Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/kPQ4CKW-h0DeOxWl-K_-W4akhCU.roa
File: kPQ4CKW-h0DeOxWl-K_-W4akhCU.roa (raw, json)
Hash identifier: FziCTKXI5Ou+Jvc7ecEfNovJelpNbcObghxJuzVXBKc=
Subject key identifier: 90:F4:38:08:A5:BE:87:40:DE:3B:15:A5:F8:AF:FE:5B:86:A4:84:25
Certificate issuer: /CN=c8d5e37178d8524c72660a1d796165999e586622
Certificate serial: 019DBEE6CE86829B48F54A2B9378FA88CD3E
Authority key identifier: C8:D5:E3:71:78:D8:52:4C:72:66:0A:1D:79:61:65:99:9E:58:66:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/kPQ4CKW-h0DeOxWl-K_-W4akhCU.roa
Signing time: Fri 24 Apr 2026 09:51:30 +0000
ROA not before: Fri 24 Apr 2026 09:51:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 59456
IP address blocks: 45.152.40.0/22 maxlen: 22
91.239.15.0/24 maxlen: 24
185.55.24.0/22 maxlen: 22
2a01:8cc0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.crl
rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.mft
rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 23:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:be:e6:ce:86:82:9b:48:f5:4a:2b:93:78:fa:88:cd:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c8d5e37178d8524c72660a1d796165999e586622
Validity
Not Before: Apr 24 09:51:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=90f43808a5be8740de3b15a5f8affe5b86a48425
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:a8:0e:ee:98:a4:9b:8a:ff:b1:fa:a2:6a:b4:
37:02:b9:0e:0c:32:f1:c8:1b:d8:c3:a9:ca:c8:6a:
f0:66:27:ec:9b:64:26:e2:00:3a:07:0b:92:2d:c0:
01:19:0d:9c:4f:81:b3:01:22:3c:0a:1f:bf:9f:22:
78:75:f6:98:e7:70:0b:17:70:1c:69:ba:bd:a8:9f:
83:bf:d8:22:47:21:76:87:6d:f5:d9:5d:e4:e4:05:
d2:79:91:5c:34:98:fe:51:57:3b:f2:d7:5d:09:ce:
70:ff:a8:c2:bc:9c:cf:11:70:a0:2b:b6:bc:e9:ef:
9d:90:f9:83:30:cc:46:b2:53:ca:0a:eb:a3:6f:e6:
75:0e:f1:84:ba:07:fa:a0:ec:95:39:47:3b:42:43:
ed:67:9c:49:5f:45:72:3d:94:1c:ec:6f:c3:57:d6:
cb:86:dd:24:34:c6:6f:84:d3:54:c0:fe:03:9f:0b:
8f:01:31:ea:2a:44:8e:a2:a7:3d:96:dd:85:b7:e9:
64:87:d4:3c:6c:dc:52:fa:e4:31:19:48:ce:b6:04:
ac:62:be:a4:42:7b:7d:b0:b0:95:77:8f:83:74:d9:
50:d5:d2:b0:ae:0e:4e:b3:e0:6e:96:a2:b0:57:79:
26:34:b2:c0:a8:37:a4:f9:fc:46:78:55:95:88:f9:
74:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:F4:38:08:A5:BE:87:40:DE:3B:15:A5:F8:AF:FE:5B:86:A4:84:25
X509v3 Authority Key Identifier:
keyid:C8:D5:E3:71:78:D8:52:4C:72:66:0A:1D:79:61:65:99:9E:58:66:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/kPQ4CKW-h0DeOxWl-K_-W4akhCU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.152.40.0/22
91.239.15.0/24
185.55.24.0/22
IPv6:
2a01:8cc0::/32
