Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/0MnT-Cev0aWfox9D3TA-NvqEMlk.roa
File: 0MnT-Cev0aWfox9D3TA-NvqEMlk.roa (raw, json)
Hash identifier: JJLpUG+0ObMqR5bxSAi6saPQ/DL3PUHcYLY29JhBmbE=
Subject key identifier: D0:C9:D3:F8:27:AF:D1:A5:9F:A3:1F:43:DD:30:3E:36:FA:84:32:59
Certificate issuer: /CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Certificate serial: 019CC35FE414192B219F80F28787916AB001
Authority key identifier: 46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/0MnT-Cev0aWfox9D3TA-NvqEMlk.roa
Signing time: Fri 06 Mar 2026 13:39:27 +0000
ROA not before: Fri 06 Mar 2026 13:39:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 215070
IP address blocks: 90.156.244.0/22 maxlen: 24
90.156.244.0/24 maxlen: 24
2a03:720:60::/48 maxlen: 48
2a03:720:1060::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl
rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 16:32:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:c3:5f:e4:14:19:2b:21:9f:80:f2:87:87:91:6a:b0:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Validity
Not Before: Mar 6 13:39:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d0c9d3f827afd1a59fa31f43dd303e36fa843259
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:18:72:a3:c5:d9:6a:16:d7:a3:c7:5e:83:91:
0e:42:0e:94:aa:ab:7b:1e:06:73:b2:0e:18:3e:2d:
79:4b:0c:65:89:67:a7:1d:8e:49:01:07:48:51:4d:
2d:f9:42:2b:42:ff:31:09:41:c2:f7:b1:f0:d7:18:
db:a0:a8:3b:17:1b:f8:f7:5b:33:09:0e:ce:f2:09:
38:5a:0a:77:29:5a:a3:2d:aa:95:44:fd:60:fd:9c:
37:50:18:ba:64:3f:07:82:4f:e3:4c:7f:fd:a4:e2:
10:74:1a:ff:dd:2a:c9:5f:30:d7:d8:bc:58:8a:6b:
a8:8c:d4:0c:4b:8b:14:1e:15:1d:89:97:d7:90:52:
32:c3:98:dd:5f:1c:f7:9a:fc:f9:80:98:69:3e:3f:
83:7a:5d:61:db:75:ac:94:7d:64:57:70:33:ae:34:
fe:0f:c6:19:c8:86:af:67:18:e4:53:97:74:30:2d:
ca:9a:e3:07:dc:8f:5e:4b:e4:31:2d:4d:5d:8a:e7:
41:11:15:52:3d:b2:90:71:42:5d:ba:61:c3:45:04:
4f:a4:66:e8:e2:9e:34:d7:7a:b2:90:ec:ca:c8:4c:
a0:33:0d:7e:77:89:0e:51:b6:cd:3a:ad:e6:02:7c:
65:1f:2f:0a:c4:4e:df:16:65:8a:65:dc:a2:11:b7:
d5:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:C9:D3:F8:27:AF:D1:A5:9F:A3:1F:43:DD:30:3E:36:FA:84:32:59
X509v3 Authority Key Identifier:
keyid:46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/0MnT-Cev0aWfox9D3TA-NvqEMlk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
90.156.244.0/22
IPv6:
2a03:720:60::/48
2a03:720:1060::/48
