Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/AJ3MwDklWh6RGcZWO3B6VDqJAJY.roa
File: AJ3MwDklWh6RGcZWO3B6VDqJAJY.roa (raw, json)
Hash identifier: Yuib442tbLdb8BWpxFaa8rNZZob81Q5G+L93ljA7GLg=
Subject key identifier: 00:9D:CC:C0:39:25:5A:1E:91:19:C6:56:3B:70:7A:54:3A:89:00:96
Certificate issuer: /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial: 019D4EE8FF9BA608B85722758CC8531CD204
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/AJ3MwDklWh6RGcZWO3B6VDqJAJY.roa
Signing time: Thu 02 Apr 2026 15:56:25 +0000
ROA not before: Thu 02 Apr 2026 15:56:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 8772
IP address blocks: 95.164.15.0/24 maxlen: 24
95.164.40.0/22 maxlen: 22
95.164.49.0/24 maxlen: 24
95.164.50.0/24 maxlen: 24
95.164.56.0/22 maxlen: 22
95.164.56.0/24 maxlen: 24
95.164.61.0/24 maxlen: 24
95.164.76.0/24 maxlen: 24
95.164.80.0/22 maxlen: 22
95.164.115.0/24 maxlen: 24
95.164.120.0/24 maxlen: 24
95.164.121.0/24 maxlen: 24
95.164.170.0/23 maxlen: 23
95.164.172.0/22 maxlen: 22
95.164.248.0/24 maxlen: 24
95.164.249.0/24 maxlen: 24
95.164.251.0/24 maxlen: 24
185.234.254.0/24 maxlen: 24
2a10:eb80::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 16:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:4e:e8:ff:9b:a6:08:b8:57:22:75:8c:c8:53:1c:d2:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
Validity
Not Before: Apr 2 15:56:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=009dccc039255a1e9119c6563b707a543a890096
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:27:0d:cd:2f:36:d5:ee:5f:e9:fe:15:b0:33:
46:1f:3d:75:97:29:64:c9:2b:5c:75:4a:61:ae:63:
18:ce:1d:5e:fb:02:92:5c:d1:16:3c:3e:2f:32:cf:
cf:92:08:9c:2b:e2:db:f7:5c:65:0a:dc:f6:dd:65:
28:73:99:c7:b8:91:57:0a:6c:84:eb:86:53:8d:d2:
2e:c2:c8:45:d3:bb:ab:e8:35:db:5a:b9:14:48:68:
77:54:7c:6a:e2:0b:a0:2c:15:a0:3c:08:28:b8:c3:
b7:ac:b7:db:9f:83:a9:a7:be:36:10:87:c6:f0:4a:
56:89:8a:34:0d:d1:08:86:41:b1:3b:83:cb:4b:d4:
aa:6c:9c:27:b9:02:29:7e:00:b9:c0:80:62:80:2e:
ce:3b:ad:a0:15:27:12:b6:91:a0:c4:80:1d:98:28:
bd:36:8d:58:a6:1c:84:cd:bb:6c:ab:fa:ac:8e:11:
3e:ff:03:9b:81:0d:09:55:bf:93:b0:ec:4e:a6:d4:
2f:d7:ee:06:66:9d:b4:d7:c5:17:14:e6:49:68:05:
7c:7d:7d:ba:98:fc:73:86:4b:76:80:8b:e3:75:89:
39:53:aa:0d:c8:d0:f0:32:b3:e9:d4:82:fb:13:a1:
9e:69:e9:2f:70:d2:53:aa:b3:8c:d0:6a:da:25:63:
b2:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:9D:CC:C0:39:25:5A:1E:91:19:C6:56:3B:70:7A:54:3A:89:00:96
X509v3 Authority Key Identifier:
keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/AJ3MwDklWh6RGcZWO3B6VDqJAJY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.164.15.0/24
