Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/LjlO1ofuYmhqoyn2NlCRL_J5HTw.roa
File: LjlO1ofuYmhqoyn2NlCRL_J5HTw.roa (raw, json)
Hash identifier: jsk6wV+xRGDXW32pveWO5wizMKfLghxcNIdSPlEaCLg=
Subject key identifier: 2E:39:4E:D6:87:EE:62:68:6A:A3:29:F6:36:50:91:2F:F2:79:1D:3C
Certificate issuer: /CN=86170339c2bc664d600fa98b8061269d48e4f2c6
Certificate serial: 019D6D211E3E485C1A3EDFFDF9D40623309A
Authority key identifier: 86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/LjlO1ofuYmhqoyn2NlCRL_J5HTw.roa
Signing time: Wed 08 Apr 2026 12:46:20 +0000
ROA not before: Wed 08 Apr 2026 12:46:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 203938
IP address blocks: 136.175.222.0/24 maxlen: 24
136.175.223.0/24 maxlen: 24
163.123.192.0/24 maxlen: 24
163.123.194.0/24 maxlen: 24
205.178.176.0/24 maxlen: 24
205.220.227.0/24 maxlen: 24
2a11:3a00::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl
rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.mft
rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 16:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:6d:21:1e:3e:48:5c:1a:3e:df:fd:f9:d4:06:23:30:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86170339c2bc664d600fa98b8061269d48e4f2c6
Validity
Not Before: Apr 8 12:46:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2e394ed687ee62686aa329f63650912ff2791d3c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:11:aa:52:9d:75:c4:fb:76:90:89:a5:93:cb:
c4:66:d1:ec:85:15:89:c5:1a:bc:ff:ba:5e:a1:00:
c0:86:f1:15:f4:01:c7:76:73:04:3e:25:1f:b2:90:
ed:3c:5e:e6:79:d5:eb:dd:2f:bd:ee:19:64:5b:ee:
1b:88:98:f1:58:4a:2b:83:08:f8:26:82:0e:3d:0f:
14:09:ba:58:f6:4c:07:7b:3d:ff:b9:ba:69:1d:ed:
da:89:a3:68:59:87:71:a9:39:c5:55:63:d4:84:e4:
1b:65:75:19:84:ba:ae:4c:0f:5d:b9:ad:59:e5:d2:
8d:f2:2d:ef:d8:8d:f1:84:18:bb:07:fd:a7:75:a4:
f1:43:1c:a3:7c:d7:19:d2:6b:95:2f:90:d7:19:37:
75:2c:b1:51:2f:a3:83:b8:da:88:71:f4:69:41:69:
91:bf:fa:f0:53:c7:05:2f:33:b0:e3:2c:cd:49:98:
9d:3c:50:6e:62:e7:63:98:81:0c:d2:10:06:cf:9a:
78:d4:ec:29:f9:aa:33:b3:72:66:cf:59:95:16:44:
75:87:a2:4f:dd:26:ca:4b:ed:8d:a0:55:b5:6a:ce:
ec:14:cc:ad:66:49:ad:cf:05:74:91:4b:0e:fd:4a:
77:dd:8c:fd:f4:87:3c:fe:61:74:b1:84:df:75:ba:
46:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:39:4E:D6:87:EE:62:68:6A:A3:29:F6:36:50:91:2F:F2:79:1D:3C
X509v3 Authority Key Identifier:
keyid:86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/LjlO1ofuYmhqoyn2NlCRL_J5HTw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
136.175.222.0/23
