Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/RD3FrdJDiaSgh4hhQogjAnXqmq8.roa
File: RD3FrdJDiaSgh4hhQogjAnXqmq8.roa (raw, json)
Hash identifier: y0vVTwPbcsqwxMSYm4yZYZVCYuFlngknWzg7Heg5wGA=
Subject key identifier: 44:3D:C5:AD:D2:43:89:A4:A0:87:88:61:42:88:23:02:75:EA:9A:AF
Certificate issuer: /CN=ad9681f144db1430ac315c8306e1c14730c5fec2
Certificate serial: 019C45F50B216EB4DD5C039F76C6266AFB56
Authority key identifier: AD:96:81:F1:44:DB:14:30:AC:31:5C:83:06:E1:C1:47:30:C5:FE:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rZaB8UTbFDCsMVyDBuHBRzDF_sI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/RD3FrdJDiaSgh4hhQogjAnXqmq8.roa
Signing time: Tue 10 Feb 2026 05:10:12 +0000
ROA not before: Tue 10 Feb 2026 05:10:12 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 62442
IP address blocks: 78.157.32.0/19 maxlen: 19
78.157.32.0/24 maxlen: 24
78.157.34.0/24 maxlen: 24
78.157.35.0/24 maxlen: 24
78.157.36.0/24 maxlen: 24
78.157.37.0/24 maxlen: 24
78.157.38.0/24 maxlen: 24
78.157.39.0/24 maxlen: 24
78.157.40.0/24 maxlen: 24
78.157.41.0/24 maxlen: 24
78.157.42.0/24 maxlen: 24
78.157.43.0/24 maxlen: 24
78.157.44.0/24 maxlen: 24
78.157.45.0/24 maxlen: 24
78.157.46.0/24 maxlen: 24
78.157.47.0/24 maxlen: 24
78.157.48.0/21 maxlen: 21
78.157.48.0/24 maxlen: 24
78.157.49.0/24 maxlen: 24
78.157.50.0/24 maxlen: 24
78.157.51.0/24 maxlen: 24
78.157.52.0/24 maxlen: 24
78.157.53.0/24 maxlen: 24
78.157.54.0/23 maxlen: 23
78.157.54.0/24 maxlen: 24
78.157.55.0/24 maxlen: 24
78.157.56.0/21 maxlen: 21
78.157.56.0/24 maxlen: 24
78.157.57.0/24 maxlen: 24
78.157.58.0/24 maxlen: 24
78.157.59.0/24 maxlen: 24
78.157.60.0/23 maxlen: 23
78.157.60.0/24 maxlen: 24
78.157.61.0/24 maxlen: 24
78.157.62.0/24 maxlen: 24
78.157.63.0/24 maxlen: 24
89.221.84.0/22 maxlen: 22
89.221.88.0/21 maxlen: 21
89.221.88.0/24 maxlen: 24
89.221.89.0/24 maxlen: 24
89.221.92.0/24 maxlen: 24
89.221.93.0/24 maxlen: 24
185.222.210.0/24 maxlen: 24
2a10:8180::/29 maxlen: 29
2a10:8180::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/rZaB8UTbFDCsMVyDBuHBRzDF_sI.crl
rsync://rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/rZaB8UTbFDCsMVyDBuHBRzDF_sI.mft
rsync://rpki.ripe.net/repository/DEFAULT/rZaB8UTbFDCsMVyDBuHBRzDF_sI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:45:f5:0b:21:6e:b4:dd:5c:03:9f:76:c6:26:6a:fb:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ad9681f144db1430ac315c8306e1c14730c5fec2
Validity
Not Before: Feb 10 05:10:12 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=443dc5add24389a4a08788614288230275ea9aaf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:23:d7:b8:6b:44:a9:3e:7c:5e:41:a3:ad:b9:
bc:94:33:cc:85:c3:25:0f:ac:f0:d7:9f:2a:f6:bf:
3d:71:9b:a6:25:f6:28:61:04:14:b8:f7:12:14:31:
a0:a0:a4:9f:2f:1f:f9:f2:c2:bb:c7:6e:d7:b8:0f:
b1:b0:47:b8:8e:a6:38:10:dc:e4:93:f4:b1:a0:47:
ac:71:47:88:15:31:17:ce:bf:25:ab:c5:4a:d2:30:
9f:e2:ac:ea:1e:4d:49:17:e9:88:2b:f9:3b:ba:e3:
d3:4d:17:3c:a1:3a:e0:fe:84:cb:02:80:4d:12:cd:
e0:21:13:92:cf:ef:72:f9:b7:e3:c2:e0:1b:bd:ff:
a5:eb:d9:85:e1:61:3b:f5:b7:16:24:1e:f6:83:20:
62:a3:ce:6f:e6:3c:92:96:21:c4:87:03:dd:d9:83:
3f:62:9a:50:12:67:90:ec:41:32:af:3f:a9:d1:e9:
74:f6:33:af:aa:98:e2:21:b6:ae:d3:f6:bc:60:6d:
67:bd:8c:b2:47:33:0a:fd:7d:73:7c:35:95:5c:f0:
3d:94:55:e9:bf:27:6f:0e:5d:a0:af:b1:d7:1e:4c:
23:e9:48:8a:c9:9b:76:e2:68:08:d8:05:17:79:1c:
c6:28:a6:c9:14:1c:41:4b:a3:d8:93:83:23:2e:25:
cb:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:3D:C5:AD:D2:43:89:A4:A0:87:88:61:42:88:23:02:75:EA:9A:AF
X509v3 Authority Key Identifier:
keyid:AD:96:81:F1:44:DB:14:30:AC:31:5C:83:06:E1:C1:47:30:C5:FE:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rZaB8UTbFDCsMVyDBuHBRzDF_sI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/RD3FrdJDiaSgh4hhQogjAnXqmq8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/rZaB8UTbFDCsMVyDBuHBRzDF_sI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.157.32.0/19
89.221.84.0-89.221.95.255
185.222.210.0/24
IPv6:
2a10:8180::/29
Signature Algorithm: sha256WithRSAEncryption
c9:61:e6:3e:25:20:3d:eb:9b:50:f2:cc:0c:54:7a:b0:e2:43:
1f:0b:21:68:6e:d9:ab:de:74:0f:eb:a0:0b:26:3e:b8:f0:56:
4b:27:0f:f1:fa:00:e5:14:ae:74:bb:f4:c2:28:30:78:cc:3b:
79:10:8f:19:10:66:74:60:3b:63:53:ea:62:9c:d6:c2:7e:67:
59:fb:fc:9a:91:77:d3:fb:0d:7c:bb:39:9b:e4:7d:ce:5a:6e:
d8:6f:e8:6e:a4:ae:88:f2:af:b1:07:3a:8f:0c:06:e3:11:ce:
1d:fe:8f:03:d0:e7:ec:5e:62:18:89:14:47:16:f5:16:a3:77:
ab:86:40:56:e9:90:2b:a4:e4:64:c7:8d:f2:b5:ae:d2:3d:6f:
01:09:74:9f:12:90:62:74:21:f7:35:30:ba:be:70:d9:ea:ac:
c2:29:dc:fa:be:53:ad:c1:c6:26:a3:40:1a:0a:44:c0:9d:e0:
ee:3f:93:15:37:5d:37:94:4e:4e:3d:3c:e5:7c:cf:6d:1c:f6:
a7:18:49:4f:99:f3:22:cc:56:30:95:6c:c5:b9:5a:4b:c2:2a:
c7:cc:2d:52:bd:1b:23:4d:26:16:fb:93:f8:80:5a:77:87:ea:
7b:67:5a:61:36:60:07:ee:20:b5:48:ad:64:72:1b:c4:9a:63:
5f:33:e6:93
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAZxF9QshbrTdXAOfdsYmavtWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkOTY4MWYxNDRkYjE0MzBhYzMxNWM4MzA2ZTFjMTQ3MzBj
NWZlYzIwHhcNMjYwMjEwMDUxMDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDNkYzVhZGQyNDM4OWE0YTA4Nzg4NjE0Mjg4MjMwMjc1ZWE5YWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiPXuGtEqT58XkGjrbm8lDPMhcMl
D6zw158q9r89cZumJfYoYQQUuPcSFDGgoKSfLx/58sK7x27XuA+xsEe4jqY4ENzk
k/SxoEescUeIFTEXzr8lq8VK0jCf4qzqHk1JF+mIK/k7uuPTTRc8oTrg/oTLAoBN
Es3gIROSz+9y+bfjwuAbvf+l69mF4WE79bcWJB72gyBio85v5jySliHEhwPd2YM/
YppQEmeQ7EEyrz+p0el09jOvqpjiIbau0/a8YG1nvYyyRzMK/X1zfDWVXPA9lFXp
vydvDl2gr7HXHkwj6UiKyZt24mgI2AUXeRzGKKbJFBxBS6PYk4MjLiXLrwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFEQ9xa3SQ4mkoIeIYUKIIwJ16pqvMB8GA1UdIwQY
MBaAFK2WgfFE2xQwrDFcgwbhwUcwxf7CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclphQjhVVGJGRENzTVZ5REJ1SEJSekRGX3NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy80MDViNWYtOGQyNi00ZWUzLWI4N2Yt
YTNhMTNlM2E3ZDgwLzEvUkQzRnJkSkRpYVNnaDRoaFFvZ2pBblhxbXE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy80MDViNWYtOGQyNi00ZWUzLWI4N2YtYTNhMTNlM2E3ZDgw
LzEvclphQjhVVGJGRENzTVZ5REJ1SEJSekRGX3NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQFTp0gMAwD
BAJZ3VQDBAVZ3UADBAC53tIwDQQCAAIwBwMFAyoQgYAwDQYJKoZIhvcNAQELBQAD
ggEBAMlh5j4lID3rm1DyzAxUerDiQx8LIWhu2avedA/roAsmPrjwVksnD/H6AOUU
rnS79MIoMHjMO3kQjxkQZnRgO2NT6mKc1sJ+Z1n7/JqRd9P7DXy7OZvkfc5abthv
6G6krojyr7EHOo8MBuMRzh3+jwPQ5+xeYhiJFEcW9Rajd6uGQFbpkCuk5GTHjfK1
rtI9bwEJdJ8SkGJ0Ifc1MLq+cNnqrMIp3Pq+U63BxiajQBoKRMCd4O4/kxU3XTeU
Tk49POV8z20c9qcYSU+Z8yLMVjCVbMW5WkvCKsfMLVK9GyNNJhb7k/iAWneH6ntn
WmE2YAfuILVIrWRyG8SaY18z5pM=
-----END CERTIFICATE-----
Generated at Mon Mar 2 10:04:44 2026 by rpki-client