Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/cxrYDYRve-AK30Fn1TQ9Kqrsm3M.roa
File: cxrYDYRve-AK30Fn1TQ9Kqrsm3M.roa (raw, json)
Hash identifier: omj5Dxmbd1CeguDg9OXaZDFdwZG6Smx/H+Y39YrtYK8=
Subject key identifier: 73:1A:D8:0D:84:6F:7B:E0:0A:DF:41:67:D5:34:3D:2A:AA:EC:9B:73
Certificate issuer: /CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
Certificate serial: 019D9C8A47C0522F3EDAF6B708E3E2C331F4
Authority key identifier: B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/cxrYDYRve-AK30Fn1TQ9Kqrsm3M.roa
Signing time: Fri 17 Apr 2026 17:43:21 +0000
ROA not before: Fri 17 Apr 2026 17:43:21 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 30860
IP address blocks: 31.42.184.0/23 maxlen: 23
31.42.186.0/24 maxlen: 24
31.42.187.0/24 maxlen: 24
45.11.56.0/24 maxlen: 24
45.11.57.0/24 maxlen: 24
45.11.58.0/24 maxlen: 24
45.11.59.0/24 maxlen: 24
45.12.0.0/22 maxlen: 24
45.12.1.0/24 maxlen: 24
45.12.2.0/24 maxlen: 24
45.12.3.0/24 maxlen: 24
45.134.172.0/22 maxlen: 24
45.134.173.0/24 maxlen: 24
62.182.80.0/23 maxlen: 23
62.182.82.0/23 maxlen: 23
62.182.84.0/24 maxlen: 24
62.182.85.0/24 maxlen: 24
62.182.86.0/24 maxlen: 24
62.182.87.0/24 maxlen: 24
85.137.57.0/24 maxlen: 24
91.208.115.0/24 maxlen: 24
95.214.232.0/24 maxlen: 24
95.214.233.0/24 maxlen: 24
95.214.234.0/23 maxlen: 23
152.89.60.0/24 maxlen: 24
152.89.61.0/24 maxlen: 24
152.89.62.0/24 maxlen: 24
152.89.63.0/24 maxlen: 24
176.97.112.0/20 maxlen: 24
176.97.114.0/24 maxlen: 24
176.97.124.0/24 maxlen: 24
176.119.24.0/24 maxlen: 24
176.119.25.0/24 maxlen: 24
176.119.26.0/23 maxlen: 23
176.119.26.0/24 maxlen: 24
176.119.27.0/24 maxlen: 24
176.119.28.0/24 maxlen: 24
176.119.29.0/24 maxlen: 24
176.119.30.0/24 maxlen: 24
176.119.31.0/24 maxlen: 24
185.66.88.0/23 maxlen: 23
185.66.90.0/24 maxlen: 24
185.66.91.0/24 maxlen: 24
185.254.196.0/23 maxlen: 23
185.254.198.0/24 maxlen: 24
185.254.199.0/24 maxlen: 24
193.23.181.0/24 maxlen: 24
194.42.204.0/22 maxlen: 24
194.42.205.0/24 maxlen: 24
195.66.210.0/24 maxlen: 24
195.66.214.0/23 maxlen: 24
2a09:2dc0::/29 maxlen: 29
2a09:2dc1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.crl
rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.mft
rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 04:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:9c:8a:47:c0:52:2f:3e:da:f6:b7:08:e3:e2:c3:31:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
Validity
Not Before: Apr 17 17:43:21 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=731ad80d846f7be00adf4167d5343d2aaaec9b73
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:16:d7:f8:7d:3b:f7:ef:f1:9d:6c:0d:e8:71:
71:29:b9:d4:cb:81:4c:53:f3:4f:7d:f0:46:19:56:
57:06:b7:4c:ed:a4:ea:21:d7:98:ce:75:31:2f:1a:
96:69:3a:b3:1b:b3:06:b5:e7:ab:c7:a7:90:be:49:
10:6b:4a:81:10:46:1b:60:ce:9f:43:83:b8:07:2e:
13:cd:45:84:6b:dd:56:19:a2:2c:0f:1c:cc:ba:34:
85:b7:96:cd:52:7f:0c:d3:56:e4:30:8c:2c:c4:50:
01:87:fc:39:b8:9f:85:a4:fa:56:98:dc:7d:15:cb:
20:26:64:1c:c4:42:f3:6e:21:a3:2a:d9:23:17:ac:
bb:f2:a2:00:c2:39:61:08:13:91:fe:76:de:0a:96:
8d:ff:83:e2:13:23:4c:e3:6f:58:73:6a:87:54:cb:
87:8d:3b:c4:06:b0:15:e9:04:bb:fb:28:22:99:de:
8d:cc:79:f4:14:91:7a:e7:f8:b1:7e:88:ec:16:a6:
90:db:fe:8d:61:b4:03:86:eb:dc:84:a0:52:c8:7b:
