Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/b5cf0b-ec31-4705-8f68-6f1fece87c89/1/EHnMdlQCTiULg7kKOrY_TKLhyGo.roa
File: EHnMdlQCTiULg7kKOrY_TKLhyGo.roa (raw, json)
Hash identifier: //N8l4aMb1HtqxaY4hYaKRgIbFDikawzft4e5uyR8EU=
Subject key identifier: 10:79:CC:76:54:02:4E:25:0B:83:B9:0A:3A:B6:3F:4C:A2:E1:C8:6A
Certificate issuer: /CN=22d54df89b8fd921dada3f0daa29efff5cce0a79
Certificate serial: 019D4E92F0598868140B3BD33E372F17999A
Authority key identifier: 22:D5:4D:F8:9B:8F:D9:21:DA:DA:3F:0D:AA:29:EF:FF:5C:CE:0A:79
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ItVN-JuP2SHa2j8Nqinv_1zOCnk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/b5cf0b-ec31-4705-8f68-6f1fece87c89/1/EHnMdlQCTiULg7kKOrY_TKLhyGo.roa
Signing time: Thu 02 Apr 2026 14:22:25 +0000
ROA not before: Thu 02 Apr 2026 14:22:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 51333
IP address blocks: 185.58.4.0/22 maxlen: 24
188.65.80.0/21 maxlen: 24
188.65.80.0/24 maxlen: 24
188.65.81.0/24 maxlen: 24
188.65.84.0/24 maxlen: 24
188.65.85.0/24 maxlen: 24
188.65.86.0/24 maxlen: 24
188.65.87.0/24 maxlen: 24
194.36.72.0/22 maxlen: 24
2a02:6120::/29 maxlen: 29
2a0c:bdc0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c7/b5cf0b-ec31-4705-8f68-6f1fece87c89/1/ItVN-JuP2SHa2j8Nqinv_1zOCnk.crl
rsync://rpki.ripe.net/repository/DEFAULT/c7/b5cf0b-ec31-4705-8f68-6f1fece87c89/1/ItVN-JuP2SHa2j8Nqinv_1zOCnk.mft
rsync://rpki.ripe.net/repository/DEFAULT/ItVN-JuP2SHa2j8Nqinv_1zOCnk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 05:01:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:4e:92:f0:59:88:68:14:0b:3b:d3:3e:37:2f:17:99:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22d54df89b8fd921dada3f0daa29efff5cce0a79
Validity
Not Before: Apr 2 14:22:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1079cc7654024e250b83b90a3ab63f4ca2e1c86a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:d7:34:80:ce:d0:8c:97:b2:57:20:ed:c2:0c:
e7:84:b1:bc:9e:1e:ce:3a:6e:6f:e7:51:e7:e5:cf:
af:e5:6e:c6:89:a9:27:1d:9c:66:4a:99:9f:b9:6a:
64:33:06:df:d1:75:93:6c:d2:ae:fc:ab:c3:63:28:
9e:8c:01:89:24:cd:dc:b5:2a:d0:a2:de:34:8f:d4:
cb:68:9d:b9:e8:6d:5b:3d:45:0b:44:1e:10:ff:fd:
02:e2:db:49:37:a9:d4:1a:16:1e:13:0d:89:3b:b7:
02:25:9c:68:be:23:13:9f:d6:c6:b9:61:59:59:ef:
bb:05:bb:0f:e4:b2:02:8d:85:8c:e0:04:d7:ce:e4:
e6:d9:af:4f:65:81:63:83:b1:4a:3d:58:09:14:32:
fe:a8:8b:21:f3:69:a5:47:80:61:6f:06:35:eb:9a:
df:4c:60:db:50:f7:00:36:9e:44:36:d1:91:29:f9:
d3:d8:fa:d9:55:d4:31:df:36:c6:6b:a8:27:d9:ad:
7e:1c:08:e3:db:b5:b8:78:f7:e9:06:66:05:d7:35:
b0:90:f1:d3:8f:3d:ea:54:69:d9:e6:ff:da:72:6a:
94:37:29:aa:b1:a4:72:df:78:56:bf:20:c1:7c:2a:
76:f4:3d:c1:12:9c:d7:c9:42:9b:f8:f2:34:28:e8:
8a:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:79:CC:76:54:02:4E:25:0B:83:B9:0A:3A:B6:3F:4C:A2:E1:C8:6A
X509v3 Authority Key Identifier:
keyid:22:D5:4D:F8:9B:8F:D9:21:DA:DA:3F:0D:AA:29:EF:FF:5C:CE:0A:79
