Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IZdwtuGDkZsPzK8ffhiy4kyyZJ4.roa
File: IZdwtuGDkZsPzK8ffhiy4kyyZJ4.roa (raw, json)
Hash identifier: zb1QkJ+1bvoJFLonhBy1Yx7fFPOpAl2+P/sOjZgDpv4=
Subject key identifier: 21:97:70:B6:E1:83:91:9B:0F:CC:AF:1F:7E:18:B2:E2:4C:B2:64:9E
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019CFC910CA56DF6710935810A046ABDF33A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IZdwtuGDkZsPzK8ffhiy4kyyZJ4.roa
Signing time: Tue 17 Mar 2026 16:11:30 +0000
ROA not before: Tue 17 Mar 2026 16:11:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 17497
IP address blocks: 82.152.249.0/24 maxlen: 24
89.213.3.0/24 maxlen: 24
109.176.25.0/24 maxlen: 24
185.49.127.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 22:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:fc:91:0c:a5:6d:f6:71:09:35:81:0a:04:6a:bd:f3:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Mar 17 16:11:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=219770b6e183919b0fccaf1f7e18b2e24cb2649e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:ed:54:f7:bb:bd:1d:7f:79:7b:93:21:e0:78:
af:61:dd:3e:c8:2a:e3:e5:b1:48:c2:8e:c8:e0:d3:
2c:39:03:77:df:ed:38:82:0a:90:b1:49:9e:f0:4c:
07:ab:a7:c7:a6:09:1d:33:ce:09:c4:12:00:8f:85:
cb:22:0e:7a:2b:7d:d7:0a:77:51:7a:77:15:cf:6b:
1d:ac:a3:2c:2b:52:4e:93:d1:0d:00:3d:88:f2:35:
57:a4:0d:f0:bf:d1:5e:ab:f5:1d:c4:e5:d7:6f:ba:
b1:1f:65:ae:38:d5:40:f2:45:34:7e:d4:36:fb:af:
4a:e5:97:bf:71:24:5b:ac:84:f3:71:e0:22:ba:c9:
f9:4e:14:f4:2e:c2:af:ef:0e:1e:78:77:82:bd:39:
d6:50:de:41:84:82:31:b2:c2:80:65:9f:7c:dd:75:
6b:ff:23:a7:ab:ac:39:07:db:af:30:87:d8:4d:ec:
2b:4c:05:10:b3:19:59:21:0d:43:70:a9:8e:7d:dc:
b8:2c:2c:2c:ed:6c:56:a1:89:7d:d8:4a:2f:75:81:
ea:2c:0f:43:db:2b:85:04:e8:52:20:11:3a:ce:74:
e6:52:09:7a:41:bb:bb:0f:01:00:83:9a:8e:82:b1:
a4:c4:96:58:27:80:02:9c:a1:c1:48:de:6e:a7:fb:
34:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:97:70:B6:E1:83:91:9B:0F:CC:AF:1F:7E:18:B2:E2:4C:B2:64:9E
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IZdwtuGDkZsPzK8ffhiy4kyyZJ4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.249.0/24
89.213.3.0/24
109.176.25.0/24
185.49.127.0/24
Signature Algorithm: sha256WithRSAEncryption
37:1d:a2:37:c9:f6:61:59:c5:70:8d:de:74:21:cd:e5:d2:c1:
ed:78:0d:0b:21:ad:d8:7d:1c:3f:ba:f7:e7:1c:7f:7a:8c:1a:
6d:bf:a2:7e:91:d9:74:43:0e:50:81:96:ad:d1:fa:67:80:d1:
07:97:35:7b:bc:52:7a:4b:fb:39:59:f6:8f:52:34:c0:cf:64:
fd:99:9a:6c:94:81:3d:73:c4:ff:ed:05:cf:65:01:b9:17:d9:
cb:e4:01:d8:79:22:35:1a:f2:be:06:b7:28:0e:d7:87:6b:54:
64:fb:0e:95:12:8d:35:ab:21:a6:9d:da:f1:1e:ef:59:3c:f8:
8e:ef:b8:84:d0:24:d2:c6:ee:ba:cd:57:81:7e:51:8c:3b:31:
86:20:a3:7b:fe:06:6c:a3:97:29:c8:77:90:ce:6f:d6:e9:4c:
a3:ed:89:97:f5:b0:5b:e0:99:ee:71:76:fc:ff:51:0a:17:7f:
f1:c1:14:3a:bb:e0:7a:e8:8c:9e:ee:df:aa:d2:33:eb:2b:23:
79:26:e8:ad:8b:a7:b2:4c:45:ca:3f:f1:13:dc:5d:a0:58:1b:
c9:a6:41:4b:7a:54:50:d7:bc:f4:e2:0e:fc:df:49:25:43:6a:
e0:bf:14:e3:6a:77:32:95:d0:c0:1d:98:0c:31:b4:ee:86:49:
92:ec:86:f5
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZz8kQylbfZxCTWBCgRqvfM6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzE3MTYxMTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTk3NzBiNmUxODM5MTliMGZjY2FmMWY3ZTE4YjJlMjRjYjI2NDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsO1U97u9HX95e5Mh4HivYd0+yCrj
5bFIwo7I4NMsOQN33+04ggqQsUme8EwHq6fHpgkdM84JxBIAj4XLIg56K33XCndR
encVz2sdrKMsK1JOk9ENAD2I8jVXpA3wv9Feq/UdxOXXb7qxH2WuONVA8kU0ftQ2
+69K5Ze/cSRbrITzceAiusn5ThT0LsKv7w4eeHeCvTnWUN5BhIIxssKAZZ983XVr
/yOnq6w5B9uvMIfYTewrTAUQsxlZIQ1DcKmOfdy4LCws7WxWoYl92EovdYHqLA9D
2yuFBOhSIBE6znTmUgl6Qbu7DwEAg5qOgrGkxJZYJ4ACnKHBSN5up/s0NQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCGXcLbhg5GbD8yvH34YsuJMsmSeMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSVpkd3R1R0RrWnNQeks4ZmZoaXk0a3l5Wko0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUpj5AwQA
WdUDAwQAbbAZAwQAuTF/MA0GCSqGSIb3DQEBCwUAA4IBAQA3HaI3yfZhWcVwjd50
Ic3l0sHteA0LIa3YfRw/uvfnHH96jBptv6J+kdl0Qw5QgZat0fpngNEHlzV7vFJ6
S/s5WfaPUjTAz2T9mZpslIE9c8T/7QXPZQG5F9nL5AHYeSI1GvK+BrcoDteHa1Rk
+w6VEo01qyGmndrxHu9ZPPiO77iE0CTSxu66zVeBflGMOzGGIKN7/gZso5cpyHeQ
zm/W6Uyj7YmX9bBb4JnucXb8/1EKF3/xwRQ6u+B66Iye7t+q0jPrKyN5Juiti6ey
TEXKP/ET3F2gWBvJpkFLelRQ17z04g7830klQ2rgvxTjancyldDAHZgMMbTuhkmS
7Ib1
-----END CERTIFICATE-----
Generated at Thu Mar 26 05:26:22 2026 by rpki-client