Signature Algorithm: sha256WithRSAEncryption
4c:92:01:74:2e:31:fe:9c:4c:0f:43:ce:c1:e2:d9:93:37:2d:
9f:e1:ec:8b:14:55:d8:01:ce:f1:1a:45:91:ee:02:bf:35:8a:
a1:08:35:fa:23:80:43:39:32:d9:e7:72:01:0a:8f:e6:14:76:
70:47:82:a4:9c:c3:2d:76:1c:52:2d:b1:96:28:5a:f6:32:15:
91:b5:c2:12:c7:b3:c2:45:83:67:a2:8d:68:ca:5c:4f:cb:f3:
77:cc:9a:1c:ee:f0:3a:3f:7a:50:4c:0c:37:57:48:32:14:ec:
6a:f1:e8:22:2b:d6:09:0e:74:88:1f:5d:6e:30:c2:33:a7:6b:
94:43:bc:e0:93:54:a6:db:72:c9:7f:d1:8d:70:55:20:07:9e:
9e:a5:99:1c:d4:b6:65:cd:d9:89:9c:fb:4c:32:1d:54:0b:82:
3c:ec:74:10:38:2a:27:2b:d4:91:b8:7c:bc:0e:c0:ef:e6:83:
f3:b2:bd:84:ee:09:5b:8e:21:2c:3b:3d:f8:6e:44:1c:7d:8b:
bd:b7:bc:51:cb:f1:1a:3b:db:4e:53:7a:ef:b5:5d:f8:92:b4:
93:c7:34:5e:1d:7a:5a:72:92:84:dc:f2:24:57:5b:5e:35:79:
90:ea:72:53:d4:c1:bb:74:e8:12:ef:cf:8c:bb:c3:3c:69:9e:
dd:f8:5d:90
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZ2+5s6GgptI9Uork3j6iM0+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZDVlMzcxNzhkODUyNGM3MjY2MGExZDc5NjE2NTk5OWU1
ODY2MjIwHhcNMjYwNDI0MDk1MTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGY0MzgwOGE1YmU4NzQwZGUzYjE1YTVmOGFmZmU1Yjg2YTQ4NDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsagO7pikm4r/sfqiarQ3ArkODDLx
yBvYw6nKyGrwZifsm2Qm4gA6BwuSLcABGQ2cT4GzASI8Ch+/nyJ4dfaY53ALF3Ac
abq9qJ+Dv9giRyF2h2312V3k5AXSeZFcNJj+UVc78tddCc5w/6jCvJzPEXCgK7a8
6e+dkPmDMMxGslPKCuujb+Z1DvGEugf6oOyVOUc7QkPtZ5xJX0VyPZQc7G/DV9bL
ht0kNMZvhNNUwP4DnwuPATHqKkSOoqc9lt2Ft+lkh9Q8bNxS+uQxGUjOtgSsYr6k
Qnt9sLCVd4+DdNlQ1dKwrg5Os+BulqKwV3kmNLLAqDek+fxGeFWViPl0XwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJD0OAilvodA3jsVpfiv/luGpIQlMB8GA1UdIwQY
MBaAFMjV43F42FJMcmYKHXlhZZmeWGYiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU5YamNYallVa3h5WmdvZGVXRmxtWjVZWmlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9iNTRjYTMtNzNkNS00OTg0LTg3ODIt
OWUwYWVkMmZiOGVjLzEva1BRNENLVy1oMERlT3hXbC1LXy1XNGFraENVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9iNTRjYTMtNzNkNS00OTg0LTg3ODItOWUwYWVkMmZiOGVj
LzEveU5YamNYallVa3h5WmdvZGVXRmxtWjVZWmlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCLZgoAwQA
W+8PAwQCuTcYMA0EAgACMAcDBQAqAYzAMA0GCSqGSIb3DQEBCwUAA4IBAQBMkgF0
LjH+nEwPQ87B4tmTNy2f4eyLFFXYAc7xGkWR7gK/NYqhCDX6I4BDOTLZ53IBCo/m
FHZwR4KknMMtdhxSLbGWKFr2MhWRtcISx7PCRYNnoo1oylxPy/N3zJoc7vA6P3pQ
TAw3V0gyFOxq8egiK9YJDnSIH11uMMIzp2uUQ7zgk1Sm23LJf9GNcFUgB56epZkc
1LZlzdmJnPtMMh1UC4I87HQQOConK9SRuHy8DsDv5oPzsr2E7glbjiEsOz34bkQc
fYu9t7xRy/EaO9tOU3rvtV34krSTxzReHXpacpKE3PIkV1teNXmQ6nJT1MG7dOgS
78+Mu8M8aZ7d+F2Q
-----END CERTIFICATE-----
Generated at Wed May 13 07:46:37 2026 by rpki-client