Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/u4CvbG6TDnI1kr1EXShfypgQBBY.roa
File: u4CvbG6TDnI1kr1EXShfypgQBBY.roa (raw, json)
Hash identifier: fEiQJgutiQRDfdSgs+8iwYmGcoNGvto7HDp1hJif0ec=
Subject key identifier: BB:80:AF:6C:6E:93:0E:72:35:92:BD:44:5D:28:5F:CA:98:10:04:16
Certificate issuer: /CN=dd64166a91179308f253a9175616ccc6828c4463
Certificate serial: 019D3E4A6B242824F8544FC6CAD871B737E5
Authority key identifier: DD:64:16:6A:91:17:93:08:F2:53:A9:17:56:16:CC:C6:82:8C:44:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3WQWapEXkwjyU6kXVhbMxoKMRGM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/u4CvbG6TDnI1kr1EXShfypgQBBY.roa
Signing time: Mon 30 Mar 2026 10:29:17 +0000
ROA not before: Mon 30 Mar 2026 10:29:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202660
IP address blocks: 89.126.208.0/22 maxlen: 22
92.63.206.0/24 maxlen: 24
92.63.207.0/24 maxlen: 24
109.94.172.0/24 maxlen: 24
185.100.52.0/22 maxlen: 22
198.163.206.0/24 maxlen: 24
198.163.207.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/3WQWapEXkwjyU6kXVhbMxoKMRGM.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/3WQWapEXkwjyU6kXVhbMxoKMRGM.mft
rsync://rpki.ripe.net/repository/DEFAULT/3WQWapEXkwjyU6kXVhbMxoKMRGM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 12:11:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:3e:4a:6b:24:28:24:f8:54:4f:c6:ca:d8:71:b7:37:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dd64166a91179308f253a9175616ccc6828c4463
Validity
Not Before: Mar 30 10:29:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=bb80af6c6e930e723592bd445d285fca98100416
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:ea:c8:2d:03:e5:b4:53:f9:c2:63:eb:81:90:
67:7c:54:8b:3a:17:ea:9c:c3:94:10:7a:9d:05:97:
98:70:60:f1:8f:88:b7:6e:11:75:d8:11:f0:ed:7e:
51:3d:c5:22:01:c1:c1:69:bc:24:95:88:31:0d:37:
6f:8b:de:01:01:8e:4a:26:b9:80:d2:55:55:8a:d8:
6b:09:b9:60:0f:37:78:d6:64:40:8e:ea:a2:ae:59:
65:ee:97:e2:da:e6:01:b0:cb:23:91:01:44:a3:ed:
67:27:78:77:df:92:f6:52:04:5d:ab:ce:f2:77:6e:
f4:3b:c3:30:e9:46:f6:56:10:ec:5a:cd:86:72:d2:
27:22:b6:71:5d:81:92:d6:97:6f:02:79:ef:b9:5e:
54:87:2d:97:c2:b2:65:d8:da:e4:30:07:0d:58:6c:
bf:15:c9:1e:91:db:53:6a:86:98:ee:7b:28:d4:d4:
07:d5:40:1e:a8:c2:cb:5f:63:40:fc:19:aa:74:00:
aa:c7:b4:5c:b5:fc:48:8f:f2:68:fb:4d:f4:a8:96:
37:27:6c:43:7a:d7:fa:c0:46:41:b5:7a:a9:09:f5:
6b:6e:b5:db:ed:45:cf:e7:14:8f:0b:d7:7a:0b:5c:
c2:05:c5:13:50:8b:21:a9:e1:7b:c3:d5:2d:4f:68:
97:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:80:AF:6C:6E:93:0E:72:35:92:BD:44:5D:28:5F:CA:98:10:04:16
X509v3 Authority Key Identifier:
keyid:DD:64:16:6A:91:17:93:08:F2:53:A9:17:56:16:CC:C6:82:8C:44:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3WQWapEXkwjyU6kXVhbMxoKMRGM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/u4CvbG6TDnI1kr1EXShfypgQBBY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/3WQWapEXkwjyU6kXVhbMxoKMRGM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.126.208.0/22
