Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/d479cc-a712-4bc3-832d-2727247af210/1/GD22NDKlkAh5bp67GRvvW84yHsU.roa
File: GD22NDKlkAh5bp67GRvvW84yHsU.roa (raw, json)
Hash identifier: LtP9pMPZerVqZeqzrIl5QfQhM+bLwsaU/FGis7xu4Rs=
Subject key identifier: 18:3D:B6:34:32:A5:90:08:79:6E:9E:BB:19:1B:EF:5B:CE:32:1E:C5
Certificate issuer: /CN=e07e008d6ed2388ad31b7422423152a92a54de71
Certificate serial: 019D4298B66116EDFEAA13E980667CE315F9
Authority key identifier: E0:7E:00:8D:6E:D2:38:8A:D3:1B:74:22:42:31:52:A9:2A:54:DE:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4H4AjW7SOIrTG3QiQjFSqSpU3nE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/d479cc-a712-4bc3-832d-2727247af210/1/GD22NDKlkAh5bp67GRvvW84yHsU.roa
Signing time: Tue 31 Mar 2026 06:33:17 +0000
ROA not before: Tue 31 Mar 2026 06:33:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 197227
IP address blocks: 5.133.248.0/21 maxlen: 24
37.247.56.0/21 maxlen: 24
46.175.40.0/21 maxlen: 24
46.243.156.0/22 maxlen: 24
85.234.248.0/21 maxlen: 24
145.14.240.0/21 maxlen: 24
150.251.252.0/22 maxlen: 24
185.81.56.0/22 maxlen: 24
185.131.160.0/22 maxlen: 24
188.211.16.0/21 maxlen: 24
195.80.128.0/21 maxlen: 24
213.5.208.0/21 maxlen: 24
2a03:1280::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/be/d479cc-a712-4bc3-832d-2727247af210/1/4H4AjW7SOIrTG3QiQjFSqSpU3nE.crl
rsync://rpki.ripe.net/repository/DEFAULT/be/d479cc-a712-4bc3-832d-2727247af210/1/4H4AjW7SOIrTG3QiQjFSqSpU3nE.mft
rsync://rpki.ripe.net/repository/DEFAULT/4H4AjW7SOIrTG3QiQjFSqSpU3nE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 02:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:42:98:b6:61:16:ed:fe:aa:13:e9:80:66:7c:e3:15:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e07e008d6ed2388ad31b7422423152a92a54de71
Validity
Not Before: Mar 31 06:33:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=183db63432a59008796e9ebb191bef5bce321ec5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:12:52:2b:7f:be:dd:93:f0:7b:b7:2f:99:5f:
58:95:c1:a0:eb:6d:32:40:73:99:33:39:50:35:be:
c0:a9:f0:00:16:37:c3:6c:14:3c:cb:5d:fd:15:a1:
53:6c:c7:b2:9d:7f:22:ac:8b:5d:4e:1c:d1:25:57:
e3:93:96:bf:5f:a6:21:b4:cc:aa:54:63:ba:52:67:
b0:e4:73:bb:86:1b:54:14:fe:80:3e:77:bf:e1:ab:
b3:05:28:42:a5:9d:c9:b8:2d:6f:48:9d:b1:1b:8a:
11:f3:29:e9:5b:38:42:38:90:d9:54:e9:a0:80:82:
44:ff:fa:08:a2:c5:6f:b3:18:14:07:93:98:50:7e:
23:0d:ab:a3:d0:07:b1:db:f0:fb:42:23:49:ce:f2:
35:7e:5e:3b:07:c4:ad:7c:72:48:f6:51:04:47:6b:
43:ea:e4:39:7d:ae:78:1d:b9:75:bd:02:06:de:c0:
b3:61:80:45:33:0d:2c:46:5c:5f:64:ab:30:b7:6e:
75:26:9a:9e:34:36:e2:08:64:79:16:3c:9c:86:2c:
82:8a:de:2b:f4:2f:1d:2c:4a:0b:a3:bc:ec:ee:66:
bc:d7:ea:2f:0a:94:a4:1d:a3:e1:5a:21:c2:b9:29:
45:f4:a3:db:ed:95:d0:7d:aa:c2:dc:ae:5e:e4:d4:
7d:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:3D:B6:34:32:A5:90:08:79:6E:9E:BB:19:1B:EF:5B:CE:32:1E:C5
X509v3 Authority Key Identifier:
