Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/20585a-c8dc-434f-8189-0432f4c4d4f0/1/T-nFUADDOe_gVl6vpCX2jmb_ysw.roa
File: T-nFUADDOe_gVl6vpCX2jmb_ysw.roa (raw, json)
Hash identifier: AOWlKIZZ81Ea4+CdSRVuTl2Mle2x0FskHzHQS5873EY=
Subject key identifier: 4F:E9:C5:50:00:C3:39:EF:E0:56:5E:AF:A4:25:F6:8E:66:FF:CA:CC
Certificate issuer: /CN=e5090f6284cd9bed5e365c097f7ded7106558f59
Certificate serial: 019DA9B57DA5CD0DFA1BB2C8090C631EC4EE
Authority key identifier: E5:09:0F:62:84:CD:9B:ED:5E:36:5C:09:7F:7D:ED:71:06:55:8F:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5QkPYoTNm-1eNlwJf33tcQZVj1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8d/20585a-c8dc-434f-8189-0432f4c4d4f0/1/T-nFUADDOe_gVl6vpCX2jmb_ysw.roa
Signing time: Mon 20 Apr 2026 07:05:36 +0000
ROA not before: Mon 20 Apr 2026 07:05:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 25589
IP address blocks: 89.33.184.0/21 maxlen: 21
185.93.224.0/22 maxlen: 22
2a03:9340::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8d/20585a-c8dc-434f-8189-0432f4c4d4f0/1/5QkPYoTNm-1eNlwJf33tcQZVj1k.crl
rsync://rpki.ripe.net/repository/DEFAULT/8d/20585a-c8dc-434f-8189-0432f4c4d4f0/1/5QkPYoTNm-1eNlwJf33tcQZVj1k.mft
rsync://rpki.ripe.net/repository/DEFAULT/5QkPYoTNm-1eNlwJf33tcQZVj1k.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:a9:b5:7d:a5:cd:0d:fa:1b:b2:c8:09:0c:63:1e:c4:ee
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e5090f6284cd9bed5e365c097f7ded7106558f59
Validity
Not Before: Apr 20 07:05:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4fe9c55000c339efe0565eafa425f68e66ffcacc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:fb:25:a8:45:63:f4:eb:d5:62:ed:d4:c2:7c:
17:3b:79:40:64:b4:c5:47:80:25:08:dc:35:d4:19:
38:5d:03:a3:6c:68:f5:2b:1d:2a:d9:c9:a4:b8:a6:
4b:99:19:c5:b9:c7:1f:45:46:ac:5b:3c:82:65:7c:
b3:84:57:27:8a:9a:de:16:13:c6:c3:65:54:6b:6c:
f2:c3:e6:6f:59:37:67:e7:dc:fe:90:be:8c:28:d2:
ce:34:9e:52:d1:11:e7:a7:eb:f0:5f:d4:bd:96:93:
56:1c:57:c3:1a:73:9e:e3:1b:da:2a:ff:04:23:d4:
83:65:4c:e7:95:87:0d:24:af:20:04:6c:a1:4c:7a:
0a:c6:8c:95:c4:86:97:0e:55:9d:71:17:f0:f1:fa:
92:fb:45:fc:39:75:e1:74:36:e8:a3:24:49:a4:2a:
0e:54:e2:04:0f:c1:fd:f6:2f:5f:a5:c0:47:24:de:
d1:0c:52:c4:ea:5c:95:85:8b:6b:1b:a7:f7:5e:70:
e8:0c:d9:92:50:f6:f0:d5:8f:2c:7f:09:c3:38:93:
0b:5a:7c:4a:6a:8b:b8:1b:a1:a7:20:97:36:6f:e3:
92:77:da:ee:bd:6b:83:78:19:38:69:46:b6:6c:cb:
a9:75:74:08:93:40:4c:c2:95:53:c1:d2:cf:b3:bd:
c4:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:E9:C5:50:00:C3:39:EF:E0:56:5E:AF:A4:25:F6:8E:66:FF:CA:CC
X509v3 Authority Key Identifier:
keyid:E5:09:0F:62:84:CD:9B:ED:5E:36:5C:09:7F:7D:ED:71:06:55:8F:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QkPYoTNm-1eNlwJf33tcQZVj1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/20585a-c8dc-434f-8189-0432f4c4d4f0/1/T-nFUADDOe_gVl6vpCX2jmb_ysw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/20585a-c8dc-434f-8189-0432f4c4d4f0/1/5QkPYoTNm-1eNlwJf33tcQZVj1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.33.184.0/21