92.63.206.0/23
109.94.172.0/24
185.100.52.0/22
198.163.206.0/23
Signature Algorithm: sha256WithRSAEncryption
12:0d:74:a5:b0:e3:33:16:8b:46:de:f7:e2:d7:c5:56:81:73:
15:ea:9b:d5:fe:ec:c1:b8:02:5c:a8:b2:6a:e9:e8:75:94:d5:
ec:95:40:90:72:59:79:3a:da:76:78:8b:e1:d8:27:c6:27:d7:
80:bb:d4:11:95:9b:d8:90:b0:ac:68:9d:04:06:69:28:c7:7d:
8a:84:62:71:7c:39:8b:4d:f6:8e:4d:dc:ef:4e:af:62:db:0b:
b5:79:ec:e1:ea:08:2e:7c:86:85:c8:12:ff:c9:a7:18:ff:ec:
ab:2c:5a:a2:42:4f:1c:20:5f:b2:e9:ba:52:bf:66:83:74:1c:
35:44:7e:4b:25:a6:c2:a1:bd:3b:8d:07:5b:b2:85:96:e1:ae:
ce:4e:d1:89:6a:fe:c9:9e:7a:ce:ed:41:29:ba:09:7f:a4:23:
86:87:ec:a1:55:90:bd:07:4f:26:2c:01:fb:f8:17:b3:e0:c8:
eb:e4:00:e9:a8:12:19:ff:50:2e:7f:a9:a4:22:84:23:d5:8f:
98:8d:dd:09:f6:71:86:d3:ae:9e:18:6a:97:7f:45:2a:5a:7d:
0b:b6:db:31:16:0e:af:b3:33:91:fe:01:72:ff:e7:80:43:d0:
92:c2:94:d5:7c:e7:d9:30:86:bd:56:54:1c:6c:8e:2d:1a:b9:
4c:25:d7:ed
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZ0+SmskKCT4VE/GythxtzflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNjQxNjZhOTExNzkzMDhmMjUzYTkxNzU2MTZjY2M2ODI4
YzQ0NjMwHhcNMjYwMzMwMTAyOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjgwYWY2YzZlOTMwZTcyMzU5MmJkNDQ1ZDI4NWZjYTk4MTAwNDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuerILQPltFP5wmPrgZBnfFSLOhfq
nMOUEHqdBZeYcGDxj4i3bhF12BHw7X5RPcUiAcHBabwklYgxDTdvi94BAY5KJrmA
0lVVithrCblgDzd41mRAjuqirlll7pfi2uYBsMsjkQFEo+1nJ3h335L2UgRdq87y
d270O8Mw6Ub2VhDsWs2GctInIrZxXYGS1pdvAnnvuV5Uhy2XwrJl2NrkMAcNWGy/
FckekdtTaoaY7nso1NQH1UAeqMLLX2NA/BmqdACqx7RctfxIj/Jo+030qJY3J2xD
etf6wEZBtXqpCfVrbrXb7UXP5xSPC9d6C1zCBcUTUIshqeF7w9UtT2iXiwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFLuAr2xukw5yNZK9RF0oX8qYEAQWMB8GA1UdIwQY
MBaAFN1kFmqRF5MI8lOpF1YWzMaCjERjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1dRV2FwRVhrd2p5VTZrWFZoYk14b0tNUkdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8wYTQ4OWItOWQ5ZS00ZjZhLTg3Yzct
NzRkZTI1OGE3NmY4LzEvdTRDdmJHNlREbkkxa3IxRVhTaGZ5cGdRQkJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8wYTQ4OWItOWQ5ZS00ZjZhLTg3YzctNzRkZTI1OGE3NmY4
LzEvM1dRV2FwRVhrd2p5VTZrWFZoYk14b0tNUkdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCWX7QAwQB
XD/OAwQAbV6sAwQCuWQ0AwQBxqPOMA0GCSqGSIb3DQEBCwUAA4IBAQASDXSlsOMz
FotG3vfi18VWgXMV6pvV/uzBuAJcqLJq6eh1lNXslUCQcll5Otp2eIvh2CfGJ9eA
u9QRlZvYkLCsaJ0EBmkox32KhGJxfDmLTfaOTdzvTq9i2wu1eezh6ggufIaFyBL/
yacY/+yrLFqiQk8cIF+y6bpSv2aDdBw1RH5LJabCob07jQdbsoWW4a7OTtGJav7J
nnrO7UEpugl/pCOGh+yhVZC9B08mLAH7+Bez4Mjr5ADpqBIZ/1Auf6mkIoQj1Y+Y
jd0J9nGG066eGGqXf0UqWn0LttsxFg6vszOR/gFy/+eAQ9CSwpTVfOfZMIa9VlQc
bI4tGrlMJdft
-----END CERTIFICATE-----
Generated at Sun Apr 19 19:15:21 2026 by rpki-client