Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/oTEVh4sCkUtRH08L6LJiAoRxfGc.roa
File: oTEVh4sCkUtRH08L6LJiAoRxfGc.roa (raw, json)
Hash identifier: pZRTGTZKDvW2ND8OHyA6joQW6qrJyVaYDUesbaMh6Js=
Subject key identifier: A1:31:15:87:8B:02:91:4B:51:1F:4F:0B:E8:B2:62:02:84:71:7C:67
Certificate issuer: /CN=3b0bf18d6bbdb33da82fe61a28624ba72e235040
Certificate serial: 019DAF984B58FDF5BFB5502D8C3BC60EB5A2
Authority key identifier: 3B:0B:F1:8D:6B:BD:B3:3D:A8:2F:E6:1A:28:62:4B:A7:2E:23:50:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OwvxjWu9sz2oL-YaKGJLpy4jUEA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/oTEVh4sCkUtRH08L6LJiAoRxfGc.roa
Signing time: Tue 21 Apr 2026 10:31:26 +0000
ROA not before: Tue 21 Apr 2026 10:31:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 63150
IP address blocks: 185.241.40.0/22 maxlen: 24
185.241.40.0/23 maxlen: 24
185.241.40.0/24 maxlen: 24
185.241.41.0/24 maxlen: 24
185.241.42.0/23 maxlen: 24
185.241.42.0/24 maxlen: 24
185.241.43.0/24 maxlen: 24
209.33.144.0/20 maxlen: 24
209.33.160.0/20 maxlen: 24
2a14:4900:2000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/OwvxjWu9sz2oL-YaKGJLpy4jUEA.crl
rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/OwvxjWu9sz2oL-YaKGJLpy4jUEA.mft
rsync://rpki.ripe.net/repository/DEFAULT/OwvxjWu9sz2oL-YaKGJLpy4jUEA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 19:01:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:af:98:4b:58:fd:f5:bf:b5:50:2d:8c:3b:c6:0e:b5:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3b0bf18d6bbdb33da82fe61a28624ba72e235040
Validity
Not Before: Apr 21 10:31:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a13115878b02914b511f4f0be8b2620284717c67
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:e0:84:58:0b:1e:da:b3:cc:c6:aa:8c:be:76:
00:b8:ce:61:cb:33:d7:8a:5f:f3:6c:22:00:3e:c3:
5f:3e:f2:9f:85:d2:15:1a:f4:9f:49:0e:37:a3:63:
aa:fa:00:59:cf:d0:2b:75:de:20:67:42:e7:19:27:
49:f4:93:93:71:70:45:65:03:f7:de:7c:bd:95:47:
09:a5:92:40:ad:7a:ba:61:24:49:cb:a5:97:a9:be:
fd:f6:05:4a:ce:77:26:34:90:58:b0:67:0d:cf:ea:
f5:fd:ec:6e:4c:85:35:2e:ee:07:10:5d:13:ff:f0:
9e:a1:8f:97:48:fb:9e:fd:ea:bb:42:7f:e0:55:4f:
3a:77:b4:3f:13:71:ca:9f:b6:09:e4:8e:11:b5:6f:
17:28:c8:26:22:23:4b:fa:a4:97:1f:76:b5:da:54:
2b:a0:c3:20:e5:be:ae:05:be:fc:42:ee:85:95:7d:
1c:8f:f2:a8:93:40:c2:f5:3d:9b:a8:60:1d:4d:b2:
cd:b1:16:7f:9c:91:cd:6c:e8:e6:eb:71:dd:6d:e3:
b0:65:0a:e0:a4:b2:1d:6d:6c:86:23:c1:9b:fa:1e:
87:1a:6f:e2:27:b9:92:04:e2:d2:01:f0:12:a0:27:
40:a1:ec:ec:42:32:e5:bb:69:fa:67:4d:5c:6d:1f:
78:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:31:15:87:8B:02:91:4B:51:1F:4F:0B:E8:B2:62:02:84:71:7C:67
X509v3 Authority Key Identifier:
