Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/e128e0-00a6-4689-95be-524c2109cb05/1/UzFn8n9_tf4w-iKCTtFhG5SnWpg.roa
File: UzFn8n9_tf4w-iKCTtFhG5SnWpg.roa (raw, json)
Hash identifier: MFFkmnS3mVWWhbrVUQrhXKSWf1rXCa5UvdnfcnOZCV4=
Subject key identifier: 53:31:67:F2:7F:7F:B5:FE:30:FA:22:82:4E:D1:61:1B:94:A7:5A:98
Certificate issuer: /CN=37891a4724aac6b5da0005329aa3a5abe87779d6
Certificate serial: 019DDF6592B8C32AF69B7266623B317E075E
Authority key identifier: 37:89:1A:47:24:AA:C6:B5:DA:00:05:32:9A:A3:A5:AB:E8:77:79:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N4kaRySqxrXaAAUymqOlq-h3edY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/e128e0-00a6-4689-95be-524c2109cb05/1/UzFn8n9_tf4w-iKCTtFhG5SnWpg.roa
Signing time: Thu 30 Apr 2026 17:17:49 +0000
ROA not before: Thu 30 Apr 2026 17:17:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 207767
IP address blocks: 176.119.209.0/24 maxlen: 24
185.90.44.0/22 maxlen: 24
185.254.217.0/24 maxlen: 24
185.254.219.0/24 maxlen: 24
2a0f:ffc0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/22/e128e0-00a6-4689-95be-524c2109cb05/1/N4kaRySqxrXaAAUymqOlq-h3edY.crl
rsync://rpki.ripe.net/repository/DEFAULT/22/e128e0-00a6-4689-95be-524c2109cb05/1/N4kaRySqxrXaAAUymqOlq-h3edY.mft
rsync://rpki.ripe.net/repository/DEFAULT/N4kaRySqxrXaAAUymqOlq-h3edY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:df:65:92:b8:c3:2a:f6:9b:72:66:62:3b:31:7e:07:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37891a4724aac6b5da0005329aa3a5abe87779d6
Validity
Not Before: Apr 30 17:17:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=533167f27f7fb5fe30fa22824ed1611b94a75a98
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:c5:14:2c:d6:ec:10:bd:22:38:2e:14:12:29:
d2:4a:d3:4b:9f:a2:91:0c:bc:4e:e7:40:7f:53:19:
4c:26:61:32:ab:c3:4a:23:b0:fd:8b:f7:05:66:f5:
1d:ed:96:ec:ad:a4:9e:0a:45:78:d5:9b:c0:b3:29:
3a:3b:be:01:3f:f1:f6:cc:90:07:03:46:64:59:72:
fc:cf:d2:17:ba:73:10:14:4f:29:01:b3:1a:d3:a6:
08:92:a9:28:ca:75:de:08:77:bd:69:4a:49:15:88:
5d:89:40:08:1a:04:9f:92:6f:23:9f:7b:b2:f9:43:
6f:f5:95:9c:b7:c3:b3:b6:03:1e:bf:a1:e4:30:ed:
5b:ca:19:8d:20:07:95:f7:f2:ca:9a:00:9a:05:6e:
6a:5e:d4:35:d8:68:ce:4b:d6:54:5c:bc:0c:b5:38:
39:f6:67:37:77:d5:32:be:5e:06:0c:49:e3:7b:12:
2a:98:e8:cf:2e:84:78:77:4f:69:2e:36:40:c0:1a:
53:6d:d9:56:cc:e3:4c:c4:49:06:b6:2f:24:3a:30:
c9:56:82:22:83:07:0c:99:71:49:ab:a1:25:da:29:
a1:9c:c1:75:9d:20:be:be:65:d5:d9:a9:bd:02:32:
10:e6:85:9f:0e:92:a6:48:89:49:f0:f6:1f:45:97:
7d:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:31:67:F2:7F:7F:B5:FE:30:FA:22:82:4E:D1:61:1B:94:A7:5A:98
X509v3 Authority Key Identifier:
keyid:37:89:1A:47:24:AA:C6:B5:DA:00:05:32:9A:A3:A5:AB:E8:77:79:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N4kaRySqxrXaAAUymqOlq-h3edY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e128e0-00a6-4689-95be-524c2109cb05/1/UzFn8n9_tf4w-iKCTtFhG5SnWpg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e128e0-00a6-4689-95be-524c2109cb05/1/N4kaRySqxrXaAAUymqOlq-h3edY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.119.209.0/24
