Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/M3dU3CEVl3wPCFg-kuG_psYnF80.roa
File: M3dU3CEVl3wPCFg-kuG_psYnF80.roa (raw, json)
Hash identifier: FXKwmmIvvQKnfbj8Mta3ezCgqk+24aALqCZqpxJ3Pn0=
Subject key identifier: 33:77:54:DC:21:15:97:7C:0F:08:58:3E:92:E1:BF:A6:C6:27:17:CD
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 019C5305B402761D5353AD8CDF30D0F0A981
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/M3dU3CEVl3wPCFg-kuG_psYnF80.roa
Signing time: Thu 12 Feb 2026 18:03:28 +0000
ROA not before: Thu 12 Feb 2026 18:03:28 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 5650
IP address blocks: 82.197.192.0/24 maxlen: 24
82.197.196.0/24 maxlen: 24
82.197.197.0/24 maxlen: 24
82.197.203.0/24 maxlen: 24
82.197.204.0/24 maxlen: 24
82.197.205.0/24 maxlen: 24
82.197.208.0/20 maxlen: 24
84.245.32.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:53:05:b4:02:76:1d:53:53:ad:8c:df:30:d0:f0:a9:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 12 18:03:28 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=337754dc2115977c0f08583e92e1bfa6c62717cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:4e:42:6f:81:79:00:58:e3:19:b1:92:62:c8:
dd:ad:2e:e9:df:14:06:d2:a4:c4:df:58:c5:0d:fc:
25:6c:f4:48:9e:82:91:06:91:bd:44:7e:61:12:00:
fa:6a:73:1e:fe:6e:cb:a8:5a:6b:b1:38:27:91:67:
30:b1:81:83:f2:fd:ff:e9:27:9f:6a:07:ce:0c:ae:
00:7b:19:d1:e5:53:74:d9:b0:f0:b6:70:b8:9b:71:
2a:16:82:f4:3c:c1:4d:21:46:b1:1f:75:8a:06:66:
fe:1e:5f:76:38:38:42:ad:3a:25:8a:93:84:a5:ca:
31:0e:ef:94:2a:e6:0e:26:82:41:12:f7:04:68:54:
48:83:76:ab:f6:db:09:bc:8e:84:ac:c5:49:de:80:
2f:5a:88:3e:1b:8e:a3:5f:27:e4:26:e3:70:33:28:
96:37:cc:fd:02:51:35:d6:ed:88:32:a0:be:36:b2:
dc:7a:cb:e7:51:d6:9e:19:12:85:20:9f:0f:74:bc:
59:de:be:b8:bb:4d:18:b2:56:f8:10:20:4e:5b:c4:
09:c0:b9:ea:c4:a4:8c:ff:7b:cd:58:c8:e7:8e:f0:
22:80:56:f5:98:55:eb:39:58:1b:60:fc:82:21:e8:
73:27:94:86:82:e8:9e:00:9e:9d:c3:2b:61:16:01:
da:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:77:54:DC:21:15:97:7C:0F:08:58:3E:92:E1:BF:A6:C6:27:17:CD
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/M3dU3CEVl3wPCFg-kuG_psYnF80.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.197.192.0/24
82.197.196.0/23
82.197.203.0-82.197.205.255
82.197.208.0/20
84.245.32.0/20
Signature Algorithm: sha256WithRSAEncryption
52:9f:57:a7:24:18:b0:22:24:7d:0a:de:e7:14:88:51:88:be:
dd:73:ce:2f:60:1c:86:fa:a3:2d:9a:61:91:1a:93:aa:f5:36:
2a:0f:5d:b0:7c:f1:99:6e:04:6a:61:ad:09:f6:59:e9:c0:ee:
9f:1e:91:aa:9b:cb:e7:c2:31:d4:7c:d5:f2:91:39:a5:b6:78:
7c:0a:9e:0d:82:77:03:20:bf:19:56:07:6c:25:46:26:76:5f:
cf:4d:cb:93:19:d8:03:b1:b7:ae:56:b3:58:12:13:9b:c9:8c:
75:dc:61:3e:49:6a:9f:f9:6a:ba:fb:9d:36:9f:e1:06:76:d1:
cb:a6:1f:29:6c:3a:ea:60:b7:ab:d5:70:c2:8e:c1:5b:50:52:
fa:1b:63:ca:5d:82:21:24:88:1a:b3:4f:0c:9d:b2:fd:23:75:
fd:94:f5:5b:e0:0d:90:29:40:fe:68:fb:80:83:73:23:ec:a6:
a3:c8:52:c6:ca:2b:ca:11:57:f8:64:8c:cc:fa:1e:4d:e6:d0:
60:69:85:bd:9d:86:53:99:19:8c:af:e0:f7:1b:03:fe:c2:a3:
a9:3e:ce:54:12:81:5c:af:81:7b:ad:b3:a8:08:ec:3d:96:45:
89:1e:5c:e0:b0:54:d2:fc:4b:7d:7e:fc:26:a1:e7:23:a4:55:
91:54:fd:d3
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZxTBbQCdh1TU62M3zDQ8KmBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMjEyMTgwMzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzc3NTRkYzIxMTU5NzdjMGYwODU4M2U5MmUxYmZhNmM2MjcxN2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwU5Cb4F5AFjjGbGSYsjdrS7p3xQG
0qTE31jFDfwlbPRInoKRBpG9RH5hEgD6anMe/m7LqFprsTgnkWcwsYGD8v3/6Sef
agfODK4AexnR5VN02bDwtnC4m3EqFoL0PMFNIUaxH3WKBmb+Hl92ODhCrTolipOE
pcoxDu+UKuYOJoJBEvcEaFRIg3ar9tsJvI6ErMVJ3oAvWog+G46jXyfkJuNwMyiW
N8z9AlE11u2IMqC+NrLcesvnUdaeGRKFIJ8PdLxZ3r64u00Yslb4ECBOW8QJwLnq
xKSM/3vNWMjnjvAigFb1mFXrOVgbYPyCIehzJ5SGguieAJ6dwythFgHaXwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFDN3VNwhFZd8DwhYPpLhv6bGJxfNMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTTNkVTNDRVZsM3dQQ0ZnLWt1R19wc1luRjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAUsXAAwQB
UsXEMAwDBABSxcsDBAFSxcwDBARSxdADBARU9SAwDQYJKoZIhvcNAQELBQADggEB
AFKfV6ckGLAiJH0K3ucUiFGIvt1zzi9gHIb6oy2aYZEak6r1NioPXbB88ZluBGph
rQn2WenA7p8ekaqby+fCMdR81fKROaW2eHwKng2CdwMgvxlWB2wlRiZ2X89Ny5MZ
2AOxt65Ws1gSE5vJjHXcYT5Jap/5arr7nTaf4QZ20cumHylsOupgt6vVcMKOwVtQ
UvobY8pdgiEkiBqzTwydsv0jdf2U9VvgDZApQP5o+4CDcyPspqPIUsbKK8oRV/hk
jMz6Hk3m0GBphb2dhlOZGYyv4PcbA/7Co6k+zlQSgVyvgXuts6gI7D2WRYkeXOCw
VNL8S31+/Cah5yOkVZFU/dM=
-----END CERTIFICATE-----
Generated at Sun Mar 1 22:06:29 2026 by rpki-client