Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/8e2d6c-1481-4844-a7ee-1fa540b721c2/1/R9NGLutQdVO4LXCQi00sG9rliWM.roa
File: R9NGLutQdVO4LXCQi00sG9rliWM.roa (raw, json)
Hash identifier: +uY9BE883q1EK9ehNx5rRzDlM1yOOZRz+kA9g1qIqVk=
Subject key identifier: 47:D3:46:2E:EB:50:75:53:B8:2D:70:90:8B:4D:2C:1B:DA:E5:89:63
Certificate issuer: /CN=864d2f0c46752bf069738fba67efe2f6b8b62cc4
Certificate serial: 019B797F22D2D60E62AB4B7FD82931491B9C
Authority key identifier: 86:4D:2F:0C:46:75:2B:F0:69:73:8F:BA:67:EF:E2:F6:B8:B6:2C:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hk0vDEZ1K_Bpc4-6Z-_i9ri2LMQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/8e2d6c-1481-4844-a7ee-1fa540b721c2/1/R9NGLutQdVO4LXCQi00sG9rliWM.roa
Signing time: Thu 01 Jan 2026 12:18:53 +0000
ROA not before: Thu 01 Jan 2026 12:18:53 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 57478
IP address blocks: 91.192.144.0/22 maxlen: 22
91.192.144.0/24 maxlen: 24
91.192.145.0/24 maxlen: 24
91.214.36.0/22 maxlen: 22
91.214.52.0/22 maxlen: 22
91.224.146.0/23 maxlen: 23
185.237.156.0/22 maxlen: 22
193.169.18.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/72/8e2d6c-1481-4844-a7ee-1fa540b721c2/1/hk0vDEZ1K_Bpc4-6Z-_i9ri2LMQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/72/8e2d6c-1481-4844-a7ee-1fa540b721c2/1/hk0vDEZ1K_Bpc4-6Z-_i9ri2LMQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/hk0vDEZ1K_Bpc4-6Z-_i9ri2LMQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Mar 2026 09:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:79:7f:22:d2:d6:0e:62:ab:4b:7f:d8:29:31:49:1b:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=864d2f0c46752bf069738fba67efe2f6b8b62cc4
Validity
Not Before: Jan 1 12:18:53 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=47d3462eeb507553b82d70908b4d2c1bdae58963
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:31:9f:cc:38:5e:40:9f:75:1b:5f:6a:1d:02:
cf:d2:11:c2:85:50:29:7e:fa:21:d4:c2:a6:7c:e7:
22:07:e7:e7:68:c8:14:91:f5:d9:96:bf:e0:91:5d:
d2:10:4a:c6:44:2a:01:35:3b:6c:72:fe:59:42:b4:
a5:c2:04:04:fb:b5:60:46:15:bd:27:7f:97:91:ed:
a7:fe:54:98:c9:29:67:62:aa:84:eb:9b:63:fc:e7:
11:c8:be:4b:f4:a5:93:36:92:32:9f:f2:ee:63:0e:
0d:39:d8:be:6f:75:ec:c4:3c:05:62:ed:d6:08:fb:
98:df:0b:66:94:61:e7:63:f4:de:a9:7e:2e:b5:2f:
3a:52:93:bb:17:c6:b5:39:ea:af:f1:09:76:cb:1e:
e5:b7:53:56:17:78:35:a9:0e:d5:95:3a:89:44:03:
30:05:46:79:d6:7a:a0:ff:1f:26:5f:2f:2c:4a:d8:
4d:45:57:50:f0:f8:0e:a7:af:df:7d:7e:2d:a8:58:
6e:fa:26:77:f8:c8:4f:80:ce:79:50:83:fa:af:6a:
0d:52:a5:d7:34:10:57:ca:72:d8:5b:1b:43:9b:ea:
00:d7:c7:f9:ab:40:9a:72:4c:7b:04:29:a3:21:3b:
c7:24:cc:4d:46:06:35:a5:c1:52:ca:d5:8e:b1:c9:
19:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:D3:46:2E:EB:50:75:53:B8:2D:70:90:8B:4D:2C:1B:DA:E5:89:63
X509v3 Authority Key Identifier:
