Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/410232-b1fd-4137-832d-bdb21313c3ec/1/JEy4ZJ62QYRRLVpb1W-o-3RjroA.roa
File: JEy4ZJ62QYRRLVpb1W-o-3RjroA.roa (raw, json)
Hash identifier: UXVz9bhe0di3EXu2bm6AdG0DjlkQpOevHbzRqlRvjno=
Subject key identifier: 24:4C:B8:64:9E:B6:41:84:51:2D:5A:5B:D5:6F:A8:FB:74:63:AE:80
Certificate issuer: /CN=36eaa00ea777098b1bf036756d640e9d31d63b3b
Certificate serial: 019DD343C3CF1D5FDFC48F9AD72731AA6A40
Authority key identifier: 36:EA:A0:0E:A7:77:09:8B:1B:F0:36:75:6D:64:0E:9D:31:D6:3B:3B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NuqgDqd3CYsb8DZ1bWQOnTHWOzs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/410232-b1fd-4137-832d-bdb21313c3ec/1/JEy4ZJ62QYRRLVpb1W-o-3RjroA.roa
Signing time: Tue 28 Apr 2026 08:45:26 +0000
ROA not before: Tue 28 Apr 2026 08:45:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 5459
IP address blocks: 195.66.232.0/22 maxlen: 22
195.66.240.0/22 maxlen: 22
195.66.248.0/22 maxlen: 22
2a01:40::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/410232-b1fd-4137-832d-bdb21313c3ec/1/NuqgDqd3CYsb8DZ1bWQOnTHWOzs.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/410232-b1fd-4137-832d-bdb21313c3ec/1/NuqgDqd3CYsb8DZ1bWQOnTHWOzs.mft
rsync://rpki.ripe.net/repository/DEFAULT/NuqgDqd3CYsb8DZ1bWQOnTHWOzs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 May 2026 06:33:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:d3:43:c3:cf:1d:5f:df:c4:8f:9a:d7:27:31:aa:6a:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36eaa00ea777098b1bf036756d640e9d31d63b3b
Validity
Not Before: Apr 28 08:45:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=244cb8649eb64184512d5a5bd56fa8fb7463ae80
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:1f:6c:21:84:47:7b:67:7f:4e:d4:3c:ff:dc:
81:ee:29:29:51:c1:fe:49:1d:9f:6c:f4:53:c8:9c:
aa:dd:5d:46:ee:26:b8:a5:32:a7:32:fe:2c:d0:fb:
b4:f1:81:46:d4:36:3f:31:b8:ce:e6:a3:d8:aa:6c:
76:95:32:26:76:47:c0:28:3b:8f:04:b0:77:3b:20:
75:5e:71:f5:fd:e5:a4:c7:67:a3:f1:c9:e4:7b:e2:
e3:7e:c9:82:56:3e:1d:f9:7a:42:9a:a2:e7:f0:41:
7f:07:56:29:a9:04:8f:d6:b0:b6:8a:65:5b:5c:73:
33:b9:89:f3:8a:71:bc:b0:68:01:a9:2d:73:82:58:
cc:34:4d:f2:1e:c2:4c:f4:22:49:f0:8c:89:7b:4d:
7c:bc:0c:cc:9c:5f:55:d5:b7:19:9e:b4:e6:57:7a:
d5:fc:87:28:91:4f:75:d2:70:65:e3:61:c8:41:e7:
79:0b:67:01:ed:29:45:53:83:ab:95:d5:6a:87:92:
c5:1d:f5:69:d1:50:7d:d1:cd:5a:d2:61:34:9b:87:
e9:23:0d:9c:72:75:74:b4:8f:04:1a:b3:ce:16:46:
00:2b:a9:95:ee:2b:f9:6a:b9:8f:19:ed:14:85:82:
2b:a1:2f:8a:50:9e:d4:58:6c:8b:f2:e1:45:a9:d2:
8a:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:4C:B8:64:9E:B6:41:84:51:2D:5A:5B:D5:6F:A8:FB:74:63:AE:80
X509v3 Authority Key Identifier:
keyid:36:EA:A0:0E:A7:77:09:8B:1B:F0:36:75:6D:64:0E:9D:31:D6:3B:3B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NuqgDqd3CYsb8DZ1bWQOnTHWOzs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/410232-b1fd-4137-832d-bdb21313c3ec/1/JEy4ZJ62QYRRLVpb1W-o-3RjroA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/410232-b1fd-4137-832d-bdb21313c3ec/1/NuqgDqd3CYsb8DZ1bWQOnTHWOzs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.66.232.0/22
195.66.240.0/22
195.66.248.0/22
IPv6:
2a01:40::/32
Signature Algorithm: sha256WithRSAEncryption
17:ea:29:fe:69:23:80:80:44:94:23:71:95:43:9e:24:06:51:
00:dd:a1:55:f6:11:df:07:06:13:74:13:64:57:3c:52:37:43:
75:c1:f2:2e:6e:45:03:26:e8:d9:a2:71:2e:c5:a7:76:2d:a9:
1f:61:ee:68:df:bc:db:6b:1a:47:71:f1:1c:54:c4:bf:9a:9e:
e8:51:74:bd:95:24:1c:ef:a2:9a:2b:9b:46:24:64:3f:8b:26:
90:a0:58:a5:14:12:9d:f4:d4:92:7e:74:ad:9e:b3:16:2c:7b:
df:a9:94:fa:fe:59:4e:63:06:e4:4f:26:df:04:a6:49:18:23:
5b:22:b0:44:22:a8:77:cf:ef:69:50:9e:ec:3d:4c:11:3f:5f:
98:7e:86:8b:c2:ee:15:ae:ea:dc:8e:22:a3:fa:5e:93:f7:21:
19:67:e6:a5:fd:14:46:7d:72:87:55:7e:b1:de:71:87:35:23:
fc:cb:17:2a:ca:8f:3c:e4:a1:d1:37:fd:17:d4:00:ce:9e:22:
2b:c6:4f:21:93:42:14:8c:84:76:a0:a3:6c:77:55:0b:3e:7c:
99:0f:71:a6:16:bd:70:dc:3b:ed:54:74:1b:3a:63:48:86:0e:
09:73:04:c2:a1:86:00:e2:45:1a:6c:b4:26:36:cd:4c:33:cd:
f5:9f:e7:e5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZ3TQ8PPHV/fxI+a1ycxqmpAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZWFhMDBlYTc3NzA5OGIxYmYwMzY3NTZkNjQwZTlkMzFk
NjNiM2IwHhcNMjYwNDI4MDg0NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDRjYjg2NDllYjY0MTg0NTEyZDVhNWJkNTZmYThmYjc0NjNhZTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjh9sIYRHe2d/TtQ8/9yB7ikpUcH+
SR2fbPRTyJyq3V1G7ia4pTKnMv4s0Pu08YFG1DY/MbjO5qPYqmx2lTImdkfAKDuP
BLB3OyB1XnH1/eWkx2ej8cnke+LjfsmCVj4d+XpCmqLn8EF/B1YpqQSP1rC2imVb
XHMzuYnzinG8sGgBqS1zgljMNE3yHsJM9CJJ8IyJe018vAzMnF9V1bcZnrTmV3rV
/IcokU910nBl42HIQed5C2cB7SlFU4OrldVqh5LFHfVp0VB90c1a0mE0m4fpIw2c
cnV0tI8EGrPOFkYAK6mV7iv5armPGe0UhYIroS+KUJ7UWGyL8uFFqdKK9QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFCRMuGSetkGEUS1aW9VvqPt0Y66AMB8GA1UdIwQY
MBaAFDbqoA6ndwmLG/A2dW1kDp0x1js7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnVxZ0RxZDNDWXNiOERaMWJXUU9uVEhXT3pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS80MTAyMzItYjFmZC00MTM3LTgzMmQt
YmRiMjEzMTNjM2VjLzEvSkV5NFpKNjJRWVJSTFZwYjFXLW8tM1Jqcm9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS80MTAyMzItYjFmZC00MTM3LTgzMmQtYmRiMjEzMTNjM2Vj
LzEvTnVxZ0RxZDNDWXNiOERaMWJXUU9uVEhXT3pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCw0LoAwQC
w0LwAwQCw0L4MA0EAgACMAcDBQAqAQBAMA0GCSqGSIb3DQEBCwUAA4IBAQAX6in+
aSOAgESUI3GVQ54kBlEA3aFV9hHfBwYTdBNkVzxSN0N1wfIubkUDJujZonEuxad2
LakfYe5o37zbaxpHcfEcVMS/mp7oUXS9lSQc76KaK5tGJGQ/iyaQoFilFBKd9NSS
fnStnrMWLHvfqZT6/llOYwbkTybfBKZJGCNbIrBEIqh3z+9pUJ7sPUwRP1+YfoaL
wu4VrurcjiKj+l6T9yEZZ+al/RRGfXKHVX6x3nGHNSP8yxcqyo885KHRN/0X1ADO
niIrxk8hk0IUjIR2oKNsd1ULPnyZD3GmFr1w3DvtVHQbOmNIhg4JcwTCoYYA4kUa
bLQmNs1MM831n+fl
-----END CERTIFICATE-----
Generated at Wed May 13 12:40:13 2026 by rpki-client