185.90.44.0/22
185.254.217.0/24
185.254.219.0/24
IPv6:
2a0f:ffc0::/29
Signature Algorithm: sha256WithRSAEncryption
3f:d2:0f:2c:8a:80:7c:2f:a3:6d:e7:c0:22:61:02:4b:19:90:
46:3d:15:25:b5:13:2c:b6:24:93:44:f2:a1:5d:41:de:2a:5b:
18:c7:16:01:56:c6:a4:33:08:4a:24:bd:2e:72:d6:c3:22:8c:
ec:0b:ec:af:a3:32:52:34:8c:e0:8c:22:31:f1:67:12:58:39:
44:2e:18:42:92:57:8b:6d:1e:4f:bc:38:9d:81:72:06:90:d8:
8b:e8:32:e7:db:46:97:29:ee:a7:b8:f5:26:84:4f:8e:b3:87:
75:32:0b:e8:1c:2a:51:ad:e1:28:18:3c:f8:09:6a:9f:2e:60:
33:3b:ec:0e:48:53:6c:f5:70:4f:d3:82:6c:aa:89:e3:ca:b1:
4c:16:55:d3:e6:a8:1b:3f:09:d1:41:7c:47:13:0a:06:e8:3b:
1a:22:54:94:af:0f:45:53:21:19:95:2f:3a:e6:0f:50:42:e9:
7c:1b:18:b6:79:00:ff:3b:eb:ed:9c:0a:1c:05:b8:6a:51:75:
7a:72:80:68:70:57:66:ac:49:6f:32:b1:dd:32:85:11:d2:e8:
70:c0:ed:78:7f:88:e0:ad:df:60:1d:1d:23:a3:3f:95:ad:cc:
ee:79:71:97:94:a5:f3:bd:94:25:c5:f8:c7:65:bf:a7:aa:a1:
33:78:8c:71
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZ3fZZK4wyr2m3JmYjsxfgdeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ODkxYTQ3MjRhYWM2YjVkYTAwMDUzMjlhYTNhNWFiZTg3
Nzc5ZDYwHhcNMjYwNDMwMTcxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzMxNjdmMjdmN2ZiNWZlMzBmYTIyODI0ZWQxNjExYjk0YTc1YTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8UULNbsEL0iOC4UEinSStNLn6KR
DLxO50B/UxlMJmEyq8NKI7D9i/cFZvUd7ZbsraSeCkV41ZvAsyk6O74BP/H2zJAH
A0ZkWXL8z9IXunMQFE8pAbMa06YIkqkoynXeCHe9aUpJFYhdiUAIGgSfkm8jn3uy
+UNv9ZWct8OztgMev6HkMO1byhmNIAeV9/LKmgCaBW5qXtQ12GjOS9ZUXLwMtTg5
9mc3d9Uyvl4GDEnjexIqmOjPLoR4d09pLjZAwBpTbdlWzONMxEkGti8kOjDJVoIi
gwcMmXFJq6El2imhnMF1nSC+vmXV2am9AjIQ5oWfDpKmSIlJ8PYfRZd9LQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFFMxZ/J/f7X+MPoigk7RYRuUp1qYMB8GA1UdIwQY
MBaAFDeJGkckqsa12gAFMpqjpavod3nWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjRrYVJ5U3F4clhhQUFVeW1xT2xxLWgzZWRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9lMTI4ZTAtMDBhNi00Njg5LTk1YmUt
NTI0YzIxMDljYjA1LzEvVXpGbjhuOV90ZjR3LWlLQ1R0RmhHNVNuV3BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9lMTI4ZTAtMDBhNi00Njg5LTk1YmUtNTI0YzIxMDljYjA1
LzEvTjRrYVJ5U3F4clhhQUFVeW1xT2xxLWgzZWRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAsHfRAwQC
uVosAwQAuf7ZAwQAuf7bMA0EAgACMAcDBQMqD//AMA0GCSqGSIb3DQEBCwUAA4IB
AQA/0g8sioB8L6Nt58AiYQJLGZBGPRUltRMstiSTRPKhXUHeKlsYxxYBVsakMwhK
JL0uctbDIozsC+yvozJSNIzgjCIx8WcSWDlELhhCkleLbR5PvDidgXIGkNiL6DLn
20aXKe6nuPUmhE+Os4d1MgvoHCpRreEoGDz4CWqfLmAzO+wOSFNs9XBP04Jsqonj
yrFMFlXT5qgbPwnRQXxHEwoG6DsaIlSUrw9FUyEZlS865g9QQul8Gxi2eQD/O+vt
nAocBbhqUXV6coBocFdmrElvMrHdMoUR0uhwwO14f4jgrd9gHR0joz+VrczueXGX
lKXzvZQlxfjHZb+nqqEzeIxx
-----END CERTIFICATE-----
Generated at Tue May 12 21:45:05 2026 by rpki-client