Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/1-5Pgda6HIJ1A50ORC-s21IuXoKI.roa
File: 1-5Pgda6HIJ1A50ORC-s21IuXoKI.roa (raw, json)
Hash identifier: G3EoBYlK+6iAK1+dHCsC16Icl5M1ev7HNUR0XeGO+Q0=
Subject key identifier: FB:93:E0:75:AE:87:20:9D:40:E7:43:91:0B:EB:36:D4:8B:97:A0:A2
Certificate issuer: /CN=5f7da568ad027b9e249c13e223d322769881a29f
Certificate serial: 019DBEC22131315637A48CA510BDAA1237DE
Authority key identifier: 5F:7D:A5:68:AD:02:7B:9E:24:9C:13:E2:23:D3:22:76:98:81:A2:9F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/1-5Pgda6HIJ1A50ORC-s21IuXoKI.roa
Signing time: Fri 24 Apr 2026 09:11:26 +0000
ROA not before: Fri 24 Apr 2026 09:11:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 29205
IP address blocks: 45.156.236.0/22 maxlen: 24
91.230.36.0/23 maxlen: 23
185.49.12.0/22 maxlen: 24
185.49.15.0/24 maxlen: 24
185.100.228.0/24 maxlen: 24
185.100.231.0/24 maxlen: 24
185.192.102.0/24 maxlen: 24
188.214.16.0/21 maxlen: 24
188.215.64.0/24 maxlen: 24
2a06:1980::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.crl
rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.mft
rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 May 2026 03:01:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:be:c2:21:31:31:56:37:a4:8c:a5:10:bd:aa:12:37:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5f7da568ad027b9e249c13e223d322769881a29f
Validity
Not Before: Apr 24 09:11:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fb93e075ae87209d40e743910beb36d48b97a0a2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:76:bf:c9:24:0a:e2:80:28:eb:8f:c7:39:c8:
d2:6f:fa:19:63:1f:e1:2b:75:61:4f:67:f2:4b:5f:
14:d1:f5:ac:d7:28:cd:cf:ee:3c:ef:b4:87:f0:8c:
ba:09:a1:31:8d:40:47:ff:7b:b6:1a:55:d6:36:eb:
4d:20:b0:a0:d9:1e:3d:af:60:1c:50:56:14:64:67:
22:c4:80:62:d4:db:47:3c:9a:e2:fa:e2:56:85:9a:
d1:53:3d:64:ec:62:78:34:09:83:54:e6:e2:03:a6:
10:7a:a0:54:f1:d4:2c:b9:94:8b:b4:d5:0e:d1:11:
44:1b:e0:53:49:41:01:95:f3:12:9b:53:f9:5d:b5:
56:7a:46:bd:60:1a:79:c3:42:07:5e:6a:da:95:51:
4b:c9:ec:b9:7b:66:59:95:16:ee:e1:8c:8d:60:41:
00:0c:19:3d:03:70:a0:4c:6e:43:c1:60:a4:7a:1b:
65:c4:69:71:ef:70:38:7d:40:64:47:da:60:91:9b:
62:36:09:57:37:7b:18:0b:e2:0a:a9:62:a6:95:11:
e9:bb:56:96:78:02:f5:d3:cd:c5:2b:24:56:b5:6e:
fe:8f:98:ea:be:d9:14:29:37:7a:56:cf:7c:73:bc:
37:cb:16:93:bd:d3:60:68:28:ec:b1:f7:97:a0:74:
b8:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:93:E0:75:AE:87:20:9D:40:E7:43:91:0B:EB:36:D4:8B:97:A0:A2
X509v3 Authority Key Identifier:
keyid:5F:7D:A5:68:AD:02:7B:9E:24:9C:13:E2:23:D3:22:76:98:81:A2:9F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/1-5Pgda6HIJ1A50ORC-s21IuXoKI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.236.0/22
91.230.36.0/23
185.49.12.0/22
185.100.228.0/24