Signature Algorithm: sha256WithRSAEncryption
7d:20:00:a8:dc:b4:8c:7c:64:ec:e4:8d:34:c0:a4:7c:ff:02:
19:de:5e:c7:8f:cf:48:6c:67:a9:ca:b5:00:da:1a:56:15:17:
b1:a7:95:ac:18:02:4b:78:12:8f:5b:ca:7c:24:ec:20:83:6b:
8c:13:32:6c:46:a9:bc:6b:65:82:83:d6:af:25:7d:95:be:73:
b9:32:cc:4b:d3:76:c0:f3:4c:8f:74:a9:3a:af:d4:c6:ee:9c:
e3:2f:f3:9f:55:e6:e7:62:dc:7f:af:0f:0f:47:a9:a6:67:f1:
7f:74:45:d6:27:d4:af:b0:51:cb:d0:ef:fc:39:f6:3b:e4:64:
bc:38:85:27:3b:28:f9:32:26:b7:31:cd:cd:f4:47:6e:3f:56:
44:83:4e:df:50:17:ff:a8:9c:52:74:df:a2:9b:e5:91:54:59:
4a:cf:80:bd:05:a2:86:72:46:d2:71:fb:b1:5f:bf:44:f8:65:
1b:08:d7:93:5d:4a:8e:79:58:a5:24:84:c2:5a:4d:33:f3:23:
37:9c:09:e1:f7:ba:6e:fb:ed:74:c4:08:5d:72:60:a6:2b:05:
7b:0e:64:0f:86:50:33:84:4e:03:85:e3:5b:c8:7b:cd:77:31:
88:e2:ed:1d:1f:1c:2b:fa:1f:d0:c1:4a:e0:8e:e9:2b:4d:45:
33:5b:ba:16
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZzDX+QUGSshn4Dyh4eRarABMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YmEzZjgwMDM5YjllNzg0Y2ZiMjRiZjJjN2RkYjI0ZTE5
MDBhNzYwHhcNMjYwMzA2MTMzOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGM5ZDNmODI3YWZkMWE1OWZhMzFmNDNkZDMwM2UzNmZhODQzMjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6hhyo8XZahbXo8deg5EOQg6Uqqt7
HgZzsg4YPi15SwxliWenHY5JAQdIUU0t+UIrQv8xCUHC97Hw1xjboKg7Fxv491sz
CQ7O8gk4Wgp3KVqjLaqVRP1g/Zw3UBi6ZD8Hgk/jTH/9pOIQdBr/3SrJXzDX2LxY
imuojNQMS4sUHhUdiZfXkFIyw5jdXxz3mvz5gJhpPj+Del1h23WslH1kV3AzrjT+
D8YZyIavZxjkU5d0MC3KmuMH3I9eS+QxLU1diudBERVSPbKQcUJdumHDRQRPpGbo
4p4013qykOzKyEygMw1+d4kOUbbNOq3mAnxlHy8KxE7fFmWKZdyiEbfVbQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFNDJ0/gnr9Gln6MfQ90wPjb6hDJZMB8GA1UdIwQY
MBaAFEa6P4ADm554TPskvyx92yThkAp2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWIt
ODlhY2UzODIyMGZiLzEvME1uVC1DZXYwYVdmb3g5RDNUQS1OdnFFTWxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWItODlhY2UzODIyMGZi
LzEvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQCWpz0MBgE
AgACMBIDBwAqAwcgAGADBwAqAwcgEGAwDQYJKoZIhvcNAQELBQADggEBAH0gAKjc
tIx8ZOzkjTTApHz/AhneXsePz0hsZ6nKtQDaGlYVF7GnlawYAkt4Eo9bynwk7CCD
a4wTMmxGqbxrZYKD1q8lfZW+c7kyzEvTdsDzTI90qTqv1MbunOMv859V5udi3H+v
Dw9HqaZn8X90RdYn1K+wUcvQ7/w59jvkZLw4hSc7KPkyJrcxzc30R24/VkSDTt9Q
F/+onFJ036Kb5ZFUWUrPgL0FooZyRtJx+7Ffv0T4ZRsI15NdSo55WKUkhMJaTTPz
IzecCeH3um777XTECF1yYKYrBXsOZA+GUDOETgOF41vIe813MYji7R0fHCv6H9DB
SuCO6StNRTNbuhY=
-----END CERTIFICATE-----
Generated at Fri Mar 27 01:25:22 2026 by rpki-client