Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/iKwLG1q1sDs9tvR7rIxpNbBHq4g.roa
File: iKwLG1q1sDs9tvR7rIxpNbBHq4g.roa (raw, json)
Hash identifier: 5Al8Pm91tYMp0+j7fJGmguSqWX96C92TH8gJMDHEyyY=
Subject key identifier: 88:AC:0B:1B:5A:B5:B0:3B:3D:B6:F4:7B:AC:8C:69:35:B0:47:AB:88
Certificate issuer: /CN=ddead919b85a13051d0208b7e28ddccb398b14d6
Certificate serial: 019D002924CC8B27B8AC86FA03E49F97D758
Authority key identifier: DD:EA:D9:19:B8:5A:13:05:1D:02:08:B7:E2:8D:DC:CB:39:8B:14:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3erZGbhaEwUdAgi34o3cyzmLFNY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/iKwLG1q1sDs9tvR7rIxpNbBHq4g.roa
Signing time: Wed 18 Mar 2026 08:56:29 +0000
ROA not before: Wed 18 Mar 2026 08:56:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 42845
IP address blocks: 37.157.224.0/21 maxlen: 24
45.137.144.0/22 maxlen: 22
77.74.208.0/21 maxlen: 24
89.46.96.0/22 maxlen: 24
95.128.144.0/21 maxlen: 24
149.255.48.0/21 maxlen: 21
185.40.224.0/22 maxlen: 22
185.87.92.0/22 maxlen: 24
185.135.124.0/22 maxlen: 22
185.185.116.0/22 maxlen: 22
185.232.224.0/22 maxlen: 22
193.28.233.0/24 maxlen: 24
194.150.92.0/22 maxlen: 22
2a00:7200::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/3erZGbhaEwUdAgi34o3cyzmLFNY.crl
rsync://rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/3erZGbhaEwUdAgi34o3cyzmLFNY.mft
rsync://rpki.ripe.net/repository/DEFAULT/3erZGbhaEwUdAgi34o3cyzmLFNY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:00:29:24:cc:8b:27:b8:ac:86:fa:03:e4:9f:97:d7:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ddead919b85a13051d0208b7e28ddccb398b14d6
Validity
Not Before: Mar 18 08:56:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=88ac0b1b5ab5b03b3db6f47bac8c6935b047ab88
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:05:e8:42:b6:9c:8f:f1:e7:1c:dd:47:66:09:
59:a1:e0:af:a0:18:65:0b:89:c2:47:d9:23:67:e3:
66:26:8c:b5:ad:39:39:20:b1:30:d4:d9:8c:5b:76:
9a:bc:3c:4f:7e:58:62:12:88:38:38:64:90:6a:38:
c6:41:48:e0:b7:21:6d:93:37:07:36:c2:1c:45:40:
a0:89:7e:b5:ae:66:e4:60:5d:e0:b3:78:55:33:f4:
40:8f:65:c0:fa:80:b2:50:ca:fa:cc:f5:4f:e4:d5:
34:57:fc:7c:b7:f4:10:18:97:e1:ee:d1:44:ea:25:
8d:8b:9c:2c:89:4c:ff:0e:d8:a3:d2:59:ce:30:df:
64:d3:cb:44:63:26:92:c1:b2:0e:be:0c:6f:7c:fa:
b2:22:2d:7a:a4:72:2b:27:f4:57:5c:01:4d:06:c2:
ba:2f:a0:a4:9c:28:a0:c2:88:0f:6c:37:1c:63:1a:
51:fc:68:ec:ac:ac:51:e4:cb:82:bd:61:c4:a6:8f:
25:b3:ba:90:17:02:47:5f:b0:93:0a:15:df:9c:14:
85:95:de:d0:4b:f1:47:ed:a9:c0:6e:b8:6e:6c:e9:
c3:fb:7e:26:b5:e5:94:d8:db:16:45:0b:1d:17:a6:
3f:a8:08:e9:aa:71:ed:44:00:d5:24:58:e2:b3:25:
d4:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:AC:0B:1B:5A:B5:B0:3B:3D:B6:F4:7B:AC:8C:69:35:B0:47:AB:88
X509v3 Authority Key Identifier:
keyid:DD:EA:D9:19:B8:5A:13:05:1D:02:08:B7:E2:8D:DC:CB:39:8B:14:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3erZGbhaEwUdAgi34o3cyzmLFNY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/iKwLG1q1sDs9tvR7rIxpNbBHq4g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/3erZGbhaEwUdAgi34o3cyzmLFNY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.157.224.0/21
