Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/RN5nALXjZNUbgUzwgE6w7hssQDY.roa
File: RN5nALXjZNUbgUzwgE6w7hssQDY.roa (raw, json)
Hash identifier: kiv3lC7KIYE2csnUvMxs+SFHsoHIxTYXU7zIuFIVszc=
Subject key identifier: 44:DE:67:00:B5:E3:64:D5:1B:81:4C:F0:80:4E:B0:EE:1B:2C:40:36
Certificate issuer: /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial: 019CA054A281854938F0D7D77578F73E0D03
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/RN5nALXjZNUbgUzwgE6w7hssQDY.roa
Signing time: Fri 27 Feb 2026 18:20:27 +0000
ROA not before: Fri 27 Feb 2026 18:20:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 3257
IP address blocks: 147.78.204.0/24 maxlen: 24
185.161.191.0/24 maxlen: 24
185.208.155.0/24 maxlen: 24
185.253.123.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:a0:54:a2:81:85:49:38:f0:d7:d7:75:78:f7:3e:0d:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Validity
Not Before: Feb 27 18:20:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=44de6700b5e364d51b814cf0804eb0ee1b2c4036
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:bc:1b:ad:50:6a:81:1e:90:f6:ca:b1:62:f0:
19:31:a6:81:7c:a0:52:88:08:23:14:b1:cc:4a:cb:
6b:fc:d5:b7:e0:f0:9d:af:ca:ee:32:85:2d:a0:6a:
5b:bf:62:22:93:eb:1d:24:89:40:f0:63:30:57:e9:
37:aa:2f:4d:1c:66:01:e3:47:cd:81:30:13:3b:e3:
df:46:fb:ca:60:61:98:f8:81:a9:a9:e1:f6:bd:7a:
2e:1e:09:51:45:ae:3b:87:27:6d:fd:cb:c1:42:37:
d0:87:aa:1e:e6:98:5e:49:58:4b:a7:2e:51:fe:29:
af:7c:47:28:3f:75:f4:60:91:4b:41:b3:de:d7:8d:
15:ea:1d:6c:7f:d5:02:35:85:2d:b3:64:33:9c:f2:
d8:71:63:59:7c:be:cc:29:1d:a4:b8:59:72:b3:15:
79:77:6c:1f:c3:91:75:fd:ea:d9:c0:84:d5:d0:5e:
d2:4e:70:5a:b2:dc:cd:c7:56:fa:a3:4a:84:c0:d2:
c2:b5:f4:86:0e:1d:df:cc:60:2e:66:1d:4b:a7:1c:
fc:f5:c9:57:b2:1d:ff:f0:b4:f6:9e:56:d5:a7:3e:
fe:af:ba:93:72:0f:5a:2c:a8:1b:11:6e:d1:74:b5:
5b:b0:91:58:ce:ed:67:21:d3:d0:2c:71:36:39:f6:
44:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:DE:67:00:B5:E3:64:D5:1B:81:4C:F0:80:4E:B0:EE:1B:2C:40:36
X509v3 Authority Key Identifier:
keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/RN5nALXjZNUbgUzwgE6w7hssQDY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.78.204.0/24
185.161.191.0/24
185.208.155.0/24
185.253.123.0/24
Signature Algorithm: sha256WithRSAEncryption
90:63:63:40:48:b8:4d:33:f1:95:fd:84:e5:c6:f4:17:01:bb:
d4:91:c6:29:f2:64:9d:0b:b6:36:88:41:70:5f:f9:57:dc:d3:
0f:69:8a:86:ab:8c:70:43:e5:4e:d7:63:8d:70:b3:19:40:75:
b7:33:03:d2:69:23:5b:d7:2d:dc:86:88:7b:b5:d0:48:31:53:
e5:c8:40:f6:a9:b9:70:1c:b3:7e:55:65:e2:b5:8f:7b:20:6c:
86:23:72:f7:3f:99:2d:37:51:fc:28:89:17:f2:e4:d7:cd:fe:
e2:fa:3c:fb:52:49:bb:37:b4:75:0d:2e:e6:5e:47:c1:1d:18:
a5:85:76:2b:bf:f7:45:20:19:df:d7:3f:f6:96:5e:9a:c0:64:
8c:fa:3a:f1:68:53:a8:b7:59:e3:c4:87:f9:74:2d:0a:60:3f:
67:14:ce:d1:a4:c6:1a:e1:f9:e5:d3:e8:a5:b9:2e:e6:89:c8:
44:96:23:aa:d5:75:ab:d4:8b:1e:a4:76:3a:2a:5b:2d:fe:44:
03:ad:4d:b1:5b:c2:6a:27:bd:08:1f:39:c6:05:12:44:5e:1d:
00:75:4a:7e:92:fc:b0:43:21:46:0c:41:51:68:ee:18:9d:a5:
9e:05:00:f5:8c:d2:1c:43:0b:12:80:d7:c9:6e:06:ac:f7:21:
48:93:42:cb
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZygVKKBhUk48NfXdXj3Pg0DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjYwMjI3MTgyMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGRlNjcwMGI1ZTM2NGQ1MWI4MTRjZjA4MDRlYjBlZTFiMmM0MDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bwbrVBqgR6Q9sqxYvAZMaaBfKBS
iAgjFLHMSstr/NW34PCdr8ruMoUtoGpbv2Iik+sdJIlA8GMwV+k3qi9NHGYB40fN
gTATO+PfRvvKYGGY+IGpqeH2vXouHglRRa47hydt/cvBQjfQh6oe5pheSVhLpy5R
/imvfEcoP3X0YJFLQbPe140V6h1sf9UCNYUts2QznPLYcWNZfL7MKR2kuFlysxV5
d2wfw5F1/erZwITV0F7STnBastzNx1b6o0qEwNLCtfSGDh3fzGAuZh1Lpxz89clX
sh3/8LT2nlbVpz7+r7qTcg9aLKgbEW7RdLVbsJFYzu1nIdPQLHE2OfZEowIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFETeZwC142TVG4FM8IBOsO4bLEA2MB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvUk41bkFMWGpaTlViZ1V6d2dFNnc3aHNzUURZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAk07MAwQA
uaG/AwQAudCbAwQAuf17MA0GCSqGSIb3DQEBCwUAA4IBAQCQY2NASLhNM/GV/YTl
xvQXAbvUkcYp8mSdC7Y2iEFwX/lX3NMPaYqGq4xwQ+VO12ONcLMZQHW3MwPSaSNb
1y3choh7tdBIMVPlyED2qblwHLN+VWXitY97IGyGI3L3P5ktN1H8KIkX8uTXzf7i
+jz7Ukm7N7R1DS7mXkfBHRilhXYrv/dFIBnf1z/2ll6awGSM+jrxaFOot1njxIf5
dC0KYD9nFM7RpMYa4fnl0+iluS7michEliOq1XWr1IsepHY6Klst/kQDrU2xW8Jq
J70IHznGBRJEXh0AdUp+kvywQyFGDEFRaO4YnaWeBQD1jNIcQwsSgNfJbgas9yFI
k0LL
-----END CERTIFICATE-----
Generated at Sun Mar 1 22:53:18 2026 by rpki-client