Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/3PUBNkz9FwV2NNGvr5c1xPHsrKs.roa
File: 3PUBNkz9FwV2NNGvr5c1xPHsrKs.roa (raw, json)
Hash identifier: Iue6j8hQXBufFHKI47UYN7vcS1Nx2fj3o4JuzfixAMQ=
Subject key identifier: DC:F5:01:36:4C:FD:17:05:76:34:D1:AF:AF:97:35:C4:F1:EC:AC:AB
Certificate issuer: /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial: 019C2A2F0FEDA909FFC8BD01725E3528CD4E
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/3PUBNkz9FwV2NNGvr5c1xPHsrKs.roa
Signing time: Wed 04 Feb 2026 19:44:13 +0000
ROA not before: Wed 04 Feb 2026 19:44:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 209847
IP address blocks: 95.164.0.0/24 maxlen: 24
95.164.1.0/24 maxlen: 24
95.164.2.0/23 maxlen: 24
95.164.4.0/24 maxlen: 24
95.164.5.0/24 maxlen: 24
95.164.6.0/23 maxlen: 24
95.164.9.0/24 maxlen: 24
95.164.10.0/24 maxlen: 24
95.164.11.0/24 maxlen: 24
95.164.16.0/23 maxlen: 24
95.164.18.0/24 maxlen: 24
95.164.19.0/24 maxlen: 24
95.164.21.0/24 maxlen: 24
95.164.22.0/24 maxlen: 24
95.164.23.0/24 maxlen: 24
95.164.32.0/24 maxlen: 24
95.164.34.0/24 maxlen: 24
95.164.35.0/24 maxlen: 24
95.164.36.0/24 maxlen: 24
95.164.37.0/24 maxlen: 24
95.164.44.0/24 maxlen: 24
95.164.45.0/24 maxlen: 24
95.164.46.0/24 maxlen: 24
95.164.47.0/24 maxlen: 24
95.164.62.0/24 maxlen: 24
95.164.63.0/24 maxlen: 24
95.164.68.0/24 maxlen: 24
95.164.69.0/24 maxlen: 24
95.164.85.0/24 maxlen: 24
95.164.86.0/23 maxlen: 24
95.164.88.0/24 maxlen: 24
95.164.89.0/24 maxlen: 24
95.164.112.0/24 maxlen: 24
95.164.113.0/24 maxlen: 24
95.164.114.0/24 maxlen: 24
95.164.116.0/24 maxlen: 24
95.164.117.0/24 maxlen: 24
95.164.119.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:2a:2f:0f:ed:a9:09:ff:c8:bd:01:72:5e:35:28:cd:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
Validity
Not Before: Feb 4 19:44:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=dcf501364cfd17057634d1afaf9735c4f1ecacab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:1b:ee:88:15:53:1e:40:d7:81:b1:13:cc:cc:
2a:e3:f4:0a:36:e4:fd:17:c5:e3:7a:0d:f3:39:49:
e7:df:18:17:1c:72:93:f2:c5:2f:71:9f:09:db:10:
e0:62:d4:03:2a:81:e2:02:e9:00:ee:c5:9d:d2:61:
18:1e:0b:ef:00:ce:4d:d7:21:22:e0:72:e3:f7:ab:
2d:f0:2d:c1:f3:d3:f4:1e:0a:dd:c3:db:c8:62:5d:
19:d5:2f:95:fb:71:21:d2:c6:4e:9a:17:01:5d:0a:
37:a9:07:72:6a:72:bd:c8:95:a2:bb:66:a9:37:59:
2c:de:a5:42:95:63:b1:47:3b:f8:1d:52:65:64:b1:
86:cd:d2:6a:c4:c1:b0:3f:aa:44:8a:69:c4:f2:f6:
a7:ab:2f:1e:ae:aa:fc:6e:ca:6d:b2:a4:a0:13:af:
89:23:34:ae:f8:68:50:d8:09:46:23:54:4f:f8:5d:
58:9f:3e:b7:39:51:99:17:eb:7b:64:a3:2f:e1:3e:
54:73:78:fd:07:18:a9:5c:4d:4b:4d:6e:4b:57:fe:
e7:a0:df:f7:55:9d:95:b3:a3:b7:32:de:f9:f8:1c:
7f:81:d1:9a:f7:73:bb:fb:21:15:3b:eb:f1:38:d5:
1b:0f:d5:81:92:02:56:bf:3c:68:28:19:b4:3b:5e:
33:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:F5:01:36:4C:FD:17:05:76:34:D1:AF:AF:97:35:C4:F1:EC:AC:AB
