Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/TDzYhYR5_4J8DClbCjisUdgEPKM.roa
File: TDzYhYR5_4J8DClbCjisUdgEPKM.roa (raw, json)
Hash identifier: q8MSYnLeyisCD2ZYQYaB+7DHM1ybMXAx9Du9NWSkplg=
Subject key identifier: 4C:3C:D8:85:84:79:FF:82:7C:0C:29:5B:0A:38:AC:51:D8:04:3C:A3
Certificate issuer: /CN=dd64166a91179308f253a9175616ccc6828c4463
Certificate serial: 019D3E4A6AAAD3499787F18961E74B57275B
Authority key identifier: DD:64:16:6A:91:17:93:08:F2:53:A9:17:56:16:CC:C6:82:8C:44:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3WQWapEXkwjyU6kXVhbMxoKMRGM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/TDzYhYR5_4J8DClbCjisUdgEPKM.roa
Signing time: Mon 30 Mar 2026 10:29:17 +0000
ROA not before: Mon 30 Mar 2026 10:29:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 201767
IP address blocks: 84.54.114.0/24 maxlen: 24
92.63.204.0/24 maxlen: 24
92.63.205.0/24 maxlen: 24
198.163.202.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/3WQWapEXkwjyU6kXVhbMxoKMRGM.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/3WQWapEXkwjyU6kXVhbMxoKMRGM.mft
rsync://rpki.ripe.net/repository/DEFAULT/3WQWapEXkwjyU6kXVhbMxoKMRGM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 12:11:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:3e:4a:6a:aa:d3:49:97:87:f1:89:61:e7:4b:57:27:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dd64166a91179308f253a9175616ccc6828c4463
Validity
Not Before: Mar 30 10:29:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4c3cd8858479ff827c0c295b0a38ac51d8043ca3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:a5:f2:ae:0b:82:92:3f:3d:98:97:c3:55:87:
79:1c:5e:72:68:35:ea:a4:3a:af:39:d6:4f:2f:07:
20:98:5b:ba:a1:57:ac:2f:6b:4a:8d:4d:a1:8b:34:
40:ab:b0:30:95:a1:7f:5c:49:ef:00:c3:e8:07:0c:
ee:86:51:43:32:d6:3d:61:21:bc:c8:4e:0a:45:57:
44:ed:d7:e4:10:dc:43:f1:0b:4f:af:8d:2a:4a:0a:
05:70:de:a0:04:1a:c6:94:46:86:2e:8b:ef:bb:80:
b6:c2:f2:1a:32:98:e2:d1:85:59:04:57:73:1f:19:
2c:dc:02:d5:26:3b:5b:d1:1b:63:9a:b8:57:ed:ef:
37:c0:6c:4d:05:e2:f7:2d:84:ce:ac:0f:c0:e9:fc:
9f:ff:15:88:01:be:db:68:a7:19:9c:dd:f3:ab:43:
e7:d8:5f:63:65:ca:8f:55:ed:17:fd:88:b3:cc:c0:
81:5d:70:b7:4b:96:bf:a0:fc:fd:31:ca:22:4e:9b:
17:ef:86:bd:c6:33:b5:c9:be:9c:a0:48:1b:46:0b:
33:4e:2e:74:58:e2:4a:29:66:1a:dd:13:49:33:5a:
bf:c2:01:ae:52:a3:35:9b:a8:3d:5f:3d:cc:cd:83:
16:70:d8:3e:ae:31:ae:f2:1c:7c:a3:b5:b9:6d:be:
96:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:3C:D8:85:84:79:FF:82:7C:0C:29:5B:0A:38:AC:51:D8:04:3C:A3
X509v3 Authority Key Identifier:
keyid:DD:64:16:6A:91:17:93:08:F2:53:A9:17:56:16:CC:C6:82:8C:44:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3WQWapEXkwjyU6kXVhbMxoKMRGM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/TDzYhYR5_4J8DClbCjisUdgEPKM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/3WQWapEXkwjyU6kXVhbMxoKMRGM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.54.114.0/24
