Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/kwkUkDECZnRm3aeT8tJjeY10E6A.roa
File: kwkUkDECZnRm3aeT8tJjeY10E6A.roa (raw, json)
Hash identifier: v8IRQwKyRkUl+/ihJX0rzyX4/5Su75SFG73uxGVPFVU=
Subject key identifier: 93:09:14:90:31:02:66:74:66:DD:A7:93:F2:D2:63:79:8D:74:13:A0
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 019D87878D59B2065F2DD250A1B9F552DB17
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/kwkUkDECZnRm3aeT8tJjeY10E6A.roa
Signing time: Mon 13 Apr 2026 15:48:20 +0000
ROA not before: Mon 13 Apr 2026 15:48:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 45929
IP address blocks: 91.188.204.0/22 maxlen: 24
185.245.112.0/22 maxlen: 22
185.255.36.0/22 maxlen: 24
188.240.224.0/22 maxlen: 24
193.23.128.0/22 maxlen: 24
195.38.4.0/22 maxlen: 22
213.232.92.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:87:87:8d:59:b2:06:5f:2d:d2:50:a1:b9:f5:52:db:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 13 15:48:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=930914903102667466dda793f2d263798d7413a0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:0b:55:a4:f7:ff:dc:89:7f:4f:f5:0d:99:eb:
d9:c0:5f:ba:32:98:2c:ae:1a:c5:3e:ee:b2:80:0e:
5e:91:1c:5e:d3:02:dd:f1:6e:e6:83:97:5c:2b:f4:
27:17:86:e8:29:88:ef:e2:da:77:32:d3:57:e1:cf:
d3:e9:19:b4:22:a8:57:8f:f5:1f:c0:d7:c4:91:e9:
c3:e6:4c:e3:ee:f6:f7:d6:99:33:9c:b2:a0:e1:04:
4b:09:8b:b3:8b:4c:e5:a9:06:e4:ce:5d:a2:b7:9e:
dc:e4:9a:09:69:46:bb:2d:41:e2:49:ab:69:f5:84:
22:e9:2d:db:ca:dd:05:85:5c:b1:d7:5c:8c:02:cf:
87:0c:08:f7:09:c2:11:28:33:27:81:ab:7b:e0:cd:
53:d1:f4:d7:c2:81:95:e6:ec:f1:a6:c8:b9:9f:e8:
bf:9c:c8:b9:79:f0:59:42:0a:af:1d:37:cd:8d:c4:
b4:7b:f1:1f:db:28:15:87:02:fc:c6:c1:e9:82:31:
b9:e5:c3:75:72:cb:e5:61:5b:c3:cd:0d:eb:6e:1e:
15:d3:04:a0:d3:50:7e:29:c4:0b:42:2c:6a:7f:a2:
73:50:a9:6f:bd:4b:c1:b9:10:7c:68:5f:15:1d:c9:
3c:2b:91:3b:94:32:30:1c:e6:35:92:a9:6a:ae:b8:
b1:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:09:14:90:31:02:66:74:66:DD:A7:93:F2:D2:63:79:8D:74:13:A0
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/kwkUkDECZnRm3aeT8tJjeY10E6A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.188.204.0/22
185.245.112.0/22
185.255.36.0/22
188.240.224.0/22
193.23.128.0/22
195.38.4.0/22
213.232.92.0/22
Signature Algorithm: sha256WithRSAEncryption
1b:ea:c9:ea:98:58:51:e0:e9:db:86:fe:21:62:13:1a:8c:95:
1e:8a:b7:ed:45:d1:9d:47:98:87:c2:6a:d2:0f:08:28:6d:0c:
3f:6d:fc:80:36:18:65:1f:7a:24:b2:7a:7f:d1:ff:2d:62:12:
cd:c6:5e:d7:ca:1c:bb:8e:c9:ed:9d:de:6a:a7:5a:be:2c:b6:
d9:92:d2:78:0c:07:89:37:0c:1e:5c:36:67:05:da:f9:f8:74:
66:af:f3:e9:52:ca:01:ef:e7:08:5c:e0:ca:7e:b0:30:03:74:
d8:41:bc:c7:e2:cb:cd:ea:44:31:0d:c8:3f:06:4f:68:43:d3:
c9:ca:a5:ae:71:5f:86:04:64:04:e4:6a:58:2f:ec:ed:d2:fe:
71:2f:79:d3:ae:f0:9b:17:74:b7:95:59:9d:df:bb:37:f0:28:
51:14:30:84:98:57:af:7d:0a:ce:94:b8:bc:a4:81:11:d0:81:
bd:99:fd:c0:3a:fd:ed:22:b5:66:85:ed:88:cd:d0:c2:d6:21:
1e:0f:27:a9:b4:88:75:d1:31:36:6e:e2:45:fa:fc:75:ae:e0:
67:5e:33:79:60:af:1c:3e:ca:22:76:d6:51:06:ae:18:91:59:
61:d8:9a:d6:5a:28:3a:3f:0a:d7:50:34:87:b4:83:92:c6:cd:
a2:f3:ce:16
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZ2Hh41ZsgZfLdJQobn1UtsXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwNDEzMTU0ODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzA5MTQ5MDMxMDI2Njc0NjZkZGE3OTNmMmQyNjM3OThkNzQxM2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAtVpPf/3Il/T/UNmevZwF+6Mpgs
rhrFPu6ygA5ekRxe0wLd8W7mg5dcK/QnF4boKYjv4tp3MtNX4c/T6Rm0IqhXj/Uf
wNfEkenD5kzj7vb31pkznLKg4QRLCYuzi0zlqQbkzl2it57c5JoJaUa7LUHiSatp
9YQi6S3byt0FhVyx11yMAs+HDAj3CcIRKDMngat74M1T0fTXwoGV5uzxpsi5n+i/
nMi5efBZQgqvHTfNjcS0e/Ef2ygVhwL8xsHpgjG55cN1csvlYVvDzQ3rbh4V0wSg
01B+KcQLQixqf6JzUKlvvUvBuRB8aF8VHck8K5E7lDIwHOY1kqlqrrixJQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFJMJFJAxAmZ0Zt2nk/LSY3mNdBOgMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEva3drVWtERUNablJtM2FlVDh0SmplWTEwRTZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCW7zMAwQC
ufVwAwQCuf8kAwQCvPDgAwQCwReAAwQCwyYEAwQC1ehcMA0GCSqGSIb3DQEBCwUA
A4IBAQAb6snqmFhR4Onbhv4hYhMajJUeirftRdGdR5iHwmrSDwgobQw/bfyANhhl
H3oksnp/0f8tYhLNxl7Xyhy7jsntnd5qp1q+LLbZktJ4DAeJNwweXDZnBdr5+HRm
r/PpUsoB7+cIXODKfrAwA3TYQbzH4svN6kQxDcg/Bk9oQ9PJyqWucV+GBGQE5GpY
L+zt0v5xL3nTrvCbF3S3lVmd37s38ChRFDCEmFevfQrOlLi8pIER0IG9mf3AOv3t
IrVmhe2IzdDC1iEeDyeptIh10TE2buJF+vx1ruBnXjN5YK8cPsoidtZRBq4YkVlh
2JrWWig6PwrXUDSHtIOSxs2i884W
-----END CERTIFICATE-----
Generated at Fri Apr 17 14:02:03 2026 by rpki-client