Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/t4tSZVG2U7gBq5XYHLBclKweH-w.roa
File: t4tSZVG2U7gBq5XYHLBclKweH-w.roa (raw, json)
Hash identifier: CdY2lVhiF2Ai+El/f43USn+ENAlhU5TdtLUHGiBaFcY=
Subject key identifier: B7:8B:52:65:51:B6:53:B8:01:AB:95:D8:1C:B0:5C:94:AC:1E:1F:EC
Certificate issuer: /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial: 019D0077E1D452D7321F1B317F04A73686A5
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/t4tSZVG2U7gBq5XYHLBclKweH-w.roa
Signing time: Wed 18 Mar 2026 10:22:29 +0000
ROA not before: Wed 18 Mar 2026 10:22:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 137409
IP address blocks: 158.173.34.0/24 maxlen: 24
158.173.42.0/24 maxlen: 24
158.173.43.0/24 maxlen: 24
158.173.65.0/24 maxlen: 24
158.173.66.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:00:77:e1:d4:52:d7:32:1f:1b:31:7f:04:a7:36:86:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Validity
Not Before: Mar 18 10:22:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b78b526551b653b801ab95d81cb05c94ac1e1fec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:5a:32:0f:0d:ec:70:58:88:2a:6d:64:9a:ab:
b0:25:27:a8:7f:72:76:6d:bc:90:dc:57:1e:cc:39:
ac:62:27:ba:cd:98:77:af:f3:f6:25:68:b8:63:e8:
fa:03:45:60:24:95:6d:5a:cc:36:56:a7:37:07:06:
1a:c8:33:ce:46:c8:aa:31:61:d0:5f:98:70:c1:44:
7d:91:a9:39:08:1d:2f:db:8c:07:dc:65:3c:95:4f:
6d:ee:41:91:4b:14:6b:e1:9a:ed:5a:15:bc:13:8d:
48:4a:db:06:9c:ee:3d:16:83:0c:6e:59:0d:86:1a:
8d:cd:0a:78:56:5c:2f:2f:7b:05:c1:28:db:b3:aa:
c1:e6:56:ed:45:92:c3:45:3e:73:15:b7:22:45:b1:
18:e6:ac:0d:52:b4:35:7d:72:a7:b4:9e:15:6d:6f:
7d:bb:a1:41:a8:34:cb:82:6d:4d:2e:a2:bd:7a:30:
46:50:04:34:aa:21:76:a9:3d:12:23:14:50:48:23:
96:3d:64:3c:33:b2:55:e0:b6:43:0d:b8:82:e2:c3:
30:f4:ff:fb:68:16:e6:ad:ff:8c:f9:65:87:7d:6a:
c4:12:c3:4d:03:50:64:4c:da:a8:e9:4b:66:30:0f:
6b:b2:01:b2:99:7d:a8:60:e7:6f:05:9e:54:10:25:
3d:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:8B:52:65:51:B6:53:B8:01:AB:95:D8:1C:B0:5C:94:AC:1E:1F:EC
X509v3 Authority Key Identifier:
keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/t4tSZVG2U7gBq5XYHLBclKweH-w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
158.173.34.0/24
158.173.42.0/23
158.173.65.0-158.173.66.255
Signature Algorithm: sha256WithRSAEncryption
19:54:b6:07:77:0b:a3:a9:e8:55:09:4c:84:ac:01:16:e0:a6:
20:3a:e3:79:3e:06:54:29:ac:7e:f3:5d:31:6b:61:dc:c6:b7:
71:82:77:61:2d:16:be:ad:4e:94:ae:0a:4d:ab:b3:64:38:16:
ea:30:b0:82:2a:9b:96:a5:9d:05:e9:bb:d8:9b:36:0c:31:c2:
0f:8d:b0:a8:45:a6:66:33:f2:1b:cc:21:a9:f6:87:ca:ff:97:
9b:6c:8f:fe:a8:9c:dc:ba:30:ab:31:83:b0:14:a5:41:c0:43:
91:23:37:44:57:08:0d:7a:b6:75:88:2e:b9:32:cb:34:e8:45:
74:bb:3f:e0:38:41:e7:e5:56:6d:3f:be:5e:62:df:ab:5c:bb:
e1:1d:64:a3:99:5e:96:81:ba:a7:02:46:b1:4f:26:23:d2:a8:
ac:8e:70:72:21:10:5a:90:9f:74:1d:81:36:12:8c:d4:06:36:
04:0e:fc:c5:30:fc:ee:6b:81:2e:51:b7:18:9c:54:1e:1e:61:
fc:28:2f:5f:33:da:d5:69:22:43:23:50:0b:13:02:c8:91:60:
5e:94:a7:72:95:04:cf:a6:07:0a:17:0d:ae:0d:76:80:0b:ab:
a8:b7:93:0f:42:9a:e2:eb:5b:e6:d6:0e:a1:d7:ff:53:02:f4:
8d:7a:6c:cb
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZ0Ad+HUUtcyHxsxfwSnNoalMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwMzE4MTAyMjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzhiNTI2NTUxYjY1M2I4MDFhYjk1ZDgxY2IwNWM5NGFjMWUxZmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFoyDw3scFiIKm1kmquwJSeof3J2
bbyQ3FcezDmsYie6zZh3r/P2JWi4Y+j6A0VgJJVtWsw2Vqc3BwYayDPORsiqMWHQ
X5hwwUR9kak5CB0v24wH3GU8lU9t7kGRSxRr4ZrtWhW8E41IStsGnO49FoMMblkN
hhqNzQp4VlwvL3sFwSjbs6rB5lbtRZLDRT5zFbciRbEY5qwNUrQ1fXKntJ4VbW99
u6FBqDTLgm1NLqK9ejBGUAQ0qiF2qT0SIxRQSCOWPWQ8M7JV4LZDDbiC4sMw9P/7
aBbmrf+M+WWHfWrEEsNNA1BkTNqo6UtmMA9rsgGymX2oYOdvBZ5UECU92QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFLeLUmVRtlO4AauV2BywXJSsHh/sMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvdDR0U1pWRzJVN2dCcTVYWUhMQmNsS3dlSC13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAnq0iAwQB
nq0qMAwDBACerUEDBACerUIwDQYJKoZIhvcNAQELBQADggEBABlUtgd3C6Op6FUJ
TISsARbgpiA643k+BlQprH7zXTFrYdzGt3GCd2EtFr6tTpSuCk2rs2Q4FuowsIIq
m5alnQXpu9ibNgwxwg+NsKhFpmYz8hvMIan2h8r/l5tsj/6onNy6MKsxg7AUpUHA
Q5EjN0RXCA16tnWILrkyyzToRXS7P+A4QeflVm0/vl5i36tcu+EdZKOZXpaBuqcC
RrFPJiPSqKyOcHIhEFqQn3QdgTYSjNQGNgQO/MUw/O5rgS5RtxicVB4eYfwoL18z
2tVpIkMjUAsTAsiRYF6Up3KVBM+mBwoXDa4NdoALq6i3kw9CmuLrW+bWDqHX/1MC
9I16bMs=
-----END CERTIFICATE-----
Generated at Thu Mar 26 08:44:44 2026 by rpki-client