Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/1a43f0-c027-4fdc-8515-45f496f2fe75/1/RQrjDU4V5o7Y6FMae1KeS7H872g.roa
File: RQrjDU4V5o7Y6FMae1KeS7H872g.roa (raw, json)
Hash identifier: 8xk+8pGV1p6Nt4ziixJs8iuoymfnnWJ5uoc1S8n08z8=
Subject key identifier: 45:0A:E3:0D:4E:15:E6:8E:D8:E8:53:1A:7B:52:9E:4B:B1:FC:EF:68
Certificate issuer: /CN=46eb11af9355da9a2b5df73ecdd7fd0967a4b58c
Certificate serial: 019DF2B656C21EFD407B587320DC4901565F
Authority key identifier: 46:EB:11:AF:93:55:DA:9A:2B:5D:F7:3E:CD:D7:FD:09:67:A4:B5:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RusRr5NV2porXfc-zdf9CWektYw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3e/1a43f0-c027-4fdc-8515-45f496f2fe75/1/RQrjDU4V5o7Y6FMae1KeS7H872g.roa
Signing time: Mon 04 May 2026 11:18:49 +0000
ROA not before: Mon 04 May 2026 11:18:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 16019
IP address blocks: 91.220.122.0/24 maxlen: 24
185.99.176.0/22 maxlen: 24
185.241.220.0/22 maxlen: 24
193.104.172.0/24 maxlen: 24
2a00:8e80::/29 maxlen: 32
2a0c:b180::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3e/1a43f0-c027-4fdc-8515-45f496f2fe75/1/RusRr5NV2porXfc-zdf9CWektYw.crl
rsync://rpki.ripe.net/repository/DEFAULT/3e/1a43f0-c027-4fdc-8515-45f496f2fe75/1/RusRr5NV2porXfc-zdf9CWektYw.mft
rsync://rpki.ripe.net/repository/DEFAULT/RusRr5NV2porXfc-zdf9CWektYw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 20:01:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:f2:b6:56:c2:1e:fd:40:7b:58:73:20:dc:49:01:56:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=46eb11af9355da9a2b5df73ecdd7fd0967a4b58c
Validity
Not Before: May 4 11:18:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=450ae30d4e15e68ed8e8531a7b529e4bb1fcef68
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:47:38:f6:06:39:2b:07:26:73:81:f9:8e:25:
46:30:69:ad:a7:e9:a6:30:78:9d:44:a3:8a:4c:c6:
e1:1d:4a:c7:a6:b5:37:67:ca:72:27:c9:b1:6b:66:
ce:4d:6b:2c:8b:05:01:3b:48:ba:4f:b6:52:ae:77:
a5:64:4c:13:fe:a4:b0:c7:fc:dc:73:12:c5:e0:94:
f8:22:7e:ae:04:d1:3b:95:e8:f2:6e:1c:f3:ac:df:
01:df:7d:fa:eb:cc:ce:f4:37:86:50:42:79:d1:8d:
3c:07:72:fc:1b:76:07:da:fa:c7:91:3f:13:d2:24:
79:d2:ff:8d:16:f8:ca:c2:7c:58:48:96:17:c8:ba:
9c:1b:6e:fd:5c:2c:57:e9:48:02:36:5d:08:8d:ea:
5b:07:31:06:47:e7:ad:3e:be:ab:ce:e7:36:57:82:
dc:30:a5:72:ec:82:8b:37:20:c8:1b:d4:32:21:f8:
a9:2a:cc:58:6a:14:e0:35:2f:a8:ac:38:52:0b:12:
44:92:ba:3a:21:07:cc:61:af:1b:21:c8:32:73:65:
03:55:cb:fc:6a:a1:50:42:eb:32:90:c6:d2:9c:4a:
dd:31:f5:59:28:0c:45:0f:87:2c:df:87:1c:96:e6:
14:00:32:dc:77:77:fa:7b:4c:8b:27:d9:d2:d1:05:
37:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:0A:E3:0D:4E:15:E6:8E:D8:E8:53:1A:7B:52:9E:4B:B1:FC:EF:68
X509v3 Authority Key Identifier:
keyid:46:EB:11:AF:93:55:DA:9A:2B:5D:F7:3E:CD:D7:FD:09:67:A4:B5:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RusRr5NV2porXfc-zdf9CWektYw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/1a43f0-c027-4fdc-8515-45f496f2fe75/1/RQrjDU4V5o7Y6FMae1KeS7H872g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/1a43f0-c027-4fdc-8515-45f496f2fe75/1/RusRr5NV2porXfc-zdf9CWektYw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.220.122.0/24
185.99.176.0/22
185.241.220.0/22
193.104.172.0/24
IPv6:
2a00:8e80::/29
2a0c:b180::/29
Signature Algorithm: sha256WithRSAEncryption
2e:ad:05:1c:f1:31:cb:82:f6:e5:0a:92:e5:92:cc:2a:4b:53:
8a:df:d3:f3:23:4b:b4:0e:8f:f9:bb:66:2a:90:48:8a:2e:4d:
a3:6b:0c:11:73:ed:2e:65:1a:e7:05:2d:79:df:f1:07:46:6b:
28:fb:1c:d3:5e:c0:84:3e:d1:78:20:92:33:fd:b3:7a:6b:54:
ec:2e:8c:9c:f7:99:4c:94:fa:64:65:32:ae:4e:55:da:21:a2:
10:ed:93:36:e3:9e:8b:68:48:9e:59:62:d9:a5:0a:cd:aa:b3:
23:0b:97:59:45:aa:d9:ba:fe:ab:bb:27:25:92:db:17:ba:0b:
3c:7c:c3:ce:c9:ef:39:0b:51:dc:fb:b4:7a:f4:e6:de:2d:d3:
8d:3c:19:5b:98:5b:ba:16:13:e0:da:62:58:f8:f0:1c:8d:db:
b0:20:88:cb:12:78:8a:7d:b9:33:44:ad:49:74:2f:3b:6f:d4:
3f:7d:6e:ed:68:87:0c:96:40:5e:2d:5d:a2:62:53:ff:6e:d3:
cd:82:06:72:cf:ed:26:86:b3:b3:80:10:fc:30:25:5e:ca:aa:
32:05:5d:0c:a3:40:ce:47:1b:4f:40:6f:31:89:c2:5d:e6:2a:
51:ea:18:62:b0:9f:ab:d4:86:54:bd:d7:bd:24:7a:33:84:6b:
49:08:84:18
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZ3ytlbCHv1Ae1hzINxJAVZfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZWIxMWFmOTM1NWRhOWEyYjVkZjczZWNkZDdmZDA5Njdh
NGI1OGMwHhcNMjYwNTA0MTExODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTBhZTMwZDRlMTVlNjhlZDhlODUzMWE3YjUyOWU0YmIxZmNlZjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEc49gY5Kwcmc4H5jiVGMGmtp+mm
MHidRKOKTMbhHUrHprU3Z8pyJ8mxa2bOTWssiwUBO0i6T7ZSrnelZEwT/qSwx/zc
cxLF4JT4In6uBNE7lejybhzzrN8B333668zO9DeGUEJ50Y08B3L8G3YH2vrHkT8T
0iR50v+NFvjKwnxYSJYXyLqcG279XCxX6UgCNl0IjepbBzEGR+etPr6rzuc2V4Lc
MKVy7IKLNyDIG9QyIfipKsxYahTgNS+orDhSCxJEkro6IQfMYa8bIcgyc2UDVcv8
aqFQQusykMbSnErdMfVZKAxFD4cs34ccluYUADLcd3f6e0yLJ9nS0QU32QIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFEUK4w1OFeaO2OhTGntSnkux/O9oMB8GA1UdIwQY
MBaAFEbrEa+TVdqaK133Ps3X/QlnpLWMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnVzUnI1TlYycG9yWGZjLXpkZjlDV2VrdFl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8xYTQzZjAtYzAyNy00ZmRjLTg1MTUt
NDVmNDk2ZjJmZTc1LzEvUlFyakRVNFY1bzdZNkZNYWUxS2VTN0g4NzJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8xYTQzZjAtYzAyNy00ZmRjLTg1MTUtNDVmNDk2ZjJmZTc1
LzEvUnVzUnI1TlYycG9yWGZjLXpkZjlDV2VrdFl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQAW9x6AwQC
uWOwAwQCufHcAwQAwWisMBQEAgACMA4DBQMqAI6AAwUDKgyxgDANBgkqhkiG9w0B
AQsFAAOCAQEALq0FHPExy4L25QqS5ZLMKktTit/T8yNLtA6P+btmKpBIii5No2sM
EXPtLmUa5wUted/xB0ZrKPsc017AhD7ReCCSM/2zemtU7C6MnPeZTJT6ZGUyrk5V
2iGiEO2TNuOei2hInlli2aUKzaqzIwuXWUWq2br+q7snJZLbF7oLPHzDzsnvOQtR
3Pu0evTm3i3TjTwZW5hbuhYT4NpiWPjwHI3bsCCIyxJ4in25M0StSXQvO2/UP31u
7WiHDJZAXi1domJT/27TzYIGcs/tJoazs4AQ/DAlXsqqMgVdDKNAzkcbT0BvMYnC
XeYqUeoYYrCfq9SGVL3XvSR6M4RrSQiEGA==
-----END CERTIFICATE-----
Generated at Wed May 13 03:48:44 2026 by rpki-client