Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/397dfe-dc98-4584-8585-4d1d37dc81b4/1/I09YHj-xMtJyOqy1S5-_QiKKHCM.roa
File: I09YHj-xMtJyOqy1S5-_QiKKHCM.roa (raw, json)
Hash identifier: Dl6s19nphOIYoXAZFraR2mc7LjS/EY8yRFQ8t5aHIJ8=
Subject key identifier: 23:4F:58:1E:3F:B1:32:D2:72:3A:AC:B5:4B:9F:BF:42:22:8A:1C:23
Certificate issuer: /CN=0a3e08ef3d754bc6afa91fa6c10020f58505c161
Certificate serial: 019B78A229E480223EEA2AF3305E2640259D
Authority key identifier: 0A:3E:08:EF:3D:75:4B:C6:AF:A9:1F:A6:C1:00:20:F5:85:05:C1:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Cj4I7z11S8avqR-mwQAg9YUFwWE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/397dfe-dc98-4584-8585-4d1d37dc81b4/1/I09YHj-xMtJyOqy1S5-_QiKKHCM.roa
Signing time: Thu 01 Jan 2026 08:17:32 +0000
ROA not before: Thu 01 Jan 2026 08:17:32 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 16168
IP address blocks: 82.144.96.0/19 maxlen: 19
82.144.110.0/24 maxlen: 24
193.41.240.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f2/397dfe-dc98-4584-8585-4d1d37dc81b4/1/Cj4I7z11S8avqR-mwQAg9YUFwWE.crl
rsync://rpki.ripe.net/repository/DEFAULT/f2/397dfe-dc98-4584-8585-4d1d37dc81b4/1/Cj4I7z11S8avqR-mwQAg9YUFwWE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Cj4I7z11S8avqR-mwQAg9YUFwWE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 23:00:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:78:a2:29:e4:80:22:3e:ea:2a:f3:30:5e:26:40:25:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a3e08ef3d754bc6afa91fa6c10020f58505c161
Validity
Not Before: Jan 1 08:17:32 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=234f581e3fb132d2723aacb54b9fbf42228a1c23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:a6:04:a3:6f:da:64:b7:99:84:c6:2c:8a:12:
20:41:f0:72:d6:d3:a4:0e:b4:40:14:cc:d0:45:4b:
3b:a8:70:82:cd:c3:3d:ed:83:a3:7c:e0:bf:6a:e3:
ef:cc:3d:4c:58:56:0e:1e:0f:c6:8c:11:2a:4c:f0:
fb:d4:d4:7f:13:95:c1:93:e5:9c:79:ac:94:ba:45:
e7:fd:f3:cb:40:23:b1:aa:b6:a0:4f:d4:75:da:2f:
9b:d3:df:01:35:17:77:5d:3b:ff:c9:87:d7:9f:7c:
af:57:7e:e2:7b:11:76:b1:2c:37:87:5a:a5:4e:20:
0e:c5:6c:1c:ca:94:30:b7:3d:c1:7b:f2:4b:cd:45:
36:b7:91:a1:7a:75:91:d5:f0:66:3c:ab:53:74:a2:
b8:4b:14:71:30:d4:32:f6:84:cb:35:ac:11:d2:77:
c7:21:be:a4:5b:63:bd:1c:6c:bd:54:00:21:57:a8:
19:f4:2e:d7:3f:64:05:17:49:bd:5b:f0:28:91:b4:
e4:dc:0b:96:23:3f:d8:76:93:3a:8b:cb:58:fb:5a:
34:63:44:fe:da:e4:74:cd:78:0a:73:64:c3:1c:9d:
cc:ab:19:da:4e:80:e5:26:a4:67:f6:c7:85:f7:f8:
73:b8:85:ab:80:79:75:fc:fa:18:29:71:e5:82:6b:
41:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:4F:58:1E:3F:B1:32:D2:72:3A:AC:B5:4B:9F:BF:42:22:8A:1C:23
X509v3 Authority Key Identifier:
keyid:0A:3E:08:EF:3D:75:4B:C6:AF:A9:1F:A6:C1:00:20:F5:85:05:C1:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cj4I7z11S8avqR-mwQAg9YUFwWE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/397dfe-dc98-4584-8585-4d1d37dc81b4/1/I09YHj-xMtJyOqy1S5-_QiKKHCM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/397dfe-dc98-4584-8585-4d1d37dc81b4/1/Cj4I7z11S8avqR-mwQAg9YUFwWE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.144.96.0/19
193.41.240.0/22
Signature Algorithm: sha256WithRSAEncryption
77:a8:d2:44:55:7c:f0:bc:b1:dc:14:59:80:58:2e:bf:c5:38:
c6:90:3c:90:0a:79:96:4a:ec:72:0a:4a:65:52:ea:05:22:8f:
1c:29:94:43:5e:46:de:75:61:7d:1b:5e:91:e7:83:2e:84:bf:
44:c1:8e:03:f7:67:f0:34:31:77:f1:95:70:32:b7:42:ee:ae:
73:d7:bc:80:ed:aa:4f:f1:84:0d:9f:d9:a6:0b:97:5e:23:de:
5c:36:34:2d:0b:09:be:b4:40:cc:85:37:93:ba:a8:3c:90:98:
20:14:24:f3:bc:75:ca:b7:28:b7:4f:6a:30:23:c6:e3:4e:96:
73:3f:23:53:73:40:04:54:f7:59:0e:bc:47:1c:99:31:c7:0c:
9d:a2:e0:d0:89:1e:da:b3:a6:e3:d3:de:51:d2:81:69:8c:87:
40:47:97:ea:02:3c:cc:ef:b2:06:9b:7d:8f:b2:46:18:b6:42:
6a:0c:ef:d4:96:28:bb:58:cf:2f:2b:5f:7e:df:30:95:75:c1:
be:16:22:ba:89:51:4b:9e:bf:b2:94:7f:f5:31:66:81:74:57:
ef:0f:ac:01:30:09:65:0d:93:22:b2:ad:47:fb:be:7b:6d:14:
ee:0a:ee:6b:f0:1c:14:93:ec:54:78:99:c0:9e:d6:40:55:23:
f9:a0:2e:5f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt4oinkgCI+6irzMF4mQCWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhM2UwOGVmM2Q3NTRiYzZhZmE5MWZhNmMxMDAyMGY1ODUw
NWMxNjEwHhcNMjYwMTAxMDgxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzRmNTgxZTNmYjEzMmQyNzIzYWFjYjU0YjlmYmY0MjIyOGExYzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqYEo2/aZLeZhMYsihIgQfBy1tOk
DrRAFMzQRUs7qHCCzcM97YOjfOC/auPvzD1MWFYOHg/GjBEqTPD71NR/E5XBk+Wc
eayUukXn/fPLQCOxqragT9R12i+b098BNRd3XTv/yYfXn3yvV37iexF2sSw3h1ql
TiAOxWwcypQwtz3Be/JLzUU2t5GhenWR1fBmPKtTdKK4SxRxMNQy9oTLNawR0nfH
Ib6kW2O9HGy9VAAhV6gZ9C7XP2QFF0m9W/AokbTk3AuWIz/YdpM6i8tY+1o0Y0T+
2uR0zXgKc2TDHJ3MqxnaToDlJqRn9seF9/hzuIWrgHl1/PoYKXHlgmtB1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCNPWB4/sTLScjqstUufv0IiihwjMB8GA1UdIwQY
MBaAFAo+CO89dUvGr6kfpsEAIPWFBcFhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2o0STd6MTFTOGF2cVItbXdRQWc5WVVGd1dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8zOTdkZmUtZGM5OC00NTg0LTg1ODUt
NGQxZDM3ZGM4MWI0LzEvSTA5WUhqLXhNdEp5T3F5MVM1LV9RaUtLSENNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8zOTdkZmUtZGM5OC00NTg0LTg1ODUtNGQxZDM3ZGM4MWI0
LzEvQ2o0STd6MTFTOGF2cVItbXdRQWc5WVVGd1dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFUpBgAwQC
wSnwMA0GCSqGSIb3DQEBCwUAA4IBAQB3qNJEVXzwvLHcFFmAWC6/xTjGkDyQCnmW
SuxyCkplUuoFIo8cKZRDXkbedWF9G16R54MuhL9EwY4D92fwNDF38ZVwMrdC7q5z
17yA7apP8YQNn9mmC5deI95cNjQtCwm+tEDMhTeTuqg8kJggFCTzvHXKtyi3T2ow
I8bjTpZzPyNTc0AEVPdZDrxHHJkxxwydouDQiR7as6bj095R0oFpjIdAR5fqAjzM
77IGm32PskYYtkJqDO/Ulii7WM8vK19+3zCVdcG+FiK6iVFLnr+ylH/1MWaBdFfv
D6wBMAllDZMisq1H+757bRTuCu5r8BwUk+xUeJnAntZAVSP5oC5f
-----END CERTIFICATE-----
Generated at Mon Mar 2 09:17:59 2026 by rpki-client