Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/cea5cf-0782-40d1-8913-92712f95e336/1/1RQLtNwsJfIFpRzUfnhxJpXZkyM.roa
File: 1RQLtNwsJfIFpRzUfnhxJpXZkyM.roa (raw, json)
Hash identifier: wMjp06WKn3OrqdyFTd7sBWSyRC6sXJcxycCDPSTxcI0=
Subject key identifier: D5:14:0B:B4:DC:2C:25:F2:05:A5:1C:D4:7E:78:71:26:95:D9:93:23
Certificate issuer: /CN=3ebd5f8bb5a594d67b5ce807a84c59dde569a775
Certificate serial: 019B7C804B99F509608A7F95CF84D48E4CC3
Authority key identifier: 3E:BD:5F:8B:B5:A5:94:D6:7B:5C:E8:07:A8:4C:59:DD:E5:69:A7:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Pr1fi7WllNZ7XOgHqExZ3eVpp3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/cea5cf-0782-40d1-8913-92712f95e336/1/1RQLtNwsJfIFpRzUfnhxJpXZkyM.roa
Signing time: Fri 02 Jan 2026 02:19:01 +0000
ROA not before: Fri 02 Jan 2026 02:19:01 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 35542
IP address blocks: 80.92.128.0/20 maxlen: 20
185.128.0.0/22 maxlen: 24
185.128.2.0/24 maxlen: 24
185.128.3.0/24 maxlen: 24
193.222.141.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/de/cea5cf-0782-40d1-8913-92712f95e336/1/Pr1fi7WllNZ7XOgHqExZ3eVpp3U.crl
rsync://rpki.ripe.net/repository/DEFAULT/de/cea5cf-0782-40d1-8913-92712f95e336/1/Pr1fi7WllNZ7XOgHqExZ3eVpp3U.mft
rsync://rpki.ripe.net/repository/DEFAULT/Pr1fi7WllNZ7XOgHqExZ3eVpp3U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 23:01:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:80:4b:99:f5:09:60:8a:7f:95:cf:84:d4:8e:4c:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3ebd5f8bb5a594d67b5ce807a84c59dde569a775
Validity
Not Before: Jan 2 02:19:01 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d5140bb4dc2c25f205a51cd47e78712695d99323
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:73:6d:a3:d2:cd:27:61:ba:6c:2a:bc:e8:6a:
de:7d:51:dc:aa:3b:85:8c:9c:87:1f:31:6e:0f:bf:
22:e3:43:40:1e:1c:fa:b1:6e:71:d2:1f:39:ea:27:
c3:38:50:65:57:89:14:2a:f2:bb:99:44:b1:c8:06:
df:62:18:e4:20:cf:6a:92:ce:aa:94:62:99:68:48:
45:4b:5e:59:3a:f1:f9:0d:59:e5:29:a5:5e:ae:68:
79:90:17:1c:10:f1:2a:d5:32:4c:8b:62:4a:f9:7c:
19:07:0c:e6:1f:30:29:21:2d:02:c7:9d:82:86:4b:
40:a9:a0:bb:8f:72:fd:15:b2:4b:09:7b:02:46:f5:
d7:82:c0:e6:13:0a:71:92:97:7b:3f:26:e2:e8:fe:
22:cc:7f:04:8e:03:c0:d9:14:ee:b1:d4:39:9b:d5:
09:b2:5e:44:81:f9:b5:df:68:49:fc:8d:c6:55:3e:
cc:b1:52:3e:ab:97:cc:64:f6:54:2c:9b:6c:ff:9b:
fc:64:26:21:f2:86:6b:be:a3:c7:7f:de:dc:e4:04:
cb:2b:74:17:70:cc:74:a6:3c:21:05:77:39:1d:ab:
87:dd:9a:ca:b7:97:fd:ae:2a:6b:38:98:96:99:48:
98:f5:28:96:29:3c:22:8c:05:70:dd:fc:57:6b:6a:
eb:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:14:0B:B4:DC:2C:25:F2:05:A5:1C:D4:7E:78:71:26:95:D9:93:23
X509v3 Authority Key Identifier:
keyid:3E:BD:5F:8B:B5:A5:94:D6:7B:5C:E8:07:A8:4C:59:DD:E5:69:A7:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pr1fi7WllNZ7XOgHqExZ3eVpp3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/cea5cf-0782-40d1-8913-92712f95e336/1/1RQLtNwsJfIFpRzUfnhxJpXZkyM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/cea5cf-0782-40d1-8913-92712f95e336/1/Pr1fi7WllNZ7XOgHqExZ3eVpp3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.92.128.0/20
185.128.0.0/22
193.222.141.0/24
Signature Algorithm: sha256WithRSAEncryption
97:ad:9f:c9:9f:81:22:f8:18:cb:27:49:b8:b4:96:8f:27:a5:
32:45:ec:8e:fc:ae:f3:2f:3c:6f:98:cb:10:85:48:05:45:00:
60:e0:58:59:7d:6c:9b:e7:aa:5e:39:5a:6d:76:3a:94:f7:4e:
dc:d2:09:98:18:ea:0e:1a:39:ee:80:c8:40:ef:d8:17:3d:41:
af:ee:b3:39:b0:35:6f:40:7e:43:20:08:da:0a:c7:41:c0:f9:
3c:c0:92:04:92:28:c8:1a:80:58:c8:f5:a6:c0:36:f1:78:f5:
b4:78:2d:4e:ef:08:5f:2b:3b:6b:fa:48:c7:01:36:c8:e2:72:
c0:fc:ae:6b:69:e3:60:bc:b9:b7:96:9b:d7:d5:12:19:89:31:
df:90:08:17:a2:9a:33:52:d0:eb:0e:b4:e0:aa:c5:5d:bf:49:
69:91:65:d9:8a:e4:53:97:e3:32:73:6b:5e:a9:8a:a7:ef:85:
21:de:85:f1:95:73:f6:57:33:77:88:68:48:63:8a:b4:4d:5f:
4a:6a:5c:e2:4f:52:b5:86:e0:36:db:e5:c3:48:7c:33:0b:66:
34:3d:55:4f:31:1d:be:bb:3c:d5:14:73:29:af:7d:0e:b0:9f:
95:be:7a:71:5a:cb:d3:0b:eb:96:6a:f4:1d:ef:de:9b:fe:45:
5e:f3:17:37
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt8gEuZ9Qlgin+Vz4TUjkzDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYmQ1ZjhiYjVhNTk0ZDY3YjVjZTgwN2E4NGM1OWRkZTU2
OWE3NzUwHhcNMjYwMTAyMDIxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTE0MGJiNGRjMmMyNWYyMDVhNTFjZDQ3ZTc4NzEyNjk1ZDk5MzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43Nto9LNJ2G6bCq86GrefVHcqjuF
jJyHHzFuD78i40NAHhz6sW5x0h856ifDOFBlV4kUKvK7mUSxyAbfYhjkIM9qks6q
lGKZaEhFS15ZOvH5DVnlKaVermh5kBccEPEq1TJMi2JK+XwZBwzmHzApIS0Cx52C
hktAqaC7j3L9FbJLCXsCRvXXgsDmEwpxkpd7Pybi6P4izH8EjgPA2RTusdQ5m9UJ
sl5Egfm132hJ/I3GVT7MsVI+q5fMZPZULJts/5v8ZCYh8oZrvqPHf97c5ATLK3QX
cMx0pjwhBXc5HauH3ZrKt5f9riprOJiWmUiY9SiWKTwijAVw3fxXa2rr8wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNUUC7TcLCXyBaUc1H54cSaV2ZMjMB8GA1UdIwQY
MBaAFD69X4u1pZTWe1zoB6hMWd3laad1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHIxZmk3V2xsTlo3WE9nSHFFeFozZVZwcDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9jZWE1Y2YtMDc4Mi00MGQxLTg5MTMt
OTI3MTJmOTVlMzM2LzEvMVJRTHROd3NKZklGcFJ6VWZuaHhKcFhaa3lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9jZWE1Y2YtMDc4Mi00MGQxLTg5MTMtOTI3MTJmOTVlMzM2
LzEvUHIxZmk3V2xsTlo3WE9nSHFFeFozZVZwcDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEUFyAAwQC
uYAAAwQAwd6NMA0GCSqGSIb3DQEBCwUAA4IBAQCXrZ/Jn4Ei+BjLJ0m4tJaPJ6Uy
ReyO/K7zLzxvmMsQhUgFRQBg4FhZfWyb56peOVptdjqU907c0gmYGOoOGjnugMhA
79gXPUGv7rM5sDVvQH5DIAjaCsdBwPk8wJIEkijIGoBYyPWmwDbxePW0eC1O7whf
Kztr+kjHATbI4nLA/K5raeNgvLm3lpvX1RIZiTHfkAgXopozUtDrDrTgqsVdv0lp
kWXZiuRTl+Myc2teqYqn74Uh3oXxlXP2VzN3iGhIY4q0TV9KalziT1K1huA22+XD
SHwzC2Y0PVVPMR2+uzzVFHMpr30OsJ+VvnpxWsvTC+uWavQd796b/kVe8xc3
-----END CERTIFICATE-----
Generated at Mon Mar 2 07:36:42 2026 by rpki-client