92.63.204.0/23
198.163.202.0/23
Signature Algorithm: sha256WithRSAEncryption
75:50:27:6d:16:84:5c:52:5f:8b:78:6e:23:6d:a3:f4:e7:57:
15:14:ae:74:1e:6c:40:26:3b:30:70:b1:37:33:0a:6e:af:cd:
2c:ac:51:b7:1d:c0:4f:8a:5a:7e:91:77:c5:6a:7f:88:98:c1:
8a:8b:21:33:c5:de:e2:a5:23:89:d6:28:55:9b:30:3a:d3:e9:
d8:1a:3c:b1:af:51:3d:17:1e:4e:3d:bb:8c:7d:27:ad:54:a1:
d9:0e:1a:a0:d0:3e:fa:d7:5b:3c:9e:d0:11:37:78:c1:a7:07:
d1:42:26:5e:23:d9:b1:08:23:6a:2b:2e:67:75:bb:3e:0f:23:
4d:0f:5f:f5:7e:6c:f3:b4:6a:ce:77:9b:6a:7b:bc:70:a0:52:
d8:c1:4f:71:d3:17:ef:41:fe:4b:43:9e:95:93:4f:d6:32:92:
32:3c:16:e4:2b:db:cf:bc:26:20:47:65:7a:d4:d5:b7:71:d4:
46:a7:35:7f:6e:b6:c0:0a:99:30:06:62:ff:f8:79:42:c9:c9:
9f:f1:42:ec:e7:94:65:4a:c2:d5:79:04:28:ef:21:7e:ec:b0:
f7:de:2f:c7:1c:c9:3f:b8:8f:a3:bb:3c:59:7b:79:05:95:e6:
ea:dd:b3:e8:0a:cc:27:60:32:5c:08:8e:ed:40:f5:dd:d5:16:
62:ca:a1:69
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0+Smqq00mXh/GJYedLVydbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNjQxNjZhOTExNzkzMDhmMjUzYTkxNzU2MTZjY2M2ODI4
YzQ0NjMwHhcNMjYwMzMwMTAyOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzNjZDg4NTg0NzlmZjgyN2MwYzI5NWIwYTM4YWM1MWQ4MDQzY2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6XyrguCkj89mJfDVYd5HF5yaDXq
pDqvOdZPLwcgmFu6oVesL2tKjU2hizRAq7AwlaF/XEnvAMPoBwzuhlFDMtY9YSG8
yE4KRVdE7dfkENxD8QtPr40qSgoFcN6gBBrGlEaGLovvu4C2wvIaMpji0YVZBFdz
Hxks3ALVJjtb0RtjmrhX7e83wGxNBeL3LYTOrA/A6fyf/xWIAb7baKcZnN3zq0Pn
2F9jZcqPVe0X/YizzMCBXXC3S5a/oPz9McoiTpsX74a9xjO1yb6coEgbRgszTi50
WOJKKWYa3RNJM1q/wgGuUqM1m6g9Xz3MzYMWcNg+rjGu8hx8o7W5bb6WfQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEw82IWEef+CfAwpWwo4rFHYBDyjMB8GA1UdIwQY
MBaAFN1kFmqRF5MI8lOpF1YWzMaCjERjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1dRV2FwRVhrd2p5VTZrWFZoYk14b0tNUkdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8wYTQ4OWItOWQ5ZS00ZjZhLTg3Yzct
NzRkZTI1OGE3NmY4LzEvVER6WWhZUjVfNEo4RENsYkNqaXNVZGdFUEtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8wYTQ4OWItOWQ5ZS00ZjZhLTg3YzctNzRkZTI1OGE3NmY4
LzEvM1dRV2FwRVhrd2p5VTZrWFZoYk14b0tNUkdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVDZyAwQB
XD/MAwQBxqPKMA0GCSqGSIb3DQEBCwUAA4IBAQB1UCdtFoRcUl+LeG4jbaP051cV
FK50HmxAJjswcLE3Mwpur80srFG3HcBPilp+kXfFan+ImMGKiyEzxd7ipSOJ1ihV
mzA60+nYGjyxr1E9Fx5OPbuMfSetVKHZDhqg0D7611s8ntARN3jBpwfRQiZeI9mx
CCNqKy5ndbs+DyNND1/1fmzztGrOd5tqe7xwoFLYwU9x0xfvQf5LQ56Vk0/WMpIy
PBbkK9vPvCYgR2V61NW3cdRGpzV/brbACpkwBmL/+HlCycmf8ULs55RlSsLVeQQo
7yF+7LD33i/HHMk/uI+juzxZe3kFlebq3bPoCswnYDJcCI7tQPXd1RZiyqFp
-----END CERTIFICATE-----
Generated at Sun Apr 19 19:14:30 2026 by rpki-client