X509v3 Authority Key Identifier:
keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/3PUBNkz9FwV2NNGvr5c1xPHsrKs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.164.0.0/21
95.164.9.0-95.164.11.255
95.164.16.0/22
95.164.21.0-95.164.23.255
95.164.32.0/24
95.164.34.0-95.164.37.255
95.164.44.0/22
95.164.62.0/23
95.164.68.0/23
95.164.85.0-95.164.89.255
95.164.112.0-95.164.114.255
95.164.116.0/23
95.164.119.0/24
Signature Algorithm: sha256WithRSAEncryption
9b:7d:06:3a:04:3a:2f:ad:78:64:73:82:a1:8f:b1:58:93:0e:
9b:77:52:8a:c3:1a:72:e1:dc:24:79:94:58:10:7b:87:dd:36:
89:53:cc:02:1a:31:25:4a:b7:17:dc:17:af:c3:a5:da:aa:ae:
09:d4:43:f0:48:fb:9f:f5:e8:09:51:75:e3:da:9a:0f:97:f6:
83:e9:70:6d:59:39:a8:e6:cf:b1:77:fc:33:52:db:23:13:f5:
93:66:30:46:02:76:76:89:60:37:74:85:92:66:b8:ae:a3:1b:
25:8e:b6:04:64:a2:ab:9d:bb:9e:67:df:33:54:9a:47:65:57:
b0:f0:7c:81:b3:72:45:63:d6:58:d3:ee:ed:80:96:f1:3c:8f:
3c:92:41:b6:6b:93:5e:61:29:d7:02:2e:79:36:ab:1e:6f:38:
50:cf:c1:e9:1c:17:02:1d:fa:1c:d9:a1:1a:f1:4a:dc:4c:bd:
c5:5a:9e:c0:04:cd:ee:27:88:d1:6c:ed:90:b8:7b:c9:9a:47:
31:b0:c0:f4:3f:11:2a:71:f3:2b:46:28:ea:fc:0c:f3:ae:d5:
20:49:11:d1:d4:09:c5:59:d5:6f:4f:e7:09:c3:fc:55:94:3a:
7f:0b:dc:dd:f8:0a:36:8e:2c:63:f6:c0:2d:e5:eb:a1:d8:d2:
18:2d:3f:cf
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAZwqLw/tqQn/yL0Bcl41KM1OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjYwMjA0MTk0NDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2Y1MDEzNjRjZmQxNzA1NzYzNGQxYWZhZjk3MzVjNGYxZWNhY2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRvuiBVTHkDXgbETzMwq4/QKNuT9
F8Xjeg3zOUnn3xgXHHKT8sUvcZ8J2xDgYtQDKoHiAukA7sWd0mEYHgvvAM5N1yEi
4HLj96st8C3B89P0Hgrdw9vIYl0Z1S+V+3Eh0sZOmhcBXQo3qQdyanK9yJWiu2ap
N1ks3qVClWOxRzv4HVJlZLGGzdJqxMGwP6pEimnE8vanqy8erqr8bsptsqSgE6+J
IzSu+GhQ2AlGI1RP+F1Ynz63OVGZF+t7ZKMv4T5Uc3j9BxipXE1LTW5LV/7noN/3
VZ2Vs6O3Mt75+Bx/gdGa93O7+yEVO+vxONUbD9WBkgJWvzxoKBm0O14zSQIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFNz1ATZM/RcFdjTRr6+XNcTx7KyrMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvM1BVQk5rejlGd1YyTk5HdnI1YzF4UEhzcktzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MHwEAgABMHYDBANfpAAw
DAMEAF+kCQMEAl+kCAMEAl+kEDAMAwQAX6QVAwQDX6QQAwQAX6QgMAwDBAFfpCID
BAFfpCQDBAJfpCwDBAFfpD4DBAFfpEQwDAMEAF+kVQMEAV+kWDAMAwQEX6RwAwQA
X6RyAwQBX6R0AwQAX6R3MA0GCSqGSIb3DQEBCwUAA4IBAQCbfQY6BDovrXhkc4Kh
j7FYkw6bd1KKwxpy4dwkeZRYEHuH3TaJU8wCGjElSrcX3Bevw6Xaqq4J1EPwSPuf
9egJUXXj2poPl/aD6XBtWTmo5s+xd/wzUtsjE/WTZjBGAnZ2iWA3dIWSZriuoxsl
jrYEZKKrnbueZ98zVJpHZVew8HyBs3JFY9ZY0+7tgJbxPI88kkG2a5NeYSnXAi55
NqsebzhQz8HpHBcCHfoc2aEa8UrcTL3FWp7ABM3uJ4jRbO2QuHvJmkcxsMD0PxEq
cfMrRijq/AzzrtUgSRHR1AnFWdVvT+cJw/xVlDp/C9zd+Ao2jixj9sAt5euh2NIY
LT/P
-----END CERTIFICATE-----
Generated at Mon Mar 2 04:47:32 2026 by rpki-client