Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/3ee7c5-1264-47e9-8a12-041b78ada215/1/sWZCCJ9mYF4x-AZV9gqyKfwmtqw.roa
File: sWZCCJ9mYF4x-AZV9gqyKfwmtqw.roa (raw, json)
Hash identifier: ENzKV46vc1yAkS1qAwIAJTRoo8u9W0tkvlFZn62IWoI=
Subject key identifier: B1:66:42:08:9F:66:60:5E:31:F8:06:55:F6:0A:B2:29:FC:26:B6:AC
Certificate issuer: /CN=a34f365e78064b58c44d48cfb39291d3fb1d9e10
Certificate serial: 019B7D5BCFFFBFEC2E2B9F327EA5B1203AB2
Authority key identifier: A3:4F:36:5E:78:06:4B:58:C4:4D:48:CF:B3:92:91:D3:FB:1D:9E:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/o082XngGS1jETUjPs5KR0_sdnhA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/84/3ee7c5-1264-47e9-8a12-041b78ada215/1/sWZCCJ9mYF4x-AZV9gqyKfwmtqw.roa
Signing time: Fri 02 Jan 2026 06:18:47 +0000
ROA not before: Fri 02 Jan 2026 06:18:47 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 20694
IP address blocks: 185.166.200.0/22 maxlen: 24
185.166.200.0/24 maxlen: 24
185.166.201.0/24 maxlen: 24
185.166.202.0/24 maxlen: 24
185.166.203.0/24 maxlen: 24
188.94.24.0/21 maxlen: 21
217.114.64.0/20 maxlen: 20
2a01:688::/32 maxlen: 32
2a01:689::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/84/3ee7c5-1264-47e9-8a12-041b78ada215/1/o082XngGS1jETUjPs5KR0_sdnhA.crl
rsync://rpki.ripe.net/repository/DEFAULT/84/3ee7c5-1264-47e9-8a12-041b78ada215/1/o082XngGS1jETUjPs5KR0_sdnhA.mft
rsync://rpki.ripe.net/repository/DEFAULT/o082XngGS1jETUjPs5KR0_sdnhA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 12:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7d:5b:cf:ff:bf:ec:2e:2b:9f:32:7e:a5:b1:20:3a:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a34f365e78064b58c44d48cfb39291d3fb1d9e10
Validity
Not Before: Jan 2 06:18:47 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b16642089f66605e31f80655f60ab229fc26b6ac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:e3:29:14:58:c2:25:81:71:81:79:a8:ba:e8:
2b:5f:c9:a7:30:13:ec:b6:6c:a1:79:26:2f:9e:7e:
23:44:84:a2:14:34:34:40:de:a4:13:29:43:e0:81:
0b:d5:58:83:00:f9:3a:8d:7f:18:84:e2:8b:c2:15:
f8:26:99:84:da:c7:de:96:6b:33:0a:05:e5:7f:97:
15:eb:8d:22:72:cc:a2:2f:b4:a6:67:ef:7c:df:51:
46:97:90:36:9d:10:86:ee:d1:9a:1b:03:91:33:92:
ab:da:df:63:1a:3c:d4:97:a5:f7:fe:e8:57:76:a3:
38:df:e6:9e:19:fa:ef:c5:be:2e:b8:0f:86:01:dc:
8e:ac:dc:3b:42:4b:2f:77:81:f2:89:40:f2:d7:26:
b2:b6:7b:8a:c5:41:c3:ac:4a:f0:39:e8:6b:9f:88:
42:4f:77:fa:50:bd:b5:0f:6d:25:d3:ed:76:64:61:
25:7e:b0:03:ff:a4:00:28:6c:50:d4:23:fb:dd:6e:
30:45:33:a3:7c:f6:64:fb:20:bc:5b:39:38:02:ed:
c2:db:15:3a:96:a2:92:0b:9f:7a:aa:4d:b5:8e:7b:
ab:93:75:b5:b3:59:28:4a:55:e3:67:ee:4b:a3:90:
7e:80:0e:b3:3e:9e:cb:aa:31:41:64:83:fb:41:33:
59:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:66:42:08:9F:66:60:5E:31:F8:06:55:F6:0A:B2:29:FC:26:B6:AC
X509v3 Authority Key Identifier:
