Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/CwSwlWEMxKmEbm7Fh8341EL5WPo.roa
File: CwSwlWEMxKmEbm7Fh8341EL5WPo.roa (raw, json)
Hash identifier: pVWBYLZnlT9dlcF7UUyaYY/PT+2NOHTf0E1fdydOrro=
Subject key identifier: 0B:04:B0:95:61:0C:C4:A9:84:6E:6E:C5:87:CD:F8:D4:42:F9:58:FA
Certificate issuer: /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial: 019E091ED7E8391E342B8304AE9088B5CC0F
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/CwSwlWEMxKmEbm7Fh8341EL5WPo.roa
Signing time: Fri 08 May 2026 19:44:36 +0000
ROA not before: Fri 08 May 2026 19:44:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 0
IP address blocks: 45.94.215.0/24 maxlen: 24
89.44.240.0/24 maxlen: 24
89.44.241.0/24 maxlen: 24
89.44.242.0/24 maxlen: 24
109.122.247.0/24 maxlen: 24
109.122.249.0/24 maxlen: 24
109.122.250.0/24 maxlen: 24
185.3.200.0/24 maxlen: 24
185.239.1.0/24 maxlen: 24
188.212.98.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 12:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:09:1e:d7:e8:39:1e:34:2b:83:04:ae:90:88:b5:cc:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Validity
Not Before: May 8 19:44:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0b04b095610cc4a9846e6ec587cdf8d442f958fa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:53:ff:49:36:93:b8:49:9d:a9:69:63:aa:68:
49:6b:0a:a6:41:28:f3:8c:ef:b6:6a:ee:36:bb:91:
85:8f:3d:74:c4:3e:4f:ff:6a:78:fa:4a:9f:e7:be:
07:4f:fc:53:df:86:aa:a4:1a:cb:c5:cb:06:88:85:
90:02:13:7a:07:1b:85:2d:1b:4e:92:0e:b4:23:80:
96:2e:05:f5:01:82:fa:70:3d:d9:c3:23:63:2b:f2:
8f:ce:30:97:05:4c:df:09:64:58:5d:b4:c3:8c:da:
74:cf:b5:79:f6:1d:d0:74:f0:d8:b8:23:13:ee:fd:
4e:98:9d:fb:77:c6:a2:4f:a8:cb:e0:d9:d2:dc:84:
ca:e8:26:76:ac:68:77:3f:50:a7:b2:fb:35:e4:73:
4e:6b:57:d0:69:78:58:f0:a1:23:e2:94:c9:7a:06:
15:56:ef:4f:56:cb:28:26:f3:2e:93:63:a6:dd:09:
99:1b:3c:7e:af:ce:4c:f9:77:17:7d:cd:3a:1f:90:
c2:29:cf:55:3a:0e:72:bb:42:36:6f:12:b5:43:b7:
ba:11:f7:ef:03:a8:ea:30:1d:c5:ad:de:8c:57:f3:
96:da:ab:ae:e1:e4:5f:aa:30:40:39:dd:bd:5b:a8:
22:da:6d:62:cf:40:0b:11:dc:23:3c:04:9d:23:e6:
0a:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:04:B0:95:61:0C:C4:A9:84:6E:6E:C5:87:CD:F8:D4:42:F9:58:FA
X509v3 Authority Key Identifier:
keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/CwSwlWEMxKmEbm7Fh8341EL5WPo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.94.215.0/24
89.44.240.0-89.44.242.255
109.122.247.0/24
109.122.249.0-109.122.250.255
185.3.200.0/24
185.239.1.0/24
188.212.98.0/23
Signature Algorithm: sha256WithRSAEncryption
23:4f:3d:ae:14:c1:a4:08:45:a0:f1:43:72:1e:88:47:15:4f:
f1:83:49:07:1b:ef:bc:81:91:48:7a:68:98:21:90:01:af:ec:
0c:3d:08:4b:b1:50:e7:df:1b:35:83:ad:a8:89:5b:61:4c:0f:
89:f6:f6:73:75:05:da:1f:ea:0e:97:a5:91:f1:1f:45:b9:db:
f2:74:86:1d:80:55:bb:36:2a:7b:68:a2:1a:43:8d:37:0d:f2:
79:61:5f:85:e6:63:22:ad:9b:21:80:00:df:5e:25:b2:49:63:
f6:fb:09:34:93:fd:74:50:60:70:bb:9d:da:d1:cf:5c:7f:4d:
a5:26:b7:0d:77:36:49:24:04:94:94:a1:f9:46:8c:52:de:a1:
ca:c1:0e:04:2c:74:99:cb:ad:79:fc:af:5d:00:1b:c9:e5:89:
c9:1d:b4:77:55:14:dd:09:1a:f0:8a:c1:a6:04:99:dd:ff:7b:
fc:5b:b0:24:71:4a:59:d9:4f:17:66:7f:20:12:10:10:73:f5:
4a:e3:9a:95:f2:dc:96:91:30:ec:2a:10:e1:1b:fb:84:4f:7c:
67:d6:6e:e8:6e:b5:c3:df:09:0f:36:dd:b7:cc:5a:23:4a:e1:
62:b3:34:83:18:c2:8d:ec:88:26:8b:47:31:cc:cb:42:0e:aa:
62:fe:be:98
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZ4JHtfoOR40K4MErpCItcwPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwNTA4MTk0NDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjA0YjA5NTYxMGNjNGE5ODQ2ZTZlYzU4N2NkZjhkNDQyZjk1OGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlP/STaTuEmdqWljqmhJawqmQSjz
jO+2au42u5GFjz10xD5P/2p4+kqf574HT/xT34aqpBrLxcsGiIWQAhN6BxuFLRtO
kg60I4CWLgX1AYL6cD3ZwyNjK/KPzjCXBUzfCWRYXbTDjNp0z7V59h3QdPDYuCMT
7v1OmJ37d8aiT6jL4NnS3ITK6CZ2rGh3P1Cnsvs15HNOa1fQaXhY8KEj4pTJegYV
Vu9PVssoJvMuk2Om3QmZGzx+r85M+XcXfc06H5DCKc9VOg5yu0I2bxK1Q7e6Effv
A6jqMB3Frd6MV/OW2quu4eRfqjBAOd29W6gi2m1iz0ALEdwjPASdI+YKUQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFAsEsJVhDMSphG5uxYfN+NRC+Vj6MB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvQ3dTd2xXRU14S21FYm03Rmg4MzQxRUw1V1BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQALV7XMAwD
BARZLPADBABZLPIDBABtevcwDAMEAG16+QMEAG16+gMEALkDyAMEALnvAQMEAbzU
YjANBgkqhkiG9w0BAQsFAAOCAQEAI089rhTBpAhFoPFDch6IRxVP8YNJBxvvvIGR
SHpomCGQAa/sDD0IS7FQ598bNYOtqIlbYUwPifb2c3UF2h/qDpelkfEfRbnb8nSG
HYBVuzYqe2iiGkONNw3yeWFfheZjIq2bIYAA314lsklj9vsJNJP9dFBgcLud2tHP
XH9NpSa3DXc2SSQElJSh+UaMUt6hysEOBCx0mcutefyvXQAbyeWJyR20d1UU3Qka
8IrBpgSZ3f97/FuwJHFKWdlPF2Z/IBIQEHP1SuOalfLclpEw7CoQ4Rv7hE98Z9Zu
6G61w98JDzbdt8xaI0rhYrM0gxjCjeyIJotHMczLQg6qYv6+mA==
-----END CERTIFICATE-----
Generated at Tue May 12 21:38:27 2026 by rpki-client