86:1c:1d:f1:9e:4d:d0:70:d8:73:93:fd:cf:1c:72:
66:64:f4:09:d8:5a:32:3f:41:44:4f:9d:94:db:67:
31:cd:64:1d:d4:d9:4f:8d:ab:d8:10:78:71:f7:c9:
99:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:1A:D8:0D:84:6F:7B:E0:0A:DF:41:67:D5:34:3D:2A:AA:EC:9B:73
X509v3 Authority Key Identifier:
keyid:B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/cxrYDYRve-AK30Fn1TQ9Kqrsm3M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.42.184.0/22
45.11.56.0/22
45.12.0.0/22
45.134.172.0/22
62.182.80.0/21
85.137.57.0/24
91.208.115.0/24
95.214.232.0/22
152.89.60.0/22
176.97.112.0/20
176.119.24.0/21
185.66.88.0/22
185.254.196.0/22
193.23.181.0/24
194.42.204.0/22
195.66.210.0/24
195.66.214.0/23
IPv6:
2a09:2dc0::/29
Signature Algorithm: sha256WithRSAEncryption
69:63:4b:a7:20:7a:e6:90:e0:57:b3:0b:d8:97:e6:86:fc:cc:
e8:c4:8a:71:84:9c:c3:0d:da:f8:90:50:44:59:00:aa:c5:18:
c8:73:43:a7:28:e1:78:a6:c7:f3:60:86:7b:4e:9a:5f:20:ac:
6f:19:b7:e3:25:bd:d7:b7:58:78:af:00:3f:7e:7a:03:e1:77:
7c:e5:9e:46:23:39:a9:b5:a2:47:0f:72:33:93:17:22:44:1f:
ae:1c:3f:52:f1:74:6c:c1:b8:7d:35:7f:de:be:69:5b:6e:18:
3c:71:98:39:f9:c1:38:be:bd:65:37:5d:53:4c:a1:e6:91:8f:
e4:86:51:22:04:fa:9a:d6:f5:ce:0b:99:ba:58:e3:c2:3d:9b:
c6:a9:1e:48:aa:62:4f:04:17:15:96:07:73:ac:81:5f:ff:a7:
88:cd:54:75:85:31:3e:f9:f4:d2:e9:1b:25:46:c6:56:ba:a7:
b8:78:2e:7b:db:c3:99:a7:37:a5:c2:cc:a0:a7:95:46:0c:5b:
a6:06:bc:80:7e:27:ea:fd:44:13:58:61:81:b3:5e:aa:a4:aa:
4a:9b:b5:68:c9:bb:2d:34:48:28:dd:aa:34:34:08:f3:85:20:
1f:a5:66:5b:b7:08:2f:39:d0:a1:3f:f3:72:51:d7:7f:30:5e:
32:d3:99:72
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgISAZ2cikfAUi8+2va3COPiwzH0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmM5YzI2ZGY3Y2NkOGFkMzhkODliZDVkNDkzODBiOTNi
MWUwMDkwHhcNMjYwNDE3MTc0MzIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzFhZDgwZDg0NmY3YmUwMGFkZjQxNjdkNTM0M2QyYWFhZWM5YjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxbX+H079+/xnWwN6HFxKbnUy4FM
U/NPffBGGVZXBrdM7aTqIdeYznUxLxqWaTqzG7MGteerx6eQvkkQa0qBEEYbYM6f
Q4O4By4TzUWEa91WGaIsDxzMujSFt5bNUn8M01bkMIwsxFABh/w5uJ+FpPpWmNx9
FcsgJmQcxELzbiGjKtkjF6y78qIAwjlhCBOR/nbeCpaN/4PiEyNM429Yc2qHVMuH
jTvEBrAV6QS7+ygimd6NzHn0FJF65/ixfojsFqaQ2/6NYbQDhuvchKBSyHuGHB3x
nk3QcNhzk/3PHHJmZPQJ2FoyP0FET52U22cxzWQd1NlPjavYEHhx98mZDwIDAQAB
o4ICeTCCAnUwHQYDVR0OBBYEFHMa2A2Eb3vgCt9BZ9U0PSqq7JtzMB8GA1UdIwQY
MBaAFLMsnCbffM2K042JvV1JOAuTseAJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjIt
Y2IxMWJjNWIyZjFiLzEvY3hyWURZUnZlLUFLMzBGbjFUUTlLcXJzbTNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjItY2IxMWJjNWIyZjFi
LzEvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGOBggrBgEFBQcBBwEB/wR/MH0wbAQCAAEwZgMEAh8quAME
Ai0LOAMEAi0MAAMEAi2GrAMEAz62UAMEAFWJOQMEAFvQcwMEAl/W6AMEAphZPAME
BLBhcAMEA7B3GAMEArlCWAMEArn+xAMEAMEXtQMEAsIqzAMEAMNC0gMEAcNC1jAN
BAIAAjAHAwUDKgktwDANBgkqhkiG9w0BAQsFAAOCAQEAaWNLpyB65pDgV7ML2Jfm
hvzM6MSKcYScww3a+JBQRFkAqsUYyHNDpyjheKbH82CGe06aXyCsbxm34yW917dY
eK8AP356A+F3fOWeRiM5qbWiRw9yM5MXIkQfrhw/UvF0bMG4fTV/3r5pW24YPHGY
OfnBOL69ZTddU0yh5pGP5IZRIgT6mtb1zguZuljjwj2bxqkeSKpiTwQXFZYHc6yB
X/+niM1UdYUxPvn00ukbJUbGVrqnuHgue9vDmac3pcLMoKeVRgxbpga8gH4n6v1E
E1hhgbNeqqSqSpu1aMm7LTRIKN2qNDQI84UgH6VmW7cILznQoT/zclHXfzBeMtOZ
cg==
-----END CERTIFICATE-----
Generated at Sun Apr 19 12:54:51 2026 by rpki-client