Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/3NvaP4jwnxyquzF_hN6kLglmCmg.roa
File: 3NvaP4jwnxyquzF_hN6kLglmCmg.roa (raw, json)
Hash identifier: Nsv2y6WLDnP92qEGM7EKKYxvpNlDKbWC2r1e4LF2X0U=
Subject key identifier: DC:DB:DA:3F:88:F0:9F:1C:AA:BB:31:7F:84:DE:A4:2E:09:66:0A:68
Certificate issuer: /CN=61b866e323382caea961e7d2423e53cab5099131
Certificate serial: 019E01EDB7807DE656B4DC11397AE1F3F9BE
Authority key identifier: 61:B8:66:E3:23:38:2C:AE:A9:61:E7:D2:42:3E:53:CA:B5:09:91:31
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ybhm4yM4LK6pYefSQj5TyrUJkTE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/3NvaP4jwnxyquzF_hN6kLglmCmg.roa
Signing time: Thu 07 May 2026 10:13:36 +0000
ROA not before: Thu 07 May 2026 10:13:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 20986
IP address blocks: 91.236.153.0/24 maxlen: 24
185.51.216.0/22 maxlen: 24
185.51.216.0/24 maxlen: 24
185.51.217.0/24 maxlen: 24
185.51.218.0/24 maxlen: 24
185.51.219.0/24 maxlen: 24
185.111.52.0/22 maxlen: 22
185.111.56.0/22 maxlen: 22
185.112.16.0/22 maxlen: 22
2a06:5940::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/Ybhm4yM4LK6pYefSQj5TyrUJkTE.crl
rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/Ybhm4yM4LK6pYefSQj5TyrUJkTE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ybhm4yM4LK6pYefSQj5TyrUJkTE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 23:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:01:ed:b7:80:7d:e6:56:b4:dc:11:39:7a:e1:f3:f9:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b866e323382caea961e7d2423e53cab5099131
Validity
Not Before: May 7 10:13:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=dcdbda3f88f09f1caabb317f84dea42e09660a68
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:78:82:33:b9:7d:95:3b:6a:c9:8a:d0:3a:e5:
fd:8d:c0:10:e0:34:33:ca:53:b6:a2:e5:9d:5a:d0:
12:09:3b:f8:09:44:23:05:3c:d9:74:e4:66:c8:de:
4f:b6:be:c6:66:29:69:f0:f3:27:0a:2b:6e:d3:0d:
dc:01:78:21:b0:28:e4:46:2e:c6:5b:a3:b5:a8:a3:
85:8a:d5:f3:ad:e8:2d:c8:3a:c2:cb:c3:9b:0b:12:
6c:9a:fc:60:6e:b4:3e:b6:29:5f:e3:2c:b9:9a:db:
65:95:75:24:89:32:7a:45:8a:04:d4:88:2a:8c:a6:
7c:4a:9e:2b:97:28:61:a4:76:b0:56:a7:63:cb:e7:
4f:cc:7e:f0:11:72:94:81:f6:b5:ac:13:b7:7b:61:
51:26:a0:b3:44:1c:13:c4:f2:4e:1f:c6:3d:2e:91:
b5:2d:df:28:9e:67:e8:09:81:17:d9:58:b5:3d:fc:
d4:d8:93:92:78:5f:45:ec:56:34:91:8d:aa:22:bb:
54:ec:f7:ce:4f:5c:03:e1:ae:cf:6c:46:9e:a6:b5:
f2:c8:14:f4:a1:a5:09:53:bf:d7:f2:19:9d:45:28:
03:58:90:c7:d7:9e:a8:c9:77:25:0e:99:67:f4:e8:
92:c5:8c:29:fb:4f:a1:7f:69:60:bc:02:cb:08:0d:
35:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:DB:DA:3F:88:F0:9F:1C:AA:BB:31:7F:84:DE:A4:2E:09:66:0A:68
X509v3 Authority Key Identifier:
keyid:61:B8:66:E3:23:38:2C:AE:A9:61:E7:D2:42:3E:53:CA:B5:09:91:31
