Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/iCHozfTTxF16YGNAVt20MXzc00g.roa
File: iCHozfTTxF16YGNAVt20MXzc00g.roa (raw, json)
Hash identifier: H989MZeJbW+NOaRo/HUuwj+zsKhP6qt0Wm1UtPVlNvk=
Subject key identifier: 88:21:E8:CD:F4:D3:C4:5D:7A:60:63:40:56:DD:B4:31:7C:DC:D3:48
Certificate issuer: /CN=a14e499240cea588541a7dc74f321c9141744bb6
Certificate serial: 019B7AC84250FE6EA9C4A96C2A43D7F57E90
Authority key identifier: A1:4E:49:92:40:CE:A5:88:54:1A:7D:C7:4F:32:1C:91:41:74:4B:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/iCHozfTTxF16YGNAVt20MXzc00g.roa
Signing time: Thu 01 Jan 2026 18:18:23 +0000
ROA not before: Thu 01 Jan 2026 18:18:23 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 49603
IP address blocks: 46.19.152.0/21 maxlen: 24
185.88.60.0/22 maxlen: 24
2a02:2980::/32 maxlen: 32
2a05:ca80::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/oU5JkkDOpYhUGn3HTzIckUF0S7Y.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/oU5JkkDOpYhUGn3HTzIckUF0S7Y.mft
rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7a:c8:42:50:fe:6e:a9:c4:a9:6c:2a:43:d7:f5:7e:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a14e499240cea588541a7dc74f321c9141744bb6
Validity
Not Before: Jan 1 18:18:23 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8821e8cdf4d3c45d7a60634056ddb4317cdcd348
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:11:18:45:00:1e:c9:ac:21:c5:39:ea:cb:cf:
67:f1:dc:e5:3d:b2:9d:11:7b:1d:7e:71:3f:48:6e:
5e:ed:a7:41:77:10:31:93:8a:9e:12:c5:ca:9f:f1:
33:fc:57:87:ff:5d:9b:9e:a1:cf:07:22:97:43:1a:
d5:e5:98:85:3f:ad:db:dc:2c:cb:f3:2e:f7:7e:23:
69:d6:81:08:e3:61:1a:41:be:9f:33:83:7d:9b:72:
19:87:ad:34:09:91:aa:7c:e6:fd:5f:e4:9d:83:9b:
ff:09:0d:ed:b7:7c:ec:5f:5a:96:b0:fb:56:2a:28:
d3:05:88:0d:f6:13:72:5d:b4:e7:e2:c9:9f:e6:64:
55:5d:87:80:96:73:b0:27:d3:f3:70:05:a5:76:f9:
73:63:01:bb:07:11:ca:e0:44:84:95:78:62:4c:a1:
2e:3f:96:43:7a:15:b9:83:1f:26:75:95:89:4f:fa:
3d:65:cf:ab:73:0d:36:ad:07:c1:ed:9f:f8:3b:c6:
55:26:78:4d:68:25:da:e5:bc:84:97:b3:1c:99:9f:
66:c4:4b:5e:61:15:37:15:69:4d:f9:0e:e2:e8:82:
e6:54:dc:fa:a6:57:72:2a:b1:ba:2c:dd:ec:d7:32:
8c:17:54:12:37:3a:84:5f:d4:0d:a8:e8:c4:a4:e4:
6a:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:21:E8:CD:F4:D3:C4:5D:7A:60:63:40:56:DD:B4:31:7C:DC:D3:48
X509v3 Authority Key Identifier:
keyid:A1:4E:49:92:40:CE:A5:88:54:1A:7D:C7:4F:32:1C:91:41:74:4B:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/iCHozfTTxF16YGNAVt20MXzc00g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/oU5JkkDOpYhUGn3HTzIckUF0S7Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.19.152.0/21
185.88.60.0/22
IPv6:
2a02:2980::/32
2a05:ca80::/29
Signature Algorithm: sha256WithRSAEncryption
6c:1a:fb:91:18:3b:4d:ab:85:08:80:2a:31:69:45:69:f3:c9:
de:91:49:75:ae:df:ff:81:c4:89:29:f4:6b:94:4c:6a:df:b5:
16:fb:80:b4:ae:50:49:10:8b:c6:10:fd:cc:49:42:c7:9c:cc:
58:8b:02:4c:30:9e:6e:41:2e:c9:d6:f8:72:ed:fb:43:c0:0b:
35:79:ea:ee:47:cd:4c:79:9d:6f:6b:74:79:14:90:be:08:59:
16:10:43:01:24:a8:27:8a:7d:f1:78:50:d0:8d:51:41:af:a5:
e1:0a:70:ef:b3:b5:77:3f:f2:eb:51:b0:2b:9a:cf:2c:8f:72:
82:3c:fc:6a:19:c8:0a:21:92:83:37:5e:9c:18:b8:54:81:86:
7a:58:2d:67:58:8c:48:46:cf:e2:ed:15:50:fc:cb:58:12:49:
52:bb:53:f1:fa:70:4c:6d:1f:f7:53:7a:44:25:38:7b:38:a3:
75:dd:82:a1:03:a7:23:20:de:39:24:25:4a:5c:1b:17:af:4b:
31:b3:52:0c:14:e6:f1:9c:93:a4:a1:e5:29:25:c6:61:77:9d:
4e:80:09:8f:79:b6:82:1d:11:35:a6:f1:8b:be:64:16:5b:3f:
36:b1:3d:17:ed:a6:cd:d0:2a:98:31:3d:2d:5a:ac:5a:06:6c:
35:4b:8d:58
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZt6yEJQ/m6pxKlsKkPX9X6QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNGU0OTkyNDBjZWE1ODg1NDFhN2RjNzRmMzIxYzkxNDE3
NDRiYjYwHhcNMjYwMTAxMTgxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODIxZThjZGY0ZDNjNDVkN2E2MDYzNDA1NmRkYjQzMTdjZGNkMzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhEYRQAeyawhxTnqy89n8dzlPbKd
EXsdfnE/SG5e7adBdxAxk4qeEsXKn/Ez/FeH/12bnqHPByKXQxrV5ZiFP63b3CzL
8y73fiNp1oEI42EaQb6fM4N9m3IZh600CZGqfOb9X+Sdg5v/CQ3tt3zsX1qWsPtW
KijTBYgN9hNyXbTn4smf5mRVXYeAlnOwJ9PzcAWldvlzYwG7BxHK4ESElXhiTKEu
P5ZDehW5gx8mdZWJT/o9Zc+rcw02rQfB7Z/4O8ZVJnhNaCXa5byEl7McmZ9mxEte
YRU3FWlN+Q7i6ILmVNz6pldyKrG6LN3s1zKMF1QSNzqEX9QNqOjEpORq8QIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFIgh6M3008RdemBjQFbdtDF83NNIMB8GA1UdIwQY
MBaAFKFOSZJAzqWIVBp9x08yHJFBdEu2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1U1SmtrRE9wWWhVR24zSFR6SWNrVUYwUzdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8wODI4ZTctMWU1Ny00NzQ3LThlYTEt
MzZhODA4ZjNkMTRkLzEvaUNIb3pmVFR4RjE2WUdOQVZ0MjBNWHpjMDBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8wODI4ZTctMWU1Ny00NzQ3LThlYTEtMzZhODA4ZjNkMTRk
LzEvb1U1SmtrRE9wWWhVR24zSFR6SWNrVUYwUzdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQDLhOYAwQC
uVg8MBQEAgACMA4DBQAqAimAAwUDKgXKgDANBgkqhkiG9w0BAQsFAAOCAQEAbBr7
kRg7TauFCIAqMWlFafPJ3pFJda7f/4HEiSn0a5RMat+1FvuAtK5QSRCLxhD9zElC
x5zMWIsCTDCebkEuydb4cu37Q8ALNXnq7kfNTHmdb2t0eRSQvghZFhBDASSoJ4p9
8XhQ0I1RQa+l4Qpw77O1dz/y61GwK5rPLI9ygjz8ahnICiGSgzdenBi4VIGGelgt
Z1iMSEbP4u0VUPzLWBJJUrtT8fpwTG0f91N6RCU4ezijdd2CoQOnIyDeOSQlSlwb
F69LMbNSDBTm8ZyTpKHlKSXGYXedToAJj3m2gh0RNabxi75kFls/NrE9F+2mzdAq
mDE9LVqsWgZsNUuNWA==
-----END CERTIFICATE-----
Generated at Mon Mar 2 10:46:59 2026 by rpki-client