Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/IT-G9anfftKLn-JNHdB3nhqaHRg.roa
File: IT-G9anfftKLn-JNHdB3nhqaHRg.roa (raw, json)
Hash identifier: 8S5tnd+3z64Mysha0HCn0KENKA3IjsNdvVfiIIaQQlM=
Subject key identifier: 21:3F:86:F5:A9:DF:7E:D2:8B:9F:E2:4D:1D:D0:77:9E:1A:9A:1D:18
Certificate issuer: /CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Certificate serial: 019DF8AA6E88888DB95ABCDDFC094000CFCA
Authority key identifier: 9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/IT-G9anfftKLn-JNHdB3nhqaHRg.roa
Signing time: Tue 05 May 2026 15:03:32 +0000
ROA not before: Tue 05 May 2026 15:03:32 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 5650
IP address blocks: 2.56.32.0/22 maxlen: 22
5.253.187.0/24 maxlen: 24
45.81.160.0/24 maxlen: 24
185.219.163.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl
rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.mft
rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 18:00:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:f8:aa:6e:88:88:8d:b9:5a:bc:dd:fc:09:40:00:cf:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Validity
Not Before: May 5 15:03:32 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=213f86f5a9df7ed28b9fe24d1dd0779e1a9a1d18
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:28:e5:c3:72:31:ff:d9:06:2f:96:13:71:0c:
b9:0a:92:a2:ef:9e:b7:ab:f1:e9:53:03:64:b2:29:
80:18:12:7e:f1:8a:24:cc:b3:1d:9f:46:c5:45:24:
2f:fc:a9:ed:b1:2b:6d:3e:08:35:8b:2e:16:7a:86:
b9:f5:89:c7:89:b6:94:10:e0:83:8c:87:22:91:4a:
40:de:30:6a:36:ee:ec:de:ff:9f:d0:9c:82:56:8b:
f4:a1:f4:44:92:e0:47:e0:d8:7d:d8:66:82:c3:17:
a4:fc:b1:ed:d5:2b:34:b7:35:3d:b7:22:97:6f:a6:
1c:b5:03:e0:f4:51:2b:4d:74:5f:6b:dc:e1:f8:57:
3c:6f:ef:1c:84:7f:dc:0c:21:eb:b7:aa:d5:ff:5e:
10:04:6f:be:26:b1:ee:d7:37:8d:3c:ef:13:cc:c2:
89:64:db:b1:b8:90:77:4b:d3:f7:1f:33:7a:aa:38:
b5:72:f6:46:c5:bd:b5:ec:96:76:86:15:5a:0f:f9:
2e:53:90:7b:1b:34:5e:e9:46:9c:78:b1:32:08:78:
40:7a:05:b5:d2:fb:0d:07:70:cf:64:82:82:71:de:
c3:80:54:d3:c5:8f:0e:6c:fa:20:b9:44:25:f9:11:
d6:a5:cc:86:89:4d:ef:ec:ab:d0:64:cb:d2:0f:ff:
df:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:3F:86:F5:A9:DF:7E:D2:8B:9F:E2:4D:1D:D0:77:9E:1A:9A:1D:18
X509v3 Authority Key Identifier:
keyid:9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/IT-G9anfftKLn-JNHdB3nhqaHRg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.32.0/22
5.253.187.0/24
45.81.160.0/24
