Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/ItO3D9_GHTO2a95LxlHG7J5fa1g.roa
File: ItO3D9_GHTO2a95LxlHG7J5fa1g.roa (raw, json)
Hash identifier: hILFVJg1vz3F/6JGBphbkfC6KlE7RJrXOpKoH5yY3nQ=
Subject key identifier: 22:D3:B7:0F:DF:C6:1D:33:B6:6B:DE:4B:C6:51:C6:EC:9E:5F:6B:58
Certificate issuer: /CN=421bae989898d9402424aadafbb47c3a6d4c25b3
Certificate serial: 019D68782F4D600B00E49B582FA65AB7AD19
Authority key identifier: 42:1B:AE:98:98:98:D9:40:24:24:AA:DA:FB:B4:7C:3A:6D:4C:25:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QhuumJiY2UAkJKra-7R8Om1MJbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/ItO3D9_GHTO2a95LxlHG7J5fa1g.roa
Signing time: Tue 07 Apr 2026 15:03:20 +0000
ROA not before: Tue 07 Apr 2026 15:03:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 197580
IP address blocks: 46.245.136.0/21 maxlen: 21
83.174.148.0/23 maxlen: 23
83.174.151.0/24 maxlen: 24
83.174.152.0/23 maxlen: 23
83.174.154.0/24 maxlen: 24
83.174.156.0/23 maxlen: 23
185.42.208.0/24 maxlen: 24
185.254.216.0/23 maxlen: 23
2a01:6320::/32 maxlen: 32
2a05:dec0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/QhuumJiY2UAkJKra-7R8Om1MJbM.crl
rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/QhuumJiY2UAkJKra-7R8Om1MJbM.mft
rsync://rpki.ripe.net/repository/DEFAULT/QhuumJiY2UAkJKra-7R8Om1MJbM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:68:78:2f:4d:60:0b:00:e4:9b:58:2f:a6:5a:b7:ad:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=421bae989898d9402424aadafbb47c3a6d4c25b3
Validity
Not Before: Apr 7 15:03:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=22d3b70fdfc61d33b66bde4bc651c6ec9e5f6b58
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:a3:5c:5c:20:79:b6:50:6f:98:ed:49:2e:7a:
21:d2:78:05:81:8c:97:40:f6:82:d2:c9:55:16:65:
cf:80:9b:e8:9f:34:0d:c0:bb:48:92:c6:38:1f:23:
0d:49:98:5c:5c:cc:35:30:4b:50:a9:3f:77:41:b6:
8a:d8:61:5a:2a:f2:21:3d:9e:9d:42:b1:91:1a:37:
c1:91:1f:4d:61:60:83:a2:19:0c:e8:b8:b3:e7:bc:
5c:15:7c:5e:c2:99:c5:f7:7e:34:c3:9f:58:cc:57:
b9:e1:49:9f:a8:53:67:79:ae:38:b0:c1:4e:ad:4b:
9f:c5:a7:1d:09:80:5c:7e:1f:2d:09:f2:67:99:3d:
c6:9f:57:4b:84:04:a2:89:1d:0f:51:ca:0c:d7:66:
0b:00:05:98:6e:1a:1f:6d:49:e6:25:9f:8b:cf:24:
8d:5d:2f:92:98:ad:9f:d9:aa:96:a2:54:9f:5d:51:
c4:4e:70:35:8f:94:e5:ad:d9:a2:07:3b:66:93:b4:
f0:6f:01:73:75:6d:be:31:73:7b:b1:b3:2c:6e:41:
fb:73:56:8e:89:29:db:80:2d:82:12:75:a6:78:25:
18:0f:cf:5a:89:72:d5:1a:1f:76:90:8f:f0:77:71:
bb:fa:ed:04:77:ff:f1:f2:38:c8:be:b4:88:79:f0:
71:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:D3:B7:0F:DF:C6:1D:33:B6:6B:DE:4B:C6:51:C6:EC:9E:5F:6B:58
X509v3 Authority Key Identifier:
keyid:42:1B:AE:98:98:98:D9:40:24:24:AA:DA:FB:B4:7C:3A:6D:4C:25:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QhuumJiY2UAkJKra-7R8Om1MJbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/ItO3D9_GHTO2a95LxlHG7J5fa1g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/QhuumJiY2UAkJKra-7R8Om1MJbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.245.136.0/21
