Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/NDDbQDzIgM48U8eTpuMIwCVWkp4.roa
File: NDDbQDzIgM48U8eTpuMIwCVWkp4.roa (raw, json)
Hash identifier: YB0767Ky0k41I/K3iEAeSHiKMhYGTap37U4VXOfC9+8=
Subject key identifier: 34:30:DB:40:3C:C8:80:CE:3C:53:C7:93:A6:E3:08:C0:25:56:92:9E
Certificate issuer: /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial: 019D74437F10C3613070BF78AB44AC73A2E7
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/NDDbQDzIgM48U8eTpuMIwCVWkp4.roa
Signing time: Thu 09 Apr 2026 22:01:13 +0000
ROA not before: Thu 09 Apr 2026 22:01:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 205090
IP address blocks: 89.44.86.0/24 maxlen: 24
89.44.87.0/24 maxlen: 24
91.200.12.0/24 maxlen: 24
91.200.13.0/24 maxlen: 24
95.81.121.0/24 maxlen: 24
95.81.122.0/24 maxlen: 24
103.71.20.0/24 maxlen: 24
103.71.21.0/24 maxlen: 24
104.128.130.0/24 maxlen: 24
104.128.133.0/24 maxlen: 24
104.128.134.0/24 maxlen: 24
104.128.135.0/24 maxlen: 24
109.69.62.0/24 maxlen: 24
109.69.63.0/24 maxlen: 24
132.243.16.0/24 maxlen: 24
132.243.17.0/24 maxlen: 24
132.243.18.0/24 maxlen: 24
132.243.19.0/24 maxlen: 24
135.136.178.0/24 maxlen: 24
135.136.179.0/24 maxlen: 24
135.136.190.0/24 maxlen: 24
185.105.88.0/24 maxlen: 24
185.105.89.0/24 maxlen: 24
185.105.90.0/24 maxlen: 24
185.105.91.0/24 maxlen: 24
185.128.104.0/24 maxlen: 24
185.128.105.0/24 maxlen: 24
185.128.106.0/24 maxlen: 24
185.128.107.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 10:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:74:43:7f:10:c3:61:30:70:bf:78:ab:44:ac:73:a2:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
Validity
Not Before: Apr 9 22:01:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3430db403cc880ce3c53c793a6e308c02556929e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:b2:3a:3f:6d:17:40:23:94:f2:cb:ab:8a:9f:
80:1a:03:71:3b:f1:43:75:22:e3:2e:ef:99:be:b0:
4d:78:b9:ca:a3:61:1c:d4:9d:f6:3e:30:ff:42:3f:
77:6d:7d:72:68:a8:de:19:b2:5a:fd:49:e5:ce:87:
c6:cb:08:d0:72:44:18:74:19:c6:b0:8e:bd:1e:09:
ec:98:5c:e2:6c:d9:6f:b2:80:50:d1:be:93:72:6b:
a4:f9:88:e3:bf:90:95:31:0c:55:28:c3:8c:2b:0f:
d6:51:ab:a9:14:65:a8:a2:77:5d:ad:a8:64:f2:03:
21:43:10:92:3e:3a:93:f8:ed:7e:e5:76:31:18:da:
52:c2:f5:b7:3c:96:dd:ec:4c:8b:81:0a:9b:6a:7b:
3b:53:8a:b5:ca:9f:f0:b2:04:4a:69:04:1b:ef:79:
e3:95:7a:c7:a3:09:45:10:f8:4c:a9:3b:43:15:8f:
b7:d2:12:d9:57:76:5b:00:22:20:5d:4d:f3:35:0d:
73:16:d3:c9:91:be:67:f9:da:78:dd:2d:fe:95:80:
95:31:10:b0:74:21:df:00:3f:1f:aa:6b:22:93:16:
ca:30:05:0a:48:c6:d8:da:62:19:c4:3b:83:3d:f6:
58:8a:72:36:15:80:90:c6:82:72:46:1e:3e:d7:33:
27:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:30:DB:40:3C:C8:80:CE:3C:53:C7:93:A6:E3:08:C0:25:56:92:9E