keyid:A3:4F:36:5E:78:06:4B:58:C4:4D:48:CF:B3:92:91:D3:FB:1D:9E:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o082XngGS1jETUjPs5KR0_sdnhA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/3ee7c5-1264-47e9-8a12-041b78ada215/1/sWZCCJ9mYF4x-AZV9gqyKfwmtqw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/84/3ee7c5-1264-47e9-8a12-041b78ada215/1/o082XngGS1jETUjPs5KR0_sdnhA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.166.200.0/22
188.94.24.0/21
217.114.64.0/20
IPv6:
2a01:688::/31
Signature Algorithm: sha256WithRSAEncryption
73:a9:4b:62:81:12:6a:f1:44:92:c2:20:15:2c:3f:20:8f:90:
cb:d5:d9:a4:65:dd:ea:82:cb:4b:3c:59:dd:05:4f:6b:47:e3:
4e:dc:3e:c5:a8:b2:15:28:30:a6:be:7c:64:5c:be:36:98:23:
de:16:3d:71:db:9f:a0:99:8d:13:ee:24:e5:af:23:65:d3:bb:
a3:c8:1a:bf:5d:67:d1:eb:0e:0f:a4:96:f8:5f:bb:2c:ae:4e:
4a:eb:6a:f4:9f:88:e9:09:7e:62:29:de:b3:be:b3:d3:8a:fc:
ba:2c:31:9c:77:eb:ea:0a:8d:54:d1:53:91:d5:ab:7b:cf:15:
93:57:92:1a:36:f3:e3:6f:fe:07:ac:3c:91:39:f6:ee:ea:03:
b9:b2:0b:a7:3f:f5:67:22:89:76:8a:f0:04:e0:36:cf:b4:7d:
07:34:6b:0b:16:73:e1:bb:c9:36:23:5b:f6:f5:67:d2:d1:84:
c7:bf:3d:d7:7a:94:dc:95:71:21:63:8c:63:12:ce:47:c3:de:
f1:b5:68:f6:17:a5:06:6e:59:e7:4a:f9:ce:3e:4a:d8:9c:d4:
dd:31:b0:b0:ef:b9:bf:e5:0d:92:9b:35:bf:36:47:22:34:80:
9d:d0:c5:04:29:02:4f:49:34:51:6d:e6:7e:e9:e6:3c:ba:3b:
50:6d:ff:14
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZt9W8//v+wuK58yfqWxIDqyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNGYzNjVlNzgwNjRiNThjNDRkNDhjZmIzOTI5MWQzZmIx
ZDllMTAwHhcNMjYwMTAyMDYxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTY2NDIwODlmNjY2MDVlMzFmODA2NTVmNjBhYjIyOWZjMjZiNmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOMpFFjCJYFxgXmouugrX8mnMBPs
tmyheSYvnn4jRISiFDQ0QN6kEylD4IEL1ViDAPk6jX8YhOKLwhX4JpmE2sfelmsz
CgXlf5cV640icsyiL7SmZ+9831FGl5A2nRCG7tGaGwORM5Kr2t9jGjzUl6X3/uhX
dqM43+aeGfrvxb4uuA+GAdyOrNw7Qksvd4HyiUDy1yaytnuKxUHDrErwOehrn4hC
T3f6UL21D20l0+12ZGElfrAD/6QAKGxQ1CP73W4wRTOjfPZk+yC8Wzk4Au3C2xU6
lqKSC596qk21jnurk3W1s1koSlXjZ+5Lo5B+gA6zPp7LqjFBZIP7QTNZmwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFLFmQgifZmBeMfgGVfYKsin8JrasMB8GA1UdIwQY
MBaAFKNPNl54BktYxE1Iz7OSkdP7HZ4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzA4MlhuZ0dTMWpFVFVqUHM1S1IwX3NkbmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8zZWU3YzUtMTI2NC00N2U5LThhMTIt
MDQxYjc4YWRhMjE1LzEvc1daQ0NKOW1ZRjR4LUFaVjlncXlLZndtdHF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8zZWU3YzUtMTI2NC00N2U5LThhMTItMDQxYjc4YWRhMjE1
LzEvbzA4MlhuZ0dTMWpFVFVqUHM1S1IwX3NkbmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCuabIAwQD
vF4YAwQE2XJAMA0EAgACMAcDBQEqAQaIMA0GCSqGSIb3DQEBCwUAA4IBAQBzqUti
gRJq8USSwiAVLD8gj5DL1dmkZd3qgstLPFndBU9rR+NO3D7FqLIVKDCmvnxkXL42
mCPeFj1x25+gmY0T7iTlryNl07ujyBq/XWfR6w4PpJb4X7ssrk5K62r0n4jpCX5i
Kd6zvrPTivy6LDGcd+vqCo1U0VOR1at7zxWTV5IaNvPjb/4HrDyROfbu6gO5sgun
P/VnIol2ivAE4DbPtH0HNGsLFnPhu8k2I1v29WfS0YTHvz3XepTclXEhY4xjEs5H
w97xtWj2F6UGblnnSvnOPkrYnNTdMbCw77m/5Q2SmzW/NkciNICd0MUEKQJPSTRR
beZ+6eY8ujtQbf8U
-----END CERTIFICATE-----
Generated at Mon Mar 2 21:41:06 2026 by rpki-client