Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/Nh0zkfW3K0-D4B4iOP3oqCU07ew.roa
File: Nh0zkfW3K0-D4B4iOP3oqCU07ew.roa (raw, json)
Hash identifier: dzg9viwZUQGspY4wILRo3IQtadu+wvn1MyNHNysHsl8=
Subject key identifier: 36:1D:33:91:F5:B7:2B:4F:83:E0:1E:22:38:FD:E8:A8:25:34:ED:EC
Certificate issuer: /CN=4593b9ac0a486b0037765d605c8b1c8104046f0a
Certificate serial: 019DDDF1E0A7F1BC8B3250BFADFD303A4CA8
Authority key identifier: 45:93:B9:AC:0A:48:6B:00:37:76:5D:60:5C:8B:1C:81:04:04:6F:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RZO5rApIawA3dl1gXIscgQQEbwo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/Nh0zkfW3K0-D4B4iOP3oqCU07ew.roa
Signing time: Thu 30 Apr 2026 10:31:49 +0000
ROA not before: Thu 30 Apr 2026 10:31:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 13335
IP address blocks: 144.124.208.0/24 maxlen: 24
144.124.209.0/24 maxlen: 24
144.124.210.0/24 maxlen: 24
144.124.211.0/24 maxlen: 24
144.124.212.0/24 maxlen: 24
144.124.213.0/24 maxlen: 24
144.124.214.0/24 maxlen: 24
158.94.212.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/RZO5rApIawA3dl1gXIscgQQEbwo.crl
rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/RZO5rApIawA3dl1gXIscgQQEbwo.mft
rsync://rpki.ripe.net/repository/DEFAULT/RZO5rApIawA3dl1gXIscgQQEbwo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 20:10:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:dd:f1:e0:a7:f1:bc:8b:32:50:bf:ad:fd:30:3a:4c:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4593b9ac0a486b0037765d605c8b1c8104046f0a
Validity
Not Before: Apr 30 10:31:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=361d3391f5b72b4f83e01e2238fde8a82534edec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:2d:a6:8a:cd:0e:42:43:ca:1f:57:d0:65:bd:
5c:53:01:c8:58:70:60:61:72:2c:c1:09:00:8e:d2:
68:e8:a5:f4:5d:1d:b8:fc:13:3f:95:ae:5a:b7:dd:
c0:37:b8:f4:e2:e8:7c:df:23:22:4b:45:94:68:eb:
a3:a4:58:b7:61:64:88:cf:9d:42:c7:11:d2:c9:33:
8b:c3:19:7d:ad:80:22:70:54:10:3c:5f:be:23:40:
98:7a:3c:19:36:c8:3f:ee:ba:b1:b7:d1:82:cf:e6:
9d:c0:22:33:b9:6f:b6:3f:ac:5a:d4:31:24:41:93:
ce:5e:9a:a7:41:e2:a1:38:d2:c1:c7:d6:02:33:a0:
1f:be:9e:f8:18:dd:cb:6b:19:7c:f2:f8:c5:80:15:
31:5e:99:52:10:80:72:6c:6d:68:ff:29:14:66:db:
9a:d5:0d:66:84:f9:7c:a8:fe:46:7b:e1:9d:81:6b:
07:2a:71:10:5a:7d:09:97:51:f4:bf:d2:14:81:62:
bc:b4:90:b0:7b:25:eb:81:07:23:51:20:f2:cc:86:
4c:27:35:ad:86:c9:94:13:03:5d:81:8c:7d:ff:73:
45:09:24:30:28:ae:e6:08:7b:f6:00:56:d9:8d:32:
72:a6:99:1b:8d:85:d5:99:21:35:d0:4d:8a:df:06:
99:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:1D:33:91:F5:B7:2B:4F:83:E0:1E:22:38:FD:E8:A8:25:34:ED:EC
X509v3 Authority Key Identifier:
keyid:45:93:B9:AC:0A:48:6B:00:37:76:5D:60:5C:8B:1C:81:04:04:6F:0A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RZO5rApIawA3dl1gXIscgQQEbwo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/Nh0zkfW3K0-D4B4iOP3oqCU07ew.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/RZO5rApIawA3dl1gXIscgQQEbwo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
144.124.208.0-144.124.214.255
158.94.212.0/24
Signature Algorithm: sha256WithRSAEncryption
24:1b:51:b2:40:e6:59:c0:ef:e1:cd:d2:0f:7a:c3:8f:43:82:
cd:6e:e1:0e:32:15:a2:dc:4b:b3:db:b7:8d:ba:b6:9d:09:b1:
4d:6e:cf:f3:75:91:ad:9e:13:11:35:e8:3d:7a:53:1d:e0:10:
4d:7c:8c:71:3d:3e:63:b5:dc:f6:25:88:05:05:55:35:eb:7e:
4a:8d:b6:03:9f:4d:f0:46:46:18:92:3c:04:71:db:4b:03:83:
a6:f9:38:e3:14:d1:5a:e0:04:7c:4d:5e:fb:bc:7f:2c:e5:c4:
44:1a:9c:f7:c1:0b:23:9c:2a:17:92:7d:51:8e:c8:9f:81:40:
dc:99:7c:2c:45:d8:11:61:e1:37:1b:c3:80:ac:16:b5:98:96:
f9:ed:53:a4:8c:8b:78:a3:28:da:d8:44:58:cc:6e:32:2a:51:
ad:87:a9:b9:dc:b2:5f:7b:59:9c:5e:f4:e1:96:ae:c2:e3:92:
80:ec:90:d6:0b:1e:d9:4d:f9:ed:23:56:c7:94:ff:f9:15:dc:
5d:be:05:53:c4:1c:3a:9d:80:0f:0a:a9:43:14:2d:69:9e:37:
5a:75:9e:db:5a:cb:49:48:7e:86:63:c7:3e:77:7a:30:cd:e6:
4c:ab:d8:ae:7a:1f:5b:f6:79:aa:80:f3:6e:33:86:9a:f5:d4:
06:63:a4:04
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ3d8eCn8byLMlC/rf0wOkyoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OTNiOWFjMGE0ODZiMDAzNzc2NWQ2MDVjOGIxYzgxMDQw
NDZmMGEwHhcNMjYwNDMwMTAzMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjFkMzM5MWY1YjcyYjRmODNlMDFlMjIzOGZkZThhODI1MzRlZGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAny2mis0OQkPKH1fQZb1cUwHIWHBg
YXIswQkAjtJo6KX0XR24/BM/la5at93AN7j04uh83yMiS0WUaOujpFi3YWSIz51C
xxHSyTOLwxl9rYAicFQQPF++I0CYejwZNsg/7rqxt9GCz+adwCIzuW+2P6xa1DEk
QZPOXpqnQeKhONLBx9YCM6Afvp74GN3Laxl88vjFgBUxXplSEIBybG1o/ykUZtua
1Q1mhPl8qP5Ge+GdgWsHKnEQWn0Jl1H0v9IUgWK8tJCweyXrgQcjUSDyzIZMJzWt
hsmUEwNdgYx9/3NFCSQwKK7mCHv2AFbZjTJyppkbjYXVmSE10E2K3waZoQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDYdM5H1tytPg+AeIjj96KglNO3sMB8GA1UdIwQY
MBaAFEWTuawKSGsAN3ZdYFyLHIEEBG8KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlpPNXJBcElhd0EzZGwxZ1hJc2NnUVFFYndvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8wNWIwZDItMTZiYS00ZDcxLWEyMTgt
NDNlNmJmZjlhMjVlLzEvTmgwemtmVzNLMC1ENEI0aU9QM29xQ1UwN2V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8wNWIwZDItMTZiYS00ZDcxLWEyMTgtNDNlNmJmZjlhMjVl
LzEvUlpPNXJBcElhd0EzZGwxZ1hJc2NnUVFFYndvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBASQfNAD
BACQfNYDBACeXtQwDQYJKoZIhvcNAQELBQADggEBACQbUbJA5lnA7+HN0g96w49D
gs1u4Q4yFaLcS7Pbt426tp0JsU1uz/N1ka2eExE16D16Ux3gEE18jHE9PmO13PYl
iAUFVTXrfkqNtgOfTfBGRhiSPARx20sDg6b5OOMU0VrgBHxNXvu8fyzlxEQanPfB
CyOcKheSfVGOyJ+BQNyZfCxF2BFh4Tcbw4CsFrWYlvntU6SMi3ijKNrYRFjMbjIq
Ua2Hqbncsl97WZxe9OGWrsLjkoDskNYLHtlN+e0jVseU//kV3F2+BVPEHDqdgA8K
qUMULWmeN1p1nttay0lIfoZjxz53ejDN5kyr2K56H1v2eaqA824zhpr11AZjpAQ=
-----END CERTIFICATE-----
Generated at Wed May 13 02:47:27 2026 by rpki-client