Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1o1QiSfEKbbzN5aqQ5maZbtJ3JQ.roa
File: 1o1QiSfEKbbzN5aqQ5maZbtJ3JQ.roa (raw, json)
Hash identifier: Fx/qU+Mi4gfNSIfuowEHrvcr7f57H0OW6uNpSPoN56w=
Subject key identifier: D6:8D:50:89:27:C4:29:B6:F3:37:96:AA:43:99:9A:65:BB:49:DC:94
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019DB53273AD3672F68AF54BAB3971D8C2F1
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1o1QiSfEKbbzN5aqQ5maZbtJ3JQ.roa
Signing time: Wed 22 Apr 2026 12:37:55 +0000
ROA not before: Wed 22 Apr 2026 12:37:55 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 134135
IP address blocks: 81.168.18.0/24 maxlen: 24
82.152.28.0/24 maxlen: 24
82.152.61.0/24 maxlen: 24
82.152.71.0/24 maxlen: 24
82.152.72.0/24 maxlen: 24
82.152.83.0/24 maxlen: 24
82.152.92.0/24 maxlen: 24
82.152.127.0/24 maxlen: 24
82.153.41.0/24 maxlen: 24
82.153.42.0/24 maxlen: 24
82.153.53.0/24 maxlen: 24
82.153.58.0/24 maxlen: 24
82.153.80.0/24 maxlen: 24
82.153.86.0/24 maxlen: 24
82.153.90.0/24 maxlen: 24
82.153.91.0/24 maxlen: 24
82.153.144.0/24 maxlen: 24
82.153.155.0/24 maxlen: 24
82.153.180.0/24 maxlen: 24
82.153.203.0/24 maxlen: 24
82.163.15.0/24 maxlen: 24
89.213.49.0/24 maxlen: 24
89.213.64.0/24 maxlen: 24
89.213.70.0/24 maxlen: 24
89.213.71.0/24 maxlen: 24
89.213.73.0/24 maxlen: 24
89.213.74.0/24 maxlen: 24
89.213.77.0/24 maxlen: 24
89.213.79.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 May 2026 06:00:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:b5:32:73:ad:36:72:f6:8a:f5:4b:ab:39:71:d8:c2:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Apr 22 12:37:55 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d68d508927c429b6f33796aa43999a65bb49dc94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:44:c9:f9:ce:37:9c:62:51:08:59:94:46:a7:
bc:41:c6:01:c8:d4:7d:8f:ce:52:b0:58:2f:78:e3:
83:f4:7a:7d:db:e9:2a:0f:79:45:a0:dc:4a:84:cd:
a7:bb:0b:bc:06:9b:62:80:11:cc:3c:5a:24:dd:c9:
9c:e5:d8:ca:31:66:1e:20:65:d3:7f:dc:00:9c:30:
af:ce:13:16:59:01:1f:b4:7f:41:d9:7b:5c:31:a8:
42:d4:45:47:4e:40:f8:21:54:a9:79:fe:81:da:62:
84:9f:cf:0e:eb:6a:10:0d:63:8e:0f:67:8e:fc:fd:
df:aa:70:c4:35:cb:92:2a:68:92:28:ee:e0:09:ae:
e3:44:1f:12:ac:c9:db:64:6f:30:8b:d1:0a:17:65:
a0:5d:5f:61:b8:af:59:d0:7b:00:60:9d:43:d4:6d:
26:a5:b6:f0:ed:05:64:3e:86:93:e3:b2:44:53:73:
9f:d3:10:45:39:6d:34:97:42:e9:d9:52:0f:82:7b:
e8:ce:55:aa:6e:a8:e5:22:22:b3:59:6e:99:b3:f5:
66:b5:6c:4e:86:ee:bd:d0:0f:f8:d2:9e:0a:b5:9d:
3f:18:fd:eb:6b:bc:ef:cc:cb:0e:17:0c:2f:16:60:
51:33:a7:52:92:54:0f:d1:3a:7f:f4:90:7b:da:9f:
bb:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:8D:50:89:27:C4:29:B6:F3:37:96:AA:43:99:9A:65:BB:49:DC:94
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1o1QiSfEKbbzN5aqQ5maZbtJ3JQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.18.0/24
