Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/3794b1-ca7f-4a57-8b7b-06d3c4e63c20/1/sdh8pmOJsGStF0am0yT5pkIHwtc.roa
File: sdh8pmOJsGStF0am0yT5pkIHwtc.roa (raw, json)
Hash identifier: xa/Kb953bRWnupDskAs22J1Rh+G0Xh3NKxVztnMScFI=
Subject key identifier: B1:D8:7C:A6:63:89:B0:64:AD:17:46:A6:D3:24:F9:A6:42:07:C2:D7
Certificate issuer: /CN=82b2e0d00dd771a9e4d60bbf4be52114ea77db03
Certificate serial: 019B77C76C04106EF2D83F029497E924FD2F
Authority key identifier: 82:B2:E0:D0:0D:D7:71:A9:E4:D6:0B:BF:4B:E5:21:14:EA:77:DB:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/grLg0A3Xcank1gu_S-UhFOp32wM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ef/3794b1-ca7f-4a57-8b7b-06d3c4e63c20/1/sdh8pmOJsGStF0am0yT5pkIHwtc.roa
Signing time: Thu 01 Jan 2026 04:18:36 +0000
ROA not before: Thu 01 Jan 2026 04:18:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 216456
IP address blocks: 89.35.53.0/24 maxlen: 24
117.55.199.0/24 maxlen: 24
194.54.146.0/24 maxlen: 24
194.164.87.0/24 maxlen: 24
202.181.153.0/24 maxlen: 24
203.28.15.0/24 maxlen: 24
212.6.53.0/24 maxlen: 24
2a10:2080::/29 maxlen: 29
2a10:2080::/48 maxlen: 48
2a10:2080:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ef/3794b1-ca7f-4a57-8b7b-06d3c4e63c20/1/grLg0A3Xcank1gu_S-UhFOp32wM.crl
rsync://rpki.ripe.net/repository/DEFAULT/ef/3794b1-ca7f-4a57-8b7b-06d3c4e63c20/1/grLg0A3Xcank1gu_S-UhFOp32wM.mft
rsync://rpki.ripe.net/repository/DEFAULT/grLg0A3Xcank1gu_S-UhFOp32wM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 13:01:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:77:c7:6c:04:10:6e:f2:d8:3f:02:94:97:e9:24:fd:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=82b2e0d00dd771a9e4d60bbf4be52114ea77db03
Validity
Not Before: Jan 1 04:18:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b1d87ca66389b064ad1746a6d324f9a64207c2d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:24:fb:1a:8f:ea:41:4c:17:3c:4d:0f:e3:02:
ab:0d:9a:f4:de:35:e3:dc:b3:b2:cd:72:28:08:31:
5d:bf:32:31:3c:62:9a:94:fd:61:af:40:39:fa:b1:
75:c1:cc:1b:3e:f4:b0:54:dd:69:5e:ff:98:a8:0e:
24:03:1a:47:9d:e3:e6:c3:9f:20:ee:6f:10:11:6a:
4a:ea:28:82:22:b5:88:3e:e3:58:22:97:a5:20:8c:
40:9e:9b:03:55:ce:19:d5:96:7b:75:3a:c7:13:7e:
b5:d1:f4:29:f9:cf:b9:6e:48:2e:50:2a:4d:5f:10:
c3:c5:34:5d:51:d8:db:ea:19:f1:aa:21:b8:17:68:
07:dd:6d:03:68:48:97:01:75:af:9c:fc:57:25:4d:
41:20:b2:b2:b1:8d:30:b9:af:95:b4:6f:6b:d0:fb:
8b:32:11:0d:91:92:47:bf:99:68:cc:e6:20:f0:75:
74:59:33:f1:8b:d4:af:1b:6e:e9:68:5e:84:50:20:
80:00:08:14:1a:ae:fe:ea:40:3f:4f:5b:78:99:05:
b2:84:10:ed:c6:7c:0c:ad:fd:71:16:e5:c0:10:4c:
fd:09:d5:2f:69:ed:44:df:48:da:24:0b:37:95:0f:
22:2c:bd:59:bc:cf:a8:ee:b5:66:7e:db:d7:37:52:
c8:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:D8:7C:A6:63:89:B0:64:AD:17:46:A6:D3:24:F9:A6:42:07:C2:D7
X509v3 Authority Key Identifier:
keyid:82:B2:E0:D0:0D:D7:71:A9:E4:D6:0B:BF:4B:E5:21:14:EA:77:DB:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/grLg0A3Xcank1gu_S-UhFOp32wM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/3794b1-ca7f-4a57-8b7b-06d3c4e63c20/1/sdh8pmOJsGStF0am0yT5pkIHwtc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/3794b1-ca7f-4a57-8b7b-06d3c4e63c20/1/grLg0A3Xcank1gu_S-UhFOp32wM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.35.53.0/24
117.55.199.0/24
194.54.146.0/24
194.164.87.0/24
202.181.153.0/24
203.28.15.0/24
212.6.53.0/24
IPv6:
2a10:2080::/29
Signature Algorithm: sha256WithRSAEncryption
7e:29:22:d8:29:52:fe:17:85:df:55:ec:77:1e:2d:f7:57:09:
d5:c0:cd:90:fe:aa:3c:c3:0c:36:45:d6:10:97:b0:1a:a6:33:
a9:eb:d6:be:31:61:7a:fd:f7:90:3e:98:5f:ba:cf:89:45:17:
37:2b:16:c9:4c:f2:bd:60:ab:3f:6f:f3:b2:b5:76:75:d4:cb:
38:42:76:fb:d4:6b:9a:35:6d:3a:b4:84:36:4b:02:5f:35:6b:
c7:a0:73:20:d6:e8:47:1e:3a:c3:a8:32:18:dc:7b:bf:8f:91:
00:0e:af:7f:08:cf:63:b3:49:3e:62:0a:08:b8:bc:23:98:da:
dd:24:19:8c:1c:5b:01:27:af:c3:f0:c2:ec:e7:28:5b:80:9b:
f2:a5:4b:1b:2b:27:5c:19:e1:ec:34:62:91:c8:ea:61:73:d6:
6e:02:c2:6c:e6:77:0e:3e:58:66:38:53:bd:ff:f8:f2:0b:95:
f6:d4:1c:90:6c:30:fe:c9:fc:12:e4:b8:f0:0e:20:91:2a:5e:
6c:1c:1a:f2:74:f5:ad:6f:3b:5d:b5:5e:b0:1e:79:c3:ed:01:
6d:14:f2:ca:98:11:21:33:34:14:fc:47:ad:cc:f6:3d:af:a3:
e0:7a:ec:2a:6a:0b:ad:a4:fe:28:16:c8:1d:39:3e:86:2f:d7:
6c:e7:1f:9b
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZt3x2wEEG7y2D8ClJfpJP0vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyYjJlMGQwMGRkNzcxYTllNGQ2MGJiZjRiZTUyMTE0ZWE3
N2RiMDMwHhcNMjYwMTAxMDQxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWQ4N2NhNjYzODliMDY0YWQxNzQ2YTZkMzI0ZjlhNjQyMDdjMmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiT7Go/qQUwXPE0P4wKrDZr03jXj
3LOyzXIoCDFdvzIxPGKalP1hr0A5+rF1wcwbPvSwVN1pXv+YqA4kAxpHnePmw58g
7m8QEWpK6iiCIrWIPuNYIpelIIxAnpsDVc4Z1ZZ7dTrHE3610fQp+c+5bkguUCpN
XxDDxTRdUdjb6hnxqiG4F2gH3W0DaEiXAXWvnPxXJU1BILKysY0wua+VtG9r0PuL
MhENkZJHv5lozOYg8HV0WTPxi9SvG27paF6EUCCAAAgUGq7+6kA/T1t4mQWyhBDt
xnwMrf1xFuXAEEz9CdUvae1E30jaJAs3lQ8iLL1ZvM+o7rVmftvXN1LIgwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFLHYfKZjibBkrRdGptMk+aZCB8LXMB8GA1UdIwQY
MBaAFIKy4NAN13Gp5NYLv0vlIRTqd9sDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3JMZzBBM1hjYW5rMWd1X1MtVWhGT3AzMndNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8zNzk0YjEtY2E3Zi00YTU3LThiN2It
MDZkM2M0ZTYzYzIwLzEvc2RoOHBtT0pzR1N0RjBhbTB5VDVwa0lId3RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8zNzk0YjEtY2E3Zi00YTU3LThiN2ItMDZkM2M0ZTYzYzIw
LzEvZ3JMZzBBM1hjYW5rMWd1X1MtVWhGT3AzMndNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQAWSM1AwQA
dTfHAwQAwjaSAwQAwqRXAwQAyrWZAwQAyxwPAwQA1AY1MA0EAgACMAcDBQMqECCA
MA0GCSqGSIb3DQEBCwUAA4IBAQB+KSLYKVL+F4XfVex3Hi33VwnVwM2Q/qo8www2
RdYQl7AapjOp69a+MWF6/feQPphfus+JRRc3KxbJTPK9YKs/b/OytXZ11Ms4Qnb7
1GuaNW06tIQ2SwJfNWvHoHMg1uhHHjrDqDIY3Hu/j5EADq9/CM9js0k+YgoIuLwj
mNrdJBmMHFsBJ6/D8MLs5yhbgJvypUsbKydcGeHsNGKRyOphc9ZuAsJs5ncOPlhm
OFO9//jyC5X21ByQbDD+yfwS5LjwDiCRKl5sHBrydPWtbztdtV6wHnnD7QFtFPLK
mBEhMzQU/EetzPY9r6PgeuwqagutpP4oFsgdOT6GL9ds5x+b
-----END CERTIFICATE-----
Generated at Mon Mar 2 19:18:57 2026 by rpki-client