Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/3UrLjHCB4pwcHVB3zBFHrMVrSsw.roa
File: 3UrLjHCB4pwcHVB3zBFHrMVrSsw.roa (raw, json)
Hash identifier: FmQXFHkHNyNXx7/DlR8LyUj511QpfY6zuQXRoYOyGLo=
Subject key identifier: DD:4A:CB:8C:70:81:E2:9C:1C:1D:50:77:CC:11:47:AC:C5:6B:4A:CC
Certificate issuer: /CN=097bb48e214bb4d8db42303e9d92a6c70948cc1d
Certificate serial: 019D3EDEBB83239CE4A2A41EE71E1EC27D23
Authority key identifier: 09:7B:B4:8E:21:4B:B4:D8:DB:42:30:3E:9D:92:A6:C7:09:48:CC:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CXu0jiFLtNjbQjA-nZKmxwlIzB0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/3UrLjHCB4pwcHVB3zBFHrMVrSsw.roa
Signing time: Mon 30 Mar 2026 13:11:17 +0000
ROA not before: Mon 30 Mar 2026 13:11:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 200261
IP address blocks: 185.238.166.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/CXu0jiFLtNjbQjA-nZKmxwlIzB0.crl
rsync://rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/CXu0jiFLtNjbQjA-nZKmxwlIzB0.mft
rsync://rpki.ripe.net/repository/DEFAULT/CXu0jiFLtNjbQjA-nZKmxwlIzB0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 04:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:3e:de:bb:83:23:9c:e4:a2:a4:1e:e7:1e:1e:c2:7d:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=097bb48e214bb4d8db42303e9d92a6c70948cc1d
Validity
Not Before: Mar 30 13:11:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=dd4acb8c7081e29c1c1d5077cc1147acc56b4acc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:1a:82:46:77:31:68:84:4e:8e:9c:f7:71:62:
ba:fa:ba:28:61:6c:52:09:3a:15:5a:6e:17:8b:46:
5a:b1:53:93:25:77:aa:50:56:92:df:f2:5a:0b:fa:
2f:90:d2:71:0b:d4:54:72:aa:0e:a6:3e:a4:76:20:
86:e7:05:c2:0f:90:28:9e:bb:98:c3:b0:3f:59:7a:
a5:aa:bb:aa:6d:75:4a:f8:f9:47:21:dd:96:1e:cd:
fe:a7:51:77:26:02:b7:3e:a1:5e:3b:44:5a:7a:6b:
08:db:40:63:30:42:9a:71:93:6c:b9:e5:12:b3:3d:
a2:04:ec:5f:72:39:e8:d7:75:30:3c:b7:81:d6:8c:
8e:5b:28:fc:0d:b8:fe:5e:4a:87:1c:f4:37:82:73:
60:93:83:d9:26:1a:63:d4:02:09:37:c1:37:ee:3a:
81:bd:8f:80:d1:d0:12:89:f1:db:a5:ed:9e:80:73:
56:d7:01:ef:5a:01:ed:26:0d:24:41:fa:e1:19:0c:
88:59:19:a7:9f:25:53:9e:25:e1:4d:02:61:b2:dd:
c2:14:66:2e:da:d7:53:72:49:5b:f8:2e:ed:3b:95:
c3:bd:e7:23:97:77:f2:00:d2:f5:85:85:bb:41:77:
ef:25:4d:63:16:bb:e7:75:77:d1:ff:58:de:1c:6b:
cf:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:4A:CB:8C:70:81:E2:9C:1C:1D:50:77:CC:11:47:AC:C5:6B:4A:CC
X509v3 Authority Key Identifier:
keyid:09:7B:B4:8E:21:4B:B4:D8:DB:42:30:3E:9D:92:A6:C7:09:48:CC:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXu0jiFLtNjbQjA-nZKmxwlIzB0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/3UrLjHCB4pwcHVB3zBFHrMVrSsw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/CXu0jiFLtNjbQjA-nZKmxwlIzB0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.238.166.0/24
