Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/1cc85a-af77-45ed-b6cb-d97c8b56ae25/1/PGcm0CDeNWecP1jquZhLeuP7u_U.roa
File: PGcm0CDeNWecP1jquZhLeuP7u_U.roa (raw, json)
Hash identifier: rZuBb7s0u0fbgFHXAnluNeY1vKsyUBBvaE5m7s/yw4c=
Subject key identifier: 3C:67:26:D0:20:DE:35:67:9C:3F:58:EA:B9:98:4B:7A:E3:FB:BB:F5
Certificate issuer: /CN=52ebccd90c8a0fc11e9a98f85666e8183b5efa6c
Certificate serial: 019B7CED140A4834E12F24564B30BFD1A470
Authority key identifier: 52:EB:CC:D9:0C:8A:0F:C1:1E:9A:98:F8:56:66:E8:18:3B:5E:FA:6C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UuvM2QyKD8Eempj4VmboGDte-mw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/1cc85a-af77-45ed-b6cb-d97c8b56ae25/1/PGcm0CDeNWecP1jquZhLeuP7u_U.roa
Signing time: Fri 02 Jan 2026 04:17:50 +0000
ROA not before: Fri 02 Jan 2026 04:17:50 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 196777
IP address blocks: 37.143.132.0/22 maxlen: 22
91.214.84.0/22 maxlen: 22
91.214.85.0/24 maxlen: 24
176.126.60.0/22 maxlen: 22
178.213.184.0/21 maxlen: 21
194.60.254.0/23 maxlen: 23
194.60.254.0/24 maxlen: 24
195.191.12.0/23 maxlen: 23
2a10:a380::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7a/1cc85a-af77-45ed-b6cb-d97c8b56ae25/1/UuvM2QyKD8Eempj4VmboGDte-mw.crl
rsync://rpki.ripe.net/repository/DEFAULT/7a/1cc85a-af77-45ed-b6cb-d97c8b56ae25/1/UuvM2QyKD8Eempj4VmboGDte-mw.mft
rsync://rpki.ripe.net/repository/DEFAULT/UuvM2QyKD8Eempj4VmboGDte-mw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 16:32:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:ed:14:0a:48:34:e1:2f:24:56:4b:30:bf:d1:a4:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52ebccd90c8a0fc11e9a98f85666e8183b5efa6c
Validity
Not Before: Jan 2 04:17:50 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3c6726d020de35679c3f58eab9984b7ae3fbbbf5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:e4:8a:2b:45:0e:e7:d2:62:61:d4:df:27:7f:
18:9f:9f:98:cc:f3:83:b1:72:cc:b6:69:7f:ca:d4:
8c:83:cd:1c:17:92:c4:20:c3:c2:7f:f6:e7:92:67:
a4:f7:87:28:2f:e8:a6:4d:0b:e0:92:fc:4c:25:7d:
ad:05:79:85:a7:5d:ff:03:ef:f9:63:dd:96:ba:c0:
09:05:51:19:5e:d3:23:62:3f:0a:ab:f3:ea:ba:73:
cf:2d:ab:16:91:4c:d5:88:74:1d:db:97:27:8b:5a:
a2:0c:9a:17:07:2b:6d:d0:51:dc:19:0b:76:d9:76:
2d:d4:3a:69:95:f5:a2:ab:66:09:0d:4f:6a:79:99:
97:aa:b3:0d:ab:d4:82:b7:1e:7c:6e:15:4e:83:7b:
5b:27:68:f3:91:31:ef:57:18:46:c2:29:ec:2f:9b:
83:c6:7f:1d:e7:a7:9c:12:02:60:99:cf:ab:f0:04:
04:46:2b:9a:05:40:5a:f6:a3:a4:1d:50:df:1b:0b:
7a:16:0f:6a:ad:97:00:06:5f:7f:e3:e7:05:20:17:
d4:2e:23:cc:ee:dc:58:1b:24:f9:a7:39:ff:b4:d7:
8e:e3:7b:0b:7b:ca:0c:00:4d:0e:46:be:2c:9c:e1:
2e:70:96:1e:8f:5f:47:3c:42:69:f6:96:1c:13:f2:
e3:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:67:26:D0:20:DE:35:67:9C:3F:58:EA:B9:98:4B:7A:E3:FB:BB:F5
X509v3 Authority Key Identifier:
