:c2:bd:cf:5a:55:c9:13:75:9f:f6:32:09:76:36:81:
52:81:f6:0a:63:ee:53:ca:79:ed:cd:dc:4d:56:04:5f:8e:a1:
ef:b4:85:a2:ec:05:47:72:d6:02:b8:8b:e0:7a:44:96:ff:2a:
4a:d2:23:99:5c:9f:f3:0c:7f:49:57:34:aa:4c:73:ec:18:41:
7a:35:37:ad:82:9d:38:fd:c8:62:dc:59:4d:36:a1:95:b4:e9:
03:43:ad:19:1f:30:61:c3:1b:32:45:83:b6:2c:fe:86:6b:7a:
34:57:a6:4d:8c:b3:1a:ce:52:ef:56:79:c2:71:69:8c:94:2d:
b8:df:a6:75:71:e4:1b:4c:ec:7c:ba:11:1e:c8:df:59:c5:2e:
91:ed:7d:1c:e2:ba:2e:b1:d9:17:31:c8:5c:c2:6c:8d:4d:24:
68:c2:f6:22:de:52:82:61:9d:91:b9:32:b4:fe:0e:46:87:33:
9f:dc:48:87:1a:66:12:4b:f0:46:43:aa:7d:d9:9f:69:f9:b9:
28:34:26:a0
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZt6W0yVXSLd4zlmNU8HUyK5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMjVmODc2M2FhMzUxNjg5YjZiYTMzNjI2OWFiMjFjNGUw
MTIwYjMwHhcNMjYwMTAxMTYxOTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjdjMzcyMzA0ZGNkOTRmMjk5YzEzNDVlYjFlMzgzNTY1YTNjM2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszmB4RF7/0z9GLKZyT5+YW1bCEzQ
RIKcAlMKepVqbP/aYhccArMnnd3k1i+eaBfZcalCcrq3AXDHMdKmCLzDVk7+GeFQ
NIoe/TONLJY7IdLELx8APJTWEdBnJVs7zWlc3opWBulM29e3XX+Pi5rG1VXK06Yo
Bw08rB7Lf6T63tqxjpr6oIRepYN5euPyQwy18oRgNm3dIyRf4RWZhaQPG2iYVBB4
v4s5MejZlb2i5pTCJ2Phwvnjj4ZHaseXHaghmE8DxnZq4G98sAWbNydyBvJwqVPM
8cxkAoAjBTfY+x3uGJgSI/1rOatc0Uu1olDrnWV1YUWhiSw7N4zvRXyjBwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFBt8NyME3NlPKZwTReseODVlo8P+MB8GA1UdIwQY
MBaAFJ4l+HY6o1Fom2ujNiaashxOASCzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmlYNGRqcWpVV2liYTZNMkpwcXlIRTRCSUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8wYTQ1NjQtYTUyNS00NjE1LTlhM2Et
ODkzMGViYjgzZTMxLzEvRzN3M0l3VGMyVThwbkJORjZ4NDROV1dqd180LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8wYTQ1NjQtYTUyNS00NjE1LTlhM2EtODkzMGViYjgzZTMx
LzEvbmlYNGRqcWpVV2liYTZNMkpwcXlIRTRCSUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQDJYLoAwQC
LhG0AwQBLuX0AwQBLuX4AwQCXPZIAwQCuThEAwQCudtAMA0GCSqGSIb3DQEBCwUA
A4IBAQAvvqNFMKERaF3DFOr0aCDyWYykrPBF5LZW1uWnpgUAQzAm/2exhf5aXo2n
QvtH6xUeccHxxvjhELjCvc9aVckTdZ/2Mgl2NoFSgfYKY+5TynntzdxNVgRfjqHv
tIWi7AVHctYCuIvgekSW/ypK0iOZXJ/zDH9JVzSqTHPsGEF6NTetgp04/chi3FlN
NqGVtOkDQ60ZHzBhwxsyRYO2LP6Ga3o0V6ZNjLMazlLvVnnCcWmMlC2436Z1ceQb
TOx8uhEeyN9ZxS6R7X0c4rousdkXMchcwmyNTSRowvYi3lKCYZ2RuTK0/g5GhzOf
3EiHGmYSS/BGQ6p92Z9p+bkoNCag
-----END CERTIFICATE-----
Generated at Tue Mar 3 02:19:59 2026 by rpki-client