Signature Algorithm: sha256WithRSAEncryption
26:11:28:bc:8c:54:95:ec:96:35:e3:fd:8c:0d:1a:89:db:b4:
bc:c4:9e:56:77:2e:df:72:be:5e:56:a3:a1:5d:9d:db:d4:12:
46:28:70:d9:39:04:98:f2:1c:8c:8c:dd:20:83:02:a4:e7:9c:
f2:35:a7:ed:86:b7:ce:94:98:28:9a:73:72:9f:25:28:c5:b3:
c6:c1:51:a1:e3:c3:24:33:f1:40:f8:4e:79:99:c3:55:7c:92:
19:f0:67:15:54:16:f3:46:6e:1b:9e:8b:5d:bc:c9:05:75:f2:
45:5e:e4:ad:0c:a6:30:d9:30:35:09:1e:da:ba:87:86:6b:fa:
16:ea:04:14:31:aa:9a:2c:63:b1:a5:72:68:9e:5e:f2:2e:f2:
38:68:4a:f9:8c:de:83:20:b6:81:3d:60:f2:c3:8b:69:4e:83:
fa:82:f5:1a:13:c3:81:8a:6e:70:1f:cf:1f:35:0d:b1:81:58:
92:49:98:d5:ce:30:24:a9:a9:bb:55:5e:f6:ed:bd:bc:48:34:
98:76:db:c7:f0:1b:3d:ec:f6:ec:f0:8e:d7:53:4a:48:5b:39:
cf:f0:6e:7a:03:17:9d:73:e3:9a:39:4c:0f:fc:5f:55:4e:84:
aa:a1:b7:c5:6f:9b:2d:70:3e:e8:64:ad:b1:be:9a:bd:49:d8:
2e:00:da:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0+3ruDI5zkoqQe5x4ewn0jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5N2JiNDhlMjE0YmI0ZDhkYjQyMzAzZTlkOTJhNmM3MDk0
OGNjMWQwHhcNMjYwMzMwMTMxMTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDRhY2I4YzcwODFlMjljMWMxZDUwNzdjYzExNDdhY2M1NmI0YWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hqCRncxaIROjpz3cWK6+rooYWxS
CToVWm4Xi0ZasVOTJXeqUFaS3/JaC/ovkNJxC9RUcqoOpj6kdiCG5wXCD5AonruY
w7A/WXqlqruqbXVK+PlHId2WHs3+p1F3JgK3PqFeO0RaemsI20BjMEKacZNsueUS
sz2iBOxfcjno13UwPLeB1oyOWyj8Dbj+XkqHHPQ3gnNgk4PZJhpj1AIJN8E37jqB
vY+A0dASifHbpe2egHNW1wHvWgHtJg0kQfrhGQyIWRmnnyVTniXhTQJhst3CFGYu
2tdTcklb+C7tO5XDvecjl3fyANL1hYW7QXfvJU1jFrvndXfR/1jeHGvPoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1Ky4xwgeKcHB1Qd8wRR6zFa0rMMB8GA1UdIwQY
MBaAFAl7tI4hS7TY20IwPp2SpscJSMwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1h1MGppRkx0TmpiUWpBLW5aS214d2xJekIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MGJlY2QtMTllOS00M2ZkLWExYjgt
MDU2ZjQ2MzMyN2UxLzEvM1VyTGpIQ0I0cHdjSFZCM3pCRkhyTVZyU3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MGJlY2QtMTllOS00M2ZkLWExYjgtMDU2ZjQ2MzMyN2Ux
LzEvQ1h1MGppRkx0TmpiUWpBLW5aS214d2xJekIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue6mMA0G
CSqGSIb3DQEBCwUAA4IBAQAmESi8jFSV7JY14/2MDRqJ27S8xJ5Wdy7fcr5eVqOh
XZ3b1BJGKHDZOQSY8hyMjN0ggwKk55zyNafthrfOlJgomnNynyUoxbPGwVGh48Mk
M/FA+E55mcNVfJIZ8GcVVBbzRm4bnotdvMkFdfJFXuStDKYw2TA1CR7auoeGa/oW
6gQUMaqaLGOxpXJonl7yLvI4aEr5jN6DILaBPWDyw4tpToP6gvUaE8OBim5wH88f
NQ2xgViSSZjVzjAkqam7VV727b28SDSYdtvH8Bs97Pbs8I7XU0pIWznP8G56Axed
c+OaOUwP/F9VToSqobfFb5stcD7oZK2xvpq9SdguANqU
-----END CERTIFICATE-----
Generated at Sun Apr 19 12:36:40 2026 by rpki-client