Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3wLkvDNEqQSj9gIh8fo7ivKBitc.roa
File: 3wLkvDNEqQSj9gIh8fo7ivKBitc.roa (raw, json)
Hash identifier: jECdQt7zIOTXMtprU5VRjldhZAqupD4/QAywdw0LD+8=
Subject key identifier: DF:02:E4:BC:33:44:A9:04:A3:F6:02:21:F1:FA:3B:8A:F2:81:8A:D7
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019D29D6DB228FB57A6D80DAE23423885F5C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3wLkvDNEqQSj9gIh8fo7ivKBitc.roa
Signing time: Thu 26 Mar 2026 11:10:39 +0000
ROA not before: Thu 26 Mar 2026 11:10:39 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 0
IP address blocks: 45.66.228.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
85.217.130.0/23 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.126.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.60.0/23 maxlen: 23
87.121.165.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
185.218.84.0/22 maxlen: 24
185.222.160.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
193.47.61.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 28 Mar 2026 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:29:d6:db:22:8f:b5:7a:6d:80:da:e2:34:23:88:5f:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 26 11:10:39 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=df02e4bc3344a904a3f60221f1fa3b8af2818ad7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:eb:b8:bd:60:7a:da:ed:69:4a:ad:51:1e:a0:
ef:77:c0:39:7a:28:f0:c2:db:d2:1a:4a:4c:f2:da:
1d:26:64:63:89:19:d6:48:89:37:21:cd:33:40:16:
03:d1:60:d1:f1:b1:2d:93:cd:db:ff:76:52:1b:63:
95:5e:aa:68:c3:53:9d:97:17:e9:4b:37:13:04:1c:
ee:61:6b:57:d1:b6:8f:16:f0:2c:0f:88:62:98:c0:
ba:fd:ff:55:74:32:a5:65:b9:7b:15:7a:df:3d:6c:
a0:b4:5d:9e:65:e5:8f:0b:f9:87:db:51:23:f1:3f:
56:a0:3f:97:1d:f7:6f:16:48:e9:b4:87:03:39:c7:
71:3b:d3:8e:4e:8b:76:d8:79:f1:a7:5b:57:a7:4d:
0c:d6:2e:c2:07:29:c0:99:78:d8:df:ea:0d:22:87:
de:e3:3e:15:a6:d5:6e:fc:92:25:45:b0:96:79:57:
66:fd:05:91:81:7e:75:4b:36:b2:2b:c1:75:b0:f0:
27:cf:a9:e6:cf:03:fa:c3:00:31:94:bf:ac:5b:fd:
21:28:95:e4:7f:9f:e7:01:35:f8:5b:b7:fb:d4:25:
bf:46:df:c5:07:36:44:d9:c2:8f:04:f2:c7:a8:a7:
3f:09:53:5f:13:47:dc:72:84:8a:a8:de:60:29:5b:
4a:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:02:E4:BC:33:44:A9:04:A3:F6:02:21:F1:FA:3B:8A:F2:81:8A:D7
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3wLkvDNEqQSj9gIh8fo7ivKBitc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.228.0/24
45.66.231.0/24
45.89.247.0/24
45.141.158.0/24
81.161.238.0/24
85.217.130.0/23
87.120.87.0/24
87.120.126.0/24
