Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/D2NDXon9tRzoL-Y41MeImDBzBX0.roa
File: D2NDXon9tRzoL-Y41MeImDBzBX0.roa (raw, json)
Hash identifier: hhnm2U2ilCapnJ9WdrcPHqXlSDPxhBMVV2XskPsU2V4=
Subject key identifier: 0F:63:43:5E:89:FD:B5:1C:E8:2F:E6:38:D4:C7:88:98:30:73:05:7D
Certificate issuer: /CN=490b21f79b9ea2f3d042374714867d12401995db
Certificate serial: 019E4F5B338B0064873681F0F4B2C1F5B0B1
Authority key identifier: 49:0B:21:F7:9B:9E:A2:F3:D0:42:37:47:14:86:7D:12:40:19:95:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/D2NDXon9tRzoL-Y41MeImDBzBX0.roa
Signing time: Fri 22 May 2026 11:03:57 +0000
ROA not before: Fri 22 May 2026 11:03:57 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 51043
IP address blocks: 5.22.136.0/21 maxlen: 24
77.73.9.0/24 maxlen: 24
77.73.12.0/24 maxlen: 24
82.197.74.0/24 maxlen: 24
83.98.32.0/19 maxlen: 19
148.253.160.0/19 maxlen: 24
159.242.64.0/18 maxlen: 24
178.23.128.0/21 maxlen: 24
185.59.180.0/22 maxlen: 24
185.173.67.0/24 maxlen: 24
194.238.80.0/20 maxlen: 20
195.184.238.0/23 maxlen: 24
212.47.86.0/23 maxlen: 23
2a00:ed40::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.crl
rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.mft
rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 01:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:4f:5b:33:8b:00:64:87:36:81:f0:f4:b2:c1:f5:b0:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=490b21f79b9ea2f3d042374714867d12401995db
Validity
Not Before: May 22 11:03:57 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0f63435e89fdb51ce82fe638d4c788983073057d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:45:3e:f3:0c:89:bd:ff:18:c8:33:46:6e:39:
e7:79:ee:0e:e4:58:4e:37:13:2b:43:f7:21:ec:0e:
88:ef:6e:7b:c8:05:33:55:01:2f:90:df:a9:17:71:
8e:44:21:1c:6b:a2:07:2a:31:78:92:4d:4d:d6:11:
4d:22:b6:ed:09:31:ea:19:dd:93:54:68:5b:2b:6d:
59:2f:cf:8f:20:9b:56:21:25:f5:4e:cc:65:8e:f5:
f4:fb:ba:e0:11:39:d8:cf:65:93:33:4b:4f:9c:84:
1a:f0:36:ca:3c:54:14:78:90:13:a1:9c:7a:c8:65:
d0:06:1a:80:6d:5e:3a:b2:9b:b3:7a:3e:2e:c0:ed:
8f:1b:cb:9f:dd:b3:4b:a9:9a:9c:8d:d3:8a:65:f6:
8d:3f:03:f8:93:ec:53:b9:8a:2a:25:9f:0f:7f:1b:
e8:60:b8:c2:47:5e:a3:44:3a:0f:1e:af:19:e3:81:
85:fe:d8:fd:0a:e1:5d:d1:ba:42:38:6e:79:99:28:
a7:f1:30:c3:d3:0b:a0:71:6f:62:ab:63:85:ac:1f:
eb:d4:7c:4e:40:73:db:3a:58:a9:36:89:3d:f7:88:
25:9e:d4:05:9a:08:05:d8:5b:19:ac:bb:e0:e3:c3:
40:84:52:b1:52:1d:15:0f:58:20:fb:c2:96:fe:a2:
1f:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:63:43:5E:89:FD:B5:1C:E8:2F:E6:38:D4:C7:88:98:30:73:05:7D
X509v3 Authority Key Identifier:
keyid:49:0B:21:F7:9B:9E:A2:F3:D0:42:37:47:14:86:7D:12:40:19:95:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/D2NDXon9tRzoL-Y41MeImDBzBX0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.22.136.0/21
77.73.9.0/24
77.73.12.0/24
82.197.74.0/24
