Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/3cSgnwJIEpGgn7GA3QShVilz_Bk.roa
File: 3cSgnwJIEpGgn7GA3QShVilz_Bk.roa (raw, json)
Hash identifier: AMd1V+dRDU56O4+xNiU6hAcBMYWFkRuAT+HMQQqt00o=
Subject key identifier: DD:C4:A0:9F:02:48:12:91:A0:9F:B1:80:DD:04:A1:56:29:73:FC:19
Certificate issuer: /CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
Certificate serial: 019E1C66A5B2E560ACFF475C443B6F5CD081
Authority key identifier: 4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/3cSgnwJIEpGgn7GA3QShVilz_Bk.roa
Signing time: Tue 12 May 2026 13:35:49 +0000
ROA not before: Tue 12 May 2026 13:35:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 25160
IP address blocks: 5.10.144.0/20 maxlen: 20
31.28.65.0/24 maxlen: 24
31.28.67.0/24 maxlen: 24
31.28.68.0/24 maxlen: 24
31.28.70.0/24 maxlen: 24
31.28.72.0/24 maxlen: 24
31.28.75.0/24 maxlen: 24
31.28.80.0/22 maxlen: 22
31.28.84.0/23 maxlen: 23
31.28.86.0/24 maxlen: 24
37.157.32.0/21 maxlen: 21
45.88.112.0/22 maxlen: 22
82.163.112.0/21 maxlen: 21
82.163.124.0/22 maxlen: 22
82.163.192.0/19 maxlen: 24
82.163.205.0/24 maxlen: 24
91.238.221.0/24 maxlen: 24
94.126.43.0/24 maxlen: 24
94.126.47.0/24 maxlen: 24
158.41.64.0/18 maxlen: 18
165.65.0.0/16 maxlen: 16
165.65.0.0/17 maxlen: 17
165.65.224.0/19 maxlen: 19
178.18.116.0/23 maxlen: 23
178.18.119.0/24 maxlen: 24
185.28.240.0/22 maxlen: 22
185.53.224.0/22 maxlen: 22
185.120.204.0/22 maxlen: 22
185.121.76.0/22 maxlen: 22
185.135.164.0/22 maxlen: 22
185.237.48.0/22 maxlen: 22
193.0.176.0/23 maxlen: 23
193.221.128.0/19 maxlen: 19
194.8.254.0/23 maxlen: 23
195.250.16.0/22 maxlen: 22
206.245.192.0/18 maxlen: 24
2a00:e340::/29 maxlen: 29
2a01:a220::/29 maxlen: 30
2a10:d700::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl
rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.mft
rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 20:10:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:1c:66:a5:b2:e5:60:ac:ff:47:5c:44:3b:6f:5c:d0:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
Validity
Not Before: May 12 13:35:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ddc4a09f02481291a09fb180dd04a1562973fc19
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:ec:6d:26:6f:a8:40:12:94:4c:d2:47:a3:40:
22:4c:cb:65:e7:95:10:98:9b:bf:8a:92:83:81:80:
c3:ed:d4:14:79:55:93:8e:79:27:43:0e:b1:a0:24:
c6:4f:27:71:3a:34:93:a7:80:41:0f:8a:e0:0e:11:
4c:27:66:06:63:f7:e1:58:d4:ae:84:7e:4b:08:db:
db:d5:e6:5a:6c:44:6f:81:42:2e:9f:4d:9c:4e:6a:
61:8c:a1:e5:64:8b:7a:e1:43:19:d2:57:50:ef:52:
d4:1e:22:f4:20:e1:8d:bb:83:36:08:32:c2:d3:99:
aa:c5:d2:e8:e9:95:c5:65:6d:7a:88:34:22:68:12:
90:48:e2:87:34:b3:be:d1:ec:dd:c6:f5:4f:b9:8f:
c2:2b:6b:49:34:12:4c:16:74:9e:a1:77:12:25:39:
03:30:34:95:96:b7:0b:d5:ea:40:13:ec:11:51:52:
74:0f:fe:33:75:7a:05:64:76:76:ba:26:b8:72:0a:
58:10:8d:d2:41:58:fd:2e:50:45:34:00:f6:b5:0b:
7c:68:32:c3:87:14:e4:88:54:94:3f:d6:2f:1a:eb:
a5:56:04:1d:26:3f:86:da:76:b0:5c:ea:37:80:d5:
0e:44:36:ba:c7:f0:35:bd:d1:f2:7e:cf:67:31:9a:
36:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:C4:A0:9F:02:48:12:91:A0:9F:B1:80:DD:04:A1:56:29:73:FC:19
X509v3 Authority Key Identifier:
keyid:4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/3cSgnwJIEpGgn7GA3QShVilz_Bk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.10.144.0/20