83.174.148.0/23
83.174.151.0-83.174.154.255
83.174.156.0/23
185.42.208.0/24
185.254.216.0/23
IPv6:
2a01:6320::/32
2a05:dec0::/29
Signature Algorithm: sha256WithRSAEncryption
00:8a:e4:12:2a:ca:83:d1:ef:6d:5d:8d:bf:0b:6a:85:bb:81:
9a:55:2e:e1:d0:f5:a3:e3:88:b5:79:ff:e1:8e:7b:4b:0d:8f:
77:29:bb:11:28:a6:20:bd:ec:b6:e9:26:d0:a3:85:fc:52:3e:
4e:2c:a7:a3:36:2d:a8:15:4f:4c:89:1e:81:7e:34:9e:ea:4d:
19:ce:a9:dd:7b:04:7c:93:4c:af:55:94:1a:07:3e:c8:be:dd:
5a:19:1b:7e:74:4a:f7:bd:5c:e9:09:da:7f:79:1f:21:bc:b6:
7b:0d:34:b3:a3:d7:ad:52:b0:0d:6b:3b:3a:75:40:8f:12:a9:
af:4f:14:e3:ea:d5:13:25:c7:43:9d:4d:67:41:e2:98:e0:e4:
49:5b:f5:04:19:44:18:c3:1c:89:81:7a:65:43:6b:d2:6c:27:
4e:59:bf:ea:a1:2a:ea:d0:95:ee:d5:3c:62:f4:9b:8d:20:3c:
a8:30:4d:20:cd:a9:f8:f8:5b:a2:76:07:41:0f:d6:b0:93:d9:
29:17:c4:01:29:d3:88:5d:d2:ff:f8:58:1a:4e:89:d1:ff:0b:
b8:44:97:e6:de:da:ea:56:99:4c:e9:97:81:77:69:fa:0b:c7:
63:42:be:44:2a:88:92:0c:5e:78:7c:66:b4:54:10:2c:7b:f5:
6c:24:64:2e
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZ1oeC9NYAsA5JtYL6Zat60ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMWJhZTk4OTg5OGQ5NDAyNDI0YWFkYWZiYjQ3YzNhNmQ0
YzI1YjMwHhcNMjYwNDA3MTUwMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmQzYjcwZmRmYzYxZDMzYjY2YmRlNGJjNjUxYzZlYzllNWY2YjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKNcXCB5tlBvmO1JLnoh0ngFgYyX
QPaC0slVFmXPgJvonzQNwLtIksY4HyMNSZhcXMw1MEtQqT93QbaK2GFaKvIhPZ6d
QrGRGjfBkR9NYWCDohkM6Liz57xcFXxewpnF9340w59YzFe54UmfqFNnea44sMFO
rUufxacdCYBcfh8tCfJnmT3Gn1dLhASiiR0PUcoM12YLAAWYbhofbUnmJZ+LzySN
XS+SmK2f2aqWolSfXVHETnA1j5TlrdmiBztmk7TwbwFzdW2+MXN7sbMsbkH7c1aO
iSnbgC2CEnWmeCUYD89aiXLVGh92kI/wd3G7+u0Ed//x8jjIvrSIefBxOQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFCLTtw/fxh0ztmveS8ZRxuyeX2tYMB8GA1UdIwQY
MBaAFEIbrpiYmNlAJCSq2vu0fDptTCWzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWh1dW1KaVkyVUFrSktyYS03UjhPbTFNSmJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9iMzRjYjAtMmY3MS00ZjU5LWJkNWUt
NjdlZmNiM2Q4NmZlLzEvSXRPM0Q5X0dIVE8yYTk1THhsSEc3SjVmYTFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9iMzRjYjAtMmY3MS00ZjU5LWJkNWUtNjdlZmNiM2Q4NmZl
LzEvUWh1dW1KaVkyVUFrSktyYS03UjhPbTFNSmJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjAyBAIAATAsAwQDLvWIAwQB
U66UMAwDBABTrpcDBABTrpoDBAFTrpwDBAC5KtADBAG5/tgwFAQCAAIwDgMFACoB
YyADBQMqBd7AMA0GCSqGSIb3DQEBCwUAA4IBAQAAiuQSKsqD0e9tXY2/C2qFu4Ga
VS7h0PWj44i1ef/hjntLDY93KbsRKKYgvey26SbQo4X8Uj5OLKejNi2oFU9MiR6B
fjSe6k0ZzqndewR8k0yvVZQaBz7Ivt1aGRt+dEr3vVzpCdp/eR8hvLZ7DTSzo9et
UrANazs6dUCPEqmvTxTj6tUTJcdDnU1nQeKY4ORJW/UEGUQYwxyJgXplQ2vSbCdO
Wb/qoSrq0JXu1Txi9JuNIDyoME0gzan4+FuidgdBD9awk9kpF8QBKdOIXdL/+Fga
TonR/wu4RJfm3trqVplM6ZeBd2n6C8djQr5EKoiSDF54fGa0VBAse/VsJGQu
-----END CERTIFICATE-----
Generated at Fri Apr 17 07:03:12 2026 by rpki-client