83.98.32.0/19
148.253.160.0/19
159.242.64.0/18
178.23.128.0/21
185.59.180.0/22
185.173.67.0/24
194.238.80.0/20
195.184.238.0/23
212.47.86.0/23
IPv6:
2a00:ed40::/32
Signature Algorithm: sha256WithRSAEncryption
7d:1a:65:1e:18:c5:bf:1a:4d:e1:f4:51:fd:10:4c:10:1b:45:
79:77:10:77:81:c7:12:aa:3b:de:68:42:a9:bc:51:bd:be:f1:
8b:d4:27:82:aa:0b:f8:e9:2f:04:5d:3f:5d:1a:28:e0:d2:16:
d2:36:93:68:6a:4d:26:f6:22:42:22:aa:33:8b:87:89:c2:d3:
e3:0b:2c:29:ca:23:41:6f:45:68:e6:7f:20:f7:af:ba:c9:d4:
39:f7:4a:79:9b:73:23:3f:c9:1a:e2:fd:1d:7c:83:b6:f3:e5:
9e:3a:a8:90:c9:bd:dd:e0:97:33:65:8b:07:a9:17:31:fe:c9:
88:2d:7c:91:66:f1:ea:91:aa:4b:9f:5c:93:d8:91:a7:97:57:
34:cc:16:5a:62:6b:51:70:44:33:1f:38:5c:98:46:99:3d:4a:
3d:26:1b:80:8e:58:cb:e5:96:e1:66:dd:0d:8a:62:ee:95:e4:
63:74:91:2a:ca:9c:9d:d0:7f:ca:54:37:91:02:e7:76:97:41:
44:3e:5a:94:2c:23:66:f1:19:92:00:d0:0e:94:7b:c6:fc:a8:
77:c7:73:b0:32:9f:a2:c5:51:9b:a9:5e:68:e7:b0:c6:a7:8f:
ae:c0:d5:48:c4:c7:3c:a5:86:4c:d5:b8:73:08:e5:92:96:1f:
50:d4:7e:27
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAZ5PWzOLAGSHNoHw9LLB9bCxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MGIyMWY3OWI5ZWEyZjNkMDQyMzc0NzE0ODY3ZDEyNDAx
OTk1ZGIwHhcNMjYwNTIyMTEwMzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjYzNDM1ZTg5ZmRiNTFjZTgyZmU2MzhkNGM3ODg5ODMwNzMwNTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUU+8wyJvf8YyDNGbjnnee4O5FhO
NxMrQ/ch7A6I7257yAUzVQEvkN+pF3GORCEca6IHKjF4kk1N1hFNIrbtCTHqGd2T
VGhbK21ZL8+PIJtWISX1TsxljvX0+7rgETnYz2WTM0tPnIQa8DbKPFQUeJAToZx6
yGXQBhqAbV46spuzej4uwO2PG8uf3bNLqZqcjdOKZfaNPwP4k+xTuYoqJZ8Pfxvo
YLjCR16jRDoPHq8Z44GF/tj9CuFd0bpCOG55mSin8TDD0wugcW9iq2OFrB/r1HxO
QHPbOlipNok994glntQFmggF2FsZrLvg48NAhFKxUh0VD1gg+8KW/qIfSQIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFA9jQ16J/bUc6C/mONTHiJgwcwV9MB8GA1UdIwQY
MBaAFEkLIfebnqLz0EI3RxSGfRJAGZXbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1FzaDk1dWVvdlBRUWpkSEZJWjlFa0FabGRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9lMTAxNjUtYjRjZC00MzIxLWJmM2Mt
NDgwYzMyZjQwMGUxLzEvRDJORFhvbjl0UnpvTC1ZNDFNZUltREJ6QlgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9lMTAxNjUtYjRjZC00MzIxLWJmM2MtNDgwYzMyZjQwMGUx
LzEvU1FzaDk1dWVvdlBRUWpkSEZJWjlFa0FabGRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwQDBRaIAwQA
TUkJAwQATUkMAwQAUsVKAwQFU2IgAwQFlP2gAwQGn/JAAwQDsheAAwQCuTu0AwQA
ua1DAwQEwu5QAwQBw7juAwQB1C9WMA0EAgACMAcDBQAqAO1AMA0GCSqGSIb3DQEB
CwUAA4IBAQB9GmUeGMW/Gk3h9FH9EEwQG0V5dxB3gccSqjveaEKpvFG9vvGL1CeC
qgv46S8EXT9dGijg0hbSNpNoak0m9iJCIqozi4eJwtPjCywpyiNBb0Vo5n8g96+6
ydQ590p5m3MjP8ka4v0dfIO28+WeOqiQyb3d4JczZYsHqRcx/smILXyRZvHqkapL
n1yT2JGnl1c0zBZaYmtRcEQzHzhcmEaZPUo9JhuAjljL5ZbhZt0NimLuleRjdJEq
ypyd0H/KVDeRAud2l0FEPlqULCNm8RmSANAOlHvG/Kh3x3OwMp+ixVGbqV5o57DG
p4+uwNVIxMc8pYZM1bhzCOWSlh9Q1H4n
-----END CERTIFICATE-----
Generated at Sat Jun 13 10:37:45 2026 by rpki-client