keyid:52:EB:CC:D9:0C:8A:0F:C1:1E:9A:98:F8:56:66:E8:18:3B:5E:FA:6C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UuvM2QyKD8Eempj4VmboGDte-mw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1cc85a-af77-45ed-b6cb-d97c8b56ae25/1/PGcm0CDeNWecP1jquZhLeuP7u_U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1cc85a-af77-45ed-b6cb-d97c8b56ae25/1/UuvM2QyKD8Eempj4VmboGDte-mw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.143.132.0/22
91.214.84.0/22
176.126.60.0/22
178.213.184.0/21
194.60.254.0/23
195.191.12.0/23
IPv6:
2a10:a380::/29
Signature Algorithm: sha256WithRSAEncryption
7b:cb:9e:61:ee:19:50:75:44:22:58:ad:24:81:04:0f:04:1e:
53:63:65:21:70:71:2c:20:9c:c8:07:76:56:6f:f7:12:58:3a:
51:b3:fc:e5:37:f5:66:18:06:e9:06:d3:57:81:f4:8c:cd:00:
d6:7d:ac:1d:73:21:e7:81:79:c5:33:f4:12:a1:5d:07:76:86:
61:5b:52:20:e9:8e:5e:d3:9f:2c:ba:d0:0a:12:29:44:ce:66:
89:78:b4:a9:12:ab:1c:83:c3:39:93:cd:1c:a0:05:c2:08:0f:
e8:1d:10:d8:08:52:59:94:95:a9:9a:33:02:d0:58:56:bc:81:
02:4c:d8:ec:9c:d7:04:5a:eb:79:4d:58:95:fc:ff:9c:97:8f:
5f:06:26:42:b0:aa:5d:30:06:72:a9:68:a9:ef:fb:02:0e:e1:
09:8d:ca:7c:66:bd:e8:a6:72:ab:f8:c1:ec:75:0f:e7:1f:04:
d4:c9:aa:2b:85:cb:58:1c:51:be:e2:f3:d2:0e:3a:f2:59:49:
0d:21:d1:b9:53:61:1e:2d:c0:74:2e:96:43:d2:6f:8c:43:ff:
61:20:77:81:06:50:ee:4c:79:df:37:1b:4c:dc:d0:f0:8f:4b:
32:29:4c:94:e6:78:3b:7e:47:89:ca:86:cc:d9:16:79:f7:4d:
75:67:f5:18
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZt87RQKSDThLyRWSzC/0aRwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZWJjY2Q5MGM4YTBmYzExZTlhOThmODU2NjZlODE4M2I1
ZWZhNmMwHhcNMjYwMTAyMDQxNzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzY3MjZkMDIwZGUzNTY3OWMzZjU4ZWFiOTk4NGI3YWUzZmJiYmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+SKK0UO59JiYdTfJ38Yn5+YzPOD
sXLMtml/ytSMg80cF5LEIMPCf/bnkmek94coL+imTQvgkvxMJX2tBXmFp13/A+/5
Y92WusAJBVEZXtMjYj8Kq/PqunPPLasWkUzViHQd25cni1qiDJoXBytt0FHcGQt2
2XYt1DpplfWiq2YJDU9qeZmXqrMNq9SCtx58bhVOg3tbJ2jzkTHvVxhGwinsL5uD
xn8d56ecEgJgmc+r8AQERiuaBUBa9qOkHVDfGwt6Fg9qrZcABl9/4+cFIBfULiPM
7txYGyT5pzn/tNeO43sLe8oMAE0ORr4snOEucJYej19HPEJp9pYcE/LjgQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFDxnJtAg3jVnnD9Y6rmYS3rj+7v1MB8GA1UdIwQY
MBaAFFLrzNkMig/BHpqY+FZm6Bg7XvpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXV2TTJReUtEOEVlbXBqNFZtYm9HRHRlLW13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8xY2M4NWEtYWY3Ny00NWVkLWI2Y2It
ZDk3YzhiNTZhZTI1LzEvUEdjbTBDRGVOV2VjUDFqcXVaaExldVA3dV9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8xY2M4NWEtYWY3Ny00NWVkLWI2Y2ItZDk3YzhiNTZhZTI1
LzEvVXV2TTJReUtEOEVlbXBqNFZtYm9HRHRlLW13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQCJY+EAwQC
W9ZUAwQCsH48AwQDstW4AwQBwjz+AwQBw78MMA0EAgACMAcDBQMqEKOAMA0GCSqG
SIb3DQEBCwUAA4IBAQB7y55h7hlQdUQiWK0kgQQPBB5TY2UhcHEsIJzIB3ZWb/cS
WDpRs/zlN/VmGAbpBtNXgfSMzQDWfawdcyHngXnFM/QSoV0HdoZhW1Ig6Y5e058s
utAKEilEzmaJeLSpEqscg8M5k80coAXCCA/oHRDYCFJZlJWpmjMC0FhWvIECTNjs
nNcEWut5TViV/P+cl49fBiZCsKpdMAZyqWip7/sCDuEJjcp8Zr3opnKr+MHsdQ/n
HwTUyaorhctYHFG+4vPSDjryWUkNIdG5U2EeLcB0LpZD0m+MQ/9hIHeBBlDuTHnf
NxtM3NDwj0syKUyU5ng7fkeJyobM2RZ59011Z/UY
-----END CERTIFICATE-----
Generated at Thu Mar 26 21:52:01 2026 by rpki-client