45.137.144.0/22
77.74.208.0/21
89.46.96.0/22
95.128.144.0/21
149.255.48.0/21
185.40.224.0/22
185.87.92.0/22
185.135.124.0/22
185.185.116.0/22
185.232.224.0/22
193.28.233.0/24
194.150.92.0/22
IPv6:
2a00:7200::/32
Signature Algorithm: sha256WithRSAEncryption
1c:4c:33:48:ff:7b:70:55:82:9d:f4:74:a5:3d:b8:c7:f6:1b:
61:a9:b5:3e:ca:e4:e7:07:d4:9a:57:b9:5d:f6:d3:57:d4:cf:
46:41:82:ac:f5:47:7b:6c:0a:d1:c9:eb:6b:e8:61:b4:d6:6e:
de:cd:21:06:1e:e2:cb:6c:d6:69:50:18:24:24:9e:d5:d9:3d:
a1:d7:d8:7f:c4:4d:10:20:fa:cf:f1:f5:c3:b5:4e:71:19:f5:
ca:36:95:9e:13:17:4f:6c:f9:54:46:5a:76:47:67:5b:7f:b8:
91:d9:1c:7f:b1:9d:2a:86:ce:8b:72:21:2a:29:a2:5b:4f:9d:
a2:2e:d5:03:9c:c1:90:84:03:af:5c:f2:2e:f0:30:cf:b5:7c:
ce:e9:71:9f:db:84:bf:36:0b:95:ac:fb:0d:26:c5:f6:73:78:
6a:16:c6:dc:e7:ad:5d:24:8c:2e:d3:f9:3e:83:01:a0:78:03:
96:90:a2:12:96:e0:ca:87:5e:c7:75:ac:95:1a:10:47:a9:0c:
45:0d:a7:c7:62:1f:79:37:4e:4f:a6:52:17:e3:b8:f0:b5:58:
36:45:93:84:3c:c2:9e:e4:0e:c9:7c:96:76:4c:42:88:3d:8b:
99:c3:c4:9e:fb:55:e2:d6:9f:cd:4f:75:a2:e6:6d:a2:cb:0d:
35:c9:63:3b
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAZ0AKSTMiye4rIb6A+Sfl9dYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZWFkOTE5Yjg1YTEzMDUxZDAyMDhiN2UyOGRkY2NiMzk4
YjE0ZDYwHhcNMjYwMzE4MDg1NjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGFjMGIxYjVhYjViMDNiM2RiNmY0N2JhYzhjNjkzNWIwNDdhYjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4AXoQracj/HnHN1HZglZoeCvoBhl
C4nCR9kjZ+NmJoy1rTk5ILEw1NmMW3aavDxPflhiEog4OGSQajjGQUjgtyFtkzcH
NsIcRUCgiX61rmbkYF3gs3hVM/RAj2XA+oCyUMr6zPVP5NU0V/x8t/QQGJfh7tFE
6iWNi5wsiUz/Dtij0lnOMN9k08tEYyaSwbIOvgxvfPqyIi16pHIrJ/RXXAFNBsK6
L6CknCigwogPbDccYxpR/GjsrKxR5MuCvWHEpo8ls7qQFwJHX7CTChXfnBSFld7Q
S/FH7anAbrhubOnD+34mteWU2NsWRQsdF6Y/qAjpqnHtRADVJFjisyXUCQIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFIisCxtatbA7Pbb0e6yMaTWwR6uIMB8GA1UdIwQY
MBaAFN3q2Rm4WhMFHQIIt+KN3Ms5ixTWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2VyWkdiaGFFd1VkQWdpMzRvM2N5em1MRk5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS84ZWZmZTQtZWRiYi00ZGQ0LTg1ZDQt
NDhiOGI1YTliNDExLzEvaUt3TEcxcTFzRHM5dHZSN3JJeHBOYkJIcTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS84ZWZmZTQtZWRiYi00ZGQ0LTg1ZDQtNDhiOGI1YTliNDEx
LzEvM2VyWkdiaGFFd1VkQWdpMzRvM2N5em1MRk5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwQDJZ3gAwQC
LYmQAwQDTUrQAwQCWS5gAwQDX4CQAwQDlf8wAwQCuSjgAwQCuVdcAwQCuYd8AwQC
ubl0AwQCuejgAwQAwRzpAwQCwpZcMA0EAgACMAcDBQAqAHIAMA0GCSqGSIb3DQEB
CwUAA4IBAQAcTDNI/3twVYKd9HSlPbjH9hthqbU+yuTnB9SaV7ld9tNX1M9GQYKs
9Ud7bArRyetr6GG01m7ezSEGHuLLbNZpUBgkJJ7V2T2h19h/xE0QIPrP8fXDtU5x
GfXKNpWeExdPbPlURlp2R2dbf7iR2Rx/sZ0qhs6LciEqKaJbT52iLtUDnMGQhAOv
XPIu8DDPtXzO6XGf24S/NguVrPsNJsX2c3hqFsbc561dJIwu0/k+gwGgeAOWkKIS
luDKh17HdayVGhBHqQxFDafHYh95N05PplIX47jwtVg2RZOEPMKe5A7JfJZ2TEKI
PYuZw8Se+1Xi1p/NT3Wi5m2iyw01yWM7
-----END CERTIFICATE-----
Generated at Thu Mar 26 08:36:40 2026 by rpki-client