185.100.231.0/24
185.192.102.0/24
188.214.16.0/21
188.215.64.0/24
IPv6:
2a06:1980::/29
Signature Algorithm: sha256WithRSAEncryption
99:f3:6b:91:bb:d2:68:82:e1:fe:cf:07:65:ef:09:c8:42:49:
21:48:25:2f:09:bb:8d:06:12:5c:c5:39:5f:26:ad:d3:77:b4:
25:e2:a1:ee:59:99:4d:1a:10:59:8a:06:58:ba:82:2f:1f:a5:
f9:a4:d7:a5:68:a5:da:39:1e:61:fc:98:03:f4:ac:45:a1:11:
b9:0c:58:ef:79:ac:6c:94:58:58:15:45:20:6d:7b:86:3c:89:
73:5b:82:bf:06:ed:3b:d1:c7:af:51:5e:48:70:15:91:0a:3e:
fb:69:e1:91:11:86:d9:8f:ac:9c:fc:a0:7c:c2:f5:84:c2:f2:
da:d7:e8:a4:55:7d:e8:e8:ac:03:e6:a4:c0:d8:c4:06:99:e1:
b4:6e:c5:72:d5:b6:1a:cb:14:4b:f6:b8:6d:fb:b4:a4:ec:d7:
16:3a:a1:29:c9:c3:2d:ee:ee:73:5f:6b:41:e1:b7:0a:1e:18:
68:1a:4d:74:0c:03:c4:fe:03:d7:09:80:82:b3:74:5a:45:10:
8f:af:45:5a:bf:57:54:9b:95:f6:ba:38:0b:4c:d7:ae:b5:c4:
c4:11:fe:a1:a6:05:6b:02:c7:e9:9e:ad:1b:5e:d8:0f:a8:f5:
df:86:0e:3e:78:ca:bb:65:ad:89:17:d5:ed:6a:b4:ea:c9:25:
ef:f5:6b:c3
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZ2+wiExMVY3pIylEL2qEjfeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmN2RhNTY4YWQwMjdiOWUyNDljMTNlMjIzZDMyMjc2OTg4
MWEyOWYwHhcNMjYwNDI0MDkxMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjkzZTA3NWFlODcyMDlkNDBlNzQzOTEwYmViMzZkNDhiOTdhMGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzna/ySQK4oAo64/HOcjSb/oZYx/h
K3VhT2fyS18U0fWs1yjNz+4877SH8Iy6CaExjUBH/3u2GlXWNutNILCg2R49r2Ac
UFYUZGcixIBi1NtHPJri+uJWhZrRUz1k7GJ4NAmDVObiA6YQeqBU8dQsuZSLtNUO
0RFEG+BTSUEBlfMSm1P5XbVWeka9YBp5w0IHXmralVFLyey5e2ZZlRbu4YyNYEEA
DBk9A3CgTG5DwWCkehtlxGlx73A4fUBkR9pgkZtiNglXN3sYC+IKqWKmlRHpu1aW
eAL1083FKyRWtW7+j5jqvtkUKTd6Vs98c7w3yxaTvdNgaCjssfeXoHS43wIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFPuT4HWuhyCdQOdDkQvrNtSLl6CiMB8GA1UdIwQY
MBaAFF99pWitAnueJJwT4iPTInaYgaKfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDMybGFLMENlNTRrbkJQaUk5TWlkcGlCb3A4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8wNTQ4OGYtZjRlMC00ZTZjLTk0ZjUt
Mzc1NzUzOWMyYWM5LzEvMS01UGdkYTZISUoxQTUwT1JDLXMyMUl1WG9LSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2EvMDU0ODhmLWY0ZTAtNGU2Yy05NGY1LTM3NTc1MzljMmFj
OS8xL1gzMmxhSzBDZTU0a25CUGlJOU1pZHBpQm9wOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBYBggrBgEFBQcBBwEB/wRJMEcwNgQCAAEwMAMEAi2c7AME
AVvmJAMEArkxDAMEALlk5AMEALlk5wMEALnAZgMEA7zWEAMEALzXQDANBAIAAjAH
AwUDKgYZgDANBgkqhkiG9w0BAQsFAAOCAQEAmfNrkbvSaILh/s8HZe8JyEJJIUgl
Lwm7jQYSXMU5Xyat03e0JeKh7lmZTRoQWYoGWLqCLx+l+aTXpWil2jkeYfyYA/Ss
RaERuQxY73msbJRYWBVFIG17hjyJc1uCvwbtO9HHr1FeSHAVkQo++2nhkRGG2Y+s
nPygfML1hMLy2tfopFV96OisA+akwNjEBpnhtG7FctW2GssUS/a4bfu0pOzXFjqh
KcnDLe7uc19rQeG3Ch4YaBpNdAwDxP4D1wmAgrN0WkUQj69FWr9XVJuV9ro4C0zX
rrXExBH+oaYFawLH6Z6tG17YD6j134YOPnjKu2WtiRfV7Wq06skl7/Vrww==
-----END CERTIFICATE-----
Generated at Wed May 13 12:25:34 2026 by rpki-client