Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/3AQkVEHFaMYSacwuB_BxozwNGjQ.roa
File: 3AQkVEHFaMYSacwuB_BxozwNGjQ.roa (raw, json)
Hash identifier: jeS6MVFt6boj/NgjPcW0szXMbQo13HV5/k7qMzzrnUk=
Subject key identifier: DC:04:24:54:41:C5:68:C6:12:69:CC:2E:07:F0:71:A3:3C:0D:1A:34
Certificate issuer: /CN=26a5aa918cbfeb3e12997f33890feb258907b343
Certificate serial: 0199576CDA83D6963621AFA128DC97126CEF
Authority key identifier: 26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/3AQkVEHFaMYSacwuB_BxozwNGjQ.roa
Signing time: Wed 17 Sep 2025 11:26:15 +0000
ROA not before: Wed 17 Sep 2025 11:26:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58321
IP address blocks: 91.198.146.0/24 maxlen: 24
91.199.22.0/24 maxlen: 24
91.228.196.0/22 maxlen: 24
91.234.146.0/24 maxlen: 24
91.237.52.0/24 maxlen: 24
91.239.66.0/23 maxlen: 24
94.152.254.0/24 maxlen: 24
94.152.255.0/24 maxlen: 24
178.250.40.0/21 maxlen: 24
185.5.96.0/22 maxlen: 24
185.25.148.0/22 maxlen: 24
185.123.160.0/22 maxlen: 24
185.123.160.0/24 maxlen: 24
185.140.120.0/22 maxlen: 24
185.180.204.0/22 maxlen: 24
185.193.112.0/22 maxlen: 24
185.201.112.0/22 maxlen: 24
185.204.216.0/22 maxlen: 24
185.208.164.0/24 maxlen: 24
185.243.52.0/22 maxlen: 24
193.17.184.0/24 maxlen: 24
193.218.152.0/22 maxlen: 24
194.169.227.0/24 maxlen: 24
195.2.254.0/23 maxlen: 24
195.78.66.0/23 maxlen: 24
195.114.0.0/23 maxlen: 24
195.242.116.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.crl
rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.mft
rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 10:01:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:57:6c:da:83:d6:96:36:21:af:a1:28:dc:97:12:6c:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=26a5aa918cbfeb3e12997f33890feb258907b343
Validity
Not Before: Sep 17 11:26:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dc04245441c568c61269cc2e07f071a33c0d1a34
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:d8:1d:c5:1b:9d:6b:6e:cf:77:d7:89:94:a9:
51:f9:0b:03:a0:e9:1b:7a:8b:cc:e7:aa:17:a2:eb:
3e:ba:ad:33:80:09:4c:a4:4a:18:bc:47:c2:55:98:
86:ac:60:87:f6:6f:e1:3a:43:44:7e:b1:81:30:9c:
2a:8b:e3:77:da:41:6b:b8:1d:89:6c:a4:95:8f:29:
0c:fe:dd:09:48:ad:0f:66:d7:3b:9c:2a:10:26:93:
66:61:bc:30:53:b9:62:d7:b5:31:e7:38:03:07:22:
2c:c5:27:76:f9:a9:2b:26:9f:9b:f6:5d:c8:93:5c:
3f:63:38:f7:e5:65:17:c1:18:c4:f4:75:b7:6c:15:
76:ae:71:45:53:3d:89:5b:56:5b:d4:a3:e0:a9:d8:
4f:be:20:04:a3:66:32:c1:c6:54:fa:28:92:3c:16:
62:5d:85:ee:4c:ff:60:b5:0a:b2:7f:c1:72:a4:05:
02:02:c0:fd:8b:3a:5d:71:46:72:96:d2:2e:26:fc:
97:50:87:39:1c:63:3c:5d:e2:ce:72:ec:64:99:36:
4d:47:8d:65:77:46:b4:0e:b4:44:b6:f6:2c:63:3a:
34:bb:cb:50:ba:26:f5:80:79:ed:ca:46:73:84:5b:
6c:6a:c6:a3:21:a7:8b:f9:4a:a3:5a:4c:74:73:75:
d7:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:04:24:54:41:C5:68:C6:12:69:CC:2E:07:F0:71:A3:3C:0D:1A:34
X509v3 Authority Key Identifier:
keyid:26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/3AQkVEHFaMYSacwuB_BxozwNGjQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.198.146.0/24
