Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/58b023-499a-4ace-bf27-9192663580f5/1/5NBoP5YJg3VJIdV3zP-gsUBPfjA.roa
File: 5NBoP5YJg3VJIdV3zP-gsUBPfjA.roa (raw, json)
Hash identifier: ZyXwC5m+97/K647Lw0XhFO8y4yo8d1DbZKjoAZlIn7k=
Subject key identifier: E4:D0:68:3F:96:09:83:75:49:21:D5:77:CC:FF:A0:B1:40:4F:7E:30
Certificate issuer: /CN=7470567109f2962c56befb167acb31870ebc6492
Certificate serial: 019D1AA3B61161CC44B84388CC1608E37ED1
Authority key identifier: 74:70:56:71:09:F2:96:2C:56:BE:FB:16:7A:CB:31:87:0E:BC:64:92
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dHBWcQnylixWvvsWessxhw68ZJI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/58b023-499a-4ace-bf27-9192663580f5/1/5NBoP5YJg3VJIdV3zP-gsUBPfjA.roa
Signing time: Mon 23 Mar 2026 12:20:29 +0000
ROA not before: Mon 23 Mar 2026 12:20:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 49694
IP address blocks: 94.247.152.0/24 maxlen: 24
94.247.153.0/24 maxlen: 24
94.247.154.0/24 maxlen: 24
94.247.155.0/24 maxlen: 24
94.247.156.0/24 maxlen: 24
94.247.157.0/24 maxlen: 24
94.247.158.0/24 maxlen: 24
94.247.159.0/24 maxlen: 24
2a00:ac40::/48 maxlen: 48
2a00:ac40:1::/48 maxlen: 48
2a00:ac40:2::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b0/58b023-499a-4ace-bf27-9192663580f5/1/dHBWcQnylixWvvsWessxhw68ZJI.crl
rsync://rpki.ripe.net/repository/DEFAULT/b0/58b023-499a-4ace-bf27-9192663580f5/1/dHBWcQnylixWvvsWessxhw68ZJI.mft
rsync://rpki.ripe.net/repository/DEFAULT/dHBWcQnylixWvvsWessxhw68ZJI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Mar 2026 04:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:1a:a3:b6:11:61:cc:44:b8:43:88:cc:16:08:e3:7e:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7470567109f2962c56befb167acb31870ebc6492
Validity
Not Before: Mar 23 12:20:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=e4d0683f960983754921d577ccffa0b1404f7e30
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:5d:38:94:72:6c:fd:93:10:9f:2e:ca:f1:d5:
4f:d8:7a:f5:c9:0a:20:5b:fb:02:8f:ab:88:cd:41:
5a:bc:30:d1:24:cb:46:bd:2a:d0:69:51:b4:49:62:
8c:68:ef:f9:48:d3:bd:07:59:3b:04:3e:8e:3b:ef:
6f:65:ce:d9:36:b8:c2:5d:1c:c4:26:4f:82:9b:24:
62:65:91:0f:17:bf:c6:c9:30:4e:88:42:44:86:2b:
67:75:a4:93:5b:c1:3a:68:c4:d1:94:2f:83:ee:86:
80:51:95:67:05:2b:0c:3f:2a:f5:85:9e:3e:d8:9a:
c9:56:a0:49:16:2e:4d:df:c9:c2:b0:77:e5:ce:21:
a3:71:c5:b6:19:86:10:7f:2e:79:91:c4:50:59:9a:
a7:04:db:bd:a4:f1:9f:c6:93:a8:c6:37:61:5d:93:
3c:64:21:26:b9:97:6d:0b:89:4e:90:a0:5c:80:1c:
80:58:3f:06:de:92:34:34:9a:a3:4d:42:1b:96:f9:
e0:01:d0:1c:74:2b:e7:45:69:a9:73:ca:e8:c5:66:
85:91:c8:a5:00:12:68:2b:09:cc:f2:2d:5f:9f:e9:
c6:f5:8a:d8:f2:11:70:8b:df:f1:f6:98:f6:65:71:
da:99:bd:9f:87:1e:94:1e:45:c4:6d:53:db:33:64:
93:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:D0:68:3F:96:09:83:75:49:21:D5:77:CC:FF:A0:B1:40:4F:7E:30
X509v3 Authority Key Identifier:
keyid:74:70:56:71:09:F2:96:2C:56:BE:FB:16:7A:CB:31:87:0E:BC:64:92
