Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/R23MhGdPnTjalWc2zIuKwc_Sr7U.roa
File: R23MhGdPnTjalWc2zIuKwc_Sr7U.roa (raw, json)
Hash identifier: iRmN53RumdF37AoPcECNqwBrmBrWv1ca0HhyWhpgq9k=
Subject key identifier: 47:6D:CC:84:67:4F:9D:38:DA:95:67:36:CC:8B:8A:C1:CF:D2:AF:B5
Certificate issuer: /CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
Certificate serial: 019D9C0BED60C2A71DE49A839DFE0251620C
Authority key identifier: B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/R23MhGdPnTjalWc2zIuKwc_Sr7U.roa
Signing time: Fri 17 Apr 2026 15:25:20 +0000
ROA not before: Fri 17 Apr 2026 15:25:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43641
IP address blocks: 45.11.56.0/24 maxlen: 24
45.11.59.0/24 maxlen: 24
45.134.174.0/24 maxlen: 24
45.134.175.0/24 maxlen: 24
85.137.48.0/24 maxlen: 24
85.137.52.0/24 maxlen: 24
85.137.53.0/24 maxlen: 24
85.137.54.0/23 maxlen: 23
85.137.56.0/24 maxlen: 24
91.222.172.0/22 maxlen: 24
91.234.198.0/23 maxlen: 24
91.234.199.0/24 maxlen: 24
176.97.120.0/23 maxlen: 23
176.97.125.0/24 maxlen: 24
176.97.126.0/23 maxlen: 23
176.97.126.0/24 maxlen: 24
185.254.199.0/24 maxlen: 24
194.42.196.0/23 maxlen: 23
194.42.198.0/24 maxlen: 24
194.42.199.0/24 maxlen: 24
194.42.206.0/23 maxlen: 24
195.26.86.0/23 maxlen: 24
195.66.212.0/24 maxlen: 24
195.66.213.0/24 maxlen: 24
195.160.220.0/22 maxlen: 24
212.86.120.0/23 maxlen: 23
212.86.125.0/24 maxlen: 24
212.86.126.0/23 maxlen: 23
2a09:2dc1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.crl
rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.mft
rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 02:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:9c:0b:ed:60:c2:a7:1d:e4:9a:83:9d:fe:02:51:62:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
Validity
Not Before: Apr 17 15:25:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=476dcc84674f9d38da956736cc8b8ac1cfd2afb5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:e1:22:23:a4:6a:ed:4b:3d:d7:76:f9:50:72:
3d:8a:ad:cd:26:dd:db:24:dd:cc:d1:c5:b9:9e:1a:
aa:99:9c:7b:ab:50:68:c1:16:32:bf:6f:d2:57:ca:
1b:02:ec:0f:5b:10:74:83:34:40:43:3f:90:1b:54:
c8:30:c2:c7:34:75:93:e0:b1:c1:2b:43:84:f9:4d:
b8:bb:ce:88:19:25:e3:7a:60:1f:77:d4:cd:d0:4b:
ff:8d:f9:e1:09:12:b1:9a:45:fb:2f:8f:06:c4:97:
e5:65:b3:bc:6b:af:fe:35:f9:f2:89:17:44:a3:d3:
0f:b8:67:fe:9a:a9:82:ce:39:f5:4f:2b:e7:dc:95:
0c:6c:ad:17:7e:0c:73:37:2a:a0:ba:59:09:e4:31:
68:a7:9c:8b:8c:81:72:19:40:95:7f:10:ca:9d:64:
b3:53:6f:d5:ed:d2:c8:30:f9:05:88:c4:c6:a2:e7:
8c:9b:54:82:89:3b:8d:4a:85:4d:d3:e9:57:a3:67:
ef:1a:80:33:2a:81:78:0c:53:fb:0a:c7:77:96:ee:
73:ea:0b:15:3e:69:e0:7c:cd:05:c8:9f:dc:ca:b3:
3f:85:bc:a6:05:96:c0:7b:42:93:25:29:b0:3b:db:
5c:c9:20:34:b1:5e:a0:60:a2:24:e6:e7:0f:b8:3c:
c8:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:6D:CC:84:67:4F:9D:38:DA:95:67:36:CC:8B:8A:C1:CF:D2:AF:B5
X509v3 Authority Key Identifier:
keyid:B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/R23MhGdPnTjalWc2zIuKwc_Sr7U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.11.56.0/24