185.219.163.0/24
Signature Algorithm: sha256WithRSAEncryption
70:92:4a:ae:5f:15:40:80:3c:15:a5:e2:f3:09:13:4a:2b:2d:
e2:6d:6c:05:63:14:b6:ae:35:ce:88:53:12:4e:fa:24:86:44:
5b:30:8b:d7:23:0b:8e:3d:86:3d:43:f6:d3:d1:81:2d:ec:09:
5c:20:96:a6:3c:1f:86:6c:29:d0:e0:f3:2e:bd:87:05:44:5a:
8d:94:94:97:03:54:17:64:3a:78:0b:f5:38:98:81:0a:e6:06:
83:c4:5f:13:a8:6c:76:2b:05:27:45:0c:7b:a3:43:fa:8a:1c:
c4:86:7c:59:d2:22:23:0d:aa:f9:3c:fb:ba:dc:92:12:d4:f0:
b7:0c:ce:f7:c9:f1:8b:4e:23:8b:06:94:68:c9:6d:11:c3:d8:
a7:eb:20:31:34:e1:e9:24:49:03:60:24:47:e2:6c:2b:71:eb:
64:43:89:98:31:8a:b1:a1:01:7a:1d:51:58:69:1a:e2:43:01:
2a:89:f9:db:06:d1:83:f5:11:17:45:87:f9:97:a5:72:86:43:
6f:d2:52:f2:31:62:7c:5a:6e:96:e3:84:62:07:25:a0:8f:13:
8e:b6:44:93:68:82:bd:de:45:c5:4f:4c:61:c5:c4:8f:fe:af:
c0:69:40:cf:81:79:d3:2d:5f:03:ec:22:13:6f:4d:d6:e0:4f:
b8:5b:ea:ac
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ34qm6IiI25Wrzd/AlAAM/KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjI1Y2U1NTBlNGQ5YmRhMDViZDVkNDVjOGI2YmEzNzQz
MGJiYmEwHhcNMjYwNTA1MTUwMzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTNmODZmNWE5ZGY3ZWQyOGI5ZmUyNGQxZGQwNzc5ZTFhOWExZDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yjlw3Ix/9kGL5YTcQy5CpKi7563
q/HpUwNksimAGBJ+8YokzLMdn0bFRSQv/KntsSttPgg1iy4Weoa59YnHibaUEOCD
jIcikUpA3jBqNu7s3v+f0JyCVov0ofREkuBH4Nh92GaCwxek/LHt1Ss0tzU9tyKX
b6YctQPg9FErTXRfa9zh+Fc8b+8chH/cDCHrt6rV/14QBG++JrHu1zeNPO8TzMKJ
ZNuxuJB3S9P3HzN6qji1cvZGxb217JZ2hhVaD/kuU5B7GzRe6UaceLEyCHhAegW1
0vsNB3DPZIKCcd7DgFTTxY8ObPoguUQl+RHWpcyGiU3v7KvQZMvSD//flwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCE/hvWp337Si5/iTR3Qd54amh0YMB8GA1UdIwQY
MBaAFJyyXOVQ5Nm9oFvV1FyLa6N0MLu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYt
YmU0NWYwZDJhYmJiLzEvSVQtRzlhbmZmdEtMbi1KTkhkQjNuaHFhSFJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYtYmU0NWYwZDJhYmJi
LzEvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCAjggAwQA
Bf27AwQALVGgAwQAudujMA0GCSqGSIb3DQEBCwUAA4IBAQBwkkquXxVAgDwVpeLz
CRNKKy3ibWwFYxS2rjXOiFMSTvokhkRbMIvXIwuOPYY9Q/bT0YEt7AlcIJamPB+G
bCnQ4PMuvYcFRFqNlJSXA1QXZDp4C/U4mIEK5gaDxF8TqGx2KwUnRQx7o0P6ihzE
hnxZ0iIjDar5PPu63JIS1PC3DM73yfGLTiOLBpRoyW0Rw9in6yAxNOHpJEkDYCRH
4mwrcetkQ4mYMYqxoQF6HVFYaRriQwEqifnbBtGD9REXRYf5l6VyhkNv0lLyMWJ8
Wm6W44RiByWgjxOOtkSTaIK93kXFT0xhxcSP/q/AaUDPgXnTLV8D7CITb03W4E+4
W+qs
-----END CERTIFICATE-----
Generated at Wed May 13 04:20:02 2026 by rpki-client