Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/Txc0Y3w5O2MeuabOsp_i0fCstJU.roa
File: Txc0Y3w5O2MeuabOsp_i0fCstJU.roa (raw, json)
Hash identifier: XbbTV+bUv06PJ/qu0aw1RaX6Asirn+MLh6nL3Y4mz7s=
Subject key identifier: 4F:17:34:63:7C:39:3B:63:1E:B9:A6:CE:B2:9F:E2:D1:F0:AC:B4:95
Certificate issuer: /CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
Certificate serial: 019CE790283D4F09BF2ED0038DBAE330739C
Authority key identifier: B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/Txc0Y3w5O2MeuabOsp_i0fCstJU.roa
Signing time: Fri 13 Mar 2026 14:18:30 +0000
ROA not before: Fri 13 Mar 2026 14:18:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43139
IP address blocks: 89.22.200.0/21 maxlen: 21
91.196.148.0/22 maxlen: 22
94.158.80.0/20 maxlen: 20
109.207.192.0/20 maxlen: 20
178.158.192.0/18 maxlen: 24
185.104.191.0/24 maxlen: 24
185.199.96.0/22 maxlen: 22
195.128.25.0/24 maxlen: 24
195.128.26.0/23 maxlen: 23
195.128.26.0/24 maxlen: 24
195.128.27.0/24 maxlen: 24
2001:67c:738::/48 maxlen: 48
2a0a:9b40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.crl
rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.mft
rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 06:01:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:e7:90:28:3d:4f:09:bf:2e:d0:03:8d:ba:e3:30:73:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
Validity
Not Before: Mar 13 14:18:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4f1734637c393b631eb9a6ceb29fe2d1f0acb495
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:ad:c9:e6:1c:78:fb:02:86:e5:72:17:b5:04:
4c:c1:b2:d8:73:08:2d:89:9d:0f:23:29:b7:10:93:
78:e1:6d:7b:35:dd:d6:f2:7c:c1:3d:6a:c1:e0:79:
fc:3a:62:99:b6:f5:d2:9b:57:81:b6:26:7b:d6:fb:
39:85:6a:45:21:7c:7c:47:8c:80:8c:1c:aa:cd:2f:
52:db:6a:2b:4e:07:ed:07:0e:bf:f9:72:d1:9b:16:
86:3a:4c:67:cc:8c:30:44:40:58:a5:30:5a:ad:64:
39:cf:eb:04:4b:f9:19:2f:ee:30:6f:c6:fa:8d:9c:
44:15:ab:b3:63:83:40:9a:ac:42:72:1b:cf:e0:68:
e6:d1:65:a4:75:ba:d8:1a:f5:97:50:9e:3e:92:6e:
71:fb:62:15:07:71:92:03:9a:58:53:f6:50:19:62:
45:69:49:07:20:42:0f:67:0c:81:17:61:d4:2d:fe:
07:85:92:82:3d:79:9f:7b:67:a4:d0:15:4d:d9:71:
6e:9d:ea:23:04:01:53:c9:4c:85:ea:2c:5f:53:ff:
23:3a:8c:d3:75:87:9d:90:d3:44:a2:b7:5b:1d:98:
3a:b2:e6:a7:a1:88:49:46:7b:90:d4:00:32:65:49:
33:a9:7e:4c:3c:4b:1a:8d:6f:c2:5e:c1:28:c1:d0:
70:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:17:34:63:7C:39:3B:63:1E:B9:A6:CE:B2:9F:E2:D1:F0:AC:B4:95
X509v3 Authority Key Identifier:
keyid:B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/Txc0Y3w5O2MeuabOsp_i0fCstJU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.22.200.0/21
91.196.148.0/22
