Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/CUuCv8yUGO5kzdNG-LcqlTW9-Gw.roa
File: CUuCv8yUGO5kzdNG-LcqlTW9-Gw.roa (raw, json)
Hash identifier: pVICflN/XXSbn0ha6nAv/rKKeN2icslh3J8MLWXAR5M=
Subject key identifier: 09:4B:82:BF:CC:94:18:EE:64:CD:D3:46:F8:B7:2A:95:35:BD:F8:6C
Certificate issuer: /CN=668e9b2eefb205342382b6072a903f9d9837071a
Certificate serial: 019DFDA8AB621FCEEC4D971B2DAE420CE86A
Authority key identifier: 66:8E:9B:2E:EF:B2:05:34:23:82:B6:07:2A:90:3F:9D:98:37:07:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/CUuCv8yUGO5kzdNG-LcqlTW9-Gw.roa
Signing time: Wed 06 May 2026 14:19:42 +0000
ROA not before: Wed 06 May 2026 14:19:42 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 44056
IP address blocks: 31.135.224.0/20 maxlen: 24
31.135.226.0/23 maxlen: 23
31.135.227.0/24 maxlen: 24
31.135.228.0/22 maxlen: 22
31.135.232.0/22 maxlen: 22
31.135.236.0/23 maxlen: 23
31.135.236.0/24 maxlen: 24
46.148.128.0/20 maxlen: 20
46.148.128.0/22 maxlen: 22
46.148.128.0/24 maxlen: 24
46.148.129.0/24 maxlen: 24
46.148.130.0/24 maxlen: 24
46.148.132.0/22 maxlen: 22
46.148.143.0/24 maxlen: 24
83.97.104.0/21 maxlen: 21
91.195.130.0/23 maxlen: 23
91.230.146.0/24 maxlen: 24
91.237.186.0/23 maxlen: 23
91.237.186.0/24 maxlen: 24
91.237.187.0/24 maxlen: 24
109.196.64.0/20 maxlen: 24
109.196.64.0/22 maxlen: 22
109.196.64.0/24 maxlen: 24
109.196.65.0/24 maxlen: 24
109.196.67.0/24 maxlen: 24
109.196.68.0/22 maxlen: 22
109.196.68.0/24 maxlen: 24
109.196.69.0/24 maxlen: 24
109.196.72.0/22 maxlen: 22
109.196.72.0/24 maxlen: 24
109.196.73.0/24 maxlen: 24
109.196.74.0/24 maxlen: 24
109.196.75.0/24 maxlen: 24
109.196.76.0/22 maxlen: 22
109.196.76.0/24 maxlen: 24
109.196.77.0/24 maxlen: 24
109.196.78.0/24 maxlen: 24
109.196.79.0/24 maxlen: 24
176.125.192.0/19 maxlen: 19
176.125.192.0/24 maxlen: 24
176.125.194.0/24 maxlen: 24
176.125.195.0/24 maxlen: 24
176.125.196.0/24 maxlen: 24
195.2.238.0/23 maxlen: 23
195.244.24.0/23 maxlen: 23
195.244.25.0/24 maxlen: 24
2a13:2940::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.crl
rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 May 2026 08:01:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:fd:a8:ab:62:1f:ce:ec:4d:97:1b:2d:ae:42:0c:e8:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=668e9b2eefb205342382b6072a903f9d9837071a
Validity
Not Before: May 6 14:19:42 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=094b82bfcc9418ee64cdd346f8b72a9535bdf86c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:a4:c5:fd:ee:15:2d:b4:48:22:d2:c5:2d:5e:
a6:f2:2f:c9:56:3b:30:2c:3e:ce:7b:e1:8b:fe:26:
37:07:17:d3:0f:78:3a:f8:8b:02:bf:8e:84:65:57:
72:76:39:55:40:0d:d3:4f:29:72:0b:d4:55:7a:31:
b1:d1:77:c2:19:e6:94:6a:18:48:68:9e:85:f3:03:
b7:2d:df:6b:13:c7:b7:4c:03:2e:c3:d7:97:9a:8a:
32:a5:69:78:34:47:a7:c4:c1:0b:f1:f9:6f:ed:ec:
0b:38:3b:04:a5:85:1f:fc:88:2c:13:44:b7:3c:0f:
15:0b:1b:df:31:12:7e:ed:57:a4:52:a4:51:1a:86:
9d:7c:34:8c:8d:b2:87:5f:ae:f4:52:49:39:fc:2e:
0f:5a:78:a0:83:af:f0:ef:95:ba:36:e5:0d:1f:53:
c8:49:b8:83:1c:84:e2:3f:d7:80:da:3a:e1:59:41:
89:57:cd:ad:1c:1f:da:81:d2:e4:a0:f5:b2:5a:d9:
02:55:9a:55:75:82:7a:28:5e:81:37:41:4b:5f:5c:
12:93:0f:f3:77:73:d1:25:ce:e1:4e:65:86:69:72:
eb:34:63:39:83:e8:2a:68:74:7a:46:e6:bd:84:1e:
