Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/MtRThkNGPNwkUn7TkpVkFACz3EE.roa
File: MtRThkNGPNwkUn7TkpVkFACz3EE.roa (raw, json)
Hash identifier: 3xW9j9NOITphBjsJnUd8ET001+93RkSaJna9uGIu3Q0=
Subject key identifier: 32:D4:53:86:43:46:3C:DC:24:52:7E:D3:92:95:64:14:00:B3:DC:41
Certificate issuer: /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial: 019D7292B70AB10677B4F3BF78F7D91B8614
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/MtRThkNGPNwkUn7TkpVkFACz3EE.roa
Signing time: Thu 09 Apr 2026 14:08:30 +0000
ROA not before: Thu 09 Apr 2026 14:08:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 396597
IP address blocks: 81.19.194.0/24 maxlen: 24
81.19.194.30/32 maxlen: 32
81.19.195.0/24 maxlen: 24
81.19.195.30/32 maxlen: 32
81.19.195.31/32 maxlen: 32
185.100.0.0/24 maxlen: 24
185.100.0.53/32 maxlen: 32
2a10:eec0:abcd::/48 maxlen: 48
2a10:eec0:abcd::30/128 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 17:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:72:92:b7:0a:b1:06:77:b4:f3:bf:78:f7:d9:1b:86:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Validity
Not Before: Apr 9 14:08:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=32d4538643463cdc24527ed39295641400b3dc41
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:f6:4b:94:92:a9:eb:1b:54:91:33:59:b4:88:
e0:28:22:86:8b:14:5a:31:4f:c8:3c:fd:70:bb:66:
4f:79:50:11:62:3f:b9:4c:5e:60:54:c5:4f:5e:17:
5a:d1:b0:4a:26:ed:5f:6b:2c:da:f8:0d:70:3c:7d:
9b:3c:99:73:b9:75:b9:dc:c7:11:71:4c:6f:0d:96:
f6:05:c3:7d:67:74:fe:c8:80:f1:49:d5:b5:9f:1d:
c9:7d:ad:22:8f:ed:93:e1:73:ba:27:84:db:ed:95:
de:68:ef:78:7b:13:40:45:6a:2e:97:41:ad:42:8c:
31:4b:f4:72:d5:24:4a:f0:9c:98:2b:57:ba:c5:08:
6d:f7:6a:7c:96:4b:4b:1f:22:4d:ee:67:85:67:98:
53:a6:c8:e6:60:7b:38:b4:3a:3a:62:c7:aa:bc:5d:
56:56:af:f0:a8:6f:de:86:69:2c:79:27:85:60:73:
e3:93:cb:70:53:07:5c:3a:88:be:a1:d9:1d:3e:f2:
f3:11:7e:e9:9b:54:09:53:b6:54:93:58:8a:45:d0:
cc:b6:15:55:fd:57:9e:98:2d:9e:b9:28:45:2e:45:
db:a0:01:f6:a9:92:ea:75:6f:73:07:c3:e6:88:9a:
91:07:f4:11:bb:ea:51:08:50:1b:36:50:d0:48:8e:
cf:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:D4:53:86:43:46:3C:DC:24:52:7E:D3:92:95:64:14:00:B3:DC:41
X509v3 Authority Key Identifier:
keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/MtRThkNGPNwkUn7TkpVkFACz3EE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.19.194.0/23
185.100.0.0/24
IPv6:
2a10:eec0:abcd::/48
Signature Algorithm: sha256WithRSAEncryption
63:2e:12:f8:b8:3f:cf:54:0e:46:4a:99:7f:1b:0e:5b:e8:8a:
4d:a5:d9:81:fd:ec:b0:38:e3:ab:9f:79:cc:8b:34:7f:14:0e:
2e:ab:af:0c:f9:e1:2d:cc:33:b8:68:57:76:cf:ca:cd:da:e4:
97:e8:e3:fb:87:4f:59:6c:41:93:98:c7:44:b5:a6:a5:d3:c8:
b2:95:af:8d:65:da:eb:0c:ab:b3:1e:5a:2f:16:5a:46:00:fa:
5c:60:6c:42:5d:3c:9b:27:c0:5f:47:74:a4:9d:a2:a4:1e:8d:
62:de:29:f3:11:cf:51:87:cc:11:f2:23:06:3e:59:32:7f:35:
b9:5a:9a:68:1e:1b:db:be:2b:28:69:63:51:83:1c:ba:1c:7c:
af:11:58:e0:d9:c0:ee:4f:13:09:a7:33:60:5f:4f:a9:c4:28:
d3:d9:ea:14:be:93:03:fd:c8:e5:d8:62:22:77:2c:f2:6b:cf:
91:f5:d9:cd:85:26:72:6f:9f:cf:14:ca:6c:52:62:f5:d9:5c:
87:e4:b3:f2:8e:f0:d9:cf:ee:de:a0:6c:3f:50:00:91:ef:e8:
34:69:c3:ce:85:6e:cd:3f:1e:bd:d3:44:67:c5:6d:b4:9a:36:
90:ad:ae:1c:a7:09:05:94:13:6d:17:f4:42:aa:41:79:70:9d:
76:f6:2f:50
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ1ykrcKsQZ3tPO/ePfZG4YUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwNDA5MTQwODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmQ0NTM4NjQzNDYzY2RjMjQ1MjdlZDM5Mjk1NjQxNDAwYjNkYzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/ZLlJKp6xtUkTNZtIjgKCKGixRa
MU/IPP1wu2ZPeVARYj+5TF5gVMVPXhda0bBKJu1fayza+A1wPH2bPJlzuXW53McR
cUxvDZb2BcN9Z3T+yIDxSdW1nx3Jfa0ij+2T4XO6J4Tb7ZXeaO94exNARWoul0Gt
QowxS/Ry1SRK8JyYK1e6xQht92p8lktLHyJN7meFZ5hTpsjmYHs4tDo6YseqvF1W
Vq/wqG/ehmkseSeFYHPjk8twUwdcOoi+odkdPvLzEX7pm1QJU7ZUk1iKRdDMthVV
/VeemC2euShFLkXboAH2qZLqdW9zB8PmiJqRB/QRu+pRCFAbNlDQSI7POwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFDLUU4ZDRjzcJFJ+05KVZBQAs9xBMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvTXRSVGhrTkdQTndrVW43VGtwVmtGQUN6M0VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBURPCAwQA
uWQAMA8EAgACMAkDBwAqEO7Aq80wDQYJKoZIhvcNAQELBQADggEBAGMuEvi4P89U
DkZKmX8bDlvoik2l2YH97LA446ufecyLNH8UDi6rrwz54S3MM7hoV3bPys3a5Jfo
4/uHT1lsQZOYx0S1pqXTyLKVr41l2usMq7MeWi8WWkYA+lxgbEJdPJsnwF9HdKSd
oqQejWLeKfMRz1GHzBHyIwY+WTJ/NblammgeG9u+KyhpY1GDHLocfK8RWODZwO5P
EwmnM2BfT6nEKNPZ6hS+kwP9yOXYYiJ3LPJrz5H12c2FJnJvn88UymxSYvXZXIfk
s/KO8NnP7t6gbD9QAJHv6DRpw86Fbs0/Hr3TRGfFbbSaNpCtrhynCQWUE20X9EKq
QXlwnXb2L1A=
-----END CERTIFICATE-----
Generated at Fri Apr 17 01:21:17 2026 by rpki-client