91.199.22.0/24
91.228.196.0/22
91.234.146.0/24
91.237.52.0/24
91.239.66.0/23
94.152.254.0/23
178.250.40.0/21
185.5.96.0/22
185.25.148.0/22
185.123.160.0/22
185.140.120.0/22
185.180.204.0/22
185.193.112.0/22
185.201.112.0/22
185.204.216.0/22
185.208.164.0/24
185.243.52.0/22
193.17.184.0/24
193.218.152.0/22
194.169.227.0/24
195.2.254.0/23
195.78.66.0/23
195.114.0.0/23
195.242.116.0/23
Signature Algorithm: sha256WithRSAEncryption
53:5e:4d:f5:f8:2d:f7:dc:bc:a4:fa:dc:1f:97:73:96:be:3b:
dc:13:57:c4:19:3e:c7:10:8b:da:69:84:d8:cc:96:90:18:72:
5e:e8:ee:60:1b:82:bc:1c:c4:6d:e7:19:65:0d:52:a2:e2:59:
2b:7e:4a:d1:96:9b:fb:ac:f1:a2:73:9c:e0:0b:fb:7f:89:b9:
ae:9f:d6:fd:8a:46:cd:47:e2:08:be:82:be:14:88:ce:22:7f:
8e:0a:35:24:4d:39:e8:46:49:03:e8:e6:bb:0f:70:ff:a4:68:
85:57:ee:0d:fc:2c:2b:9d:e2:37:e8:72:53:cb:95:40:af:d0:
64:52:52:ff:94:44:1e:b0:21:73:53:5e:fb:6e:14:50:1a:0c:
d9:e0:f7:31:d3:7e:f5:5e:5e:87:26:a0:14:03:33:ad:b7:b2:
fe:55:50:f2:38:61:2b:27:a6:d5:56:54:82:3f:df:74:40:94:
2b:cf:ef:c9:33:9d:02:8f:16:d4:1c:d6:4f:5a:e9:53:7d:2c:
df:16:5c:22:4d:b6:d3:dd:57:98:c7:68:9e:b7:8c:58:d9:97:
38:50:2e:ab:58:f5:a3:8e:b8:e0:34:c7:2d:94:37:63:f7:25:
b0:b7:5d:07:a7:86:66:ea:d5:26:bb:b1:d7:bc:42:b1:d4:18:
bc:51:76:02
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgISAZlXbNqD1pY2Ia+hKNyXEmzvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YTVhYTkxOGNiZmViM2UxMjk5N2YzMzg5MGZlYjI1ODkw
N2IzNDMwHhcNMjUwOTE3MTEyNjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzA0MjQ1NDQxYzU2OGM2MTI2OWNjMmUwN2YwNzFhMzNjMGQxYTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdgdxRuda27Pd9eJlKlR+QsDoOkb
eovM56oXous+uq0zgAlMpEoYvEfCVZiGrGCH9m/hOkNEfrGBMJwqi+N32kFruB2J
bKSVjykM/t0JSK0PZtc7nCoQJpNmYbwwU7li17Ux5zgDByIsxSd2+akrJp+b9l3I
k1w/Yzj35WUXwRjE9HW3bBV2rnFFUz2JW1Zb1KPgqdhPviAEo2YywcZU+iiSPBZi
XYXuTP9gtQqyf8FypAUCAsD9izpdcUZyltIuJvyXUIc5HGM8XeLOcuxkmTZNR41l
d0a0DrREtvYsYzo0u8tQuib1gHntykZzhFtsasajIaeL+UqjWkx0c3XXIQIDAQAB
o4ICnjCCApowHQYDVR0OBBYEFNwEJFRBxWjGEmnMLgfwcaM8DRo0MB8GA1UdIwQY
MBaAFCalqpGMv+s+Epl/M4kP6yWJB7NDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTIt
Mjk3ZTI4MmQ2NmE4LzEvM0FRa1ZFSEZhTVlTYWN3dUJfQnhvendOR2pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTItMjk3ZTI4MmQ2NmE4
LzEvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGzBggrBgEFBQcBBwEB/wSBozCBoDCBnQQCAAEwgZYDBABb
xpIDBABbxxYDBAJb5MQDBABb6pIDBABb7TQDBAFb70IDBAFemP4DBAOy+igDBAK5
BWADBAK5GZQDBAK5e6ADBAK5jHgDBAK5tMwDBAK5wXADBAK5yXADBAK5zNgDBAC5
0KQDBAK58zQDBADBEbgDBALB2pgDBADCqeMDBAHDAv4DBAHDTkIDBAHDcgADBAHD
8nQwDQYJKoZIhvcNAQELBQADggEBAFNeTfX4LffcvKT63B+Xc5a+O9wTV8QZPscQ
i9pphNjMlpAYcl7o7mAbgrwcxG3nGWUNUqLiWSt+StGWm/us8aJznOAL+3+Jua6f
1v2KRs1H4gi+gr4UiM4if44KNSRNOehGSQPo5rsPcP+kaIVX7g38LCud4jfoclPL
lUCv0GRSUv+URB6wIXNTXvtuFFAaDNng9zHTfvVeXocmoBQDM623sv5VUPI4YSsn
ptVWVII/33RAlCvP78kznQKPFtQc1k9a6VN9LN8WXCJNttPdV5jHaJ63jFjZlzhQ
LqtY9aOOuOA0xy2UN2P3JbC3XQenhmbq1Sa7sde8QrHUGLxRdgI=
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:58:19 2025 by rpki-client