Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/S0e9H4nYj-dsFcnpYcONEEZPd4E.roa
File: S0e9H4nYj-dsFcnpYcONEEZPd4E.roa (raw, json)
Hash identifier: NU7H83v507Zrj9FWzAhWcvmD14bF+kjt08VtHrtE1qY=
Subject key identifier: 4B:47:BD:1F:89:D8:8F:E7:6C:15:C9:E9:61:C3:8D:10:46:4F:77:81
Certificate issuer: /CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
Certificate serial: 019DAB322E3D1A153E775004D2FD4C9E6F32
Authority key identifier: BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/S0e9H4nYj-dsFcnpYcONEEZPd4E.roa
Signing time: Mon 20 Apr 2026 14:01:25 +0000
ROA not before: Mon 20 Apr 2026 14:01:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 35332
IP address blocks: 37.235.112.0/21 maxlen: 24
45.89.144.0/22 maxlen: 24
45.116.184.0/22 maxlen: 24
77.242.112.0/20 maxlen: 24
87.236.0.0/21 maxlen: 24
139.28.200.0/22 maxlen: 24
185.113.212.0/22 maxlen: 24
185.151.96.0/22 maxlen: 24
188.92.56.0/21 maxlen: 24
194.5.181.0/24 maxlen: 24
194.156.2.0/24 maxlen: 24
194.156.134.0/24 maxlen: 24
208.88.128.0/22 maxlen: 24
2a00:a000::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.crl
rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.mft
rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:ab:32:2e:3d:1a:15:3e:77:50:04:d2:fd:4c:9e:6f:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
Validity
Not Before: Apr 20 14:01:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4b47bd1f89d88fe76c15c9e961c38d10464f7781
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:53:5f:28:bf:8c:c7:c4:3f:10:19:55:d7:2c:
b5:96:66:93:14:4b:6a:79:6c:54:33:9a:97:0b:ca:
5c:15:59:04:e1:b7:cb:41:38:8f:f2:6a:46:c0:45:
99:1d:14:59:ad:a3:09:ee:e1:ae:14:64:85:c6:20:
63:09:71:f8:2f:f0:72:be:fd:09:86:ab:50:6f:f7:
30:df:eb:ef:4f:4f:77:ae:22:bf:8b:03:2e:bc:5a:
0d:5b:cc:2d:de:33:9e:e3:fb:56:59:c5:b2:14:d1:
46:13:d1:ce:b1:54:2d:e2:c5:3f:13:5c:80:06:df:
91:f8:d3:71:d9:d6:da:59:a4:82:37:88:24:5d:82:
a0:d1:ed:2a:ae:28:7d:26:40:a9:ab:1b:a5:d1:4a:
ac:65:00:c3:d1:bf:56:7e:59:9f:42:60:ed:30:c9:
28:ac:9c:90:3b:52:c2:c3:60:80:25:d8:39:dc:78:
15:56:71:b2:f1:9e:cb:1a:84:0a:4a:dc:01:82:70:
d2:7e:64:5c:82:41:46:3b:0f:e5:bc:ac:4e:0b:c7:
97:a8:94:6b:20:67:a7:54:c1:15:c0:2f:ac:a2:a5:
3f:1d:d1:18:2b:f3:48:a0:60:e1:c7:ed:cf:7e:80:
e8:81:e9:fe:1c:3b:d0:3b:36:71:a9:37:95:e1:db:
6a:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:47:BD:1F:89:D8:8F:E7:6C:15:C9:E9:61:C3:8D:10:46:4F:77:81
X509v3 Authority Key Identifier:
keyid:BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/S0e9H4nYj-dsFcnpYcONEEZPd4E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.235.112.0/21
45.89.144.0/22
45.116.184.0/22
77.242.112.0/20
