Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/NH690wA5Rtsfh_3fkgHwkj720mE.roa
File: NH690wA5Rtsfh_3fkgHwkj720mE.roa (raw, json)
Hash identifier: sVkOp02drpdYfj/Wr0yZIpMNryGkiVpiEgVN2Ly1taY=
Subject key identifier: 34:7E:BD:D3:00:39:46:DB:1F:87:FD:DF:92:01:F0:92:3E:F6:D2:61
Certificate issuer: /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial: 019D729296E2A37BE81F4AF06C55B51FD995
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/NH690wA5Rtsfh_3fkgHwkj720mE.roa
Signing time: Thu 09 Apr 2026 14:08:22 +0000
ROA not before: Thu 09 Apr 2026 14:08:22 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 36618
IP address blocks: 81.19.194.0/24 maxlen: 24
81.19.194.30/32 maxlen: 32
81.19.195.0/24 maxlen: 24
81.19.195.30/32 maxlen: 32
81.19.195.31/32 maxlen: 32
185.100.0.0/24 maxlen: 24
185.100.0.53/32 maxlen: 32
2a10:eec0:abcd::/48 maxlen: 48
2a10:eec0:abcd::30/128 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 17:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:72:92:96:e2:a3:7b:e8:1f:4a:f0:6c:55:b5:1f:d9:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Validity
Not Before: Apr 9 14:08:22 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=347ebdd3003946db1f87fddf9201f0923ef6d261
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:d3:b6:77:cc:07:0b:27:44:54:26:fe:31:46:
f8:6c:5e:9c:78:1e:4a:36:bb:c1:77:08:7f:bd:81:
94:08:c4:95:7e:79:f4:87:5a:7d:88:c2:dc:48:32:
8e:8f:8e:8f:6c:77:6b:36:6b:52:6e:56:8e:9c:18:
27:48:dd:9a:56:0f:6a:8e:a9:b0:0f:cf:89:70:7f:
0f:4a:a1:5a:65:40:79:32:ac:72:fc:98:50:e5:4e:
87:a1:0d:32:83:ea:f5:34:82:69:ad:28:03:b8:8a:
ea:2c:74:d2:27:5e:b8:28:94:84:00:44:9f:ca:f8:
1e:de:db:08:a3:fa:08:91:e0:4e:65:0a:a8:78:c2:
e6:ef:e0:a8:c4:b1:67:d4:53:9a:04:bf:6d:de:0c:
64:4a:51:41:02:7e:fe:8b:2e:62:d5:83:ce:64:6f:
16:4c:82:96:04:52:bd:da:96:87:5c:82:9a:c5:0f:
d4:d1:e7:0b:14:7e:c6:7d:35:26:12:3c:47:71:d6:
ce:aa:67:25:5d:62:87:d0:1b:84:fc:2c:b2:b4:fb:
96:80:61:88:5d:0c:89:7a:07:a3:5c:37:80:b0:e1:
e8:a7:ef:01:97:b3:84:50:b2:a8:ad:45:f6:a0:83:
82:8a:94:c3:84:9b:70:3c:c6:bd:72:77:42:39:58:
00:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:7E:BD:D3:00:39:46:DB:1F:87:FD:DF:92:01:F0:92:3E:F6:D2:61
X509v3 Authority Key Identifier:
keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/NH690wA5Rtsfh_3fkgHwkj720mE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.19.194.0/23
185.100.0.0/24
IPv6:
2a10:eec0:abcd::/48
Signature Algorithm: sha256WithRSAEncryption
45:35:ef:7c:59:65:6e:01:0e:4f:29:f4:ef:45:e5:15:2c:08:
41:e9:ef:32:7e:03:8a:60:8d:ac:c8:e7:67:1d:a7:d7:a7:53:
2d:6d:ce:58:81:9f:9b:09:c1:e4:1d:40:fb:61:f7:c6:7d:86:
02:e5:57:de:a3:72:a9:f4:51:e5:8b:3c:0c:4b:a1:5f:1c:3b:
38:58:06:f5:92:47:87:3d:b6:f8:e1:18:39:71:ed:63:42:31:
73:80:d1:55:6f:c7:cb:e0:d6:25:59:8f:e8:0e:7e:cf:12:6d:
d4:1c:01:eb:6c:fa:ac:f0:bc:c3:ff:95:9f:69:57:42:fa:b9:
f9:7d:a9:01:c8:3f:4c:cb:a1:ce:ba:4f:e3:e7:33:20:1d:92:
b0:01:f0:b9:3d:4d:f2:e6:c8:14:44:56:22:6e:b6:11:ec:e0:
50:48:57:16:cb:9e:6b:0d:8f:ad:32:a6:4a:72:b0:2c:6d:7b:
e8:46:75:10:19:df:9a:91:88:7c:e4:b6:d1:71:d9:29:e3:09:
18:0d:0e:2c:cb:c1:4d:01:15:70:2a:dd:5a:3c:65:57:d0:2f:
c1:e1:95:f7:fa:9b:f9:70:4b:42:41:dd:57:7f:2e:3f:92:3f:
c9:28:97:7d:10:26:c3:6a:39:aa:69:b5:86:01:34:da:52:2b:
23:53:18:ba
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ1ykpbio3voH0rwbFW1H9mVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwNDA5MTQwODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDdlYmRkMzAwMzk0NmRiMWY4N2ZkZGY5MjAxZjA5MjNlZjZkMjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4NO2d8wHCydEVCb+MUb4bF6ceB5K
NrvBdwh/vYGUCMSVfnn0h1p9iMLcSDKOj46PbHdrNmtSblaOnBgnSN2aVg9qjqmw
D8+JcH8PSqFaZUB5Mqxy/JhQ5U6HoQ0yg+r1NIJprSgDuIrqLHTSJ164KJSEAESf
yvge3tsIo/oIkeBOZQqoeMLm7+CoxLFn1FOaBL9t3gxkSlFBAn7+iy5i1YPOZG8W
TIKWBFK92paHXIKaxQ/U0ecLFH7GfTUmEjxHcdbOqmclXWKH0BuE/CyytPuWgGGI
XQyJegejXDeAsOHop+8Bl7OEULKorUX2oIOCipTDhJtwPMa9cndCOVgAYwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFDR+vdMAOUbbH4f935IB8JI+9tJhMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvTkg2OTB3QTVSdHNmaF8zZmtnSHdrajcyMG1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBURPCAwQA
uWQAMA8EAgACMAkDBwAqEO7Aq80wDQYJKoZIhvcNAQELBQADggEBAEU173xZZW4B
Dk8p9O9F5RUsCEHp7zJ+A4pgjazI52cdp9enUy1tzliBn5sJweQdQPth98Z9hgLl
V96jcqn0UeWLPAxLoV8cOzhYBvWSR4c9tvjhGDlx7WNCMXOA0VVvx8vg1iVZj+gO
fs8SbdQcAets+qzwvMP/lZ9pV0L6ufl9qQHIP0zLoc66T+PnMyAdkrAB8Lk9TfLm
yBREViJuthHs4FBIVxbLnmsNj60ypkpysCxte+hGdRAZ35qRiHzkttFx2SnjCRgN
DizLwU0BFXAq3Vo8ZVfQL8Hhlff6m/lwS0JB3Vd/Lj+SP8kol30QJsNqOapptYYB
NNpSKyNTGLo=
-----END CERTIFICATE-----
Generated at Fri Apr 17 01:18:47 2026 by rpki-client