45.11.59.0/24
45.134.174.0/23
85.137.48.0/24
85.137.52.0-85.137.56.255
91.222.172.0/22
91.234.198.0/23
176.97.120.0/23
176.97.125.0-176.97.127.255
185.254.199.0/24
194.42.196.0/22
194.42.206.0/23
195.26.86.0/23
195.66.212.0/23
195.160.220.0/22
212.86.120.0/23
212.86.125.0-212.86.127.255
IPv6:
2a09:2dc1::/32
Signature Algorithm: sha256WithRSAEncryption
62:d4:0e:d3:27:cf:e2:7e:3d:fb:ad:d8:4e:04:74:46:bf:7d:
a8:ac:30:68:46:48:75:21:21:bb:23:4d:0b:61:27:68:8e:03:
59:12:89:b1:2c:23:d1:94:46:f8:86:5e:d0:3c:f9:c3:2a:cc:
f0:ee:ab:f3:a9:08:57:92:ea:ac:29:94:dc:39:2b:4d:ff:5c:
67:ee:b1:43:e2:4f:27:49:00:43:44:b0:fd:a0:1c:6b:8e:f9:
ec:23:f1:6b:0e:b1:ee:5e:2c:68:89:14:78:8f:51:52:d2:80:
d7:82:1e:34:f4:4d:87:b1:7c:49:f5:00:7f:3d:b8:36:aa:62:
2b:f9:f9:fe:34:92:36:b7:40:d2:85:96:75:b9:04:d0:cf:a5:
9d:fa:d9:42:9e:b6:f1:52:4a:aa:c2:cd:fe:f3:c2:18:39:34:
0a:d5:82:d6:6e:96:25:5f:cd:28:59:ed:03:b5:20:a1:4c:12:
79:aa:90:1f:da:e6:a0:8e:35:52:a2:6f:c7:9a:a9:af:af:a8:
77:52:2e:f8:12:b0:60:19:73:7d:02:31:56:be:6f:f1:e4:13:
0b:67:50:00:bc:61:09:31:15:1b:5e:fe:b5:74:8c:72:95:8e:
56:53:59:42:39:f1:12:98:68:52:69:de:d1:fb:21:d9:86:e3:
74:80:4e:71
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAZ2cC+1gwqcd5JqDnf4CUWIMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmM5YzI2ZGY3Y2NkOGFkMzhkODliZDVkNDkzODBiOTNi
MWUwMDkwHhcNMjYwNDE3MTUyNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzZkY2M4NDY3NGY5ZDM4ZGE5NTY3MzZjYzhiOGFjMWNmZDJhZmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+EiI6Rq7Us913b5UHI9iq3NJt3b
JN3M0cW5nhqqmZx7q1BowRYyv2/SV8obAuwPWxB0gzRAQz+QG1TIMMLHNHWT4LHB
K0OE+U24u86IGSXjemAfd9TN0Ev/jfnhCRKxmkX7L48GxJflZbO8a6/+NfnyiRdE
o9MPuGf+mqmCzjn1Tyvn3JUMbK0XfgxzNyqgulkJ5DFop5yLjIFyGUCVfxDKnWSz
U2/V7dLIMPkFiMTGoueMm1SCiTuNSoVN0+lXo2fvGoAzKoF4DFP7Csd3lu5z6gsV
PmngfM0FyJ/cyrM/hbymBZbAe0KTJSmwO9tcySA0sV6gYKIk5ucPuDzIKwIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFEdtzIRnT5042pVnNsyLisHP0q+1MB8GA1UdIwQY
MBaAFLMsnCbffM2K042JvV1JOAuTseAJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjIt
Y2IxMWJjNWIyZjFiLzEvUjIzTWhHZFBuVGphbFdjMnpJdUt3Y19TcjdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjItY2IxMWJjNWIyZjFi
LzEvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGpBggrBgEFBQcBBwEB/wSBmTCBljCBhAQCAAEwfgMEAC0L
OAMEAC0LOwMEAS2GrgMEAFWJMDAMAwQCVYk0AwQAVYk4AwQCW96sAwQBW+rGAwQB
sGF4MAwDBACwYX0DBAewYQADBAC5/scDBALCKsQDBAHCKs4DBAHDGlYDBAHDQtQD
BALDoNwDBAHUVngwDAMEANRWfQMEB9RWADANBAIAAjAHAwUAKgktwTANBgkqhkiG
9w0BAQsFAAOCAQEAYtQO0yfP4n49+63YTgR0Rr99qKwwaEZIdSEhuyNNC2EnaI4D
WRKJsSwj0ZRG+IZe0Dz5wyrM8O6r86kIV5LqrCmU3DkrTf9cZ+6xQ+JPJ0kAQ0Sw
/aAca4757CPxaw6x7l4saIkUeI9RUtKA14IeNPRNh7F8SfUAfz24NqpiK/n5/jSS
NrdA0oWWdbkE0M+lnfrZQp628VJKqsLN/vPCGDk0CtWC1m6WJV/NKFntA7UgoUwS
eaqQH9rmoI41UqJvx5qpr6+od1Iu+BKwYBlzfQIxVr5v8eQTC2dQALxhCTEVG17+
tXSMcpWOVlNZQjnxEphoUmne0fsh2YbjdIBOcQ==
-----END CERTIFICATE-----
Generated at Sun Apr 19 11:12:28 2026 by rpki-client