Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/1da070-509e-4297-a035-43fb70b4c13f/1/oBHjdNvrDmueFVZ9Jx9YwsAht9c.roa
File: oBHjdNvrDmueFVZ9Jx9YwsAht9c.roa (raw, json)
Hash identifier: IS8s6ycOmHXHeKoH7+UUa5h9OtGtPNxKzpllCqpSK+I=
Subject key identifier: A0:11:E3:74:DB:EB:0E:6B:9E:15:56:7D:27:1F:58:C2:C0:21:B7:D7
Certificate issuer: /CN=17a25c43e70d1f41d9890d755361a0ca17590754
Certificate serial: 019B79ED1A67D4E75398253A13700FF9EB1C
Authority key identifier: 17:A2:5C:43:E7:0D:1F:41:D9:89:0D:75:53:61:A0:CA:17:59:07:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/F6JcQ-cNH0HZiQ11U2GgyhdZB1Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9e/1da070-509e-4297-a035-43fb70b4c13f/1/oBHjdNvrDmueFVZ9Jx9YwsAht9c.roa
Signing time: Thu 01 Jan 2026 14:19:00 +0000
ROA not before: Thu 01 Jan 2026 14:19:00 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 51677
IP address blocks: 91.220.45.0/24 maxlen: 24
146.0.48.0/24 maxlen: 24
146.0.49.0/24 maxlen: 24
146.0.50.0/24 maxlen: 24
146.0.51.0/24 maxlen: 24
146.0.52.0/24 maxlen: 24
146.0.53.0/24 maxlen: 24
146.0.54.0/24 maxlen: 24
146.0.55.0/24 maxlen: 24
185.5.240.0/24 maxlen: 24
185.5.241.0/24 maxlen: 24
185.5.242.0/24 maxlen: 24
185.5.243.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9e/1da070-509e-4297-a035-43fb70b4c13f/1/F6JcQ-cNH0HZiQ11U2GgyhdZB1Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/9e/1da070-509e-4297-a035-43fb70b4c13f/1/F6JcQ-cNH0HZiQ11U2GgyhdZB1Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/F6JcQ-cNH0HZiQ11U2GgyhdZB1Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 05:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:79:ed:1a:67:d4:e7:53:98:25:3a:13:70:0f:f9:eb:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=17a25c43e70d1f41d9890d755361a0ca17590754
Validity
Not Before: Jan 1 14:19:00 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a011e374dbeb0e6b9e15567d271f58c2c021b7d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:82:76:ae:dd:03:f6:c6:87:f0:83:62:b6:57:
20:95:79:f7:09:24:98:0b:c7:7f:a3:a0:88:2a:46:
51:6e:55:cd:78:79:cd:b1:38:36:f6:43:9a:e7:2c:
88:9d:0e:ec:4d:24:13:2f:e2:98:23:aa:f4:bf:db:
e9:13:20:bd:15:5d:67:3b:29:93:19:c6:6f:5e:56:
26:11:d7:9b:37:8e:d6:10:d8:01:69:f9:14:92:78:
7f:12:2a:96:bd:b0:46:1d:10:e1:12:89:14:fb:37:
a6:1c:67:f4:40:8a:b4:ee:84:b4:79:e5:d5:cd:d1:
c1:02:14:9c:e0:db:70:c0:e5:81:c2:aa:36:e9:f9:
84:33:ed:2c:63:71:3b:77:3e:91:f2:01:9e:47:09:
7e:c4:e3:50:80:dd:e5:55:2a:52:b4:21:c8:56:5a:
05:3d:bd:b3:47:0f:43:2c:8c:f8:43:99:e1:37:d4:
4c:c8:54:94:98:39:fd:b6:65:03:af:d4:c0:e8:5a:
eb:fb:6b:b5:e1:71:a6:0d:7f:5a:a0:c5:36:33:14:
09:3a:46:e0:65:4b:74:04:02:6e:3b:9b:60:96:c4:
a4:88:d9:83:80:30:5d:ff:12:da:12:6c:1a:d4:f1:
03:32:77:98:57:d3:0f:fb:25:ff:44:b3:a2:e6:9f:
f2:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:11:E3:74:DB:EB:0E:6B:9E:15:56:7D:27:1F:58:C2:C0:21:B7:D7
X509v3 Authority Key Identifier:
keyid:17:A2:5C:43:E7:0D:1F:41:D9:89:0D:75:53:61:A0:CA:17:59:07:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F6JcQ-cNH0HZiQ11U2GgyhdZB1Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/1da070-509e-4297-a035-43fb70b4c13f/1/oBHjdNvrDmueFVZ9Jx9YwsAht9c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/1da070-509e-4297-a035-43fb70b4c13f/1/F6JcQ-cNH0HZiQ11U2GgyhdZB1Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.220.45.0/24
146.0.48.0/21
185.5.240.0/22
Signature Algorithm: sha256WithRSAEncryption
73:90:6f:fd:55:93:a8:75:ac:b5:dd:ff:10:85:fa:f5:af:d7:
08:c1:bf:1c:21:d3:0d:f5:b4:b0:53:14:b1:c8:94:3e:dd:ec:
e4:cb:7c:65:fe:1c:00:95:f7:a6:6a:7b:75:f8:f6:ca:21:c2:
f4:09:c4:4c:57:8d:f8:68:93:93:c8:70:4a:fa:1a:09:a2:45:
f2:e0:87:33:5d:19:97:40:6a:37:22:56:cc:e9:33:02:56:64:
b8:73:c4:17:96:14:b8:eb:1c:26:f5:fa:cb:33:ad:44:cb:12:
15:ea:5c:f9:f6:7f:ac:f8:b2:2c:e1:ca:a1:a1:12:c7:5d:50:
32:3c:f5:0f:1d:fa:d5:b5:b0:70:21:60:ce:52:86:4d:6b:f9:
38:f0:60:b2:f0:d6:38:cd:82:ec:2f:02:7e:38:ad:cd:03:d3:
7c:0d:a0:4c:63:3b:c9:a2:6c:0a:10:56:e5:5e:79:64:50:c6:
c5:82:0c:ae:ec:af:68:ca:94:bd:05:79:aa:89:fe:c8:5c:77:
ef:f5:26:86:8f:ed:06:38:0c:70:0b:09:2b:95:d2:68:94:bc:
69:f8:d4:a2:78:74:8b:38:b7:7f:64:41:cd:94:5f:67:06:ae:
ec:27:09:4b:dd:86:e9:85:09:cb:0e:d5:3c:67:91:d1:40:6a:
38:bf:8f:50
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt57Rpn1OdTmCU6E3AP+escMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YTI1YzQzZTcwZDFmNDFkOTg5MGQ3NTUzNjFhMGNhMTc1
OTA3NTQwHhcNMjYwMTAxMTQxOTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDExZTM3NGRiZWIwZTZiOWUxNTU2N2QyNzFmNThjMmMwMjFiN2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzoJ2rt0D9saH8INitlcglXn3CSSY
C8d/o6CIKkZRblXNeHnNsTg29kOa5yyInQ7sTSQTL+KYI6r0v9vpEyC9FV1nOymT
GcZvXlYmEdebN47WENgBafkUknh/EiqWvbBGHRDhEokU+zemHGf0QIq07oS0eeXV
zdHBAhSc4NtwwOWBwqo26fmEM+0sY3E7dz6R8gGeRwl+xONQgN3lVSpStCHIVloF
Pb2zRw9DLIz4Q5nhN9RMyFSUmDn9tmUDr9TA6Frr+2u14XGmDX9aoMU2MxQJOkbg
ZUt0BAJuO5tglsSkiNmDgDBd/xLaEmwa1PEDMneYV9MP+yX/RLOi5p/yZQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKAR43Tb6w5rnhVWfScfWMLAIbfXMB8GA1UdIwQY
MBaAFBeiXEPnDR9B2YkNdVNhoMoXWQdUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjZKY1EtY05IMEhaaVExMVUyR2d5aGRaQjFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8xZGEwNzAtNTA5ZS00Mjk3LWEwMzUt
NDNmYjcwYjRjMTNmLzEvb0JIamROdnJEbXVlRlZaOUp4OVl3c0FodDljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8xZGEwNzAtNTA5ZS00Mjk3LWEwMzUtNDNmYjcwYjRjMTNm
LzEvRjZKY1EtY05IMEhaaVExMVUyR2d5aGRaQjFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9wtAwQD
kgAwAwQCuQXwMA0GCSqGSIb3DQEBCwUAA4IBAQBzkG/9VZOoday13f8Qhfr1r9cI
wb8cIdMN9bSwUxSxyJQ+3ezky3xl/hwAlfemant1+PbKIcL0CcRMV434aJOTyHBK
+hoJokXy4IczXRmXQGo3IlbM6TMCVmS4c8QXlhS46xwm9frLM61EyxIV6lz59n+s
+LIs4cqhoRLHXVAyPPUPHfrVtbBwIWDOUoZNa/k48GCy8NY4zYLsLwJ+OK3NA9N8
DaBMYzvJomwKEFblXnlkUMbFggyu7K9oypS9BXmqif7IXHfv9SaGj+0GOAxwCwkr
ldJolLxp+NSieHSLOLd/ZEHNlF9nBq7sJwlL3YbphQnLDtU8Z5HRQGo4v49Q
-----END CERTIFICATE-----
Generated at Thu Mar 26 14:03:15 2026 by rpki-client