82.152.28.0/24
82.152.61.0/24
82.152.71.0-82.152.72.255
82.152.83.0/24
82.152.92.0/24
82.152.127.0/24
82.153.41.0-82.153.42.255
82.153.53.0/24
82.153.58.0/24
82.153.80.0/24
82.153.86.0/24
82.153.90.0/23
82.153.144.0/24
82.153.155.0/24
82.153.180.0/24
82.153.203.0/24
82.163.15.0/24
89.213.49.0/24
89.213.64.0/24
89.213.70.0/23
89.213.73.0-89.213.74.255
89.213.77.0/24
89.213.79.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:0d:da:22:bd:3b:47:54:e5:5c:ed:23:fd:86:1a:41:cc:31:
3d:30:93:ab:e4:f7:c4:96:26:a0:71:f4:e0:4a:67:14:51:d7:
95:41:6e:9a:cf:ef:9b:33:a7:19:e9:c1:08:4c:bc:71:50:41:
e9:d0:d0:82:e3:23:74:14:bc:c2:b1:c1:4d:36:b6:dc:1d:80:
20:cd:2b:d4:7c:13:11:b1:d4:49:4c:a8:89:de:c8:c0:0b:97:
d7:83:a3:21:e3:ce:a8:87:61:43:4d:53:a7:cb:3d:3b:59:18:
5b:15:c3:a5:52:ac:db:78:f7:c8:54:71:a4:e1:82:8d:28:87:
c8:0f:85:13:5a:a9:19:9d:0f:39:2a:3b:06:1f:4c:72:e7:d9:
9e:1d:bd:e6:4c:47:78:b6:79:ff:1f:86:06:ef:35:85:33:40:
8a:ef:fc:b5:c3:37:a3:8b:66:58:b4:24:96:22:2f:4e:b8:d4:
b5:87:c5:51:08:7e:91:67:8e:17:33:78:7a:0b:f4:0b:20:50:
90:a5:0e:84:fc:32:51:4f:15:aa:ab:d2:42:f9:05:eb:25:57:
5d:0a:5e:b6:f2:3b:c4:c3:f6:c4:cd:26:bc:ed:b4:a1:29:2f:
84:71:ef:a5:8e:5b:b3:70:d9:2e:0a:48:ce:d6:33:04:4e:d0:
38:6a:9b:4f
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgISAZ21MnOtNnL2ivVLqzlx2MLxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDIyMTIzNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjhkNTA4OTI3YzQyOWI2ZjMzNzk2YWE0Mzk5OWE2NWJiNDlkYzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoETJ+c43nGJRCFmURqe8QcYByNR9
j85SsFgveOOD9Hp92+kqD3lFoNxKhM2nuwu8BptigBHMPFok3cmc5djKMWYeIGXT
f9wAnDCvzhMWWQEftH9B2XtcMahC1EVHTkD4IVSpef6B2mKEn88O62oQDWOOD2eO
/P3fqnDENcuSKmiSKO7gCa7jRB8SrMnbZG8wi9EKF2WgXV9huK9Z0HsAYJ1D1G0m
pbbw7QVkPoaT47JEU3Of0xBFOW00l0Lp2VIPgnvozlWqbqjlIiKzWW6Zs/VmtWxO
hu690A/40p4KtZ0/GP3ra7zvzMsOFwwvFmBRM6dSklQP0Tp/9JB72p+7CQIDAQAB
o4ICsDCCAqwwHQYDVR0OBBYEFNaNUIknxCm28zeWqkOZmmW7SdyUMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMW8xUWlTZkVLYmJ6TjVhcVE1bWFaYnRKM0pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHFBggrBgEFBQcBBwEB/wSBtTCBsjCBrwQCAAEwgagDBABR
qBIDBABSmBwDBABSmD0wDAMEAFKYRwMEAFKYSAMEAFKYUwMEAFKYXAMEAFKYfzAM
AwQAUpkpAwQAUpkqAwQAUpk1AwQAUpk6AwQAUplQAwQAUplWAwQBUplaAwQAUpmQ
AwQAUpmbAwQAUpm0AwQAUpnLAwQAUqMPAwQAWdUxAwQAWdVAAwQBWdVGMAwDBABZ
1UkDBABZ1UoDBABZ1U0DBABZ1U8wDQYJKoZIhvcNAQELBQADggEBAE4N2iK9O0dU
5VztI/2GGkHMMT0wk6vk98SWJqBx9OBKZxRR15VBbprP75szpxnpwQhMvHFQQenQ
0ILjI3QUvMKxwU02ttwdgCDNK9R8ExGx1ElMqIneyMALl9eDoyHjzqiHYUNNU6fL
PTtZGFsVw6VSrNt498hUcaThgo0oh8gPhRNaqRmdDzkqOwYfTHLn2Z4dveZMR3i2
ef8fhgbvNYUzQIrv/LXDN6OLZli0JJYiL0641LWHxVEIfpFnjhczeHoL9AsgUJCl
DoT8MlFPFaqr0kL5BeslV10KXrbyO8TD9sTNJrzttKEpL4Rx76WOW7Nw2S4KSM7W
MwRO0Dhqm08=
-----END CERTIFICATE-----
Generated at Wed May 13 10:26:16 2026 by rpki-client