Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/nOuq0aXPzGttRKtofgh6vrnPbcQ.roa
File: nOuq0aXPzGttRKtofgh6vrnPbcQ.roa (raw, json)
Hash identifier: Kw/J3XFC7aME9qkhBNr2Z9SXook+hVkqEbqiRv5vLa8=
Subject key identifier: 9C:EB:AA:D1:A5:CF:CC:6B:6D:44:AB:68:7E:08:7A:BE:B9:CF:6D:C4
Certificate issuer: /CN=1b12120c351c14eec22109f603249fcdac1d3321
Certificate serial: 019DF3C8FF1834A353C789BF27678D1F000F
Authority key identifier: 1B:12:12:0C:35:1C:14:EE:C2:21:09:F6:03:24:9F:CD:AC:1D:33:21
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/nOuq0aXPzGttRKtofgh6vrnPbcQ.roa
Signing time: Mon 04 May 2026 16:18:49 +0000
ROA not before: Mon 04 May 2026 16:18:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 48678
IP address blocks: 185.7.241.0/24 maxlen: 24
185.7.242.0/24 maxlen: 24
185.7.243.0/24 maxlen: 24
2a14:db80:6::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.mft
rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 13:01:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:f3:c8:ff:18:34:a3:53:c7:89:bf:27:67:8d:1f:00:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1b12120c351c14eec22109f603249fcdac1d3321
Validity
Not Before: May 4 16:18:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9cebaad1a5cfcc6b6d44ab687e087abeb9cf6dc4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:a9:73:c5:08:f6:6a:5c:85:0c:ad:3f:c1:c6:
4c:7a:ff:de:5e:87:4f:ed:6c:1f:f9:5d:44:6f:d3:
d3:52:6e:4f:43:35:ec:74:eb:29:49:71:39:ab:ab:
af:6b:36:ab:30:3f:6d:98:11:66:55:19:80:e9:44:
3a:42:4f:f5:f2:a6:9f:a6:24:89:7d:9f:e7:46:19:
5c:a8:2a:e3:22:3e:9c:f5:d6:75:85:f3:2e:08:63:
8e:a6:fe:26:25:f1:69:60:24:8a:bf:e4:4d:28:a0:
f5:5e:68:a0:13:2f:44:c9:3a:9c:49:50:43:dd:33:
9a:41:b5:9b:81:9e:c0:a0:7a:ce:12:3f:9c:f9:e6:
c2:a0:0c:a7:7a:74:09:f5:90:53:fc:1f:e2:25:ff:
a3:d0:46:f2:24:ab:1d:06:5d:27:2f:fd:3c:52:55:
ce:dc:6f:e3:7c:25:c9:e4:2f:d3:48:91:52:34:b9:
39:43:d2:40:1e:8e:30:5a:8f:05:fd:2b:b7:8c:c0:
6e:9c:40:13:41:df:6c:34:a0:15:6b:f8:f8:30:88:
23:fc:0a:54:d2:5e:52:86:43:b3:08:c5:75:bb:40:
3e:6a:61:e9:c5:b9:1f:f8:0e:cc:f2:64:48:d8:f2:
50:f2:c3:6f:47:74:45:b3:92:1f:94:3c:62:60:f1:
0d:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:EB:AA:D1:A5:CF:CC:6B:6D:44:AB:68:7E:08:7A:BE:B9:CF:6D:C4
X509v3 Authority Key Identifier:
keyid:1B:12:12:0C:35:1C:14:EE:C2:21:09:F6:03:24:9F:CD:AC:1D:33:21
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/nOuq0aXPzGttRKtofgh6vrnPbcQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.7.241.0-185.7.243.255
IPv6:
2a14:db80:6::/48
Signature Algorithm: sha256WithRSAEncryption
