Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/PdSSD1pY2R8sHhODVspC8pD1XNg.roa
File: PdSSD1pY2R8sHhODVspC8pD1XNg.roa (raw, json)
Hash identifier: Hdy0mlxbyoY3S5V4w6LQ+HVJLICaMsGMYmJLwRUw9C8=
Subject key identifier: 3D:D4:92:0F:5A:58:D9:1F:2C:1E:13:83:56:CA:42:F2:90:F5:5C:D8
Certificate issuer: /CN=ab27ed1cea4321c49c3ca10f3affafdbdad532c2
Certificate serial: 019DF28D23929A1BA872CD4D60E1DF356683
Authority key identifier: AB:27:ED:1C:EA:43:21:C4:9C:3C:A1:0F:3A:FF:AF:DB:DA:D5:32:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/PdSSD1pY2R8sHhODVspC8pD1XNg.roa
Signing time: Mon 04 May 2026 10:33:49 +0000
ROA not before: Mon 04 May 2026 10:33:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202870
IP address blocks: 5.152.128.0/22 maxlen: 24
45.3.56.0/22 maxlen: 24
45.133.154.0/23 maxlen: 24
103.129.61.0/24 maxlen: 24
104.167.28.0/22 maxlen: 24
130.78.32.0/19 maxlen: 24
185.55.208.0/22 maxlen: 24
185.152.44.0/22 maxlen: 24
2a07:7e80::/29 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.crl
rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.mft
rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:f2:8d:23:92:9a:1b:a8:72:cd:4d:60:e1:df:35:66:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab27ed1cea4321c49c3ca10f3affafdbdad532c2
Validity
Not Before: May 4 10:33:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3dd4920f5a58d91f2c1e138356ca42f290f55cd8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:2f:22:29:77:39:4b:2b:23:06:d1:3c:70:22:
3f:cd:93:7e:ab:df:5b:f3:19:3d:70:20:9f:20:87:
e7:27:a6:24:36:35:a1:1a:d5:ec:a8:f8:c9:f8:da:
35:fe:ed:f0:28:1e:99:dc:65:a2:e0:ee:17:b3:b8:
c3:ce:b8:e6:97:03:bb:8c:cc:fd:4f:9e:7e:ce:54:
90:39:11:37:a2:6d:14:b7:1b:4f:e9:1f:7b:b6:12:
32:95:62:40:67:01:3c:55:94:a0:8c:94:8f:58:14:
c0:dc:de:8b:84:c2:a0:24:ac:a0:38:09:4e:a1:8b:
12:54:61:c3:63:36:f3:f7:c8:71:5e:e8:2f:19:2c:
3a:f7:27:5a:1f:db:d5:18:8b:a5:75:b6:70:ac:34:
9a:5f:e1:c5:de:1a:15:ac:77:9c:8d:d9:37:9c:1e:
0e:9c:df:e4:ab:24:e7:63:57:85:49:00:23:ff:09:
0b:8b:c4:48:11:0f:77:4b:85:29:58:d2:94:62:5e:
b8:69:ad:07:ba:d1:b2:2c:bf:9d:32:87:4a:3e:25:
b3:0d:ec:e2:0d:5d:80:f4:3a:35:73:c4:b1:16:2b:
33:0f:00:a6:de:02:53:87:df:77:71:aa:b6:90:50:
ac:f8:39:ad:5e:5f:0e:7d:40:41:e4:db:a0:1b:42:
14:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:D4:92:0F:5A:58:D9:1F:2C:1E:13:83:56:CA:42:F2:90:F5:5C:D8
X509v3 Authority Key Identifier:
keyid:AB:27:ED:1C:EA:43:21:C4:9C:3C:A1:0F:3A:FF:AF:DB:DA:D5:32:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/PdSSD1pY2R8sHhODVspC8pD1XNg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.152.128.0/22
45.3.56.0/22
45.133.154.0/23
103.129.61.0/24
104.167.28.0/22
130.78.32.0/19
