Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/1-ryJIEOqpA8l9RbN7-gklZBdq0w.roa
File: 1-ryJIEOqpA8l9RbN7-gklZBdq0w.roa (raw, json)
Hash identifier: 4ws6lmAs2NjopGJM8783tZuCfDXl+eALfjhicTQgH0Q=
Subject key identifier: FA:BC:89:20:43:AA:A4:0F:25:F5:16:CD:EF:E8:24:95:90:5D:AB:4C
Certificate issuer: /CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
Certificate serial: 019DF53476FE2002C3901466035D027F0C18
Authority key identifier: 9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/1-ryJIEOqpA8l9RbN7-gklZBdq0w.roa
Signing time: Mon 04 May 2026 22:55:49 +0000
ROA not before: Mon 04 May 2026 22:55:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 6204
IP address blocks: 95.133.246.0/24 maxlen: 24
103.246.249.0/24 maxlen: 24
205.237.108.0/24 maxlen: 24
2a12:3200:f000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.crl
rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.mft
rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 May 2026 04:01:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:f5:34:76:fe:20:02:c3:90:14:66:03:5d:02:7f:0c:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
Validity
Not Before: May 4 22:55:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fabc892043aaa40f25f516cdefe82495905dab4c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:ec:a2:02:a0:c0:d3:a2:8d:73:80:18:60:e1:
f0:66:dc:5c:b7:24:c7:db:f0:85:ee:ec:46:19:7a:
83:dc:3b:d1:d3:2b:ce:f4:75:81:6e:c8:8a:1f:9d:
7e:51:cb:d2:61:aa:10:31:5e:a8:f7:b6:65:46:4b:
ff:37:ce:24:ae:00:43:91:be:09:77:40:ae:57:62:
8e:c7:7f:44:98:d6:63:10:a9:b4:5c:65:33:76:d0:
41:0a:b4:a2:ac:41:51:ca:0c:ec:fa:e2:3d:c0:6e:
34:e6:d7:ab:38:1b:2b:e7:f2:30:51:30:db:7b:d1:
13:42:25:af:98:d3:b1:e8:51:e9:d6:5a:70:c2:ab:
51:3b:ba:4e:74:8d:18:b5:4d:58:87:47:70:88:ba:
03:a9:a5:09:72:4f:3d:5c:16:38:3f:79:ac:99:f1:
8f:ee:28:d7:23:e8:9c:3c:ef:93:67:38:3e:ea:a7:
5b:97:20:52:50:93:cb:ef:25:31:a4:db:10:ff:32:
f8:e4:b2:1f:43:04:8e:f9:1f:74:1d:1f:9a:51:18:
1c:e6:d3:b6:17:cf:2d:9e:07:34:48:58:64:49:bb:
e7:eb:94:4b:c9:73:9b:ad:e4:df:54:c7:68:62:e3:
2f:f9:e5:5a:c2:9c:ab:98:49:b0:db:32:63:39:93:
f5:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:BC:89:20:43:AA:A4:0F:25:F5:16:CD:EF:E8:24:95:90:5D:AB:4C
X509v3 Authority Key Identifier:
keyid:9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/1-ryJIEOqpA8l9RbN7-gklZBdq0w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.133.246.0/24
103.246.249.0/24
205.237.108.0/24
IPv6:
2a12:3200:f000::/36
Signature Algorithm: sha256WithRSAEncryption
