Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/4DyhQiJmdLhR-T2hnM3nXoywiKs.roa
File: 4DyhQiJmdLhR-T2hnM3nXoywiKs.roa (raw, json)
Hash identifier: d2DEaZQxBGP4dUiqjIprw05h3tDry23cDLVg23yDH1A=
Subject key identifier: E0:3C:A1:42:22:66:74:B8:51:F9:3D:A1:9C:CD:E7:5E:8C:B0:88:AB
Certificate issuer: /CN=b0570845c239e9991c89bc5c50431e9087860c4d
Certificate serial: 019D8C9443826714AAEB3D4E032C4E214BAA
Authority key identifier: B0:57:08:45:C2:39:E9:99:1C:89:BC:5C:50:43:1E:90:87:86:0C:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sFcIRcI56ZkcibxcUEMekIeGDE0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/4DyhQiJmdLhR-T2hnM3nXoywiKs.roa
Signing time: Tue 14 Apr 2026 15:20:20 +0000
ROA not before: Tue 14 Apr 2026 15:20:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213680
IP address blocks: 81.85.84.0/22 maxlen: 22
81.85.84.0/23 maxlen: 23
81.85.84.0/24 maxlen: 24
81.85.85.0/24 maxlen: 24
81.85.86.0/23 maxlen: 23
81.85.86.0/24 maxlen: 24
81.85.87.0/24 maxlen: 24
2a14:c600::/32 maxlen: 32
2a14:c600::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/sFcIRcI56ZkcibxcUEMekIeGDE0.crl
rsync://rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/sFcIRcI56ZkcibxcUEMekIeGDE0.mft
rsync://rpki.ripe.net/repository/DEFAULT/sFcIRcI56ZkcibxcUEMekIeGDE0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 04:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:8c:94:43:82:67:14:aa:eb:3d:4e:03:2c:4e:21:4b:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b0570845c239e9991c89bc5c50431e9087860c4d
Validity
Not Before: Apr 14 15:20:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=e03ca142226674b851f93da19ccde75e8cb088ab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:73:ef:3b:0a:1f:1a:17:88:9c:15:9d:4b:4a:
b2:00:93:e9:c7:87:03:21:bc:8d:8e:cd:95:6e:62:
68:49:0f:ea:ce:ba:f7:06:f0:e3:f7:99:94:8d:2e:
64:f2:62:8e:b8:cc:3b:4f:15:b4:e0:14:d7:0c:42:
18:3b:02:9b:4e:13:e0:ac:ec:0e:16:9e:cb:65:25:
87:3b:5b:08:ea:57:ea:ff:5f:92:46:62:ca:17:84:
50:38:d5:a4:23:1d:80:f7:a4:e0:dd:70:2d:7c:6a:
00:88:34:86:2c:ed:7d:75:62:3e:8c:90:9b:39:cb:
b0:0d:f7:4a:63:cc:68:7f:c5:91:e8:99:50:0b:de:
0e:8d:13:06:87:f7:f3:75:86:f8:46:04:d8:b0:0d:
e3:0e:04:af:e2:bb:b4:c1:8d:df:7a:7c:0d:e9:c6:
ef:5e:5d:24:47:ed:31:fd:ec:f0:2b:2b:9c:7f:db:
52:55:7a:9e:af:61:19:f0:ae:5b:34:1d:f4:ce:5c:
51:71:df:ae:e1:50:5c:ab:73:b1:71:21:b0:e0:65:
db:b3:74:0c:12:0e:5c:a3:6e:24:26:ea:57:f4:92:
47:b3:ce:b1:99:b9:42:f9:96:88:6f:4a:30:81:ad:
f5:c9:0a:ac:29:95:5b:85:54:f8:13:4e:ff:c0:ba:
bd:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:3C:A1:42:22:66:74:B8:51:F9:3D:A1:9C:CD:E7:5E:8C:B0:88:AB
X509v3 Authority Key Identifier:
keyid:B0:57:08:45:C2:39:E9:99:1C:89:BC:5C:50:43:1E:90:87:86:0C:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sFcIRcI56ZkcibxcUEMekIeGDE0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/4DyhQiJmdLhR-T2hnM3nXoywiKs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/sFcIRcI56ZkcibxcUEMekIeGDE0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.85.84.0/22
IPv6:
2a14:c600::/32
Signature Algorithm: sha256WithRSAEncryption
8e:09:85:75:db:6a:79:53:fb:3f:47:04:c0:53:ea:0a:82:f4:
95:1c:a6:97:69:cc:d8:93:55:9a:7e:fb:43:a5:30:4c:ac:57:
fc:34:51:98:0d:15:a4:0a:28:f4:6d:88:12:6d:13:8f:15:ec:
a7:83:26:97:b5:ae:74:0e:07:0b:9f:d1:62:34:59:3f:97:2c:
a7:31:af:70:a2:5b:a6:8d:b1:6e:5a:0b:45:da:2f:5f:90:01:
d8:54:63:a4:fb:7b:62:e7:12:3f:7b:31:27:68:97:b8:76:56:
26:5f:e8:b5:cc:28:b7:b1:96:9a:2d:8b:7f:27:d1:48:d4:60:
e1:ba:9f:0d:42:c2:2c:dc:41:58:01:32:2f:30:2c:4b:79:50:
85:ea:c4:6a:a6:d6:c1:11:e4:a3:e7:14:9c:fe:06:1d:6c:83:
1c:60:fa:b3:b3:7c:b9:52:24:f4:97:9f:8d:54:57:c3:ec:69:
2f:99:dd:a7:e1:c0:38:8d:d3:11:47:d9:c1:bd:7f:1b:7f:8f:
c2:61:2f:87:1b:4f:25:01:b0:89:d2:21:46:7c:09:10:c5:63:
d6:07:41:aa:89:30:58:e0:65:cc:e6:1e:5d:55:31:d9:a2:3e:
c3:5c:45:8e:4f:19:50:4d:a8:a8:b7:80:48:12:af:c3:d2:d2:
06:8a:e0:2f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ2MlEOCZxSq6z1OAyxOIUuqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNTcwODQ1YzIzOWU5OTkxYzg5YmM1YzUwNDMxZTkwODc4
NjBjNGQwHhcNMjYwNDE0MTUyMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDNjYTE0MjIyNjY3NGI4NTFmOTNkYTE5Y2NkZTc1ZThjYjA4OGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXPvOwofGheInBWdS0qyAJPpx4cD
IbyNjs2VbmJoSQ/qzrr3BvDj95mUjS5k8mKOuMw7TxW04BTXDEIYOwKbThPgrOwO
Fp7LZSWHO1sI6lfq/1+SRmLKF4RQONWkIx2A96Tg3XAtfGoAiDSGLO19dWI+jJCb
OcuwDfdKY8xof8WR6JlQC94OjRMGh/fzdYb4RgTYsA3jDgSv4ru0wY3fenwN6cbv
Xl0kR+0x/ezwKyucf9tSVXqer2EZ8K5bNB30zlxRcd+u4VBcq3OxcSGw4GXbs3QM
Eg5co24kJupX9JJHs86xmblC+ZaIb0owga31yQqsKZVbhVT4E07/wLq9OQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOA8oUIiZnS4Ufk9oZzN516MsIirMB8GA1UdIwQY
MBaAFLBXCEXCOemZHIm8XFBDHpCHhgxNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0ZjSVJjSTU2WmtjaWJ4Y1VFTWVrSWVHREUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xZTdjNDgtZjhjMi00Njc5LWI3NzEt
NDZjYTI2YWZmNTQ1LzEvNER5aFFpSm1kTGhSLVQyaG5NM25Yb3l3aUtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xZTdjNDgtZjhjMi00Njc5LWI3NzEtNDZjYTI2YWZmNTQ1
LzEvc0ZjSVJjSTU2WmtjaWJ4Y1VFTWVrSWVHREUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCUVVUMA0E
AgACMAcDBQAqFMYAMA0GCSqGSIb3DQEBCwUAA4IBAQCOCYV122p5U/s/RwTAU+oK
gvSVHKaXaczYk1WafvtDpTBMrFf8NFGYDRWkCij0bYgSbROPFeyngyaXta50DgcL
n9FiNFk/lyynMa9wolumjbFuWgtF2i9fkAHYVGOk+3ti5xI/ezEnaJe4dlYmX+i1
zCi3sZaaLYt/J9FI1GDhup8NQsIs3EFYATIvMCxLeVCF6sRqptbBEeSj5xSc/gYd
bIMcYPqzs3y5UiT0l5+NVFfD7Gkvmd2n4cA4jdMRR9nBvX8bf4/CYS+HG08lAbCJ
0iFGfAkQxWPWB0GqiTBY4GXM5h5dVTHZoj7DXEWOTxlQTaiot4BIEq/D0tIGiuAv
-----END CERTIFICATE-----
Generated at Sun Apr 19 14:41:59 2026 by rpki-client