Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/P1Zvn3p5mBqcZYnmXTUNqZrZsuM.roa
File: P1Zvn3p5mBqcZYnmXTUNqZrZsuM.roa (raw, json)
Hash identifier: d6JzVBpRjcr/pOO8lJ/jWITXja7zGMD4ExKCM+u1meA=
Subject key identifier: 3F:56:6F:9F:7A:79:98:1A:9C:65:89:E6:5D:35:0D:A9:9A:D9:B2:E3
Certificate issuer: /CN=aa1dc50a4b526df18e8b0a6565d7b9d58a75d315
Certificate serial: 019D66EF82B2E88BDA494A358EA4852E49E8
Authority key identifier: AA:1D:C5:0A:4B:52:6D:F1:8E:8B:0A:65:65:D7:B9:D5:8A:75:D3:15
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/P1Zvn3p5mBqcZYnmXTUNqZrZsuM.roa
Signing time: Tue 07 Apr 2026 07:54:25 +0000
ROA not before: Tue 07 Apr 2026 07:54:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 44051
IP address blocks: 31.172.81.0/24 maxlen: 24
31.172.82.0/24 maxlen: 24
185.26.96.0/22 maxlen: 24
212.224.118.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.mft
rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:66:ef:82:b2:e8:8b:da:49:4a:35:8e:a4:85:2e:49:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa1dc50a4b526df18e8b0a6565d7b9d58a75d315
Validity
Not Before: Apr 7 07:54:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3f566f9f7a79981a9c6589e65d350da99ad9b2e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:db:7f:60:e8:05:1a:95:79:ae:68:ab:a7:b6:
d7:3e:a5:0a:b8:96:2c:5c:91:ff:cd:4e:d9:79:74:
d7:98:6d:3f:9d:ad:45:0d:17:d9:b3:6e:fa:82:cf:
c9:62:0e:0b:83:5e:ad:97:03:b1:84:76:ef:24:e7:
32:a2:02:c5:a2:9c:51:7c:e4:c5:c8:7b:9d:1a:cc:
49:e0:fe:49:e9:cb:9d:5f:44:97:5a:b7:f0:e9:5d:
f4:b7:b8:28:42:21:b3:ea:35:07:e6:35:e5:f2:16:
cd:3c:c4:95:83:7c:7f:6f:fb:dc:ca:79:f8:05:2e:
1d:b9:05:f0:34:91:37:84:f8:62:83:67:3f:c7:92:
89:60:4f:eb:ca:2b:7c:db:6f:72:5b:8a:73:46:ef:
d0:78:15:a3:bf:40:99:83:88:ce:20:19:28:c0:cf:
d5:52:8b:b9:1b:7b:e0:8f:25:72:73:46:ce:df:d4:
45:61:31:3f:3b:1f:b4:1a:d0:9a:90:63:43:91:8e:
67:b4:53:7b:66:85:e9:c3:97:37:21:f6:85:af:b1:
f2:f6:4b:31:a9:ae:4e:ed:89:70:08:dd:92:85:1d:
a2:f8:8d:49:13:2e:45:3a:de:e7:93:d1:3b:10:91:
ec:97:2f:43:ba:d5:28:7f:96:b4:80:02:fd:18:cb:
dd:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:56:6F:9F:7A:79:98:1A:9C:65:89:E6:5D:35:0D:A9:9A:D9:B2:E3
X509v3 Authority Key Identifier:
keyid:AA:1D:C5:0A:4B:52:6D:F1:8E:8B:0A:65:65:D7:B9:D5:8A:75:D3:15
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/P1Zvn3p5mBqcZYnmXTUNqZrZsuM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.172.81.0-31.172.82.255
185.26.96.0/22
212.224.118.0/24
Signature Algorithm: sha256WithRSAEncryption