64:8f:76:ea:11:e5:e6:51:21:99:c9:2d:78:4e:59:3e:0f:7c:
c2:2d:4c:09:63:41:67:93:86:56:a7:a9:84:4b:17:e9:5d:d4:
b6:99:4e:f1:19:f5:04:12:66:ea:67:b7:47:50:59:73:f3:c1:
d5:c7:d6:3b:8c:2a:20:e2:a7:ea:cc:6a:5a:bb:a5:68:2c:61:
f2:84:29:bb:5e:2d:9f:6f:28:9f:3f:63:ed:9a:d9:f1:27:f1:
f8:85:ee:82:f1:ca:c1:31:95:fb:0b:46:43:f2:2c:2b:67:78:
05:53:4f:75:b8:3f:67:25:d1:b4:e9:b4:ff:87:98:6c:82:f0:
aa:a7:ef:c8:07:8f:4a:dd:7e:19:eb:44:fa:00:79:40:f1:b8:
ae:46:c3:a6:45:ca:6f:cc:e5:93:7e:b6:32:39:cf:70:3d:b6:
62:a6:a5:52:6e:00:36:6f:43:de:9e:dd:b0:4c:32:18:11:6f:
17:13:8c:44:e9:6c:2a:e4:47:de:94:c8:d3:a8:62:2f:f1:49:
4e:32:33:52:a3:76:42:3a:fd:48:fd:a6:ea:2b:02:09:e7:9b:
57:15:9e:e1:d9:56:17:9b:09:e0:2a:db:f7:1e:5e:38:39:a5:
fe:ca:f7:fa:4c:4b:b4:d1:3a:5a:7c:9a:b4:be:b1:6f:a5:a9:
71:f6:15:12
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZ31NHb+IALDkBRmA10CfwwYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYjUwZTUzODZjODA5YTBmYWU2NTMwYWE1ZThkOTgyNTI1
MWRlZDAwHhcNMjYwNTA0MjI1NTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWJjODkyMDQzYWFhNDBmMjVmNTE2Y2RlZmU4MjQ5NTkwNWRhYjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeyiAqDA06KNc4AYYOHwZtxctyTH
2/CF7uxGGXqD3DvR0yvO9HWBbsiKH51+UcvSYaoQMV6o97ZlRkv/N84krgBDkb4J
d0CuV2KOx39EmNZjEKm0XGUzdtBBCrSirEFRygzs+uI9wG405terOBsr5/IwUTDb
e9ETQiWvmNOx6FHp1lpwwqtRO7pOdI0YtU1Yh0dwiLoDqaUJck89XBY4P3msmfGP
7ijXI+icPO+TZzg+6qdblyBSUJPL7yUxpNsQ/zL45LIfQwSO+R90HR+aURgc5tO2
F88tngc0SFhkSbvn65RLyXObreTfVMdoYuMv+eVawpyrmEmw2zJjOZP1uQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFPq8iSBDqqQPJfUWze/oJJWQXatMMB8GA1UdIwQY
MBaAFJ61DlOGyAmg+uZTCqXo2YJSUd7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUt
MWNhZGE2ZThiMWE5LzEvMS1yeUpJRU9xcEE4bDlSYk43LWdrbFpCZHEwdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2MvYjU0NjQxLWE5NWEtNGFkZC1hNDVlLTFjYWRhNmU4YjFh
OS8xL25yVU9VNGJJQ2FENjVsTUtwZWpaZ2xKUjN0QS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA7BggrBgEFBQcBBwEB/wQsMCowGAQCAAEwEgMEAF+F9gME
AGf2+QMEAM3tbDAOBAIAAjAIAwYEKhIyAPAwDQYJKoZIhvcNAQELBQADggEBAGSP
duoR5eZRIZnJLXhOWT4PfMItTAljQWeThlanqYRLF+ld1LaZTvEZ9QQSZupnt0dQ
WXPzwdXH1juMKiDip+rMalq7pWgsYfKEKbteLZ9vKJ8/Y+2a2fEn8fiF7oLxysEx
lfsLRkPyLCtneAVTT3W4P2cl0bTptP+HmGyC8Kqn78gHj0rdfhnrRPoAeUDxuK5G
w6ZFym/M5ZN+tjI5z3A9tmKmpVJuADZvQ96e3bBMMhgRbxcTjETpbCrkR96UyNOo
Yi/xSU4yM1KjdkI6/Uj9puorAgnnm1cVnuHZVhebCeAq2/ceXjg5pf7K9/pMS7TR
Olp8mrS+sW+lqXH2FRI=
-----END CERTIFICATE-----
Generated at Wed May 13 12:05:42 2026 by rpki-client