Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/cwwhcNpzOg_pmBszouIx8h2CHRU.roa
File: cwwhcNpzOg_pmBszouIx8h2CHRU.roa (raw, json)
Hash identifier: vBJrQQ0ItgE86n69h/fkj396ErwZyqxGCsEUUVNAzdI=
Subject key identifier: 73:0C:21:70:DA:73:3A:0F:E9:98:1B:33:A2:E2:31:F2:1D:82:1D:15
Certificate issuer: /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial: 019D4955B183586E86319ABDE3872DF72392
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/cwwhcNpzOg_pmBszouIx8h2CHRU.roa
Signing time: Wed 01 Apr 2026 13:57:25 +0000
ROA not before: Wed 01 Apr 2026 13:57:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 216180
IP address blocks: 192.250.232.0/24 maxlen: 24
192.250.233.0/24 maxlen: 24
194.39.122.0/24 maxlen: 24
198.38.93.0/24 maxlen: 24
208.116.17.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:49:55:b1:83:58:6e:86:31:9a:bd:e3:87:2d:f7:23:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Validity
Not Before: Apr 1 13:57:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=730c2170da733a0fe9981b33a2e231f21d821d15
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:75:66:03:8d:cf:43:38:d9:c8:43:60:53:50:
40:8e:2e:7e:42:01:cd:1d:80:1d:0d:bc:69:f6:a5:
ce:2e:d8:4b:08:04:6d:29:f8:4d:92:67:ba:d8:a8:
38:fe:c6:63:0b:74:e3:c6:bd:8a:e6:ca:41:e1:1b:
65:16:37:f7:08:fe:68:78:4c:cd:80:e5:5d:2a:49:
ee:8c:46:50:95:d6:fe:be:b6:b9:ed:1b:b0:9a:9e:
d0:68:b9:f1:14:d6:3c:71:c7:a0:31:97:ec:d1:14:
50:92:49:88:a2:b1:8a:62:51:fe:72:55:3a:eb:4e:
b8:06:2b:45:4f:f5:99:43:a5:09:c4:98:92:79:4b:
a1:f1:26:fe:77:d6:99:82:91:56:89:5e:5b:dd:f3:
f4:6a:2f:ae:d3:3a:6d:e6:0d:1b:9d:ac:f5:76:50:
1f:d5:e2:da:3e:16:d8:74:e6:77:c4:99:0e:d3:8c:
23:c1:cd:c0:e6:36:2e:a8:8b:7c:49:25:14:24:82:
b8:54:f1:3f:80:b8:72:63:9e:7b:8c:92:e2:c0:89:
b5:77:ef:29:6d:ac:dd:db:97:f0:1a:a8:73:17:c6:
26:ce:de:a0:d7:9a:82:63:e8:8d:bd:61:70:d3:08:
36:54:ca:d2:ea:e9:e3:62:61:30:5b:fc:0d:05:97:
cc:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:0C:21:70:DA:73:3A:0F:E9:98:1B:33:A2:E2:31:F2:1D:82:1D:15
X509v3 Authority Key Identifier:
keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/cwwhcNpzOg_pmBszouIx8h2CHRU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.250.232.0/23
194.39.122.0/24
198.38.93.0/24
208.116.17.0/24
Signature Algorithm: sha256WithRSAEncryption
74:3a:13:3f:04:d7:ca:71:ea:4d:c5:d7:95:a0:a2:e1:39:aa:
4d:35:13:a2:c1:60:dc:fd:ca:5b:ce:5d:a8:42:1c:de:3a:47:
89:a4:42:2d:31:92:66:85:32:3c:34:54:ac:11:7e:4c:00:3f:
29:42:cd:0b:49:2d:72:8a:88:81:c1:fd:9d:ba:ad:05:b3:86:
3b:1a:31:79:15:75:04:1b:55:7d:5b:39:9e:64:92:2f:d0:2a:
74:a9:fa:97:71:7f:b3:ff:5a:5c:71:50:86:b8:d4:b5:52:5d:
8e:ec:37:3a:d5:3a:8d:98:44:ec:32:5e:45:6d:57:70:44:42:
2f:73:af:8e:f5:1b:d5:36:39:ea:88:78:0a:cc:ec:5f:9a:3f:
df:05:09:7e:05:74:87:da:34:41:5b:a0:8f:39:15:36:48:29:
99:21:5e:f7:33:2d:6d:76:d3:e8:10:f2:9d:3e:81:03:91:a7:
f4:90:b2:ba:d1:72:36:9b:f9:3e:fb:4c:90:7e:54:09:cf:7c:
87:15:d8:64:41:0b:8c:18:cd:2a:d1:39:79:70:68:f3:9b:5b:
cf:d7:8d:bc:b4:64:63:14:61:e6:f4:37:d0:09:9a:9d:93:7a:
4b:b0:3d:33:8e:49:56:2b:c9:dd:c9:af:0b:00:f1:f8:d3:70:
8e:05:e8:e6
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ1JVbGDWG6GMZq944ct9yOSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjYwNDAxMTM1NzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzBjMjE3MGRhNzMzYTBmZTk5ODFiMzNhMmUyMzFmMjFkODIxZDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnVmA43PQzjZyENgU1BAji5+QgHN
HYAdDbxp9qXOLthLCARtKfhNkme62Kg4/sZjC3Tjxr2K5spB4RtlFjf3CP5oeEzN
gOVdKknujEZQldb+vra57Ruwmp7QaLnxFNY8ccegMZfs0RRQkkmIorGKYlH+clU6
6064BitFT/WZQ6UJxJiSeUuh8Sb+d9aZgpFWiV5b3fP0ai+u0zpt5g0bnaz1dlAf
1eLaPhbYdOZ3xJkO04wjwc3A5jYuqIt8SSUUJIK4VPE/gLhyY557jJLiwIm1d+8p
bazd25fwGqhzF8Ymzt6g15qCY+iNvWFw0wg2VMrS6unjYmEwW/wNBZfMqwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHMMIXDaczoP6ZgbM6LiMfIdgh0VMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvY3d3aGNOcHpPZ19wbUJzem91SXg4aDJDSFJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBwProAwQA
wid6AwQAxiZdAwQA0HQRMA0GCSqGSIb3DQEBCwUAA4IBAQB0OhM/BNfKcepNxdeV
oKLhOapNNROiwWDc/cpbzl2oQhzeOkeJpEItMZJmhTI8NFSsEX5MAD8pQs0LSS1y
ioiBwf2duq0Fs4Y7GjF5FXUEG1V9WzmeZJIv0Cp0qfqXcX+z/1pccVCGuNS1Ul2O
7Dc61TqNmETsMl5FbVdwREIvc6+O9RvVNjnqiHgKzOxfmj/fBQl+BXSH2jRBW6CP
ORU2SCmZIV73My1tdtPoEPKdPoEDkaf0kLK60XI2m/k++0yQflQJz3yHFdhkQQuM
GM0q0Tl5cGjzm1vP1428tGRjFGHm9DfQCZqdk3pLsD0zjklWK8ndya8LAPH403CO
Bejm
-----END CERTIFICATE-----
Generated at Fri Apr 17 10:53:55 2026 by rpki-client