94.158.80.0/20
109.207.192.0/20
178.158.192.0/18
185.104.191.0/24
185.199.96.0/22
195.128.25.0-195.128.27.255
IPv6:
2001:67c:738::/48
2a0a:9b40::/29
Signature Algorithm: sha256WithRSAEncryption
a5:97:88:7d:49:f0:6f:47:ad:fc:46:fb:76:dd:92:8f:d5:dc:
95:bb:6f:2c:9e:4a:d1:e7:a4:70:29:c9:88:e4:ae:15:32:89:
d2:f6:93:79:1c:a4:a8:12:5d:1a:24:fe:91:a0:20:17:38:43:
c0:0b:19:e7:7a:ca:3a:7e:03:75:c1:93:d6:02:19:16:6e:8b:
b0:e6:62:d7:74:37:d5:2e:a7:06:ba:50:a6:39:6e:fe:00:30:
71:bf:7b:0a:ef:03:b2:f3:c2:64:0c:5f:78:22:9a:0e:62:e5:
08:b2:ab:c9:03:65:e8:a9:d2:09:79:5f:5a:14:f9:e5:ee:c8:
7d:e5:0a:c1:5e:dc:d5:63:33:44:86:7e:7f:ad:e6:61:81:78:
5f:2d:c6:6a:e3:b2:0d:2e:27:af:34:50:5e:3f:10:8c:e1:d8:
5a:9e:dc:99:6a:93:e8:78:48:bc:80:99:99:4e:7a:99:66:4b:
95:be:f8:67:66:bc:4b:9c:75:a0:e1:3c:7a:b5:4a:65:cf:87:
8a:f6:23:71:9f:e0:92:f5:aa:24:2c:89:0b:57:68:a6:21:e6:
36:32:7a:4d:05:ef:77:73:0f:01:0a:0e:8f:e0:b0:39:9e:0f:
3a:99:c2:f4:2a:25:cf:5f:8d:79:bd:59:48:74:f2:95:ce:7c:
3a:70:ad:72
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAZznkCg9Twm/LtADjbrjMHOcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOTNkZjg3N2JmMmYwY2YwMWE5NzE4OTczZWFlZWU4N2Iw
Njk3ZDkwHhcNMjYwMzEzMTQxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjE3MzQ2MzdjMzkzYjYzMWViOWE2Y2ViMjlmZTJkMWYwYWNiNDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiK3J5hx4+wKG5XIXtQRMwbLYcwgt
iZ0PIym3EJN44W17Nd3W8nzBPWrB4Hn8OmKZtvXSm1eBtiZ71vs5hWpFIXx8R4yA
jByqzS9S22orTgftBw6/+XLRmxaGOkxnzIwwREBYpTBarWQ5z+sES/kZL+4wb8b6
jZxEFauzY4NAmqxCchvP4Gjm0WWkdbrYGvWXUJ4+km5x+2IVB3GSA5pYU/ZQGWJF
aUkHIEIPZwyBF2HULf4HhZKCPXmfe2ek0BVN2XFuneojBAFTyUyF6ixfU/8jOozT
dYedkNNEordbHZg6suanoYhJRnuQ1AAyZUkzqX5MPEsajW/CXsEowdBw0wIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFE8XNGN8OTtjHrmmzrKf4tHwrLSVMB8GA1UdIwQY
MBaAFLOT34d78vDPAalxiXPq7uh7BpfZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYt
Mzk2YmM3MjBlMmI0LzEvVHhjMFkzdzVPMk1ldWFiT3NwX2kwZkNzdEpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYtMzk2YmM3MjBlMmI0
LzEvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDA+BAIAATA4AwQDWRbIAwQC
W8SUAwQEXp5QAwQEbc/AAwQGsp7AAwQAuWi/AwQCucdgMAwDBADDgBkDBALDgBgw
FgQCAAIwEAMHACABBnwHOAMFAyoKm0AwDQYJKoZIhvcNAQELBQADggEBAKWXiH1J
8G9HrfxG+3bdko/V3JW7byyeStHnpHApyYjkrhUyidL2k3kcpKgSXRok/pGgIBc4
Q8ALGed6yjp+A3XBk9YCGRZui7DmYtd0N9Uupwa6UKY5bv4AMHG/ewrvA7LzwmQM
X3gimg5i5Qiyq8kDZeip0gl5X1oU+eXuyH3lCsFe3NVjM0SGfn+t5mGBeF8txmrj
sg0uJ680UF4/EIzh2Fqe3Jlqk+h4SLyAmZlOeplmS5W++GdmvEucdaDhPHq1SmXP
h4r2I3Gf4JL1qiQsiQtXaKYh5jYyek0F73dzDwEKDo/gsDmeDzqZwvQqJc9fjXm9
WUh08pXOfDpwrXI=
-----END CERTIFICATE-----
Generated at Thu Mar 26 17:45:59 2026 by rpki-client