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ybhm4yM4LK6pYefSQj5TyrUJkTE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/3NvaP4jwnxyquzF_hN6kLglmCmg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/Ybhm4yM4LK6pYefSQj5TyrUJkTE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.236.153.0/24
185.51.216.0/22
185.111.52.0-185.111.59.255
185.112.16.0/22
IPv6:
2a06:5940::/29
Signature Algorithm: sha256WithRSAEncryption
2d:b7:1a:a7:7b:8a:9c:2e:54:f5:82:f6:52:3c:d1:a3:5a:4f:
8d:8a:bf:6f:be:dd:f9:0a:b8:ae:af:4b:cf:17:8a:7c:2f:31:
fe:5d:ba:bb:ef:ed:30:c3:de:95:6b:71:10:e4:b0:08:59:84:
a2:4f:81:cb:ff:a9:4c:b0:47:00:e2:ad:32:f7:3d:bb:14:d2:
44:5b:40:23:05:e3:ce:d4:7d:b6:87:48:fb:94:4e:8f:68:c9:
cc:cc:ff:87:50:97:fe:aa:bf:47:62:c5:72:19:4f:2f:c2:b4:
c4:e4:03:6c:51:c4:7e:23:df:5f:dc:72:84:9c:90:e0:14:71:
b5:40:d5:d3:dd:13:93:3f:21:c3:05:14:3d:29:eb:d9:e7:3f:
37:4b:e0:78:65:37:e1:bc:5c:e8:74:34:6a:6b:1d:a3:ab:a3:
f6:53:3a:7c:e7:50:f1:35:95:53:e5:0f:58:71:1a:1c:f1:b0:
f8:5a:b2:b2:9c:15:89:bb:f4:c4:d0:bd:24:7a:05:37:a6:83:
72:58:d2:90:c9:42:ee:6f:ec:a7:bf:27:5b:56:4f:58:1f:04:
32:b3:8d:ae:af:f1:a1:6d:3d:bb:01:b4:9f:3b:9b:13:70:83:
63:fc:2e:fd:21:35:b3:c2:74:3f:00:24:f2:23:e8:ef:f9:89:
8c:76:c8:e8
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZ4B7beAfeZWtNwROXrh8/m+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjg2NmUzMjMzODJjYWVhOTYxZTdkMjQyM2U1M2NhYjUw
OTkxMzEwHhcNMjYwNTA3MTAxMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2RiZGEzZjg4ZjA5ZjFjYWFiYjMxN2Y4NGRlYTQyZTA5NjYwYTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3iCM7l9lTtqyYrQOuX9jcAQ4DQz
ylO2ouWdWtASCTv4CUQjBTzZdORmyN5Ptr7GZilp8PMnCitu0w3cAXghsCjkRi7G
W6O1qKOFitXzregtyDrCy8ObCxJsmvxgbrQ+tilf4yy5mttllXUkiTJ6RYoE1Igq
jKZ8Sp4rlyhhpHawVqdjy+dPzH7wEXKUgfa1rBO3e2FRJqCzRBwTxPJOH8Y9LpG1
Ld8onmfoCYEX2Vi1PfzU2JOSeF9F7FY0kY2qIrtU7PfOT1wD4a7PbEaeprXyyBT0
oaUJU7/X8hmdRSgDWJDH156oyXclDpln9OiSxYwp+0+hf2lgvALLCA01BQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFNzb2j+I8J8cqrsxf4TepC4JZgpoMB8GA1UdIwQY
MBaAFGG4ZuMjOCyuqWHn0kI+U8q1CZExMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJobTR5TTRMSzZwWWVmU1FqNVR5clVKa1RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS80ZWY0YTktNmQ5Ni00OTg5LTljODEt
ZDkyZTY4ZGZmZmU0LzEvM052YVA0andueHlxdXpGX2hONmtMZ2xtQ21nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS80ZWY0YTktNmQ5Ni00OTg5LTljODEtZDkyZTY4ZGZmZmU0
LzEvWWJobTR5TTRMSzZwWWVmU1FqNVR5clVKa1RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgAwQAW+yZAwQC
uTPYMAwDBAK5bzQDBAK5bzgDBAK5cBAwDQQCAAIwBwMFAyoGWUAwDQYJKoZIhvcN
AQELBQADggEBAC23Gqd7ipwuVPWC9lI80aNaT42Kv2++3fkKuK6vS88XinwvMf5d
urvv7TDD3pVrcRDksAhZhKJPgcv/qUywRwDirTL3PbsU0kRbQCMF487UfbaHSPuU
To9oyczM/4dQl/6qv0dixXIZTy/CtMTkA2xRxH4j31/ccoSckOAUcbVA1dPdE5M/
IcMFFD0p69nnPzdL4HhlN+G8XOh0NGprHaOro/ZTOnznUPE1lVPlD1hxGhzxsPha
srKcFYm79MTQvSR6BTemg3JY0pDJQu5v7Ke/J1tWT1gfBDKzja6v8aFtPbsBtJ87
mxNwg2P8Lv0hNbPCdD8AJPIj6O/5iYx2yOg=
-----END CERTIFICATE-----
Generated at Wed May 13 06:48:52 2026 by rpki-client