185.93.224.0/22
IPv6:
2a03:9340::/32
Signature Algorithm: sha256WithRSAEncryption
25:0f:ad:74:36:23:ff:e7:97:15:79:16:3a:c7:db:1c:ac:b4:
1e:66:67:b8:cc:6b:e9:a4:17:51:68:cc:ce:44:a2:e2:92:f7:
7e:47:65:ec:19:68:6a:d7:61:f7:bb:5c:b7:86:a8:1f:06:c1:
eb:d9:23:a3:2c:86:55:16:25:b2:25:e0:9b:e8:eb:5d:89:31:
fc:3f:22:d6:2e:63:27:48:e1:d3:13:5c:11:ce:8b:84:24:09:
e9:0f:c0:9b:d1:df:5f:e8:32:27:96:9c:a3:33:d8:2f:90:84:
bc:bb:39:af:91:9d:3a:7d:45:b6:7b:4c:3f:30:1c:1e:4e:31:
bd:71:53:03:aa:66:f3:9c:f0:0e:b4:f9:33:9c:5a:51:a1:38:
48:f5:6e:c7:d8:33:2f:50:28:57:c1:7e:53:4f:1c:ad:6d:71:
28:79:5b:a4:1c:85:9f:8d:0a:32:0a:75:01:44:96:fc:55:96:
98:b3:c5:92:9b:12:e2:72:91:60:c0:3b:3f:cf:4d:1d:5c:1d:
06:1c:86:b8:f2:e0:98:ab:63:b4:b9:91:a3:f7:23:fb:ad:c6:
ec:98:5d:76:fa:74:cf:3e:68:5f:6e:63:7e:e8:6a:65:1f:44:
c3:24:fe:a4:09:56:91:8e:d4:9d:1e:49:4f:33:82:ba:3b:59:
71:f0:81:2f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ2ptX2lzQ36G7LICQxjHsTuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MDkwZjYyODRjZDliZWQ1ZTM2NWMwOTdmN2RlZDcxMDY1
NThmNTkwHhcNMjYwNDIwMDcwNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmU5YzU1MDAwYzMzOWVmZTA1NjVlYWZhNDI1ZjY4ZTY2ZmZjYWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/slqEVj9OvVYu3UwnwXO3lAZLTF
R4AlCNw11Bk4XQOjbGj1Kx0q2cmkuKZLmRnFuccfRUasWzyCZXyzhFcnipreFhPG
w2VUa2zyw+ZvWTdn59z+kL6MKNLONJ5S0RHnp+vwX9S9lpNWHFfDGnOe4xvaKv8E
I9SDZUznlYcNJK8gBGyhTHoKxoyVxIaXDlWdcRfw8fqS+0X8OXXhdDbooyRJpCoO
VOIED8H99i9fpcBHJN7RDFLE6lyVhYtrG6f3XnDoDNmSUPbw1Y8sfwnDOJMLWnxK
aou4G6GnIJc2b+OSd9ruvWuDeBk4aUa2bMupdXQIk0BMwpVTwdLPs73E6QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFE/pxVAAwznv4FZer6Ql9o5m/8rMMB8GA1UdIwQY
MBaAFOUJD2KEzZvtXjZcCX997XEGVY9ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVFrUFlvVE5tLTFlTmx3SmYzM3RjUVpWajFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8yMDU4NWEtYzhkYy00MzRmLTgxODkt
MDQzMmY0YzRkNGYwLzEvVC1uRlVBRERPZV9nVmw2dnBDWDJqbWJfeXN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8yMDU4NWEtYzhkYy00MzRmLTgxODktMDQzMmY0YzRkNGYw
LzEvNVFrUFlvVE5tLTFlTmx3SmYzM3RjUVpWajFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDWSG4AwQC
uV3gMA0EAgACMAcDBQAqA5NAMA0GCSqGSIb3DQEBCwUAA4IBAQAlD610NiP/55cV
eRY6x9scrLQeZme4zGvppBdRaMzORKLikvd+R2XsGWhq12H3u1y3hqgfBsHr2SOj
LIZVFiWyJeCb6OtdiTH8PyLWLmMnSOHTE1wRzouEJAnpD8Cb0d9f6DInlpyjM9gv
kIS8uzmvkZ06fUW2e0w/MBweTjG9cVMDqmbznPAOtPkznFpRoThI9W7H2DMvUChX
wX5TTxytbXEoeVukHIWfjQoyCnUBRJb8VZaYs8WSmxLicpFgwDs/z00dXB0GHIa4
8uCYq2O0uZGj9yP7rcbsmF12+nTPPmhfbmN+6GplH0TDJP6kCVaRjtSdHklPM4K6
O1lx8IEv
-----END CERTIFICATE-----
Generated at Tue May 12 21:16:13 2026 by rpki-client