Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/4BtZ6ImulGiBNPfFEyIkenVvnSE.roa
File: 4BtZ6ImulGiBNPfFEyIkenVvnSE.roa (raw, json)
Hash identifier: 6h+jPwLu4nddov8mWqAqvJNAzlSrWOgSVAeEWaQAHMQ=
Subject key identifier: E0:1B:59:E8:89:AE:94:68:81:34:F7:C5:13:22:24:7A:75:6F:9D:21
Certificate issuer: /CN=9a24b27d9f3df6e14ebc79e146e8be32754bf800
Certificate serial: 019D2EA0686504CC9904AB7E1E9FF94C58B7
Authority key identifier: 9A:24:B2:7D:9F:3D:F6:E1:4E:BC:79:E1:46:E8:BE:32:75:4B:F8:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/miSyfZ899uFOvHnhRui-MnVL-AA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/4BtZ6ImulGiBNPfFEyIkenVvnSE.roa
Signing time: Fri 27 Mar 2026 09:29:17 +0000
ROA not before: Fri 27 Mar 2026 09:29:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 209854
IP address blocks: 92.249.36.0/24 maxlen: 24
92.249.37.0/24 maxlen: 24
92.249.38.0/24 maxlen: 24
92.249.39.0/24 maxlen: 24
172.216.0.0/16 maxlen: 24
203.21.66.0/24 maxlen: 24
2a09:a700::/29 maxlen: 48
2a09:a702:b4::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/miSyfZ899uFOvHnhRui-MnVL-AA.crl
rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/miSyfZ899uFOvHnhRui-MnVL-AA.mft
rsync://rpki.ripe.net/repository/DEFAULT/miSyfZ899uFOvHnhRui-MnVL-AA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:2e:a0:68:65:04:cc:99:04:ab:7e:1e:9f:f9:4c:58:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9a24b27d9f3df6e14ebc79e146e8be32754bf800
Validity
Not Before: Mar 27 09:29:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=e01b59e889ae94688134f7c51322247a756f9d21
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:b8:42:fc:c8:e3:63:3f:a6:58:bd:c0:a5:8e:
7c:be:ed:ac:b6:fb:0e:28:43:6d:78:7c:bd:56:47:
82:ec:a6:f8:fd:76:a3:07:17:b4:79:27:4c:56:cf:
1c:85:ca:5c:f5:b3:57:a3:36:9f:ea:80:f8:b4:c4:
90:06:e4:23:18:da:60:47:80:90:00:6c:d2:fd:f6:
6e:72:64:26:e3:e2:d9:1c:74:5c:d0:40:9e:6d:b2:
fa:3d:a2:16:c2:7e:ae:63:c4:26:0e:ea:67:73:be:
c1:e6:bd:85:55:81:a6:70:77:bd:4c:e9:c8:ad:c8:
62:ce:a8:e4:c5:cf:86:dd:af:5a:42:02:77:9f:34:
56:df:75:b6:f4:27:8d:16:d5:21:15:5f:63:3e:2a:
42:79:70:cf:1a:4d:13:16:f8:4f:8a:1a:e2:55:7a:
a1:c1:33:71:90:26:b8:e3:80:d5:02:86:77:64:32:
41:a2:35:64:b4:44:db:54:d4:7a:67:00:4d:1b:00:
56:0f:81:3f:f9:96:9f:12:a7:55:44:17:34:c9:63:
41:a1:6e:fa:94:ce:e0:de:b0:30:3e:a0:f2:dd:be:
cf:69:d0:ab:ee:86:6b:1d:ac:f5:e3:64:a8:1c:ff:
00:7f:05:75:0e:5f:26:74:e1:b8:d9:65:91:42:24:
2f:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:1B:59:E8:89:AE:94:68:81:34:F7:C5:13:22:24:7A:75:6F:9D:21
X509v3 Authority Key Identifier:
keyid:9A:24:B2:7D:9F:3D:F6:E1:4E:BC:79:E1:46:E8:BE:32:75:4B:F8:00
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/miSyfZ899uFOvHnhRui-MnVL-AA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/4BtZ6ImulGiBNPfFEyIkenVvnSE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/miSyfZ899uFOvHnhRui-MnVL-AA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.249.36.0/22
