Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/U1R52wm0pIx-1HKTDqFkUV0VUNg.roa
File: U1R52wm0pIx-1HKTDqFkUV0VUNg.roa (raw, json)
Hash identifier: AXCPluUNPHS0TXSmehc5EVbVqgP7cYX/nLOzumB2z2I=
Subject key identifier: 53:54:79:DB:09:B4:A4:8C:7E:D4:72:93:0E:A1:64:51:5D:15:50:D8
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019D95391D7DFD6729E5BF55890BBA9B40DF
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/U1R52wm0pIx-1HKTDqFkUV0VUNg.roa
Signing time: Thu 16 Apr 2026 07:37:21 +0000
ROA not before: Thu 16 Apr 2026 07:37:21 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 402215
IP address blocks: 81.5.141.0/24 maxlen: 24
81.168.79.0/24 maxlen: 24
82.152.253.0/24 maxlen: 24
89.213.0.0/24 maxlen: 24
89.213.4.0/24 maxlen: 24
109.176.242.0/24 maxlen: 24
185.49.126.0/24 maxlen: 24
213.210.40.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 16:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:95:39:1d:7d:fd:67:29:e5:bf:55:89:0b:ba:9b:40:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Apr 16 07:37:21 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=535479db09b4a48c7ed472930ea164515d1550d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:d1:bb:ed:1b:c9:d0:99:90:b2:17:0c:d9:d0:
43:71:96:fa:b3:7b:f5:c5:aa:54:fd:33:76:ee:13:
91:85:ad:25:3e:a8:5e:db:09:8c:71:d1:3f:93:f7:
d2:26:d0:64:98:39:22:fa:c9:7a:9c:60:1f:0c:40:
80:43:c5:22:76:59:e1:61:e4:e6:68:46:e4:43:03:
ea:f2:cc:99:1b:b9:a3:1d:25:3f:41:38:8f:fe:2d:
16:8f:ea:e7:05:73:42:5d:99:02:18:75:ff:ca:5a:
2a:d8:21:bd:9a:17:b1:8e:0d:7c:67:4b:34:83:a2:
ee:4e:52:94:c6:d0:89:09:e5:59:55:a1:25:36:7e:
04:a1:48:25:02:74:1e:78:e3:a1:8d:07:ac:44:32:
c7:67:7b:2b:5b:b9:5d:ba:19:68:dd:50:ab:2e:87:
db:65:db:33:d8:d9:0e:3d:88:e7:23:6a:42:92:55:
21:d3:03:9a:05:37:94:2b:4a:59:04:76:b1:33:cf:
9e:a8:66:74:46:dc:28:17:cc:4e:28:6d:ab:32:5e:
2c:9b:41:1e:99:85:c2:be:82:0b:88:62:1a:93:be:
9a:cd:f0:89:24:17:51:20:8f:27:b3:55:7b:24:31:
e0:53:08:dd:c9:b7:7d:bb:7d:5b:ea:97:0a:55:a0:
26:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:54:79:DB:09:B4:A4:8C:7E:D4:72:93:0E:A1:64:51:5D:15:50:D8
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/U1R52wm0pIx-1HKTDqFkUV0VUNg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.141.0/24
81.168.79.0/24
82.152.253.0/24
89.213.0.0/24
89.213.4.0/24
109.176.242.0/24
185.49.126.0/24
213.210.40.0/24
Signature Algorithm: sha256WithRSAEncryption
29:02:a7:7c:f1:49:c9:aa:d4:4b:5a:31:15:c5:43:7c:0d:9c:
0d:7a:1f:89:2c:e1:57:88:0d:57:a4:b8:8b:a5:88:74:42:80:
ca:f1:ed:ca:19:aa:c2:fe:fd:b7:b8:80:c8:9c:9b:9e:f8:42:
ea:3a:b7:4a:5b:08:37:a1:7e:20:f6:94:3d:42:47:d0:06:38:
78:04:5c:f5:4d:1e:7e:8d:69:c2:0a:fd:06:c3:a9:2e:88:a7:
e7:76:34:f7:e1:80:f3:5c:a4:f9:47:14:75:67:cc:bc:f6:ff:
42:7f:9e:63:f8:c8:c5:3a:ed:c0:f2:5c:fd:62:19:34:96:43:
05:dc:15:b0:f6:62:1a:d6:79:6a:c7:da:09:37:d6:4d:2f:8d:
2c:99:d8:69:d6:21:65:3b:23:46:bb:74:f7:ac:80:28:23:5c:
e3:ea:bd:0a:9c:bf:cb:11:68:ba:d0:83:ab:c4:3d:02:10:34:
b0:9e:c7:a9:ad:81:c9:ac:5f:b5:3c:09:d5:81:b4:93:96:be:
4d:de:a8:21:86:fc:c9:14:67:5c:1c:13:0d:4f:7b:db:1e:8d:
43:2a:ab:7c:93:68:2b:eb:ef:78:92:40:18:a1:2d:8c:95:72:
cb:65:bb:34:44:e1:25:dc:cd:fa:11:32:91:42:5f:bd:ff:82:
00:06:72:b5
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZ2VOR19/Wcp5b9ViQu6m0DfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDE2MDczNzIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzU0NzlkYjA5YjRhNDhjN2VkNDcyOTMwZWExNjQ1MTVkMTU1MGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNG77RvJ0JmQshcM2dBDcZb6s3v1
xapU/TN27hORha0lPqhe2wmMcdE/k/fSJtBkmDki+sl6nGAfDECAQ8UidlnhYeTm
aEbkQwPq8syZG7mjHSU/QTiP/i0Wj+rnBXNCXZkCGHX/yloq2CG9mhexjg18Z0s0
g6LuTlKUxtCJCeVZVaElNn4EoUglAnQeeOOhjQesRDLHZ3srW7lduhlo3VCrLofb
Zdsz2NkOPYjnI2pCklUh0wOaBTeUK0pZBHaxM8+eqGZ0RtwoF8xOKG2rMl4sm0Ee
mYXCvoILiGIak76azfCJJBdRII8ns1V7JDHgUwjdybd9u31b6pcKVaAmfQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFFNUedsJtKSMftRykw6hZFFdFVDYMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVTFSNTJ3bTBwSXgtMUhLVERxRmtVVjBWVU5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAUQWNAwQA
UahPAwQAUpj9AwQAWdUAAwQAWdUEAwQAbbDyAwQAuTF+AwQA1dIoMA0GCSqGSIb3
DQEBCwUAA4IBAQApAqd88UnJqtRLWjEVxUN8DZwNeh+JLOFXiA1XpLiLpYh0QoDK
8e3KGarC/v23uIDInJue+ELqOrdKWwg3oX4g9pQ9QkfQBjh4BFz1TR5+jWnCCv0G
w6kuiKfndjT34YDzXKT5RxR1Z8y89v9Cf55j+MjFOu3A8lz9Yhk0lkMF3BWw9mIa
1nlqx9oJN9ZNL40smdhp1iFlOyNGu3T3rIAoI1zj6r0KnL/LEWi60IOrxD0CEDSw
nseprYHJrF+1PAnVgbSTlr5N3qghhvzJFGdcHBMNT3vbHo1DKqt8k2gr6+94kkAY
oS2MlXLLZbs0ROEl3M36ETKRQl+9/4IABnK1
-----END CERTIFICATE-----
Generated at Fri Apr 17 23:55:37 2026 by rpki-client