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dHBWcQnylixWvvsWessxhw68ZJI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/58b023-499a-4ace-bf27-9192663580f5/1/5NBoP5YJg3VJIdV3zP-gsUBPfjA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/58b023-499a-4ace-bf27-9192663580f5/1/dHBWcQnylixWvvsWessxhw68ZJI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.247.152.0/21
IPv6:
2a00:ac40::-2a00:ac40:2:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
65:60:e3:81:30:2e:45:79:c9:13:ce:cf:f6:60:8a:61:e6:05:
6c:5a:ce:d7:10:9a:ee:91:3f:49:2a:e0:4f:bb:37:70:8a:32:
98:31:e8:22:c3:14:fa:94:31:a1:14:1e:ca:22:79:55:69:44:
d7:33:c3:3d:79:08:2b:5c:0d:8f:47:e0:fb:b4:bb:c2:d9:cf:
79:1b:78:c5:48:3a:7c:32:3d:83:83:70:9b:0b:fb:14:e9:07:
04:5b:d4:7b:09:df:71:e7:6b:d4:c7:5d:0f:bb:41:0a:56:75:
21:8a:42:f2:1b:ed:d3:b6:89:26:13:45:03:36:8b:31:7a:4c:
c0:e0:f5:47:b2:49:2e:55:cc:e5:a7:ea:8c:34:77:a3:64:3d:
ac:24:3d:5b:c5:44:fe:be:60:77:dd:07:68:71:f7:13:ff:35:
3b:24:4e:28:3e:4a:92:82:5a:b4:94:aa:2d:25:f8:46:28:b3:
b5:19:a4:f4:79:41:d3:01:b6:f0:c9:2f:2e:ca:6e:af:33:12:
e5:7a:a1:9e:fb:d5:84:20:7b:25:0c:58:a2:6d:b8:6c:c4:75:
3c:b4:7a:ea:cc:29:1f:8b:65:f3:96:98:12:4e:d1:35:5c:91:
06:bf:0d:e9:b6:43:2a:f2:cb:60:2f:56:bd:d0:69:39:85:8e:
89:7e:cb:aa
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ0ao7YRYcxEuEOIzBYI437RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NzA1NjcxMDlmMjk2MmM1NmJlZmIxNjdhY2IzMTg3MGVi
YzY0OTIwHhcNMjYwMzIzMTIyMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGQwNjgzZjk2MDk4Mzc1NDkyMWQ1NzdjY2ZmYTBiMTQwNGY3ZTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwF04lHJs/ZMQny7K8dVP2Hr1yQog
W/sCj6uIzUFavDDRJMtGvSrQaVG0SWKMaO/5SNO9B1k7BD6OO+9vZc7ZNrjCXRzE
Jk+CmyRiZZEPF7/GyTBOiEJEhitndaSTW8E6aMTRlC+D7oaAUZVnBSsMPyr1hZ4+
2JrJVqBJFi5N38nCsHflziGjccW2GYYQfy55kcRQWZqnBNu9pPGfxpOoxjdhXZM8
ZCEmuZdtC4lOkKBcgByAWD8G3pI0NJqjTUIblvngAdAcdCvnRWmpc8roxWaFkcil
ABJoKwnM8i1fn+nG9YrY8hFwi9/x9pj2ZXHamb2fhx6UHkXEbVPbM2STiwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFOTQaD+WCYN1SSHVd8z/oLFAT34wMB8GA1UdIwQY
MBaAFHRwVnEJ8pYsVr77FnrLMYcOvGSSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEhCV2NRbnlsaXhXdnZzV2Vzc3hodzY4WkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC81OGIwMjMtNDk5YS00YWNlLWJmMjct
OTE5MjY2MzU4MGY1LzEvNU5Cb1A1WUpnM1ZKSWRWM3pQLWdzVUJQZmpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC81OGIwMjMtNDk5YS00YWNlLWJmMjctOTE5MjY2MzU4MGY1
LzEvZEhCV2NRbnlsaXhXdnZzV2Vzc3hodzY4WkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQDXveYMBgE
AgACMBIwEAMFBioArEADBwAqAKxAAAIwDQYJKoZIhvcNAQELBQADggEBAGVg44Ew
LkV5yRPOz/ZgimHmBWxaztcQmu6RP0kq4E+7N3CKMpgx6CLDFPqUMaEUHsoieVVp
RNczwz15CCtcDY9H4Pu0u8LZz3kbeMVIOnwyPYODcJsL+xTpBwRb1HsJ33Hna9TH
XQ+7QQpWdSGKQvIb7dO2iSYTRQM2izF6TMDg9UeySS5VzOWn6ow0d6NkPawkPVvF
RP6+YHfdB2hx9xP/NTskTig+SpKCWrSUqi0l+EYos7UZpPR5QdMBtvDJLy7Kbq8z
EuV6oZ771YQgeyUMWKJtuGzEdTy0eurMKR+LZfOWmBJO0TVckQa/Dem2Qyryy2Av
Vr3QaTmFjol+y6o=
-----END CERTIFICATE-----
Generated at Sat Mar 28 13:08:02 2026 by rpki-client