Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/0e488f-180d-4c8a-a452-4c74bb59c594/1/dC_tdg2qgUGR78BT_3PdLF7UbPM.roa
File: dC_tdg2qgUGR78BT_3PdLF7UbPM.roa (raw, json)
Hash identifier: DfadTJyWuoohYhqyhxUUmCl52vT2mXB2Fuh0/bSqqGQ=
Subject key identifier: 74:2F:ED:76:0D:AA:81:41:91:EF:C0:53:FF:73:DD:2C:5E:D4:6C:F3
Certificate issuer: /CN=ef8455d40c2e3dbcb24446fcc97a09ed4badedc3
Certificate serial: 019BE5E295964008BBAE89D58DAFC97BCCF6
Authority key identifier: EF:84:55:D4:0C:2E:3D:BC:B2:44:46:FC:C9:7A:09:ED:4B:AD:ED:C3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/74RV1AwuPbyyREb8yXoJ7Uut7cM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/0e488f-180d-4c8a-a452-4c74bb59c594/1/dC_tdg2qgUGR78BT_3PdLF7UbPM.roa
Signing time: Thu 22 Jan 2026 13:26:30 +0000
ROA not before: Thu 22 Jan 2026 13:26:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 198050
IP address blocks: 5.253.230.0/24 maxlen: 24
64.190.43.0/24 maxlen: 24
91.231.70.0/23 maxlen: 23
91.231.80.0/22 maxlen: 22
176.97.24.0/21 maxlen: 21
194.169.138.0/24 maxlen: 24
209.162.203.0/24 maxlen: 24
212.47.33.0/24 maxlen: 24
2a0f:1700::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cf/0e488f-180d-4c8a-a452-4c74bb59c594/1/74RV1AwuPbyyREb8yXoJ7Uut7cM.crl
rsync://rpki.ripe.net/repository/DEFAULT/cf/0e488f-180d-4c8a-a452-4c74bb59c594/1/74RV1AwuPbyyREb8yXoJ7Uut7cM.mft
rsync://rpki.ripe.net/repository/DEFAULT/74RV1AwuPbyyREb8yXoJ7Uut7cM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:e5:e2:95:96:40:08:bb:ae:89:d5:8d:af:c9:7b:cc:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef8455d40c2e3dbcb24446fcc97a09ed4badedc3
Validity
Not Before: Jan 22 13:26:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=742fed760daa814191efc053ff73dd2c5ed46cf3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:92:b2:a4:d7:a2:e4:33:93:17:b8:d2:9a:74:
38:e2:93:ba:dd:51:a3:0d:e2:7a:74:b8:b5:b1:1f:
39:05:6d:03:69:a7:e3:86:c2:43:d6:d8:76:1c:da:
db:e7:87:44:37:03:76:69:08:6c:4c:26:0a:c5:d2:
69:ae:28:1b:83:f4:e8:a7:f3:7c:cf:6a:b7:08:5a:
a8:9c:00:c6:8a:4a:d9:fb:75:13:5d:2d:cd:26:54:
5e:e1:1e:b0:20:f2:4d:5f:8d:bb:4d:4d:f6:6e:d9:
2c:cc:51:4a:9d:e8:e4:58:06:b4:bc:ae:08:be:4b:
7f:98:c1:87:bb:80:8d:03:98:28:c1:0e:7e:79:85:
79:dc:7e:0b:c6:03:a8:47:c8:9c:72:98:54:32:0c:
38:22:b1:5c:83:d2:c4:3b:ad:c7:7a:cc:d7:c6:27:
58:9b:97:44:e9:02:1e:8d:07:20:11:7a:8f:1b:a3:
e5:4e:80:08:e7:8a:14:ed:57:eb:38:38:03:6c:d0:
ab:bd:93:4c:40:ef:34:53:b4:c6:22:06:33:1b:c5:
7f:dc:50:26:e3:cb:7f:f6:c8:bf:ca:aa:d1:5c:2e:
fd:19:f4:23:aa:10:03:22:78:29:1f:65:3e:3f:a1:
de:1f:46:67:11:d7:2a:7f:c4:d1:3d:13:01:14:7a:
da:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:2F:ED:76:0D:AA:81:41:91:EF:C0:53:FF:73:DD:2C:5E:D4:6C:F3
X509v3 Authority Key Identifier:
keyid:EF:84:55:D4:0C:2E:3D:BC:B2:44:46:FC:C9:7A:09:ED:4B:AD:ED:C3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/74RV1AwuPbyyREb8yXoJ7Uut7cM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/0e488f-180d-4c8a-a452-4c74bb59c594/1/dC_tdg2qgUGR78BT_3PdLF7UbPM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/0e488f-180d-4c8a-a452-4c74bb59c594/1/74RV1AwuPbyyREb8yXoJ7Uut7cM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.230.0/24