172.216.0.0/16
203.21.66.0/24
IPv6:
2a09:a700::/29
Signature Algorithm: sha256WithRSAEncryption
44:8f:b0:85:5d:fc:4b:25:92:60:18:9d:7a:6a:76:3c:e3:2d:
91:70:e1:88:96:07:23:a3:38:84:af:b1:3a:03:98:e6:54:4a:
f4:a8:8f:e7:30:f1:57:6d:c9:d5:e0:93:be:48:1e:fc:b5:d0:
5d:b3:2c:71:65:9d:1d:0f:36:5f:73:7d:5d:01:3d:8a:95:5b:
10:10:40:91:5f:ed:82:f9:e6:d3:67:1b:71:32:3c:42:8f:23:
30:9f:ba:45:c3:2a:45:06:e8:cb:20:3d:17:2e:21:43:a4:d1:
64:37:a2:8e:34:f3:93:c6:1a:e8:b0:ca:25:4e:aa:1e:c6:25:
0d:b9:47:cc:31:2d:37:c7:4e:20:ce:24:2a:f6:29:4a:71:2f:
5a:c4:b5:eb:47:40:53:fa:ec:ce:52:d6:23:3b:ec:a7:e6:3e:
49:c4:bb:71:94:8f:8e:88:12:ec:7f:86:1c:ba:52:8a:30:be:
88:9f:51:93:e2:59:51:6b:1a:f3:29:b0:9b:f4:20:66:20:83:
f2:a0:b2:71:2e:85:c0:e3:fa:03:51:77:ae:78:a1:a9:b5:3a:
e7:e1:51:58:74:7e:c0:8f:01:10:b2:a0:43:21:d3:63:ea:41:
30:3d:d6:55:3b:cd:0b:91:2d:35:4d:2b:fc:93:bd:8b:74:de:
e9:9a:14:e8
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ0uoGhlBMyZBKt+Hp/5TFi3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMjRiMjdkOWYzZGY2ZTE0ZWJjNzllMTQ2ZThiZTMyNzU0
YmY4MDAwHhcNMjYwMzI3MDkyOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDFiNTllODg5YWU5NDY4ODEzNGY3YzUxMzIyMjQ3YTc1NmY5ZDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbhC/MjjYz+mWL3ApY58vu2stvsO
KENteHy9VkeC7Kb4/XajBxe0eSdMVs8chcpc9bNXozaf6oD4tMSQBuQjGNpgR4CQ
AGzS/fZucmQm4+LZHHRc0ECebbL6PaIWwn6uY8QmDupnc77B5r2FVYGmcHe9TOnI
rchizqjkxc+G3a9aQgJ3nzRW33W29CeNFtUhFV9jPipCeXDPGk0TFvhPihriVXqh
wTNxkCa444DVAoZ3ZDJBojVktETbVNR6ZwBNGwBWD4E/+ZafEqdVRBc0yWNBoW76
lM7g3rAwPqDy3b7PadCr7oZrHaz142SoHP8AfwV1Dl8mdOG42WWRQiQvCwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFOAbWeiJrpRogTT3xRMiJHp1b50hMB8GA1UdIwQY
MBaAFJoksn2fPfbhTrx54UbovjJ1S/gAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWlTeWZaODk5dUZPdkhuaFJ1aS1NblZMLUFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8wMjUxZjItYTFiYi00NGZiLWI5MDgt
NDhkNWZmNGJhMjU1LzEvNEJ0WjZJbXVsR2lCTlBmRkV5SWtlblZ2blNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8wMjUxZjItYTFiYi00NGZiLWI5MDgtNDhkNWZmNGJhMjU1
LzEvbWlTeWZaODk5dUZPdkhuaFJ1aS1NblZMLUFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAXBAIAATARAwQCXPkkAwMA
rNgDBADLFUIwDQQCAAIwBwMFAyoJpwAwDQYJKoZIhvcNAQELBQADggEBAESPsIVd
/EslkmAYnXpqdjzjLZFw4YiWByOjOISvsToDmOZUSvSoj+cw8VdtydXgk75IHvy1
0F2zLHFlnR0PNl9zfV0BPYqVWxAQQJFf7YL55tNnG3EyPEKPIzCfukXDKkUG6Msg
PRcuIUOk0WQ3oo4085PGGuiwyiVOqh7GJQ25R8wxLTfHTiDOJCr2KUpxL1rEtetH
QFP67M5S1iM77KfmPknEu3GUj46IEux/hhy6UoowvoifUZPiWVFrGvMpsJv0IGYg
g/KgsnEuhcDj+gNRd654oam1OufhUVh0fsCPARCyoEMh02PqQTA91lU7zQuRLTVN
K/yTvYt03umaFOg=
-----END CERTIFICATE-----
Generated at Fri Apr 17 05:57:28 2026 by rpki-client