Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/1nNV9DxFhaP0ulOnfWKUdFWeaqo.roa
File: 1nNV9DxFhaP0ulOnfWKUdFWeaqo.roa (raw, json)
Hash identifier: EhXut837sTXP+cNtBANjiFCruyh/ywEOat4xjFaBLJ4=
Subject key identifier: D6:73:55:F4:3C:45:85:A3:F4:BA:53:A7:7D:62:94:74:55:9E:6A:AA
Certificate issuer: /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial: 019D2AD99D57F92695B575BE871268BB8159
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/1nNV9DxFhaP0ulOnfWKUdFWeaqo.roa
Signing time: Thu 26 Mar 2026 15:53:17 +0000
ROA not before: Thu 26 Mar 2026 15:53:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 208427
IP address blocks: 46.8.21.0/24 maxlen: 24
46.8.29.0/24 maxlen: 24
46.8.158.0/24 maxlen: 24
95.182.112.0/23 maxlen: 23
95.182.120.0/22 maxlen: 22
109.248.59.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Mar 2026 00:55:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:2a:d9:9d:57:f9:26:95:b5:75:be:87:12:68:bb:81:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
Validity
Not Before: Mar 26 15:53:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d67355f43c4585a3f4ba53a77d629474559e6aaa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:e4:f3:da:1e:04:16:15:20:94:73:9c:b0:fe:
b8:26:eb:17:ae:aa:de:53:9a:90:d2:1f:9c:05:b7:
8b:74:2f:0c:1c:40:ef:0e:98:5a:5c:10:1f:79:fd:
fb:18:97:21:c0:c7:92:f6:d9:c2:50:9c:e9:a5:82:
8b:ff:14:59:80:03:02:2b:e7:9c:fc:28:28:5e:21:
3a:c6:10:e7:9c:fe:e3:16:78:d6:11:8e:66:da:35:
52:c9:a5:47:07:74:34:a3:a2:1d:bd:66:c2:8b:9c:
69:f9:7c:a3:04:22:37:5f:e7:76:5c:c7:03:c5:40:
bf:bd:eb:7b:b7:a8:28:12:54:4a:6e:0c:8a:a2:69:
5f:2c:e5:4f:42:ef:59:88:66:fd:04:b3:a1:b3:cf:
04:2b:28:ff:a1:9d:20:5b:79:b6:55:43:82:44:27:
aa:a8:a7:37:6c:7b:c2:90:3c:53:fc:01:39:68:14:
04:de:b0:a2:63:f1:f9:79:14:b7:68:4e:9b:bb:8c:
c5:59:1d:77:21:56:3c:48:10:6f:11:c6:b8:6e:7b:
d8:9c:2f:dc:34:f4:29:94:f4:e9:c3:ac:7a:bc:52:
96:5d:62:ae:5a:60:8d:85:e7:84:a0:69:8f:f1:46:
a6:13:6f:91:69:a8:7c:42:0d:8c:88:68:24:12:fe:
e5:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:73:55:F4:3C:45:85:A3:F4:BA:53:A7:7D:62:94:74:55:9E:6A:AA
X509v3 Authority Key Identifier:
keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/1nNV9DxFhaP0ulOnfWKUdFWeaqo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.8.21.0/24
46.8.29.0/24
46.8.158.0/24
95.182.112.0/23
95.182.120.0/22
109.248.59.0/24
Signature Algorithm: sha256WithRSAEncryption
a2:ec:a7:a6:99:14:1e:55:80:70:f5:5d:b0:46:e9:32:bc:c2:
02:23:52:07:40:8f:d9:ef:f9:a6:dc:f4:0c:14:5b:f1:4d:22:
31:3f:45:fb:34:31:f1:f3:e3:64:95:25:3b:8d:b7:7a:3b:63:
49:fc:23:02:3f:6f:35:5c:f9:08:49:ba:af:c9:72:e6:9b:c1:
94:a1:f0:b4:eb:99:2d:72:4d:e0:ae:81:c5:32:2a:a4:2b:8e:
5c:58:2d:12:6e:b3:f5:10:25:62:42:bd:50:88:3f:2a:c6:7b:
9b:dc:4a:9b:07:07:9a:f7:ee:41:0e:02:bf:ba:97:d8:d9:41:
7b:83:be:97:ed:e1:95:cd:e7:d0:aa:6d:b7:a0:af:59:d7:9e:
cb:40:bd:c1:a3:7f:e2:06:1f:0a:6c:d7:87:6d:23:fc:e7:6a:
00:6e:8e:0b:e0:a1:d3:1e:8d:fb:c6:19:ab:43:b2:4a:b2:8e:
e7:fd:fd:84:cd:3d:fb:91:47:75:dc:39:ec:78:06:fa:5f:b5:
e7:8b:3d:2a:f5:51:ca:5e:ba:bc:39:f2:91:cd:b5:90:33:8b:
19:22:c0:24:0a:17:51:e2:7e:63:e1:98:65:92:f4:ff:58:ec:
24:b6:20:60:24:e7:dc:2f:05:19:4b:fc:f0:4b:46:fb:8c:2b:
b7:c6:73:d6
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ0q2Z1X+SaVtXW+hxJou4FZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwMzI2MTU1MzE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjczNTVmNDNjNDU4NWEzZjRiYTUzYTc3ZDYyOTQ3NDU1OWU2YWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjuTz2h4EFhUglHOcsP64JusXrqre
U5qQ0h+cBbeLdC8MHEDvDphaXBAfef37GJchwMeS9tnCUJzppYKL/xRZgAMCK+ec
/CgoXiE6xhDnnP7jFnjWEY5m2jVSyaVHB3Q0o6IdvWbCi5xp+XyjBCI3X+d2XMcD
xUC/vet7t6goElRKbgyKomlfLOVPQu9ZiGb9BLOhs88EKyj/oZ0gW3m2VUOCRCeq
qKc3bHvCkDxT/AE5aBQE3rCiY/H5eRS3aE6bu4zFWR13IVY8SBBvEca4bnvYnC/c
NPQplPTpw6x6vFKWXWKuWmCNheeEoGmP8UamE2+Raah8Qg2MiGgkEv7lsQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNZzVfQ8RYWj9LpTp31ilHRVnmqqMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvMW5OVjlEeEZoYVAwdWxPbmZXS1VkRldlYXFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALggVAwQA
LggdAwQALgieAwQBX7ZwAwQCX7Z4AwQAbfg7MA0GCSqGSIb3DQEBCwUAA4IBAQCi
7KemmRQeVYBw9V2wRukyvMICI1IHQI/Z7/mm3PQMFFvxTSIxP0X7NDHx8+NklSU7
jbd6O2NJ/CMCP281XPkISbqvyXLmm8GUofC065ktck3groHFMiqkK45cWC0SbrP1
ECViQr1QiD8qxnub3EqbBwea9+5BDgK/upfY2UF7g76X7eGVzefQqm23oK9Z157L
QL3Bo3/iBh8KbNeHbSP852oAbo4L4KHTHo37xhmrQ7JKso7n/f2EzT37kUd13Dns
eAb6X7Xniz0q9VHKXrq8OfKRzbWQM4sZIsAkChdR4n5j4ZhlkvT/WOwktiBgJOfc
LwUZS/zwS0b7jCu3xnPW
-----END CERTIFICATE-----
Generated at Sat Mar 28 11:22:38 2026 by rpki-client