keyid:E0:7E:00:8D:6E:D2:38:8A:D3:1B:74:22:42:31:52:A9:2A:54:DE:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4H4AjW7SOIrTG3QiQjFSqSpU3nE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/d479cc-a712-4bc3-832d-2727247af210/1/GD22NDKlkAh5bp67GRvvW84yHsU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/d479cc-a712-4bc3-832d-2727247af210/1/4H4AjW7SOIrTG3QiQjFSqSpU3nE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.133.248.0/21
37.247.56.0/21
46.175.40.0/21
46.243.156.0/22
85.234.248.0/21
145.14.240.0/21
150.251.252.0/22
185.81.56.0/22
185.131.160.0/22
188.211.16.0/21
195.80.128.0/21
213.5.208.0/21
IPv6:
2a03:1280::/32
Signature Algorithm: sha256WithRSAEncryption
7e:3b:15:8f:f1:e8:30:33:5f:dd:2a:3c:d9:48:65:75:1a:50:
db:c7:83:41:00:3a:20:83:66:d5:13:35:07:1b:e5:00:8c:13:
38:3c:ca:85:a5:fb:a4:2b:77:37:b2:25:37:15:66:cc:19:a6:
24:57:8a:bb:02:a7:1e:0c:5e:b9:cd:8c:76:d8:80:23:85:20:
44:d4:bd:74:83:e1:de:6b:a7:4c:ab:19:73:81:d5:61:40:57:
1b:5a:23:e1:6b:4d:98:c1:0b:68:14:e1:09:d6:7f:55:fd:59:
f7:fc:32:4c:da:f5:3b:c1:e5:34:9a:74:c2:c0:7e:12:d3:cb:
d1:da:1b:db:b2:78:ab:6c:a3:ef:9d:47:1b:b6:9a:a7:54:30:
4e:d1:15:8a:f0:e5:f7:15:98:a7:55:60:d6:16:13:a1:04:14:
2a:16:b9:18:75:b1:a5:55:67:fb:ae:60:b9:52:58:b4:df:8e:
ab:1d:75:99:06:91:f1:05:44:fb:51:b4:7f:da:b3:e2:20:d7:
9f:66:3b:fe:48:50:8e:8c:49:91:b5:f1:16:a6:ac:a3:67:4c:
69:de:96:6c:7b:27:61:06:ac:54:95:a7:6d:92:20:cb:6d:54:
99:72:63:ab:62:a9:d9:df:9c:bd:f5:26:b7:fe:6f:98:3e:bb:
9c:28:16:bb
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZ1CmLZhFu3+qhPpgGZ84xX5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwN2UwMDhkNmVkMjM4OGFkMzFiNzQyMjQyMzE1MmE5MmE1
NGRlNzEwHhcNMjYwMzMxMDYzMzE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODNkYjYzNDMyYTU5MDA4Nzk2ZTllYmIxOTFiZWY1YmNlMzIxZWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RJSK3++3ZPwe7cvmV9YlcGg620y
QHOZMzlQNb7AqfAAFjfDbBQ8y139FaFTbMeynX8irItdThzRJVfjk5a/X6YhtMyq
VGO6Umew5HO7hhtUFP6APne/4auzBShCpZ3JuC1vSJ2xG4oR8ynpWzhCOJDZVOmg
gIJE//oIosVvsxgUB5OYUH4jDauj0Aex2/D7QiNJzvI1fl47B8StfHJI9lEER2tD
6uQ5fa54Hbl1vQIG3sCzYYBFMw0sRlxfZKswt251JpqeNDbiCGR5FjychiyCit4r
9C8dLEoLo7zs7ma81+ovCpSkHaPhWiHCuSlF9KPb7ZXQfarC3K5e5NR9ewIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFBg9tjQypZAIeW6euxkb71vOMh7FMB8GA1UdIwQY
MBaAFOB+AI1u0jiK0xt0IkIxUqkqVN5xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEg0QWpXN1NPSXJURzNRaVFqRlNxU3BVM25FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9kNDc5Y2MtYTcxMi00YmMzLTgzMmQt
MjcyNzI0N2FmMjEwLzEvR0QyMk5ES2xrQWg1YnA2N0dSdnZXODR5SHNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9kNDc5Y2MtYTcxMi00YmMzLTgzMmQtMjcyNzI0N2FmMjEw
LzEvNEg0QWpXN1NPSXJURzNRaVFqRlNxU3BVM25FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDBYX4AwQD
Jfc4AwQDLq8oAwQCLvOcAwQDVer4AwQDkQ7wAwQClvv8AwQCuVE4AwQCuYOgAwQD
vNMQAwQDw1CAAwQD1QXQMA0EAgACMAcDBQAqAxKAMA0GCSqGSIb3DQEBCwUAA4IB
AQB+OxWP8egwM1/dKjzZSGV1GlDbx4NBADogg2bVEzUHG+UAjBM4PMqFpfukK3c3
siU3FWbMGaYkV4q7AqceDF65zYx22IAjhSBE1L10g+Hea6dMqxlzgdVhQFcbWiPh
a02YwQtoFOEJ1n9V/Vn3/DJM2vU7weU0mnTCwH4S08vR2hvbsnirbKPvnUcbtpqn
VDBO0RWK8OX3FZinVWDWFhOhBBQqFrkYdbGlVWf7rmC5Uli0346rHXWZBpHxBUT7
UbR/2rPiINefZjv+SFCOjEmRtfEWpqyjZ0xp3pZseydhBqxUladtkiDLbVSZcmOr
YqnZ35y99Sa3/m+YPrucKBa7
-----END CERTIFICATE-----
Generated at Sun Apr 19 11:24:41 2026 by rpki-client