Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/PWMxq9h4doUcA1pqIjuHDrsZNSs.roa
File: PWMxq9h4doUcA1pqIjuHDrsZNSs.roa (raw, json)
Hash identifier: D+5WqpOaEpRi26DySjkKrC2vhCAwvd1DL81hs6EhXDU=
Subject key identifier: 3D:63:31:AB:D8:78:76:85:1C:03:5A:6A:22:3B:87:0E:BB:19:35:2B
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 019C0B4A17A8CECE0CD1ED15294D1712EED0
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/PWMxq9h4doUcA1pqIjuHDrsZNSs.roa
Signing time: Thu 29 Jan 2026 19:45:30 +0000
ROA not before: Thu 29 Jan 2026 19:45:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 210558
IP address blocks: 45.80.158.0/24 maxlen: 24
45.83.28.0/24 maxlen: 24
45.83.31.0/24 maxlen: 24
45.92.1.0/24 maxlen: 24
84.54.33.0/24 maxlen: 24
185.241.208.0/24 maxlen: 24
185.241.211.0/24 maxlen: 24
192.159.99.0/24 maxlen: 24
193.26.115.0/24 maxlen: 24
203.159.90.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:0b:4a:17:a8:ce:ce:0c:d1:ed:15:29:4d:17:12:ee:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 29 19:45:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3d6331abd87876851c035a6a223b870ebb19352b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:4e:67:68:08:7e:a3:4d:4e:df:2d:d7:66:dc:
80:38:96:01:fe:2d:8d:a5:f8:19:4d:e8:89:e5:91:
7f:c1:5d:cd:85:af:a7:c2:09:2e:29:20:9f:2a:b5:
95:50:99:a2:bb:c5:99:0b:aa:35:89:fd:85:4a:a1:
59:9b:18:0f:2d:53:df:3b:4d:33:1a:a6:b6:7c:83:
2d:82:8b:2b:0d:fc:ad:d7:5c:ea:34:fc:be:2c:96:
75:e4:f7:14:be:83:99:92:c7:e3:86:a8:10:8c:20:
2f:bd:c7:59:37:b7:58:11:56:83:49:62:97:4f:fd:
d8:3b:11:ea:be:70:20:e1:ff:4c:dd:e1:f5:2f:55:
11:69:b1:5f:6e:a2:0c:56:51:7c:cc:3a:1d:be:69:
bd:fb:63:cb:bf:98:25:7c:b3:dd:9b:b5:8d:81:5e:
ef:77:c0:c1:f2:65:31:2e:09:96:de:b7:5a:59:75:
91:43:c8:4b:ec:16:54:5b:63:e6:e8:72:55:5c:61:
43:f5:ca:68:74:58:86:28:0f:c4:55:70:3b:08:10:
17:94:ae:75:07:27:d8:1c:2e:9b:01:01:cb:a9:e3:
f0:d1:99:25:34:7c:d2:64:73:7f:e8:75:18:74:2d:
90:2b:38:60:5d:ba:55:4c:65:21:4a:f7:5e:b5:d8:
79:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:63:31:AB:D8:78:76:85:1C:03:5A:6A:22:3B:87:0E:BB:19:35:2B
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/PWMxq9h4doUcA1pqIjuHDrsZNSs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.80.158.0/24
45.83.28.0/24
45.83.31.0/24
45.92.1.0/24
84.54.33.0/24
185.241.208.0/24
185.241.211.0/24
192.159.99.0/24
193.26.115.0/24
203.159.90.0/24
Signature Algorithm: sha256WithRSAEncryption
23:6e:5a:71:7f:cb:47:9a:aa:8d:0b:94:61:1f:2e:60:ad:ab:
9c:27:71:f5:40:fb:34:b2:d7:3e:6d:14:6a:c2:77:02:95:ef:
48:be:21:7c:2a:3e:d5:ee:bb:25:d9:7f:2d:84:64:00:e6:42:
cc:30:d7:3f:db:d6:53:5b:77:70:c3:0a:26:e1:c6:bd:73:b8:
3d:70:49:25:a9:e7:3a:51:44:55:ea:34:f8:e7:2b:3b:a0:b7:
43:ac:05:ef:14:55:17:51:42:b0:2c:6f:cf:e5:10:c2:ef:56:
ec:65:67:e0:c8:c2:10:ee:bf:20:40:71:57:f1:b1:42:6a:44:
78:30:fc:5e:67:57:45:58:05:e2:d0:40:11:d0:2f:39:51:42:
c2:a3:3c:32:8f:b4:12:87:f0:64:98:4a:b5:ee:ee:8a:89:2c:
7c:01:50:de:be:d3:8f:da:0f:ef:41:c1:e4:74:48:bc:8b:ea:
25:4c:d1:44:76:5f:d2:08:aa:58:ca:ef:84:41:d4:04:36:6f:
1a:ee:d0:b9:5e:de:10:04:22:41:9a:7a:37:17:69:e6:8f:7f:
1e:79:61:a2:36:3a:80:27:c1:d8:0b:71:24:69:f0:b5:04:8c:
82:bd:af:18:89:9b:bc:58:09:3d:76:dd:45:c7:a7:f0:b9:87:
3f:9d:2e:4b
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZwLSheozs4M0e0VKU0XEu7QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMTI5MTk0NTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDYzMzFhYmQ4Nzg3Njg1MWMwMzVhNmEyMjNiODcwZWJiMTkzNTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtU5naAh+o01O3y3XZtyAOJYB/i2N
pfgZTeiJ5ZF/wV3Nha+nwgkuKSCfKrWVUJmiu8WZC6o1if2FSqFZmxgPLVPfO00z
Gqa2fIMtgosrDfyt11zqNPy+LJZ15PcUvoOZksfjhqgQjCAvvcdZN7dYEVaDSWKX
T/3YOxHqvnAg4f9M3eH1L1URabFfbqIMVlF8zDodvmm9+2PLv5glfLPdm7WNgV7v
d8DB8mUxLgmW3rdaWXWRQ8hL7BZUW2Pm6HJVXGFD9cpodFiGKA/EVXA7CBAXlK51
ByfYHC6bAQHLqePw0ZklNHzSZHN/6HUYdC2QKzhgXbpVTGUhSvdetdh5rwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFD1jMavYeHaFHANaaiI7hw67GTUrMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvUFdNeHE5aDRkb1VjQTFwcUlqdUhEcnNaTlNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALVCeAwQA
LVMcAwQALVMfAwQALVwBAwQAVDYhAwQAufHQAwQAufHTAwQAwJ9jAwQAwRpzAwQA
y59aMA0GCSqGSIb3DQEBCwUAA4IBAQAjblpxf8tHmqqNC5RhHy5graucJ3H1QPs0
stc+bRRqwncCle9IviF8Kj7V7rsl2X8thGQA5kLMMNc/29ZTW3dwwwom4ca9c7g9
cEklqec6UURV6jT45ys7oLdDrAXvFFUXUUKwLG/P5RDC71bsZWfgyMIQ7r8gQHFX
8bFCakR4MPxeZ1dFWAXi0EAR0C85UULCozwyj7QSh/BkmEq17u6KiSx8AVDevtOP
2g/vQcHkdEi8i+olTNFEdl/SCKpYyu+EQdQENm8a7tC5Xt4QBCJBmno3F2nmj38e
eWGiNjqAJ8HYC3EkafC1BIyCva8YiZu8WAk9dt1Fx6fwuYc/nS5L
-----END CERTIFICATE-----
Generated at Mon Mar 2 05:54:08 2026 by rpki-client