keyid:86:4D:2F:0C:46:75:2B:F0:69:73:8F:BA:67:EF:E2:F6:B8:B6:2C:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hk0vDEZ1K_Bpc4-6Z-_i9ri2LMQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/8e2d6c-1481-4844-a7ee-1fa540b721c2/1/R9NGLutQdVO4LXCQi00sG9rliWM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/8e2d6c-1481-4844-a7ee-1fa540b721c2/1/hk0vDEZ1K_Bpc4-6Z-_i9ri2LMQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.192.144.0/22
91.214.36.0/22
91.214.52.0/22
91.224.146.0/23
185.237.156.0/22
193.169.18.0/23
Signature Algorithm: sha256WithRSAEncryption
92:d6:bf:ed:6a:76:cd:3a:6b:fe:25:19:22:ca:00:b5:72:95:
b3:cc:5f:b7:07:0b:0f:d3:ca:6f:81:cc:83:8b:6e:2b:dd:91:
25:cb:1d:40:37:ce:aa:bd:c4:51:12:6e:7d:4d:78:c7:11:48:
3e:0e:4f:a6:3b:79:2d:d0:b4:02:fe:3b:43:b3:60:3c:1b:95:
a5:a5:77:30:d9:ea:6b:6a:84:85:6c:c6:06:6d:3c:79:73:1d:
7d:23:2c:ed:6f:e7:e1:b2:41:59:94:6d:59:f4:a4:f5:60:ed:
15:c2:29:79:cb:16:7b:42:e5:af:8d:89:f0:65:1f:67:e0:21:
c7:ee:e9:f6:9f:ce:72:be:71:7f:88:8c:f7:6e:4d:f5:29:c9:
55:d6:f0:12:39:42:98:7f:1c:46:0a:5f:82:b4:23:d2:95:f9:
10:f3:0f:3e:90:c7:0f:bc:41:8f:17:a0:2c:ea:21:67:96:37:
1b:96:18:5f:09:45:87:c8:ff:33:5e:db:e8:bd:9b:9c:22:71:
a4:df:2a:1f:46:6d:d3:45:7a:09:fb:d1:4a:0c:cb:f6:ff:17:
1b:4d:a0:a7:a1:8d:e2:82:61:ed:7e:0f:20:9f:39:eb:aa:ca:
a9:7f:ff:97:18:0d:f7:d3:0b:5c:ed:c1:26:c2:ed:7c:33:8e:
1d:f4:43:d7
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZt5fyLS1g5iq0t/2CkxSRucMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NGQyZjBjNDY3NTJiZjA2OTczOGZiYTY3ZWZlMmY2Yjhi
NjJjYzQwHhcNMjYwMTAxMTIxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2QzNDYyZWViNTA3NTUzYjgyZDcwOTA4YjRkMmMxYmRhZTU4OTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6jGfzDheQJ91G19qHQLP0hHChVAp
fvoh1MKmfOciB+fnaMgUkfXZlr/gkV3SEErGRCoBNTtscv5ZQrSlwgQE+7VgRhW9
J3+Xke2n/lSYySlnYqqE65tj/OcRyL5L9KWTNpIyn/LuYw4NOdi+b3XsxDwFYu3W
CPuY3wtmlGHnY/TeqX4utS86UpO7F8a1Oeqv8Ql2yx7lt1NWF3g1qQ7VlTqJRAMw
BUZ51nqg/x8mXy8sSthNRVdQ8PgOp6/ffX4tqFhu+iZ3+MhPgM55UIP6r2oNUqXX
NBBXynLYWxtDm+oA18f5q0Cackx7BCmjITvHJMxNRgY1pcFSytWOsckZCQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFEfTRi7rUHVTuC1wkItNLBva5YljMB8GA1UdIwQY
MBaAFIZNLwxGdSvwaXOPumfv4va4tizEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGswdkRFWjFLX0JwYzQtNlotX2k5cmkyTE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi84ZTJkNmMtMTQ4MS00ODQ0LWE3ZWUt
MWZhNTQwYjcyMWMyLzEvUjlOR0x1dFFkVk80TFhDUWkwMHNHOXJsaVdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi84ZTJkNmMtMTQ4MS00ODQ0LWE3ZWUtMWZhNTQwYjcyMWMy
LzEvaGswdkRFWjFLX0JwYzQtNlotX2k5cmkyTE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCW8CQAwQC
W9YkAwQCW9Y0AwQBW+CSAwQCue2cAwQBwakSMA0GCSqGSIb3DQEBCwUAA4IBAQCS
1r/tanbNOmv+JRkiygC1cpWzzF+3BwsP08pvgcyDi24r3ZElyx1AN86qvcRREm59
TXjHEUg+Dk+mO3kt0LQC/jtDs2A8G5WlpXcw2epraoSFbMYGbTx5cx19Iyztb+fh
skFZlG1Z9KT1YO0Vwil5yxZ7QuWvjYnwZR9n4CHH7un2n85yvnF/iIz3bk31KclV
1vASOUKYfxxGCl+CtCPSlfkQ8w8+kMcPvEGPF6As6iFnljcblhhfCUWHyP8zXtvo
vZucInGk3yofRm3TRXoJ+9FKDMv2/xcbTaCnoY3igmHtfg8gnznrqsqpf/+XGA33
0wtc7cEmwu18M44d9EPX
-----END CERTIFICATE-----
Generated at Sat Mar 28 15:55:11 2026 by rpki-client