64.190.43.0/24
91.231.70.0/23
91.231.80.0/22
176.97.24.0/21
194.169.138.0/24
209.162.203.0/24
212.47.33.0/24
IPv6:
2a0f:1700::/29
Signature Algorithm: sha256WithRSAEncryption
74:1a:f4:0d:4c:23:6c:f1:5c:73:77:e8:9f:f4:e9:74:c5:a3:
66:8d:66:e2:8e:00:14:53:ba:95:94:45:e9:ff:a2:23:38:ee:
70:92:a5:02:19:93:bb:79:11:61:6b:91:85:10:8c:a0:0a:56:
ab:48:1e:ee:82:f7:91:06:0b:5d:0f:45:12:46:44:89:a3:bd:
dc:cb:27:06:54:7d:45:5e:91:16:13:22:d5:f8:9d:00:c1:82:
15:83:50:60:48:b7:c1:3c:71:a0:1c:f9:31:95:20:70:3c:a9:
54:1d:2a:d4:88:22:91:09:18:1f:d1:3c:8c:3e:fb:c9:ab:1b:
b2:29:86:8d:28:31:48:f7:c1:3b:ae:82:df:24:93:3f:d2:c3:
f7:f1:f1:4a:8f:bb:e6:39:30:53:29:94:d7:ea:29:3d:67:bd:
d2:b7:51:f6:fd:ba:d9:ff:1b:eb:3b:39:b0:bb:d0:50:17:5c:
4b:95:88:05:9a:f1:c8:1d:83:e9:be:56:c9:4f:43:0a:f0:f1:
29:11:13:da:c7:cd:b7:78:07:31:da:73:d3:63:18:2e:23:c8:
cc:a3:6c:e8:3c:e4:71:91:8a:65:29:55:28:1e:43:07:8b:28:
92:7f:d8:9a:d1:d9:ed:26:c5:cb:3a:0b:db:be:72:68:5f:ec:
ee:34:d4:3e
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZvl4pWWQAi7ronVja/Je8z2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmODQ1NWQ0MGMyZTNkYmNiMjQ0NDZmY2M5N2EwOWVkNGJh
ZGVkYzMwHhcNMjYwMTIyMTMyNjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDJmZWQ3NjBkYWE4MTQxOTFlZmMwNTNmZjczZGQyYzVlZDQ2Y2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5KypNei5DOTF7jSmnQ44pO63VGj
DeJ6dLi1sR85BW0DaafjhsJD1th2HNrb54dENwN2aQhsTCYKxdJprigbg/Top/N8
z2q3CFqonADGikrZ+3UTXS3NJlRe4R6wIPJNX427TU32btkszFFKnejkWAa0vK4I
vkt/mMGHu4CNA5gowQ5+eYV53H4LxgOoR8iccphUMgw4IrFcg9LEO63HeszXxidY
m5dE6QIejQcgEXqPG6PlToAI54oU7VfrODgDbNCrvZNMQO80U7TGIgYzG8V/3FAm
48t/9si/yqrRXC79GfQjqhADIngpH2U+P6HeH0ZnEdcqf8TRPRMBFHraCQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFHQv7XYNqoFBke/AU/9z3Sxe1GzzMB8GA1UdIwQY
MBaAFO+EVdQMLj28skRG/Ml6Ce1Lre3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzRSVjFBd3VQYnl5UkViOHlYb0o3VXV0N2NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi8wZTQ4OGYtMTgwZC00YzhhLWE0NTIt
NGM3NGJiNTljNTk0LzEvZENfdGRnMnFnVUdSNzhCVF8zUGRMRjdVYlBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi8wZTQ4OGYtMTgwZC00YzhhLWE0NTItNGM3NGJiNTljNTk0
LzEvNzRSVjFBd3VQYnl5UkViOHlYb0o3VXV0N2NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQABf3mAwQA
QL4rAwQBW+dGAwQCW+dQAwQDsGEYAwQAwqmKAwQA0aLLAwQA1C8hMA0EAgACMAcD
BQMqDxcAMA0GCSqGSIb3DQEBCwUAA4IBAQB0GvQNTCNs8Vxzd+if9Ol0xaNmjWbi
jgAUU7qVlEXp/6IjOO5wkqUCGZO7eRFha5GFEIygClarSB7ugveRBgtdD0USRkSJ
o73cyycGVH1FXpEWEyLV+J0AwYIVg1BgSLfBPHGgHPkxlSBwPKlUHSrUiCKRCRgf
0TyMPvvJqxuyKYaNKDFI98E7roLfJJM/0sP38fFKj7vmOTBTKZTX6ik9Z73St1H2
/brZ/xvrOzmwu9BQF1xLlYgFmvHIHYPpvlbJT0MK8PEpERPax823eAcx2nPTYxgu
I8jMo2zoPORxkYplKVUoHkMHiyiSf9ia0dntJsXLOgvbvnJoX+zuNNQ+
-----END CERTIFICATE-----
Generated at Mon Mar 2 08:22:39 2026 by rpki-client