87.120.166.0/24
87.121.60.0/23
87.121.165.0/24
92.249.50.0/24
93.123.109.0/24
147.78.101.0/24
185.218.84.0/22
185.222.160.0/24
193.25.216.0/24
193.47.61.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
0e:06:b8:79:fc:15:fb:02:9b:32:67:a0:68:d2:fa:14:cf:a7:
96:0c:d9:90:db:9c:2c:5b:f2:4d:c4:95:74:7c:4a:85:97:d5:
18:03:e8:fd:cb:c8:85:a4:7a:64:41:d1:98:e4:74:04:d9:9a:
3f:cd:12:ec:ea:68:c7:d4:02:33:33:4e:58:c7:3b:dd:92:5a:
a1:93:76:3d:5d:dd:5f:67:1d:d6:01:12:54:d9:ba:ec:e5:54:
e5:2e:9f:7b:95:04:1e:f6:9e:3b:2c:2f:de:26:01:87:83:93:
55:3d:16:9b:bc:95:5d:fb:af:9b:c2:20:ef:36:c8:31:09:fc:
b9:00:db:6a:ec:bd:37:a5:14:f7:40:04:00:78:75:b2:0e:fe:
a3:a4:dd:c3:02:21:c4:9a:02:9f:80:bf:ad:a9:43:4d:a4:f9:
40:58:05:1c:84:a1:a8:ac:5a:59:a4:84:36:d1:4e:3c:d4:e5:
9e:b7:a6:07:b4:a0:13:a8:79:1a:7d:b5:07:7d:9f:39:ee:2d:
0b:30:fc:66:4c:c0:01:c5:c4:7a:8a:3c:f7:87:92:bd:4c:f0:
3a:21:91:68:32:b4:df:6e:91:f8:2f:85:3d:2d:64:dc:67:6d:
2a:66:d9:b4:1a:0d:47:2b:d6:c3:ae:09:0e:2d:e8:cb:ae:09:
99:fd:8b:28
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAZ0p1tsij7V6bYDa4jQjiF9cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMzI2MTExMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjAyZTRiYzMzNDRhOTA0YTNmNjAyMjFmMWZhM2I4YWYyODE4YWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6+u4vWB62u1pSq1RHqDvd8A5eijw
wtvSGkpM8todJmRjiRnWSIk3Ic0zQBYD0WDR8bEtk83b/3ZSG2OVXqpow1Odlxfp
SzcTBBzuYWtX0baPFvAsD4himMC6/f9VdDKlZbl7FXrfPWygtF2eZeWPC/mH21Ej
8T9WoD+XHfdvFkjptIcDOcdxO9OOTot22Hnxp1tXp00M1i7CBynAmXjY3+oNIofe
4z4VptVu/JIlRbCWeVdm/QWRgX51SzayK8F1sPAnz6nmzwP6wwAxlL+sW/0hKJXk
f5/nATX4W7f71CW/Rt/FBzZE2cKPBPLHqKc/CVNfE0fccoSKqN5gKVtK/wIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFN8C5LwzRKkEo/YCIfH6O4rygYrXMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvM3dMa3ZETkVxUVNqOWdJaDhmbzdpdktCaXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGTBggrBgEFBQcBBwEB/wSBgzCBgDB+BAIAATB4AwQALULk
AwQALULnAwQALVn3AwQALY2eAwQAUaHuAwQBVdmCAwQAV3hXAwQAV3h+AwQAV3im
AwQBV3k8AwQAV3mlAwQAXPkyAwQAXXttAwQAk05lAwQCudpUAwQAud6gAwQAwRnY
AwQAwS89AwQAwje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQAOBrh5/BX7Apsy
Z6Bo0voUz6eWDNmQ25wsW/JNxJV0fEqFl9UYA+j9y8iFpHpkQdGY5HQE2Zo/zRLs
6mjH1AIzM05Yxzvdklqhk3Y9Xd1fZx3WARJU2brs5VTlLp97lQQe9p47LC/eJgGH
g5NVPRabvJVd+6+bwiDvNsgxCfy5ANtq7L03pRT3QAQAeHWyDv6jpN3DAiHEmgKf
gL+tqUNNpPlAWAUchKGorFpZpIQ20U481OWet6YHtKATqHkafbUHfZ857i0LMPxm
TMABxcR6ijz3h5K9TPA6IZFoMrTfbpH4L4U9LWTcZ20qZtm0Gg1HK9bDrgkOLejL
rgmZ/Yso
-----END CERTIFICATE-----
Generated at Fri Mar 27 08:37:00 2026 by rpki-client