40:3c:43:3b:ab:23:49:27:3d:e6:9e:c0:a4:ed:96:01:2b:88:
c0:ab:cd:81:a9:d7:fa:67:e7:65:0e:b1:02:84:c0:5e:a4:18:
4c:3c:d8:47:6e:a7:fc:b7:dc:5c:15:dc:6e:c6:94:5e:7a:65:
6e:e9:b2:f2:a0:51:ea:8f:74:50:ac:aa:21:9d:18:44:ad:5e:
e8:7f:dd:9f:3f:55:21:04:35:35:a3:1e:5b:0b:c1:db:f7:e0:
ee:6b:63:08:b1:29:8d:1e:80:63:b7:f4:ca:c2:f5:36:cd:52:
ab:2c:93:e6:75:32:9b:5c:3c:39:cd:47:fc:90:bc:d2:ae:37:
e5:84:02:f5:ad:93:2b:55:b6:08:01:f1:b0:29:b1:a0:3d:0d:
1c:6e:c9:8e:cd:df:e5:76:b2:55:41:5f:5b:7b:60:be:57:22:
9f:18:67:ba:21:84:05:bd:73:80:63:5d:a6:17:b1:b2:40:65:
dd:a0:8a:4e:7b:39:30:ff:c0:4e:72:12:11:46:a4:b0:bd:c0:
c1:3a:a8:ec:c7:06:36:11:32:f9:f1:f1:a6:c8:97:4f:b9:57:
42:cf:c4:bf:ef:81:1b:6c:8e:e2:1d:9f:4d:e6:8d:51:ba:21:
e9:1b:e3:69:83:e5:5d:73:da:2b:e6:43:91:ff:17:0a:46:15:
0b:cd:04:3a
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZ1m74Ky6IvaSUo1jqSFLknoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMWRjNTBhNGI1MjZkZjE4ZThiMGE2NTY1ZDdiOWQ1OGE3
NWQzMTUwHhcNMjYwNDA3MDc1NDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjU2NmY5ZjdhNzk5ODFhOWM2NTg5ZTY1ZDM1MGRhOTlhZDliMmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdt/YOgFGpV5rmirp7bXPqUKuJYs
XJH/zU7ZeXTXmG0/na1FDRfZs276gs/JYg4Lg16tlwOxhHbvJOcyogLFopxRfOTF
yHudGsxJ4P5J6cudX0SXWrfw6V30t7goQiGz6jUH5jXl8hbNPMSVg3x/b/vcynn4
BS4duQXwNJE3hPhig2c/x5KJYE/ryit8229yW4pzRu/QeBWjv0CZg4jOIBkowM/V
Uou5G3vgjyVyc0bO39RFYTE/Ox+0GtCakGNDkY5ntFN7ZoXpw5c3IfaFr7Hy9ksx
qa5O7YlwCN2ShR2i+I1JEy5FOt7nk9E7EJHsly9DutUof5a0gAL9GMvduwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFD9Wb596eZganGWJ5l01Dama2bLjMB8GA1UdIwQY
MBaAFKodxQpLUm3xjosKZWXXudWKddMVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWgzRkNrdFNiZkdPaXdwbFpkZTUxWXAxMHhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mMjM5MjktNzM3NS00MWM4LTk5NzMt
MzNkNzI4NDMzYzExLzEvUDFadm4zcDVtQnFjWllubVhUVU5xWnJac3VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mMjM5MjktNzM3NS00MWM4LTk5NzMtMzNkNzI4NDMzYzEx
LzEvcWgzRkNrdFNiZkdPaXdwbFpkZTUxWXAxMHhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAAfrFED
BAAfrFIDBAK5GmADBADU4HYwDQYJKoZIhvcNAQELBQADggEBAEA8QzurI0knPeae
wKTtlgEriMCrzYGp1/pn52UOsQKEwF6kGEw82Edup/y33FwV3G7GlF56ZW7psvKg
UeqPdFCsqiGdGEStXuh/3Z8/VSEENTWjHlsLwdv34O5rYwixKY0egGO39MrC9TbN
Uqssk+Z1MptcPDnNR/yQvNKuN+WEAvWtkytVtggB8bApsaA9DRxuyY7N3+V2slVB
X1t7YL5XIp8YZ7ohhAW9c4BjXaYXsbJAZd2gik57OTD/wE5yEhFGpLC9wME6qOzH
BjYRMvnx8abIl0+5V0LPxL/vgRtsjuIdn03mjVG6Iekb42mD5V1z2ivmQ5H/FwpG
FQvNBDo=
-----END CERTIFICATE-----
Generated at Fri Apr 17 16:48:00 2026 by rpki-client