Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/f25506-6a6c-497d-a4ab-248c47b3c7d8/1/TM7w-cXB8z85wBN-IZClxGDsneg.roa
File: TM7w-cXB8z85wBN-IZClxGDsneg.roa (raw, json)
Hash identifier: emRsf5rqRT9CiCwd3UgGiz4Po2LgcGkGywPIUaBs3bY=
Subject key identifier: 4C:CE:F0:F9:C5:C1:F3:3F:39:C0:13:7E:21:90:A5:C4:60:EC:9D:E8
Certificate issuer: /CN=35216a360277876e3e93b29bd4bb9c9231fad2f7
Certificate serial: 019CBE247A197D249E9FC940FCB5EB934E1B
Authority key identifier: 35:21:6A:36:02:77:87:6E:3E:93:B2:9B:D4:BB:9C:92:31:FA:D2:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NSFqNgJ3h24-k7Kb1LuckjH60vc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/f25506-6a6c-497d-a4ab-248c47b3c7d8/1/TM7w-cXB8z85wBN-IZClxGDsneg.roa
Signing time: Thu 05 Mar 2026 13:16:27 +0000
ROA not before: Thu 05 Mar 2026 13:16:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 208802
IP address blocks: 45.84.200.0/22 maxlen: 22
45.84.200.0/23 maxlen: 23
45.84.203.0/24 maxlen: 24
2a0e:9f80::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a8/f25506-6a6c-497d-a4ab-248c47b3c7d8/1/NSFqNgJ3h24-k7Kb1LuckjH60vc.crl
rsync://rpki.ripe.net/repository/DEFAULT/a8/f25506-6a6c-497d-a4ab-248c47b3c7d8/1/NSFqNgJ3h24-k7Kb1LuckjH60vc.mft
rsync://rpki.ripe.net/repository/DEFAULT/NSFqNgJ3h24-k7Kb1LuckjH60vc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 13:01:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:be:24:7a:19:7d:24:9e:9f:c9:40:fc:b5:eb:93:4e:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35216a360277876e3e93b29bd4bb9c9231fad2f7
Validity
Not Before: Mar 5 13:16:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4ccef0f9c5c1f33f39c0137e2190a5c460ec9de8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:89:89:30:f3:55:8d:c9:df:8e:2f:47:be:bd:
be:a3:a9:be:f4:f7:ad:95:5b:20:d1:80:ea:aa:c6:
de:31:21:30:80:d8:f3:23:49:ec:7f:0d:74:a8:6a:
a5:e7:5d:cd:54:34:35:c8:d5:c4:5f:e6:76:35:ed:
97:39:d5:8d:dd:d9:74:82:30:10:0d:72:ed:a5:2d:
21:36:11:2c:2f:58:3b:c8:f2:7d:03:db:7f:2f:6b:
90:05:75:43:dc:b9:c1:1c:97:d9:41:6d:15:58:c8:
7e:da:df:a3:60:44:58:e4:2c:f4:48:f6:06:15:c0:
b7:f9:eb:59:87:ac:e3:fa:04:08:7b:8f:af:0b:ec:
b2:16:bb:5d:c5:5a:d6:7b:81:a5:dc:3a:bf:b8:e7:
d1:1e:fa:86:61:2d:61:ad:59:2c:8f:5e:f5:c1:72:
54:7c:ce:d4:fd:e9:eb:a9:be:d3:16:9d:fa:9a:20:
7f:fd:d0:78:d0:15:ac:0a:b1:c4:18:f4:36:a6:c1:
db:2f:ff:c1:83:e8:4b:fd:60:89:6c:f3:94:08:c4:
32:4d:a3:c3:1e:60:d1:e0:75:41:9c:5f:21:cf:52:
b7:23:4e:17:8b:8e:21:be:ae:e3:9c:fb:e8:db:6d:
76:3c:dc:e5:1a:99:5d:bd:09:bd:37:b5:30:f3:7e:
4a:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:CE:F0:F9:C5:C1:F3:3F:39:C0:13:7E:21:90:A5:C4:60:EC:9D:E8
X509v3 Authority Key Identifier:
keyid:35:21:6A:36:02:77:87:6E:3E:93:B2:9B:D4:BB:9C:92:31:FA:D2:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSFqNgJ3h24-k7Kb1LuckjH60vc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/f25506-6a6c-497d-a4ab-248c47b3c7d8/1/TM7w-cXB8z85wBN-IZClxGDsneg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/f25506-6a6c-497d-a4ab-248c47b3c7d8/1/NSFqNgJ3h24-k7Kb1LuckjH60vc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.200.0/22
IPv6:
2a0e:9f80::/29
Signature Algorithm: sha256WithRSAEncryption
a1:0d:78:d5:30:81:4e:57:1c:f6:33:66:75:5c:d1:5c:bd:dc:
f0:25:c2:14:30:52:22:1a:ac:26:95:b2:6d:b0:bf:47:22:b9:
b6:da:61:fa:53:08:f3:58:58:18:52:3f:d7:04:89:38:89:e8:
65:0d:36:d5:53:2f:e3:a4:27:ce:66:3b:a6:1e:0c:87:dc:d3:
d2:15:67:50:05:5d:7b:45:6e:64:52:5a:c4:67:22:8a:68:ef:
38:31:3b:a4:16:23:09:c6:98:51:29:1a:16:c7:a5:06:38:38:
7b:52:f7:ac:e6:ea:1e:2d:3e:c7:ae:ab:b2:75:3b:28:4c:2b:
c7:18:81:a1:3f:a3:9a:4e:32:79:79:e9:18:c6:dd:f4:74:c3:
8d:42:4b:ba:ba:ef:12:74:d2:44:46:a4:26:84:55:4c:b4:b1:
58:59:da:d1:06:04:dc:c7:a5:84:60:6e:f6:1c:aa:a6:e5:0c:
c1:75:52:30:be:39:6a:dc:89:93:50:ea:61:33:2f:f1:d4:a0:
3c:c8:38:60:7c:80:7e:74:70:3e:c2:b8:1a:17:68:b5:1c:18:
59:77:47:48:f5:7a:fe:81:4b:d0:56:a1:6e:3c:b1:f2:54:20:
78:fa:f5:01:8d:b7:02:d1:f0:e6:02:63:08:84:08:8c:c3:bc:
be:22:f4:08
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZy+JHoZfSSen8lA/LXrk04bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MjE2YTM2MDI3Nzg3NmUzZTkzYjI5YmQ0YmI5YzkyMzFm
YWQyZjcwHhcNMjYwMzA1MTMxNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2NlZjBmOWM1YzFmMzNmMzljMDEzN2UyMTkwYTVjNDYwZWM5ZGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzomJMPNVjcnfji9Hvr2+o6m+9Pet
lVsg0YDqqsbeMSEwgNjzI0nsfw10qGql513NVDQ1yNXEX+Z2Ne2XOdWN3dl0gjAQ
DXLtpS0hNhEsL1g7yPJ9A9t/L2uQBXVD3LnBHJfZQW0VWMh+2t+jYERY5Cz0SPYG
FcC3+etZh6zj+gQIe4+vC+yyFrtdxVrWe4Gl3Dq/uOfRHvqGYS1hrVksj171wXJU
fM7U/enrqb7TFp36miB//dB40BWsCrHEGPQ2psHbL//Bg+hL/WCJbPOUCMQyTaPD
HmDR4HVBnF8hz1K3I04Xi44hvq7jnPvo2212PNzlGpldvQm9N7Uw835K6QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEzO8PnFwfM/OcATfiGQpcRg7J3oMB8GA1UdIwQY
MBaAFDUhajYCd4duPpOym9S7nJIx+tL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNGcU5nSjNoMjQtazdLYjFMdWNrakg2MHZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9mMjU1MDYtNmE2Yy00OTdkLWE0YWIt
MjQ4YzQ3YjNjN2Q4LzEvVE03dy1jWEI4ejg1d0JOLUlaQ2x4R0RzbmVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9mMjU1MDYtNmE2Yy00OTdkLWE0YWItMjQ4YzQ3YjNjN2Q4
LzEvTlNGcU5nSjNoMjQtazdLYjFMdWNrakg2MHZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVTIMA0E
AgACMAcDBQMqDp+AMA0GCSqGSIb3DQEBCwUAA4IBAQChDXjVMIFOVxz2M2Z1XNFc
vdzwJcIUMFIiGqwmlbJtsL9HIrm22mH6UwjzWFgYUj/XBIk4iehlDTbVUy/jpCfO
ZjumHgyH3NPSFWdQBV17RW5kUlrEZyKKaO84MTukFiMJxphRKRoWx6UGODh7Uves
5uoeLT7HrquydTsoTCvHGIGhP6OaTjJ5eekYxt30dMONQku6uu8SdNJERqQmhFVM
tLFYWdrRBgTcx6WEYG72HKqm5QzBdVIwvjlq3ImTUOphMy/x1KA8yDhgfIB+dHA+
wrgaF2i1HBhZd0dI9Xr+gUvQVqFuPLHyVCB4+vUBjbcC0fDmAmMIhAiMw7y+IvQI
-----END CERTIFICATE-----
Generated at Thu Mar 26 23:33:53 2026 by rpki-client