Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/A4nWZcqbIB6mZ3r4TPebwidgzO8.roa
File: A4nWZcqbIB6mZ3r4TPebwidgzO8.roa (raw, json)
Hash identifier: vRgpw5CyOzE9dkBiBgcBt+Pz32kRFcheCMuET86c6fc=
Subject key identifier: 03:89:D6:65:CA:9B:20:1E:A6:67:7A:F8:4C:F7:9B:C2:27:60:CC:EF
Certificate issuer: /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial: 019D690D6AA18012731BE3E99A891446F617
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/A4nWZcqbIB6mZ3r4TPebwidgzO8.roa
Signing time: Tue 07 Apr 2026 17:46:20 +0000
ROA not before: Tue 07 Apr 2026 17:46:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 834
IP address blocks: 5.102.39.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 17:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:69:0d:6a:a1:80:12:73:1b:e3:e9:9a:89:14:46:f6:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Validity
Not Before: Apr 7 17:46:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0389d665ca9b201ea6677af84cf79bc22760ccef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:d9:f4:1d:70:3b:ba:95:f6:ac:2b:49:f5:f7:
5c:1a:cf:40:31:2f:e8:05:fb:6a:83:08:a8:10:87:
80:19:1a:8e:44:bc:a4:e5:2c:ef:b7:3c:48:e8:d8:
49:42:cd:60:f6:6a:b5:d1:6e:cf:8b:8d:b4:e8:d3:
b9:3e:45:68:7b:39:a0:4e:8d:b7:33:80:b3:60:38:
49:cf:f8:f7:fe:57:8f:90:09:5e:55:e0:1d:7f:df:
8c:97:c0:3c:b0:1e:29:30:a1:9c:56:0d:aa:f5:ee:
f2:c4:fa:89:ac:9a:c2:85:be:4c:0b:09:d1:3a:f1:
cd:55:7e:ae:e9:6d:e4:c7:5a:0e:40:6a:d3:85:0a:
e6:e3:ad:53:d6:9c:8e:ad:6f:4c:86:01:b8:ab:13:
48:56:7a:a6:b7:fc:cf:a3:1c:7b:6b:a2:95:01:7c:
57:6c:80:6e:af:61:4d:1d:b0:f8:ad:23:12:5a:1b:
94:6c:48:ca:6f:c9:fc:22:e9:3a:0d:cd:f5:41:4c:
9a:c0:d1:42:03:45:90:8c:2d:5a:c3:d3:ad:c9:bb:
76:83:bf:bd:90:71:f0:80:30:c7:6b:be:12:63:3c:
bc:60:2e:c6:cf:15:d7:c4:aa:48:a6:6e:9c:f6:ed:
4a:f2:59:05:a6:cc:a7:74:5f:4b:8f:9e:8e:16:ae:
75:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:89:D6:65:CA:9B:20:1E:A6:67:7A:F8:4C:F7:9B:C2:27:60:CC:EF
X509v3 Authority Key Identifier:
keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/A4nWZcqbIB6mZ3r4TPebwidgzO8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.102.39.0/24
Signature Algorithm: sha256WithRSAEncryption
28:15:82:18:4c:0c:6a:18:8c:e7:b5:36:f3:a3:6a:74:73:44:
aa:8c:fb:ba:08:f7:cd:7b:f2:3f:59:1c:59:2c:b6:fc:fc:99:
ce:48:a2:c1:83:3e:f0:27:7c:dd:52:3b:0b:cb:90:23:a6:fc:
9e:72:b8:1b:f6:ce:34:36:53:b9:95:b8:a2:cf:84:38:f8:d1:
27:b0:c2:1b:12:ac:da:61:bb:97:1e:38:98:ce:87:36:6d:aa:
aa:6f:ea:a1:87:75:79:56:5a:f7:3a:02:14:55:51:0d:8a:bf:
21:04:f5:b2:8d:fa:3c:7e:9d:dd:32:01:df:8f:54:88:63:eb:
a2:ff:8f:7e:b5:e6:28:72:3f:31:aa:9e:bf:c9:f0:85:7e:40:
18:ec:96:7c:83:06:af:ae:8e:0d:84:62:89:05:e5:77:03:5f:
2b:42:aa:fe:55:85:78:75:7a:77:a9:e7:ae:b6:3a:7c:b2:b3:
5d:54:90:42:27:1c:f1:d9:85:78:fd:65:8d:b5:dc:95:fb:72:
59:6e:42:ca:1f:b9:35:30:b8:71:80:c7:20:df:51:84:a9:0e:
93:b4:75:af:f5:e8:f4:56:f9:e7:5f:a1:7d:af:c8:85:87:e6:
62:a5:eb:0e:38:e2:a3:36:ed:f7:55:3c:12:54:0a:75:3c:be:
d3:12:31:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1pDWqhgBJzG+PpmokURvYXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjYwNDA3MTc0NjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzg5ZDY2NWNhOWIyMDFlYTY2NzdhZjg0Y2Y3OWJjMjI3NjBjY2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1tn0HXA7upX2rCtJ9fdcGs9AMS/o
BftqgwioEIeAGRqORLyk5SzvtzxI6NhJQs1g9mq10W7Pi4206NO5PkVoezmgTo23
M4CzYDhJz/j3/lePkAleVeAdf9+Ml8A8sB4pMKGcVg2q9e7yxPqJrJrChb5MCwnR
OvHNVX6u6W3kx1oOQGrThQrm461T1pyOrW9MhgG4qxNIVnqmt/zPoxx7a6KVAXxX
bIBur2FNHbD4rSMSWhuUbEjKb8n8Iuk6Dc31QUyawNFCA0WQjC1aw9Otybt2g7+9
kHHwgDDHa74SYzy8YC7GzxXXxKpIpm6c9u1K8lkFpsyndF9Lj56OFq513QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAOJ1mXKmyAepmd6+Ez3m8InYMzvMB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEvQTRuV1pjcWJJQjZtWjNyNFRQZWJ3aWRnek84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWYnMA0G
CSqGSIb3DQEBCwUAA4IBAQAoFYIYTAxqGIzntTbzo2p0c0SqjPu6CPfNe/I/WRxZ
LLb8/JnOSKLBgz7wJ3zdUjsLy5Ajpvyecrgb9s40NlO5lbiiz4Q4+NEnsMIbEqza
YbuXHjiYzoc2baqqb+qhh3V5Vlr3OgIUVVENir8hBPWyjfo8fp3dMgHfj1SIY+ui
/49+teYocj8xqp6/yfCFfkAY7JZ8gwavro4NhGKJBeV3A18rQqr+VYV4dXp3qeeu
tjp8srNdVJBCJxzx2YV4/WWNtdyV+3JZbkLKH7k1MLhxgMcg31GEqQ6TtHWv9ej0
VvnnX6F9r8iFh+ZipesOOOKjNu33VTwSVAp1PL7TEjG4
-----END CERTIFICATE-----
Generated at Fri Apr 17 03:33:34 2026 by rpki-client