95.164.40.0/22
95.164.49.0-95.164.50.255
95.164.56.0/22
95.164.61.0/24
95.164.76.0/24
95.164.80.0/22
95.164.115.0/24
95.164.120.0/23
95.164.170.0-95.164.175.255
95.164.248.0/23
95.164.251.0/24
185.234.254.0/24
IPv6:
2a10:eb80::/29
Signature Algorithm: sha256WithRSAEncryption
1e:4f:d2:d4:f7:a4:b6:a7:14:8e:52:74:5e:48:2f:32:a2:2b:
fd:35:6f:f0:8e:8f:6a:b4:ab:25:bd:aa:dd:42:48:f5:fb:63:
97:51:58:37:b5:34:cb:ec:64:0a:48:ee:86:b6:6f:a7:d1:f9:
31:d2:ad:31:ae:07:a9:cd:19:7d:53:a6:49:fb:ba:59:43:6b:
10:c3:bf:7a:ad:3c:51:9b:07:70:dc:e2:73:d2:37:e1:b6:c0:
91:c1:98:99:24:5a:c1:1a:b1:1f:ba:97:64:4d:a9:1c:21:21:
8b:57:cb:4b:ca:c5:ed:c1:dc:0f:65:cd:fd:72:8d:45:6e:a5:
8b:fe:0b:2c:53:b8:3b:3d:3b:90:f0:39:db:c2:e6:0c:29:f6:
61:16:1d:d6:e2:c3:44:7c:98:ef:88:7d:a3:94:37:ed:87:94:
f7:21:1f:17:52:3c:1a:77:43:59:48:d6:28:70:42:27:44:80:
35:05:96:da:ca:1c:dc:59:6b:e0:d8:3f:aa:2b:b2:77:b8:33:
62:10:0c:0a:7e:0c:74:b9:a5:46:93:ed:55:f8:02:72:15:7f:
58:3a:a8:67:55:29:0f:14:1a:b6:a1:35:e7:1a:d3:01:58:68:
51:5a:f9:33:45:7b:91:8a:2f:76:e5:06:cd:2c:45:3d:04:c2:
e8:8a:ca:82
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgISAZ1O6P+bpgi4VyJ1jMhTHNIEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjYwNDAyMTU1NjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDlkY2NjMDM5MjU1YTFlOTExOWM2NTYzYjcwN2E1NDNhODkwMDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ScNzS821e5f6f4VsDNGHz11lylk
yStcdUphrmMYzh1e+wKSXNEWPD4vMs/PkgicK+Lb91xlCtz23WUoc5nHuJFXCmyE
64ZTjdIuwshF07ur6DXbWrkUSGh3VHxq4gugLBWgPAgouMO3rLfbn4Opp742EIfG
8EpWiYo0DdEIhkGxO4PLS9SqbJwnuQIpfgC5wIBigC7OO62gFScStpGgxIAdmCi9
No1YphyEzbtsq/qsjhE+/wObgQ0JVb+TsOxOptQv1+4GZp2018UXFOZJaAV8fX26
mPxzhkt2gIvjdYk5U6oNyNDwMrPp1IL7E6GeaekvcNJTqrOM0GraJWOyRQIDAQAB
o4ICcTCCAm0wHQYDVR0OBBYEFACdzMA5JVoekRnGVjtwelQ6iQCWMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvQUozTXdEa2xXaDZSR2NaV08zQjZWRHFKQUpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGGBggrBgEFBQcBBwEB/wR3MHUwZAQCAAEwXgMEAF+kDwME
Al+kKDAMAwQAX6QxAwQAX6QyAwQCX6Q4AwQAX6Q9AwQAX6RMAwQCX6RQAwQAX6Rz
AwQBX6R4MAwDBAFfpKoDBARfpKADBAFfpPgDBABfpPsDBAC56v4wDQQCAAIwBwMF
AyoQ64AwDQYJKoZIhvcNAQELBQADggEBAB5P0tT3pLanFI5SdF5ILzKiK/01b/CO
j2q0qyW9qt1CSPX7Y5dRWDe1NMvsZApI7oa2b6fR+THSrTGuB6nNGX1Tpkn7ullD
axDDv3qtPFGbB3Dc4nPSN+G2wJHBmJkkWsEasR+6l2RNqRwhIYtXy0vKxe3B3A9l
zf1yjUVupYv+CyxTuDs9O5DwOdvC5gwp9mEWHdbiw0R8mO+IfaOUN+2HlPchHxdS
PBp3Q1lI1ihwQidEgDUFltrKHNxZa+DYP6orsne4M2IQDAp+DHS5pUaT7VX4AnIV
f1g6qGdVKQ8UGrahNeca0wFYaFFa+TNFe5GKL3blBs0sRT0EwuiKyoI=
-----END CERTIFICATE-----
Generated at Fri Apr 17 23:55:27 2026 by rpki-client