163.123.192.0/24
163.123.194.0/24
205.178.176.0/24
205.220.227.0/24
IPv6:
2a11:3a00::/29
Signature Algorithm: sha256WithRSAEncryption
22:1e:46:74:39:b9:2e:7a:ab:2a:3a:5b:b0:3e:ad:92:b7:65:
0c:db:eb:03:aa:36:da:8f:a6:42:3d:02:54:99:0f:6f:15:d7:
4a:b8:50:df:e0:9e:3a:a9:46:88:3c:09:08:a1:60:9b:20:e3:
f3:a7:2b:34:27:a8:55:8a:df:13:cb:d5:25:c6:83:a3:38:49:
9e:46:92:6e:ed:d4:db:21:29:05:16:90:d2:9a:5e:2f:be:4a:
25:60:df:4a:22:dc:2d:00:d9:74:c7:5d:fa:60:d5:2f:68:c2:
2c:04:2b:ab:e3:be:6a:4b:e6:ba:b6:b0:e6:50:e5:d3:fd:ff:
3c:f8:bb:ed:97:bb:46:0c:a7:41:79:dc:2a:7e:90:0c:e6:ed:
dc:78:93:2e:cd:9c:20:ae:95:10:12:fa:31:51:7c:d6:05:7b:
a2:4d:b7:d3:83:a1:01:0c:22:b8:de:a0:c8:b9:ec:52:5d:61:
b4:68:d6:df:60:ab:8b:e9:49:b6:ba:4f:04:b5:8f:b8:12:06:
72:a2:86:4d:b6:d5:9c:6d:79:55:e0:d9:fc:65:93:12:14:fa:
9f:64:c2:a8:dc:57:c1:2f:38:05:f0:df:1a:1e:73:1a:4d:bc:
30:d7:e0:d1:a5:62:d2:09:36:78:05:de:14:0d:34:00:e9:f4:
53:0a:e9:81
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZ1tIR4+SFwaPt/9+dQGIzCaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MTcwMzM5YzJiYzY2NGQ2MDBmYTk4YjgwNjEyNjlkNDhl
NGYyYzYwHhcNMjYwNDA4MTI0NjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTM5NGVkNjg3ZWU2MjY4NmFhMzI5ZjYzNjUwOTEyZmYyNzkxZDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxGqUp11xPt2kImlk8vEZtHshRWJ
xRq8/7peoQDAhvEV9AHHdnMEPiUfspDtPF7medXr3S+97hlkW+4biJjxWEorgwj4
JoIOPQ8UCbpY9kwHez3/ubppHe3aiaNoWYdxqTnFVWPUhOQbZXUZhLquTA9dua1Z
5dKN8i3v2I3xhBi7B/2ndaTxQxyjfNcZ0muVL5DXGTd1LLFRL6ODuNqIcfRpQWmR
v/rwU8cFLzOw4yzNSZidPFBuYudjmIEM0hAGz5p41Owp+aozs3Jmz1mVFkR1h6JP
3SbKS+2NoFW1as7sFMytZkmtzwV0kUsO/Up33Yz99Ic8/mF0sYTfdbpGyQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFC45TtaH7mJoaqMp9jZQkS/yeR08MB8GA1UdIwQY
MBaAFIYXAznCvGZNYA+pi4BhJp1I5PLGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMt
NzRkOTFjZGJlMTk1LzEvTGpsTzFvZnVZbWhxb3luMk5sQ1JMX0o1SFR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMtNzRkOTFjZGJlMTk1
LzEvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQBiK/eAwQA
o3vAAwQAo3vCAwQAzbKwAwQAzdzjMA0EAgACMAcDBQMqEToAMA0GCSqGSIb3DQEB
CwUAA4IBAQAiHkZ0ObkueqsqOluwPq2St2UM2+sDqjbaj6ZCPQJUmQ9vFddKuFDf
4J46qUaIPAkIoWCbIOPzpys0J6hVit8Ty9UlxoOjOEmeRpJu7dTbISkFFpDSml4v
vkolYN9KItwtANl0x136YNUvaMIsBCur475qS+a6trDmUOXT/f88+Lvtl7tGDKdB
edwqfpAM5u3ceJMuzZwgrpUQEvoxUXzWBXuiTbfTg6EBDCK43qDIuexSXWG0aNbf
YKuL6Um2uk8EtY+4EgZyooZNttWcbXlV4Nn8ZZMSFPqfZMKo3FfBLzgF8N8aHnMa
Tbww1+DRpWLSCTZ4Bd4UDTQA6fRTCumB
-----END CERTIFICATE-----
Generated at Fri Apr 17 23:55:01 2026 by rpki-client