185.55.208.0/22
185.152.44.0/22
IPv6:
2a07:7e80::/29
Signature Algorithm: sha256WithRSAEncryption
3d:a3:2d:ec:39:bb:33:f8:c9:3b:a6:68:1d:8f:4d:6d:31:df:
bf:6c:25:ed:0a:8f:93:63:1f:c2:98:2f:4c:8b:23:d1:7b:cd:
db:42:11:bd:b2:82:ef:d0:74:41:17:55:a8:92:52:58:35:1b:
99:4e:d8:29:ea:3f:64:9e:e8:67:09:a6:c9:c7:1a:d3:b0:7d:
e0:73:dd:77:02:1c:fd:f5:09:c8:29:e3:24:18:f0:3c:85:a3:
25:19:5c:ed:68:37:3e:dd:63:1a:12:c5:e5:cc:96:48:47:ca:
75:cc:9a:17:b5:e9:3a:99:83:9f:06:d6:d2:b7:19:56:0b:f6:
99:e2:83:bc:9e:8b:a7:43:f9:bb:90:ae:ab:84:cf:e5:d7:e8:
1c:f2:c0:f9:48:3a:40:f3:d5:b0:a1:10:f2:0b:15:67:a2:b1:
5c:3c:a5:9c:39:81:e0:21:fb:d5:36:5e:be:a2:4c:f4:73:b1:
40:8c:d8:03:b4:29:d0:cc:99:07:e0:11:00:44:b8:d5:b8:ba:
25:60:97:41:66:66:d1:1f:58:e2:59:c3:00:95:c6:bc:6e:f6:
bf:bd:6c:fe:bf:ec:cb:27:51:ea:1c:85:7e:e7:5f:2d:bf:ed:
55:42:ec:88:9d:55:db:55:2e:7c:3b:f0:7f:74:c9:83:5f:b1:
7b:f0:19:97
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZ3yjSOSmhuocs1NYOHfNWaDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMjdlZDFjZWE0MzIxYzQ5YzNjYTEwZjNhZmZhZmRiZGFk
NTMyYzIwHhcNMjYwNTA0MTAzMzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGQ0OTIwZjVhNThkOTFmMmMxZTEzODM1NmNhNDJmMjkwZjU1Y2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApi8iKXc5SysjBtE8cCI/zZN+q99b
8xk9cCCfIIfnJ6YkNjWhGtXsqPjJ+No1/u3wKB6Z3GWi4O4Xs7jDzrjmlwO7jMz9
T55+zlSQORE3om0UtxtP6R97thIylWJAZwE8VZSgjJSPWBTA3N6LhMKgJKygOAlO
oYsSVGHDYzbz98hxXugvGSw69ydaH9vVGIuldbZwrDSaX+HF3hoVrHecjdk3nB4O
nN/kqyTnY1eFSQAj/wkLi8RIEQ93S4UpWNKUYl64aa0HutGyLL+dModKPiWzDezi
DV2A9Do1c8SxFiszDwCm3gJTh993caq2kFCs+DmtXl8OfUBB5NugG0IUpQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFD3Ukg9aWNkfLB4Tg1bKQvKQ9VzYMB8GA1UdIwQY
MBaAFKsn7RzqQyHEnDyhDzr/r9va1TLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXlmdEhPcERJY1NjUEtFUE92LXYyOXJWTXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi84NjU0OTAtNzhlNy00M2I0LWIyZmQt
MWQwYmY1MjA4ZjkwLzEvUGRTU0QxcFkyUjhzSGhPRFZzcEM4cEQxWE5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi84NjU0OTAtNzhlNy00M2I0LWIyZmQtMWQwYmY1MjA4Zjkw
LzEvcXlmdEhPcERJY1NjUEtFUE92LXYyOXJWTXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQCBZiAAwQC
LQM4AwQBLYWaAwQAZ4E9AwQCaKccAwQFgk4gAwQCuTfQAwQCuZgsMA0EAgACMAcD
BQMqB36AMA0GCSqGSIb3DQEBCwUAA4IBAQA9oy3sObsz+Mk7pmgdj01tMd+/bCXt
Co+TYx/CmC9MiyPRe83bQhG9soLv0HRBF1WoklJYNRuZTtgp6j9knuhnCabJxxrT
sH3gc913Ahz99QnIKeMkGPA8haMlGVztaDc+3WMaEsXlzJZIR8p1zJoXtek6mYOf
BtbStxlWC/aZ4oO8nounQ/m7kK6rhM/l1+gc8sD5SDpA89WwoRDyCxVnorFcPKWc
OYHgIfvVNl6+okz0c7FAjNgDtCnQzJkH4BEARLjVuLolYJdBZmbRH1jiWcMAlca8
bva/vWz+v+zLJ1HqHIV+518tv+1VQuyInVXbVS58O/B/dMmDX7F78BmX
-----END CERTIFICATE-----
Generated at Tue May 12 21:44:58 2026 by rpki-client