66:c7:63:7b:07:dc:17:c0:74:08:a4:93:16:8a:de:e4:28:0b:
e8:bf:aa:92:6e:bd:76:7d:e7:4d:64:99:c7:86:46:a9:cb:9a:
7b:b0:a9:34:05:dd:d6:66:86:28:28:50:fd:5f:bf:2c:6e:c5:
34:d3:9a:49:35:75:e6:a8:e1:fc:3f:26:3e:3b:14:43:1b:a0:
6b:bd:cb:a4:7a:90:80:4b:17:ea:b1:a6:88:ca:66:f1:83:8c:
03:17:a8:91:10:80:01:cd:b0:ff:4e:4e:1f:99:22:fe:cb:a6:
f2:f0:df:f2:91:fa:10:d7:29:8c:ea:80:87:5a:e1:99:2f:a5:
11:45:59:4a:c4:bf:1e:ab:fd:5e:5a:ec:27:7c:bc:ea:bc:10:
23:a3:81:45:56:1d:6d:73:3b:6d:f8:39:e2:b8:c1:52:b1:93:
b7:17:97:0b:60:e8:44:9e:f6:c8:ba:f6:f7:b6:60:d8:22:ed:
8d:36:68:63:69:a1:b9:fa:bc:14:45:17:07:96:88:b2:b7:08:
be:72:52:c9:b8:bd:6e:5c:86:49:6f:dd:52:2f:98:c9:9e:33:
1d:e6:a0:4a:fb:b9:0d:b2:b0:41:7b:e2:c1:b5:0c:7a:19:aa:
fa:d4:77:7b:93:06:ad:15:35:e9:a7:99:3c:4a:a2:ba:f6:02:
d6:12:6b:27
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ3zyP8YNKNTx4m/J2eNHwAPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMTIxMjBjMzUxYzE0ZWVjMjIxMDlmNjAzMjQ5ZmNkYWMx
ZDMzMjEwHhcNMjYwNTA0MTYxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2ViYWFkMWE1Y2ZjYzZiNmQ0NGFiNjg3ZTA4N2FiZWI5Y2Y2ZGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7KlzxQj2alyFDK0/wcZMev/eXodP
7Wwf+V1Eb9PTUm5PQzXsdOspSXE5q6uvazarMD9tmBFmVRmA6UQ6Qk/18qafpiSJ
fZ/nRhlcqCrjIj6c9dZ1hfMuCGOOpv4mJfFpYCSKv+RNKKD1XmigEy9EyTqcSVBD
3TOaQbWbgZ7AoHrOEj+c+ebCoAynenQJ9ZBT/B/iJf+j0EbyJKsdBl0nL/08UlXO
3G/jfCXJ5C/TSJFSNLk5Q9JAHo4wWo8F/Su3jMBunEATQd9sNKAVa/j4MIgj/ApU
0l5ShkOzCMV1u0A+amHpxbkf+A7M8mRI2PJQ8sNvR3RFs5IflDxiYPENBQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFJzrqtGlz8xrbUSraH4Ier65z23EMB8GA1UdIwQY
MBaAFBsSEgw1HBTuwiEJ9gMkn82sHTMhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3hJU0REVWNGTzdDSVFuMkF5U2Z6YXdkTXlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8zZGFmN2YtMzAxZC00MjNlLTk0NmUt
NDNkZjQ3ZDVhMWU3LzEvbk91cTBhWFB6R3R0Ukt0b2ZnaDZ2cm5QYmNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8zZGFmN2YtMzAxZC00MjNlLTk0NmUtNDNkZjQ3ZDVhMWU3
LzEvR3hJU0REVWNGTzdDSVFuMkF5U2Z6YXdkTXlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAC5B/ED
BAK5B/AwDwQCAAIwCQMHACoU24AABjANBgkqhkiG9w0BAQsFAAOCAQEAZsdjewfc
F8B0CKSTFore5CgL6L+qkm69dn3nTWSZx4ZGqcuae7CpNAXd1maGKChQ/V+/LG7F
NNOaSTV15qjh/D8mPjsUQxuga73LpHqQgEsX6rGmiMpm8YOMAxeokRCAAc2w/05O
H5ki/sum8vDf8pH6ENcpjOqAh1rhmS+lEUVZSsS/Hqv9XlrsJ3y86rwQI6OBRVYd
bXM7bfg54rjBUrGTtxeXC2DoRJ72yLr297Zg2CLtjTZoY2mhufq8FEUXB5aIsrcI
vnJSybi9blyGSW/dUi+YyZ4zHeagSvu5DbKwQXviwbUMehmq+tR3e5MGrRU16aeZ
PEqiuvYC1hJrJw==
-----END CERTIFICATE-----
Generated at Tue May 12 21:52:35 2026 by rpki-client