31.28.65.0/24
31.28.67.0-31.28.68.255
31.28.70.0/24
31.28.72.0/24
31.28.75.0/24
31.28.80.0-31.28.86.255
37.157.32.0/21
45.88.112.0/22
82.163.112.0/21
82.163.124.0/22
82.163.192.0/19
91.238.221.0/24
94.126.43.0/24
94.126.47.0/24
158.41.64.0/18
165.65.0.0/16
178.18.116.0/23
178.18.119.0/24
185.28.240.0/22
185.53.224.0/22
185.120.204.0/22
185.121.76.0/22
185.135.164.0/22
185.237.48.0/22
193.0.176.0/23
193.221.128.0/19
194.8.254.0/23
195.250.16.0/22
206.245.192.0/18
IPv6:
2a00:e340::/29
2a01:a220::/29
2a10:d700::/29
Signature Algorithm: sha256WithRSAEncryption
3b:52:78:30:70:a7:58:09:9e:7f:06:10:35:32:c6:1f:74:e5:
9e:0f:a3:6e:02:df:83:c1:aa:f0:5e:d1:d1:9d:81:0a:9e:c5:
3d:32:85:f9:f3:0e:fb:e9:de:01:b9:52:57:9e:de:fc:3f:92:
34:07:52:1c:0f:b6:fd:43:0a:de:23:e0:e9:db:38:e7:00:20:
aa:e5:86:66:ad:4a:02:13:41:00:a1:74:67:81:61:19:bb:91:
a0:23:ff:cc:54:68:36:c8:24:de:f6:f7:fc:0e:c3:ca:00:09:
6c:22:1f:01:41:5d:db:b4:0a:82:9d:f5:34:c7:6e:80:c1:dc:
dd:e5:98:88:bc:9a:da:bd:6d:72:64:61:a8:32:71:83:99:0e:
d2:e2:c4:b6:42:b4:99:6b:ab:a8:ff:31:86:26:7d:24:5d:48:
9d:e2:ea:9a:bc:c2:67:30:51:df:7a:6a:35:ff:6a:21:8f:95:
b2:7a:f5:b5:13:7d:2a:9e:9c:f1:7b:4a:21:3b:e4:7e:a4:13:
60:c3:8d:f3:1d:6e:f1:0d:56:05:f2:c4:04:1c:db:d0:3c:6f:
e3:df:c8:91:3e:89:71:cb:5e:56:21:4c:2d:52:c9:cb:ed:06:
7e:32:86:a7:45:c5:4c:4b:e5:28:32:30:d9:09:a3:7c:99:b6:
7b:e7:43:33
-----BEGIN CERTIFICATE-----
MIIF3DCCBMSgAwIBAgISAZ4cZqWy5WCs/0dcRDtvXNCBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZTg0M2E4NWRkNjY0ZTlkYzAzMTA4OTJiZDdkZDljZTUy
NTkxYzcwHhcNMjYwNTEyMTMzNTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGM0YTA5ZjAyNDgxMjkxYTA5ZmIxODBkZDA0YTE1NjI5NzNmYzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOxtJm+oQBKUTNJHo0AiTMtl55UQ
mJu/ipKDgYDD7dQUeVWTjnknQw6xoCTGTydxOjSTp4BBD4rgDhFMJ2YGY/fhWNSu
hH5LCNvb1eZabERvgUIun02cTmphjKHlZIt64UMZ0ldQ71LUHiL0IOGNu4M2CDLC
05mqxdLo6ZXFZW16iDQiaBKQSOKHNLO+0ezdxvVPuY/CK2tJNBJMFnSeoXcSJTkD
MDSVlrcL1epAE+wRUVJ0D/4zdXoFZHZ2uia4cgpYEI3SQVj9LlBFNAD2tQt8aDLD
hxTkiFSUP9YvGuulVgQdJj+G2nawXOo3gNUORDa6x/A1vdHyfs9nMZo2nQIDAQAB
o4IC6DCCAuQwHQYDVR0OBBYEFN3EoJ8CSBKRoJ+xgN0EoVYpc/wZMB8GA1UdIwQY
MBaAFE7oQ6hd1mTp3AMQiSvX3ZzlJZHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjct
NDhjZjQxMmIzODdiLzEvM2NTZ253SklFcEdnbjdHQTNRU2hWaWx6X0JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjctNDhjZjQxMmIzODdi
LzEvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH9BggrBgEFBQcBBwEB/wSB7TCB6jCBygQCAAEwgcMDBAQF
CpADBAAfHEEwDAMEAB8cQwMEAB8cRAMEAB8cRgMEAB8cSAMEAB8cSzAMAwQEHxxQ
AwQAHxxWAwQDJZ0gAwQCLVhwAwQDUqNwAwQCUqN8AwQFUqPAAwQAW+7dAwQAXn4r
AwQAXn4vAwQGnilAAwMApUEDBAGyEnQDBACyEncDBAK5HPADBAK5NeADBAK5eMwD
BAK5eUwDBAK5h6QDBAK57TADBAHBALADBAXB3YADBAHCCP4DBALD+hADBAbO9cAw
GwQCAAIwFQMFAyoA40ADBQMqAaIgAwUDKhDXADANBgkqhkiG9w0BAQsFAAOCAQEA
O1J4MHCnWAmefwYQNTLGH3Tlng+jbgLfg8Gq8F7R0Z2BCp7FPTKF+fMO++neAblS
V57e/D+SNAdSHA+2/UMK3iPg6ds45wAgquWGZq1KAhNBAKF0Z4FhGbuRoCP/zFRo
Nsgk3vb3/A7DygAJbCIfAUFd27QKgp31NMdugMHc3eWYiLya2r1tcmRhqDJxg5kO
0uLEtkK0mWurqP8xhiZ9JF1IneLqmrzCZzBR33pqNf9qIY+Vsnr1tRN9Kp6c8XtK
ITvkfqQTYMON8x1u8Q1WBfLEBBzb0Dxv49/IkT6JccteViFMLVLJy+0GfjKGp0XF
TEvlKDIw2QmjfJm2e+dDMw==
-----END CERTIFICATE-----
Generated at Wed May 13 02:47:47 2026 by rpki-client