58:ec:3b:65:3f:7a:4a:8b:7f:ff:65:22:68:71:c8:
93:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:4B:82:BF:CC:94:18:EE:64:CD:D3:46:F8:B7:2A:95:35:BD:F8:6C
X509v3 Authority Key Identifier:
keyid:66:8E:9B:2E:EF:B2:05:34:23:82:B6:07:2A:90:3F:9D:98:37:07:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/CUuCv8yUGO5kzdNG-LcqlTW9-Gw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.135.224.0/20
46.148.128.0/20
83.97.104.0/21
91.195.130.0/23
91.230.146.0/24
91.237.186.0/23
109.196.64.0/20
176.125.192.0/19
195.2.238.0/23
195.244.24.0/23
IPv6:
2a13:2940::/32
Signature Algorithm: sha256WithRSAEncryption
73:1b:70:16:f2:75:d7:63:22:14:00:e4:7b:b6:d4:39:51:c4:
d1:92:6e:ca:35:8a:c1:b2:78:3b:22:d6:87:5b:dc:f4:8f:6e:
5d:e4:b5:fa:b3:f7:ba:37:c1:f8:2a:96:bf:3f:a6:20:16:52:
47:d1:10:36:ef:86:23:0a:f6:9c:62:e1:2d:1f:c3:70:f0:3a:
df:46:d8:49:32:f7:e6:20:e2:6f:2d:63:d5:b2:e1:25:d5:65:
08:f7:15:51:75:9a:1b:7a:54:35:7b:e2:14:47:22:83:61:f2:
ef:db:e6:7e:f4:e3:a1:3e:ad:a4:b8:b6:b1:46:26:96:4e:42:
e3:92:a0:d9:b3:fb:ae:cd:93:59:9a:9a:53:78:8c:32:2f:a9:
e0:a8:f1:c0:60:42:2f:d9:0e:ff:c9:83:ff:b6:17:14:70:5d:
a8:75:25:a7:fc:30:02:7c:01:f6:23:66:cb:9e:8c:a6:58:e8:
02:74:01:4b:bc:c3:0d:56:68:3a:e0:20:06:74:43:cb:21:2a:
a2:17:7c:11:ff:7d:57:c3:80:f1:78:9d:4e:a6:db:fa:11:ca:
25:71:2c:36:6c:ea:bd:8a:4e:af:86:b0:f5:fb:f1:18:1f:3e:
52:68:6d:97:19:b8:c7:0c:bd:c1:37:91:75:b6:b3:fb:15:0e:
46:4d:5e:cb
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZ39qKtiH87sTZcbLa5CDOhqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OGU5YjJlZWZiMjA1MzQyMzgyYjYwNzJhOTAzZjlkOTgz
NzA3MWEwHhcNMjYwNTA2MTQxOTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTRiODJiZmNjOTQxOGVlNjRjZGQzNDZmOGI3MmE5NTM1YmRmODZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36TF/e4VLbRIItLFLV6m8i/JVjsw
LD7Oe+GL/iY3BxfTD3g6+IsCv46EZVdydjlVQA3TTylyC9RVejGx0XfCGeaUahhI
aJ6F8wO3Ld9rE8e3TAMuw9eXmooypWl4NEenxMEL8flv7ewLODsEpYUf/IgsE0S3
PA8VCxvfMRJ+7VekUqRRGoadfDSMjbKHX670Ukk5/C4PWnigg6/w75W6NuUNH1PI
SbiDHITiP9eA2jrhWUGJV82tHB/agdLkoPWyWtkCVZpVdYJ6KF6BN0FLX1wSkw/z
d3PRJc7hTmWGaXLrNGM5g+gqaHR6Rua9hB5Y7DtlP3pKi3//ZSJocciTTwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFAlLgr/MlBjuZM3TRvi3KpU1vfhsMB8GA1UdIwQY
MBaAFGaOmy7vsgU0I4K2ByqQP52YNwcaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm82Ykx1LXlCVFFqZ3JZSEtwQV9uWmczQnhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC80YTEzMDUtMzkxYy00NDZjLTlhMzMt
NGMwOGZmZTEwMDc2LzEvQ1V1Q3Y4eVVHTzVremRORy1MY3FsVFc5LUd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC80YTEzMDUtMzkxYy00NDZjLTlhMzMtNGMwOGZmZTEwMDc2
LzEvWm82Ykx1LXlCVFFqZ3JZSEtwQV9uWmczQnhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQEH4fgAwQE
LpSAAwQDU2FoAwQBW8OCAwQAW+aSAwQBW+26AwQEbcRAAwQFsH3AAwQBwwLuAwQB
w/QYMA0EAgACMAcDBQAqEylAMA0GCSqGSIb3DQEBCwUAA4IBAQBzG3AW8nXXYyIU
AOR7ttQ5UcTRkm7KNYrBsng7ItaHW9z0j25d5LX6s/e6N8H4Kpa/P6YgFlJH0RA2
74YjCvacYuEtH8Nw8DrfRthJMvfmIOJvLWPVsuEl1WUI9xVRdZobelQ1e+IURyKD
YfLv2+Z+9OOhPq2kuLaxRiaWTkLjkqDZs/uuzZNZmppTeIwyL6ngqPHAYEIv2Q7/
yYP/thcUcF2odSWn/DACfAH2I2bLnoymWOgCdAFLvMMNVmg64CAGdEPLISqiF3wR
/31Xw4DxeJ1Optv6EcolcSw2bOq9ik6vhrD1+/EYHz5SaG2XGbjHDL3BN5F1trP7
FQ5GTV7L
-----END CERTIFICATE-----
Generated at Wed May 13 17:09:34 2026 by rpki-client