Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/76112c-f17e-4dc1-ba52-6544a2b99817/1/1-B9Lbj4pKvZfeBlVCluXyZACLgE.roa
File: 1-B9Lbj4pKvZfeBlVCluXyZACLgE.roa (raw, json)
Hash identifier: dl5qiVx2ohz/ydT7WDU0tUmGSb6dlLqmyduAUAaYC4s=
Subject key identifier: F8:1F:4B:6E:3E:29:2A:F6:5F:78:19:55:0A:5B:97:C9:90:02:2E:01
Certificate issuer: /CN=a30ddaa7494d69ba1cacb457ef91b6dcd22e8dd9
Certificate serial: 019D000AEE8E9A3882EE7EB64416DDCC8DA1
Authority key identifier: A3:0D:DA:A7:49:4D:69:BA:1C:AC:B4:57:EF:91:B6:DC:D2:2E:8D:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ow3ap0lNabocrLRX75G23NIujdk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/76112c-f17e-4dc1-ba52-6544a2b99817/1/1-B9Lbj4pKvZfeBlVCluXyZACLgE.roa
Signing time: Wed 18 Mar 2026 08:23:29 +0000
ROA not before: Wed 18 Mar 2026 08:23:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 29484
IP address blocks: 134.147.0.0/16 maxlen: 16
185.73.20.0/22 maxlen: 22
185.73.20.0/23 maxlen: 23
185.73.22.0/24 maxlen: 24
185.73.22.0/25 maxlen: 25
185.73.22.128/25 maxlen: 25
185.73.23.0/24 maxlen: 24
2a05:3e00::/29 maxlen: 29
2a05:3e00::/30 maxlen: 30
2a05:3e04::/32 maxlen: 32
2a05:3e05::/32 maxlen: 32
2a05:3e06::/31 maxlen: 31
2a05:3e07:801::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b1/76112c-f17e-4dc1-ba52-6544a2b99817/1/ow3ap0lNabocrLRX75G23NIujdk.crl
rsync://rpki.ripe.net/repository/DEFAULT/b1/76112c-f17e-4dc1-ba52-6544a2b99817/1/ow3ap0lNabocrLRX75G23NIujdk.mft
rsync://rpki.ripe.net/repository/DEFAULT/ow3ap0lNabocrLRX75G23NIujdk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Mar 2026 02:00:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:00:0a:ee:8e:9a:38:82:ee:7e:b6:44:16:dd:cc:8d:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a30ddaa7494d69ba1cacb457ef91b6dcd22e8dd9
Validity
Not Before: Mar 18 08:23:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f81f4b6e3e292af65f7819550a5b97c990022e01
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:f1:11:ef:61:53:01:4c:59:05:4a:d5:eb:41:
2a:92:e0:72:74:55:00:e3:52:fe:28:ea:08:5c:4e:
9b:50:ef:5f:9d:d6:e0:aa:66:c1:d3:b3:a8:83:85:
27:58:19:5a:8e:53:9a:95:43:8e:5e:37:ee:af:d9:
f4:ab:75:a4:e8:0e:10:16:25:63:3d:a2:e9:16:d7:
0f:48:56:5f:48:cd:67:22:39:58:c0:d7:84:b8:e4:
9b:0c:d5:dc:76:69:69:a7:48:33:2f:c8:6d:3e:c2:
39:d2:7f:13:08:7f:c8:a8:6e:07:da:b8:d9:14:11:
40:f1:40:6f:2f:d4:67:46:6c:34:96:5c:f8:d0:be:
33:9f:c2:8f:18:7e:1a:15:2f:31:81:80:6b:56:13:
55:31:6e:f4:fd:27:a0:bd:89:73:34:66:d7:03:4e:
8d:ec:11:c6:04:e4:df:0f:46:4e:21:ef:4c:49:2b:
75:85:f2:66:94:e1:fd:96:98:e6:94:81:cf:85:a0:
28:54:2d:c4:ce:18:9d:35:da:29:07:89:7a:5f:83:
c9:5e:4d:fa:c3:2e:20:1a:b3:f4:0b:b0:25:13:df:
2e:90:76:7b:c2:c9:3e:bb:6d:d2:23:0c:4a:fb:d1:
6d:7e:2f:53:7c:b1:a7:36:ed:a4:5d:4f:2b:23:0f:
3f:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:1F:4B:6E:3E:29:2A:F6:5F:78:19:55:0A:5B:97:C9:90:02:2E:01
X509v3 Authority Key Identifier:
keyid:A3:0D:DA:A7:49:4D:69:BA:1C:AC:B4:57:EF:91:B6:DC:D2:2E:8D:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ow3ap0lNabocrLRX75G23NIujdk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/76112c-f17e-4dc1-ba52-6544a2b99817/1/1-B9Lbj4pKvZfeBlVCluXyZACLgE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/76112c-f17e-4dc1-ba52-6544a2b99817/1/ow3ap0lNabocrLRX75G23NIujdk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
134.147.0.0/16
185.73.20.0/22
IPv6:
2a05:3e00::/29
Signature Algorithm: sha256WithRSAEncryption
86:62:95:38:b8:e0:91:04:20:47:50:25:a8:5b:d6:ff:78:25:
5d:e0:06:7b:7d:3c:65:27:6d:32:dc:71:54:56:f3:6b:ea:a0:
5b:fe:8e:95:0f:7a:f3:7b:93:34:ff:d3:83:c9:2d:ec:ae:9b:
df:af:a5:fc:3b:94:cf:eb:a1:47:6f:62:ce:5c:11:59:59:ff:
20:ed:7d:96:d6:b6:e5:97:36:d4:02:cd:08:bf:28:28:b9:73:
31:bd:99:08:55:65:77:12:40:8e:9d:dc:09:0f:ef:25:55:e4:
72:e8:7f:7c:92:9d:67:e0:e0:f6:fa:bb:1a:c8:b4:18:92:9b:
d0:5b:ab:8e:39:bf:b1:32:d4:18:f8:2d:ca:3a:ed:a3:c6:0b:
34:d9:0a:44:78:73:be:9d:46:70:f1:c3:76:b5:e6:79:86:40:
1e:e9:05:a4:b8:63:d8:6e:74:51:be:5d:89:86:87:2b:4d:a4:
bc:fb:96:c4:b0:3f:7e:96:18:3f:66:f6:2f:81:d9:72:d6:dd:
5c:5d:89:be:14:23:12:17:4e:1a:9b:6d:f9:9a:ca:ca:74:d0:
6c:05:71:53:02:0e:10:a0:c4:59:48:4c:38:64:53:34:5d:47:
20:6d:f4:44:eb:04:c7:9d:29:cd:55:06:d8:ec:a0:88:cf:3a:
50:2c:c7:ff
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ0ACu6OmjiC7n62RBbdzI2hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMGRkYWE3NDk0ZDY5YmExY2FjYjQ1N2VmOTFiNmRjZDIy
ZThkZDkwHhcNMjYwMzE4MDgyMzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODFmNGI2ZTNlMjkyYWY2NWY3ODE5NTUwYTViOTdjOTkwMDIyZTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvER72FTAUxZBUrV60EqkuBydFUA
41L+KOoIXE6bUO9fndbgqmbB07Oog4UnWBlajlOalUOOXjfur9n0q3Wk6A4QFiVj
PaLpFtcPSFZfSM1nIjlYwNeEuOSbDNXcdmlpp0gzL8htPsI50n8TCH/IqG4H2rjZ
FBFA8UBvL9RnRmw0llz40L4zn8KPGH4aFS8xgYBrVhNVMW70/SegvYlzNGbXA06N
7BHGBOTfD0ZOIe9MSSt1hfJmlOH9lpjmlIHPhaAoVC3EzhidNdopB4l6X4PJXk36
wy4gGrP0C7AlE98ukHZ7wsk+u23SIwxK+9Ftfi9TfLGnNu2kXU8rIw8/rQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPgfS24+KSr2X3gZVQpbl8mQAi4BMB8GA1UdIwQY
MBaAFKMN2qdJTWm6HKy0V++RttzSLo3ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3czYXAwbE5hYm9jckxSWDc1RzIzTkl1amRrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NjExMmMtZjE3ZS00ZGMxLWJhNTIt
NjU0NGEyYjk5ODE3LzEvMS1COUxiajRwS3ZaZmVCbFZDbHVYeVpBQ0xnRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjEvNzYxMTJjLWYxN2UtNGRjMS1iYTUyLTY1NDRhMmI5OTgx
Ny8xL293M2FwMGxOYWJvY3JMUlg3NUcyM05JdWpkay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAzBggrBgEFBQcBBwEB/wQkMCIwEQQCAAEwCwMDAIaTAwQC
uUkUMA0EAgACMAcDBQMqBT4AMA0GCSqGSIb3DQEBCwUAA4IBAQCGYpU4uOCRBCBH
UCWoW9b/eCVd4AZ7fTxlJ20y3HFUVvNr6qBb/o6VD3rze5M0/9ODyS3srpvfr6X8
O5TP66FHb2LOXBFZWf8g7X2W1rbllzbUAs0IvygouXMxvZkIVWV3EkCOndwJD+8l
VeRy6H98kp1n4OD2+rsayLQYkpvQW6uOOb+xMtQY+C3KOu2jxgs02QpEeHO+nUZw
8cN2teZ5hkAe6QWkuGPYbnRRvl2JhocrTaS8+5bEsD9+lhg/ZvYvgdly1t1cXYm+
FCMSF04am235msrKdNBsBXFTAg4QoMRZSEw4ZFM0XUcgbfRE6wTHnSnNVQbY7KCI
zzpQLMf/
-----END CERTIFICATE-----
Generated at Sat Mar 28 12:18:48 2026 by rpki-client