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ItVN-JuP2SHa2j8Nqinv_1zOCnk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/b5cf0b-ec31-4705-8f68-6f1fece87c89/1/EHnMdlQCTiULg7kKOrY_TKLhyGo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/b5cf0b-ec31-4705-8f68-6f1fece87c89/1/ItVN-JuP2SHa2j8Nqinv_1zOCnk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.58.4.0/22
188.65.80.0/21
194.36.72.0/22
IPv6:
2a02:6120::/29
2a0c:bdc0::/29
Signature Algorithm: sha256WithRSAEncryption
14:26:83:b1:e3:02:be:29:fc:92:36:69:60:af:78:ba:65:21:
9b:69:7b:b4:d0:32:70:00:85:7e:48:d4:9b:32:ba:1f:19:99:
2d:e0:bf:d4:dc:be:ba:6e:67:8c:13:2d:78:13:2c:7c:e4:23:
a9:e9:c2:68:ee:eb:ff:61:5c:5f:63:7e:ed:88:15:6b:53:a0:
b6:01:eb:13:89:c2:71:31:af:69:da:ba:f3:18:42:99:a6:3e:
ef:a8:89:20:92:7d:bb:ac:49:36:ea:6a:b7:e6:69:5c:51:bb:
f6:fa:fd:3b:1d:6e:8a:4c:eb:da:7f:dc:05:1c:70:d8:74:6f:
18:dd:e2:87:9c:96:cf:59:7d:6c:45:75:c9:c8:c5:aa:45:18:
8f:6e:2f:96:fa:8c:ea:78:75:dc:cd:ea:6b:a3:fe:ec:ca:32:
8e:be:b5:f5:a4:56:9c:7a:5c:24:90:2b:6c:0f:96:24:6f:17:
9e:a4:3f:3f:f8:61:f5:58:9b:62:03:0b:99:b7:f8:3a:ff:1b:
ee:53:c9:bd:5b:dd:ad:89:cd:2e:46:6e:1e:57:5f:75:41:c1:
a8:08:b8:0a:47:05:c1:05:fd:d4:29:fb:21:99:f4:d4:d1:53:
d9:86:85:a8:31:4e:1a:20:75:9e:17:a6:a4:73:ed:49:42:b9:
19:35:f7:f9
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZ1OkvBZiGgUCzvTPjcvF5maMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZDU0ZGY4OWI4ZmQ5MjFkYWRhM2YwZGFhMjllZmZmNWNj
ZTBhNzkwHhcNMjYwNDAyMTQyMjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDc5Y2M3NjU0MDI0ZTI1MGI4M2I5MGEzYWI2M2Y0Y2EyZTFjODZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9c0gM7QjJeyVyDtwgznhLG8nh7O
Om5v51Hn5c+v5W7GiaknHZxmSpmfuWpkMwbf0XWTbNKu/KvDYyiejAGJJM3ctSrQ
ot40j9TLaJ256G1bPUULRB4Q//0C4ttJN6nUGhYeEw2JO7cCJZxoviMTn9bGuWFZ
We+7BbsP5LICjYWM4ATXzuTm2a9PZYFjg7FKPVgJFDL+qIsh82mlR4BhbwY165rf
TGDbUPcANp5ENtGRKfnT2PrZVdQx3zbGa6gn2a1+HAjj27W4ePfpBmYF1zWwkPHT
jz3qVGnZ5v/acmqUNymqsaRy33hWvyDBfCp29D3BEpzXyUKb+PI0KOiKcwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFBB5zHZUAk4lC4O5Cjq2P0yi4chqMB8GA1UdIwQY
MBaAFCLVTfibj9kh2to/Daop7/9czgp5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXRWTi1KdVAyU0hhMmo4TnFpbnZfMXpPQ25rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9iNWNmMGItZWMzMS00NzA1LThmNjgt
NmYxZmVjZTg3Yzg5LzEvRUhuTWRsUUNUaVVMZzdrS09yWV9US0xoeUdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9iNWNmMGItZWMzMS00NzA1LThmNjgtNmYxZmVjZTg3Yzg5
LzEvSXRWTi1KdVAyU0hhMmo4TnFpbnZfMXpPQ25rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQCuToEAwQD
vEFQAwQCwiRIMBQEAgACMA4DBQMqAmEgAwUDKgy9wDANBgkqhkiG9w0BAQsFAAOC
AQEAFCaDseMCvin8kjZpYK94umUhm2l7tNAycACFfkjUmzK6HxmZLeC/1Ny+um5n
jBMteBMsfOQjqenCaO7r/2FcX2N+7YgVa1OgtgHrE4nCcTGvadq68xhCmaY+76iJ
IJJ9u6xJNupqt+ZpXFG79vr9Ox1uikzr2n/cBRxw2HRvGN3ih5yWz1l9bEV1ycjF
qkUYj24vlvqM6nh13M3qa6P+7Moyjr619aRWnHpcJJArbA+WJG8XnqQ/P/hh9Vib
YgMLmbf4Ov8b7lPJvVvdrYnNLkZuHldfdUHBqAi4CkcFwQX91Cn7IZn01NFT2YaF
qDFOGiB1nhempHPtSUK5GTX3+Q==
-----END CERTIFICATE-----
Generated at Fri Apr 17 11:41:34 2026 by rpki-client