X509v3 Authority Key Identifier:
keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/NDDbQDzIgM48U8eTpuMIwCVWkp4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.44.86.0/23
91.200.12.0/23
95.81.121.0-95.81.122.255
103.71.20.0/23
104.128.130.0/24
104.128.133.0-104.128.135.255
109.69.62.0/23
132.243.16.0/22
135.136.178.0/23
135.136.190.0/24
185.105.88.0/22
185.128.104.0/22
Signature Algorithm: sha256WithRSAEncryption
5c:9d:49:76:84:22:2b:e7:8d:62:32:52:57:4a:aa:5d:c7:83:
50:d1:71:ab:4f:61:36:93:73:eb:a0:e6:1e:79:92:9f:54:4f:
ec:de:f2:e3:bb:92:3f:df:7c:5e:41:b5:44:c6:53:54:c5:31:
f2:60:86:aa:84:5e:b1:a9:1d:27:f0:a4:d9:0e:9f:86:e8:55:
14:54:3a:18:d0:65:e5:4a:e7:f8:1a:b7:59:df:95:d0:2d:9d:
84:c8:20:79:76:76:16:1f:35:dd:a3:43:d3:28:7c:c8:eb:36:
11:3f:5f:70:76:96:36:16:f1:0b:74:ca:81:71:a3:0b:90:51:
bd:62:6b:69:0e:09:87:a8:73:14:69:1f:bc:4a:60:fd:f6:33:
fe:89:f5:74:af:fc:7f:7b:16:2e:61:bc:5e:38:0a:24:87:62:
dc:11:5b:6c:0f:2e:bc:39:37:57:bf:8a:e9:95:51:d9:1e:24:
0d:4b:83:33:ce:97:eb:48:b2:d1:17:e5:03:4b:19:7b:e7:95:
92:e3:94:84:e1:91:8f:7a:51:2e:13:72:57:24:55:e2:b3:28:
91:fb:0f:3c:63:bc:4b:ea:1b:bf:61:7b:9f:1a:b1:3c:7a:b2:
bb:ce:78:ae:de:7a:09:90:be:92:19:d1:1b:a2:83:c9:a2:8e:
27:7c:13:25
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZ10Q38Qw2EwcL94q0Ssc6LnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjYwNDA5MjIwMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDMwZGI0MDNjYzg4MGNlM2M1M2M3OTNhNmUzMDhjMDI1NTY5MjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrI6P20XQCOU8surip+AGgNxO/FD
dSLjLu+ZvrBNeLnKo2Ec1J32PjD/Qj93bX1yaKjeGbJa/UnlzofGywjQckQYdBnG
sI69HgnsmFzibNlvsoBQ0b6Tcmuk+Yjjv5CVMQxVKMOMKw/WUaupFGWoonddrahk
8gMhQxCSPjqT+O1+5XYxGNpSwvW3PJbd7EyLgQqbans7U4q1yp/wsgRKaQQb73nj
lXrHowlFEPhMqTtDFY+30hLZV3ZbACIgXU3zNQ1zFtPJkb5n+dp43S3+lYCVMRCw
dCHfAD8fqmsikxbKMAUKSMbY2mIZxDuDPfZYinI2FYCQxoJyRh4+1zMnzQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFDQw20A8yIDOPFPHk6bjCMAlVpKeMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvTkREYlFEeklnTTQ4VThlVHB1TUl3Q1ZXa3A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAATBYAwQBWSxWAwQB
W8gMMAwDBABfUXkDBABfUXoDBAFnRxQDBABogIIwDAMEAGiAhQMEA2iAgAMEAW1F
PgMEAoTzEAMEAYeIsgMEAIeIvgMEArlpWAMEArmAaDANBgkqhkiG9w0BAQsFAAOC
AQEAXJ1JdoQiK+eNYjJSV0qqXceDUNFxq09hNpNz66DmHnmSn1RP7N7y47uSP998
XkG1RMZTVMUx8mCGqoResakdJ/Ck2Q6fhuhVFFQ6GNBl5Urn+Bq3Wd+V0C2dhMgg
eXZ2Fh813aND0yh8yOs2ET9fcHaWNhbxC3TKgXGjC5BRvWJraQ4Jh6hzFGkfvEpg
/fYz/on1dK/8f3sWLmG8XjgKJIdi3BFbbA8uvDk3V7+K6ZVR2R4kDUuDM86X60iy
0RflA0sZe+eVkuOUhOGRj3pRLhNyVyRV4rMokfsPPGO8S+obv2F7nxqxPHqyu854
rt56CZC+khnRG6KDyaKOJ3wTJQ==
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:42:24 2026 by rpki-client