Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Phjp1olftOEotLijxmB5Tm2IQX8.roa
File: Phjp1olftOEotLijxmB5Tm2IQX8.roa (raw, json)
Hash identifier: M8a+bI43UKlP7ZFt1ifPYtU3O2jUkwC5b0ZL+to4fjI=
Subject key identifier: 3E:18:E9:D6:89:5F:B4:E1:28:B4:B8:A3:C6:60:79:4E:6D:88:41:7F
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 019C9EB06B2352DFE6C7AA9281AD93E92C40
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Phjp1olftOEotLijxmB5Tm2IQX8.roa
Signing time: Fri 27 Feb 2026 10:41:27 +0000
ROA not before: Fri 27 Feb 2026 10:41:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 48806
IP address blocks: 45.146.186.0/24 maxlen: 24
185.205.191.0/24 maxlen: 24
188.212.155.0/24 maxlen: 24
188.241.182.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:9e:b0:6b:23:52:df:e6:c7:aa:92:81:ad:93:e9:2c:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 27 10:41:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3e18e9d6895fb4e128b4b8a3c660794e6d88417f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:ea:f5:ec:ee:7f:97:ca:ae:66:91:21:dc:48:
9b:63:b0:4a:a0:40:14:68:1a:7a:1a:d9:c4:11:56:
f3:c5:eb:93:e8:1b:be:67:40:d8:a9:f4:63:59:0f:
90:9f:74:67:4e:5e:49:01:75:a3:bf:df:c6:83:ab:
7c:fb:6b:83:7d:9b:1f:00:d1:4b:a1:d1:f4:1c:cb:
5a:48:d3:87:62:ea:74:9a:04:c7:d8:16:3a:d2:dd:
c1:52:41:ce:71:1b:82:56:85:a6:8a:ff:27:e0:e6:
25:9d:fc:7b:ab:bc:ea:ea:d5:0c:61:88:77:59:df:
37:69:4d:94:b7:a1:fe:94:1a:36:d9:10:41:a7:be:
4e:10:78:bf:21:fa:0b:d5:cb:59:06:85:0c:cc:5e:
4d:6c:8a:0d:a7:35:d7:be:9e:a4:1b:9a:af:9f:78:
3e:1e:d5:67:ac:9f:24:74:72:e5:24:9b:b6:a7:a4:
46:c6:a5:c5:c6:db:fe:d7:07:80:46:29:65:da:f0:
50:19:ed:84:8a:2a:6a:54:a9:c4:42:3f:01:4d:b8:
69:c9:86:67:5e:cc:db:2e:7e:ff:39:5d:00:69:d5:
d5:41:9f:80:1a:3b:4c:a4:6f:4e:a5:11:fb:48:e3:
e5:5a:66:0f:08:ee:6c:86:72:34:47:76:26:40:01:
12:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:18:E9:D6:89:5F:B4:E1:28:B4:B8:A3:C6:60:79:4E:6D:88:41:7F
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Phjp1olftOEotLijxmB5Tm2IQX8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.146.186.0/24
185.205.191.0/24
188.212.155.0/24
188.241.182.0/24
Signature Algorithm: sha256WithRSAEncryption
4f:b7:03:dc:c4:95:1e:2c:35:95:b8:ac:d1:3e:db:34:29:bf:
bc:c5:73:58:16:2e:53:de:51:68:95:33:88:10:15:f0:0c:53:
24:82:55:a4:1b:8a:c0:b6:97:e1:29:e5:f7:54:c9:b0:b5:d4:
3c:cc:9d:ae:1e:bc:a9:32:c4:c1:ef:00:9b:d2:fc:c3:f8:ff:
5b:56:b1:96:e9:39:df:9f:81:a2:cd:23:09:40:92:e2:82:c9:
bf:8e:fc:68:59:78:a8:e2:44:51:21:f1:0b:44:78:ba:9e:cc:
3c:43:95:a5:4d:36:9c:2c:13:5d:96:f4:db:04:49:48:6d:11:
10:fe:9b:29:53:73:2a:3e:f0:14:e9:58:cb:86:86:db:19:72:
8b:2f:6a:a6:5f:0b:f4:9f:a2:1e:dc:76:f3:54:4b:c0:d5:86:
25:8e:1a:d7:eb:6d:f8:90:1b:81:5f:91:c7:a5:60:53:2e:b8:
bf:9b:b8:44:e2:3a:56:c7:42:4e:17:85:bc:0c:8b:8e:91:3d:
63:f1:5f:ca:b1:c6:04:a9:e7:eb:8a:57:1a:0a:e7:38:8b:c5:
fa:5f:9a:0a:67:80:e2:69:a5:66:00:90:65:55:7d:ea:e9:61:
40:d3:38:27:a9:42:12:96:ca:a6:51:2a:dd:27:cc:6c:aa:53:
d9:7c:57:b4
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZyesGsjUt/mx6qSga2T6SxAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMjI3MTA0MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTE4ZTlkNjg5NWZiNGUxMjhiNGI4YTNjNjYwNzk0ZTZkODg0MTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwer17O5/l8quZpEh3EibY7BKoEAU
aBp6GtnEEVbzxeuT6Bu+Z0DYqfRjWQ+Qn3RnTl5JAXWjv9/Gg6t8+2uDfZsfANFL
odH0HMtaSNOHYup0mgTH2BY60t3BUkHOcRuCVoWmiv8n4OYlnfx7q7zq6tUMYYh3
Wd83aU2Ut6H+lBo22RBBp75OEHi/IfoL1ctZBoUMzF5NbIoNpzXXvp6kG5qvn3g+
HtVnrJ8kdHLlJJu2p6RGxqXFxtv+1weARill2vBQGe2EiipqVKnEQj8BTbhpyYZn
XszbLn7/OV0AadXVQZ+AGjtMpG9OpRH7SOPlWmYPCO5shnI0R3YmQAESUQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFD4Y6daJX7ThKLS4o8ZgeU5tiEF/MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvUGhqcDFvbGZ0T0VvdExpanhtQjVUbTJJUVg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALZK6AwQA
uc2/AwQAvNSbAwQAvPG2MA0GCSqGSIb3DQEBCwUAA4IBAQBPtwPcxJUeLDWVuKzR
Pts0Kb+8xXNYFi5T3lFolTOIEBXwDFMkglWkG4rAtpfhKeX3VMmwtdQ8zJ2uHryp
MsTB7wCb0vzD+P9bVrGW6Tnfn4GizSMJQJLigsm/jvxoWXio4kRRIfELRHi6nsw8
Q5WlTTacLBNdlvTbBElIbREQ/pspU3MqPvAU6VjLhobbGXKLL2qmXwv0n6Ie3Hbz
VEvA1YYljhrX6234kBuBX5HHpWBTLri/m7hE4jpWx0JOF4W8DIuOkT1j8V/KscYE
qefrilcaCuc4i8X6X5oKZ4DiaaVmAJBlVX3q6WFA0zgnqUISlsqmUSrdJ8xsqlPZ
fFe0
-----END CERTIFICATE-----
Generated at Mon Mar 2 05:10:24 2026 by rpki-client