87.236.0.0/21
139.28.200.0/22
185.113.212.0/22
185.151.96.0/22
188.92.56.0/21
194.5.181.0/24
194.156.2.0/24
194.156.134.0/24
208.88.128.0/22
IPv6:
2a00:a000::/32
Signature Algorithm: sha256WithRSAEncryption
29:40:09:6a:37:f7:28:5f:31:ef:4e:f6:b7:71:95:9f:19:35:
a2:9f:c9:5a:e1:99:ff:a8:ba:c2:04:5e:9b:f2:a2:9b:c6:37:
b6:5f:77:76:af:ac:6a:a0:2b:4c:b9:aa:34:63:33:40:cd:75:
4d:0d:9a:9c:84:7e:83:c4:fe:12:f6:ec:ec:54:35:ed:b2:da:
44:d2:2f:0d:ce:bb:b0:10:2c:0b:05:3c:47:cd:65:50:db:29:
32:1b:30:39:d8:b2:11:1f:eb:55:22:dc:ff:23:c4:b2:dc:54:
ba:d3:6e:7a:e2:50:04:91:99:cc:c1:ca:0c:84:62:90:ba:48:
a5:b4:4b:9b:26:25:15:9f:48:f1:f0:b0:bb:ad:be:c7:dd:38:
4d:06:59:fb:d4:cb:51:1f:19:db:25:e5:e8:e9:da:f7:b0:d8:
f5:70:ba:48:e7:92:9f:b8:a0:70:16:c6:4b:a9:48:50:11:39:
21:72:51:1e:25:4f:f4:0a:12:6c:e8:c5:7f:a9:10:cd:de:3f:
a2:7a:2d:66:f7:fd:7c:88:93:0a:96:3f:31:08:75:c2:b0:ab:
5d:6a:a4:2d:9f:8f:4f:ae:cc:6d:98:31:b8:96:d4:26:cb:d5:
f1:0c:61:76:56:d9:8a:98:3f:07:d2:c6:ce:cf:9f:7e:2e:ea:
0b:70:f8:39
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAZ2rMi49GhU+d1AE0v1Mnm8yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODA5YTdlNmNhMTRkMGExYTk3NjY3M2UwMzE5ZTM0ZTk1
NmVkM2QwHhcNMjYwNDIwMTQwMTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjQ3YmQxZjg5ZDg4ZmU3NmMxNWM5ZTk2MWMzOGQxMDQ2NGY3NzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1NfKL+Mx8Q/EBlV1yy1lmaTFEtq
eWxUM5qXC8pcFVkE4bfLQTiP8mpGwEWZHRRZraMJ7uGuFGSFxiBjCXH4L/Byvv0J
hqtQb/cw3+vvT093riK/iwMuvFoNW8wt3jOe4/tWWcWyFNFGE9HOsVQt4sU/E1yA
Bt+R+NNx2dbaWaSCN4gkXYKg0e0qrih9JkCpqxul0UqsZQDD0b9WflmfQmDtMMko
rJyQO1LCw2CAJdg53HgVVnGy8Z7LGoQKStwBgnDSfmRcgkFGOw/lvKxOC8eXqJRr
IGenVMEVwC+soqU/HdEYK/NIoGDhx+3PfoDogen+HDvQOzZxqTeV4dtq5QIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFEtHvR+J2I/nbBXJ6WHDjRBGT3eBMB8GA1UdIwQY
MBaAFL+Amn5soU0KGpdmc+AxnjTpVu09MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAt
M2ZkZmI0MTQwZjI0LzEvUzBlOUg0bllqLWRzRmNucFljT05FRVpQZDRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAtM2ZkZmI0MTQwZjI0
LzEvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwQDJetwAwQC
LVmQAwQCLXS4AwQETfJwAwQDV+wAAwQCixzIAwQCuXHUAwQCuZdgAwQDvFw4AwQA
wgW1AwQAwpwCAwQAwpyGAwQC0FiAMA0EAgACMAcDBQAqAKAAMA0GCSqGSIb3DQEB
CwUAA4IBAQApQAlqN/coXzHvTva3cZWfGTWin8la4Zn/qLrCBF6b8qKbxje2X3d2
r6xqoCtMuao0YzNAzXVNDZqchH6DxP4S9uzsVDXtstpE0i8NzruwECwLBTxHzWVQ
2ykyGzA52LIRH+tVItz/I8Sy3FS602564lAEkZnMwcoMhGKQukiltEubJiUVn0jx
8LC7rb7H3ThNBln71MtRHxnbJeXo6dr3sNj1cLpI55KfuKBwFsZLqUhQETkhclEe
JU/0ChJs6MV/qRDN3j+iei1m9/18iJMKlj8xCHXCsKtdaqQtn49PrsxtmDG4ltQm
y9XxDGF2VtmKmD8H0sbOz59+LuoLcPg5
-----END CERTIFICATE-----
Generated at Tue May 12 21:45:15 2026 by rpki-client