keyid:3B:0B:F1:8D:6B:BD:B3:3D:A8:2F:E6:1A:28:62:4B:A7:2E:23:50:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwvxjWu9sz2oL-YaKGJLpy4jUEA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/oTEVh4sCkUtRH08L6LJiAoRxfGc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/OwvxjWu9sz2oL-YaKGJLpy4jUEA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.241.40.0/22
209.33.144.0-209.33.175.255
IPv6:
2a14:4900:2000::/36
Signature Algorithm: sha256WithRSAEncryption
bc:13:d8:8b:6f:59:1a:66:0d:4b:1c:d9:49:ea:b8:95:ed:88:
68:9f:1d:d7:6e:2a:ca:b2:f4:3d:52:ca:41:68:f4:b6:91:a7:
99:74:df:18:db:39:79:a7:a4:d6:5d:ad:d4:d5:bd:b5:f8:cc:
6e:ac:38:09:77:f5:ba:d1:6a:c8:1b:36:80:13:43:30:df:98:
b7:17:da:d4:10:e0:a4:89:ce:33:3b:ef:02:6b:93:c8:63:c9:
97:23:e4:6f:72:5a:18:b1:60:d3:67:de:76:63:5c:2d:7c:1c:
2b:78:66:0c:1c:af:e7:bb:4a:ae:3f:98:ff:90:ab:7d:d3:40:
77:dd:ad:51:70:41:dc:3c:e3:8f:f7:2d:a0:ab:53:a5:37:9c:
75:1e:72:28:8c:4d:0a:95:ab:8c:a2:0c:a9:5a:8c:df:fe:95:
a5:6e:77:47:f5:da:32:c1:88:d3:a8:06:ce:a0:c2:3a:41:83:
c7:7b:5e:f6:c9:23:20:43:e5:a5:d9:fc:31:29:24:3f:88:a3:
18:bc:09:17:7e:1e:74:c8:a6:ad:06:14:1b:bf:7f:37:34:3b:
09:8a:9d:e8:24:68:86:97:58:bc:10:9e:12:23:f3:2e:c9:82:
55:59:5a:77:7d:e2:cf:aa:c8:9d:87:a4:1f:2b:12:c6:84:e6:
36:59:e4:51
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ2vmEtY/fW/tVAtjDvGDrWiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMGJmMThkNmJiZGIzM2RhODJmZTYxYTI4NjI0YmE3MmUy
MzUwNDAwHhcNMjYwNDIxMTAzMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTMxMTU4NzhiMDI5MTRiNTExZjRmMGJlOGIyNjIwMjg0NzE3YzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquCEWAse2rPMxqqMvnYAuM5hyzPX
il/zbCIAPsNfPvKfhdIVGvSfSQ43o2Oq+gBZz9Ardd4gZ0LnGSdJ9JOTcXBFZQP3
3ny9lUcJpZJArXq6YSRJy6WXqb799gVKzncmNJBYsGcNz+r1/exuTIU1Lu4HEF0T
//CeoY+XSPue/eq7Qn/gVU86d7Q/E3HKn7YJ5I4RtW8XKMgmIiNL+qSXH3a12lQr
oMMg5b6uBb78Qu6FlX0cj/Kok0DC9T2bqGAdTbLNsRZ/nJHNbOjm63HdbeOwZQrg
pLIdbWyGI8Gb+h6HGm/iJ7mSBOLSAfASoCdAoezsQjLlu2n6Z01cbR94wwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFKExFYeLApFLUR9PC+iyYgKEcXxnMB8GA1UdIwQY
MBaAFDsL8Y1rvbM9qC/mGihiS6cuI1BAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3d2eGpXdTlzejJvTC1ZYUtHSkxweTRqVUVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS81ZGRlZTktYzFjNC00YjU3LWI2Yjgt
ZDQ5OTE2YjVmMmI0LzEvb1RFVmg0c0NrVXRSSDA4TDZMSmlBb1J4ZkdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS81ZGRlZTktYzFjNC00YjU3LWI2YjgtZDQ5OTE2YjVmMmI0
LzEvT3d2eGpXdTlzejJvTC1ZYUtHSkxweTRqVUVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAaBAIAATAUAwQCufEoMAwD
BATRIZADBATRIaAwDgQCAAIwCAMGBCoUSQAgMA0GCSqGSIb3DQEBCwUAA4IBAQC8
E9iLb1kaZg1LHNlJ6riV7Yhonx3XbirKsvQ9UspBaPS2kaeZdN8Y2zl5p6TWXa3U
1b21+MxurDgJd/W60WrIGzaAE0Mw35i3F9rUEOCkic4zO+8Ca5PIY8mXI+RvcloY
sWDTZ952Y1wtfBwreGYMHK/nu0quP5j/kKt900B33a1RcEHcPOOP9y2gq1OlN5x1
HnIojE0KlauMogypWozf/pWlbndH9doywYjTqAbOoMI6QYPHe172ySMgQ+Wl2fwx
KSQ/iKMYvAkXfh50yKatBhQbv383NDsJip3oJGiGl1i8EJ4SI/MuyYJVWVp3feLP
qsidh6QfKxLGhOY2WeRR
-----END CERTIFICATE-----
Generated at Wed May 13 03:48:13 2026 by rpki-client