Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/b30c04-eefa-4531-90d0-0144fd77ebe4/1/CuP-Ha4tOWBJT0pI4E4cOyq4rrs.roa
File: CuP-Ha4tOWBJT0pI4E4cOyq4rrs.roa (raw, json)
Hash identifier: PnhyGfN8Xq/cQidLwJYXET+Yc1KaRnRUtuvyvf2jYVs=
Subject key identifier: 0A:E3:FE:1D:AE:2D:39:60:49:4F:4A:48:E0:4E:1C:3B:2A:B8:AE:BB
Certificate issuer: /CN=67ba979dd08dbe03c1748a022fa6654d3611940f
Certificate serial: 019CF5F9BA01DD49B820E8E386D099B00536
Authority key identifier: 67:BA:97:9D:D0:8D:BE:03:C1:74:8A:02:2F:A6:65:4D:36:11:94:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z7qXndCNvgPBdIoCL6ZlTTYRlA8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/b30c04-eefa-4531-90d0-0144fd77ebe4/1/CuP-Ha4tOWBJT0pI4E4cOyq4rrs.roa
Signing time: Mon 16 Mar 2026 09:28:29 +0000
ROA not before: Mon 16 Mar 2026 09:28:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 39175
IP address blocks: 139.28.108.0/22 maxlen: 22
176.110.108.0/24 maxlen: 24
185.249.36.0/22 maxlen: 22
194.48.155.0/24 maxlen: 24
2a09:d340::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/b30c04-eefa-4531-90d0-0144fd77ebe4/1/Z7qXndCNvgPBdIoCL6ZlTTYRlA8.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/b30c04-eefa-4531-90d0-0144fd77ebe4/1/Z7qXndCNvgPBdIoCL6ZlTTYRlA8.mft
rsync://rpki.ripe.net/repository/DEFAULT/Z7qXndCNvgPBdIoCL6ZlTTYRlA8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 15:17:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:f5:f9:ba:01:dd:49:b8:20:e8:e3:86:d0:99:b0:05:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67ba979dd08dbe03c1748a022fa6654d3611940f
Validity
Not Before: Mar 16 09:28:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0ae3fe1dae2d3960494f4a48e04e1c3b2ab8aebb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:0d:0b:77:b0:c6:dc:fe:cd:4e:be:8a:f3:37:
58:7a:e0:37:41:03:99:58:2c:61:c5:c5:b9:fa:46:
7c:00:ec:d3:b1:3b:49:04:94:3e:d5:51:47:6b:fb:
5c:1d:e0:ca:95:18:f0:ae:53:e0:80:7d:5e:8a:c3:
d6:08:55:39:fc:cd:f0:58:1f:88:de:79:88:6e:ec:
1c:51:16:7b:7a:be:81:94:11:bf:21:79:32:41:33:
22:7b:45:e7:40:a9:5b:b5:37:7a:da:95:df:f9:bd:
e4:6c:95:10:4d:8d:17:85:e0:f5:9f:1f:a6:df:86:
75:b8:b6:a9:ac:17:5f:5f:21:4b:ae:0a:3e:0f:0f:
d1:4f:95:d5:d3:17:38:36:8e:dc:ee:ac:7f:8d:f3:
de:29:5f:e1:92:c7:08:16:64:7e:5c:f9:d3:bf:13:
1f:93:1e:78:7a:4c:60:f3:43:d9:78:fa:af:e2:06:
c6:aa:a4:35:1c:d2:a5:5c:3c:b4:2b:f1:97:6a:87:
8c:ab:5c:e2:c3:f3:34:e5:bb:f5:e9:b9:51:ee:74:
13:e5:a3:cd:c4:1d:1b:23:1e:ed:14:16:73:7b:2c:
c3:79:03:32:65:dd:a7:ec:c6:d0:06:ee:c3:a1:cc:
c4:33:45:19:b2:a9:cf:65:dc:27:56:ce:fd:0e:d4:
d6:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:E3:FE:1D:AE:2D:39:60:49:4F:4A:48:E0:4E:1C:3B:2A:B8:AE:BB
X509v3 Authority Key Identifier:
keyid:67:BA:97:9D:D0:8D:BE:03:C1:74:8A:02:2F:A6:65:4D:36:11:94:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7qXndCNvgPBdIoCL6ZlTTYRlA8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/b30c04-eefa-4531-90d0-0144fd77ebe4/1/CuP-Ha4tOWBJT0pI4E4cOyq4rrs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/b30c04-eefa-4531-90d0-0144fd77ebe4/1/Z7qXndCNvgPBdIoCL6ZlTTYRlA8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
139.28.108.0/22
176.110.108.0/24
185.249.36.0/22
194.48.155.0/24
IPv6:
2a09:d340::/29
Signature Algorithm: sha256WithRSAEncryption
8a:54:f0:0b:4d:0d:e9:05:1f:27:ad:6d:00:ee:d0:9d:12:9f:
4f:1d:d6:70:e5:0d:c7:87:cc:a8:d9:4a:5e:96:61:3b:42:92:
bb:f6:f1:c8:f8:8f:f5:aa:80:86:5f:99:d3:2f:ad:71:56:cd:
8b:b2:31:dc:96:b7:16:ce:7d:42:37:28:d2:a0:a3:f9:11:35:
1d:af:be:fb:1a:db:db:36:dd:b1:9e:93:88:f6:42:0c:44:68:
9e:cb:0a:95:73:ba:ab:ab:aa:5b:5a:a6:80:d2:2f:39:24:0b:
92:72:b3:64:de:bb:36:91:ae:74:e1:b4:15:e9:fd:27:f8:45:
1a:f0:47:16:79:a6:22:d9:51:96:ad:59:13:a1:15:7c:cb:67:
c0:e5:d4:a8:f6:a8:07:b4:48:10:4a:ae:61:b9:8a:e6:c2:2b:
b5:0d:9f:ff:55:96:38:43:b3:89:56:8e:24:93:b8:7b:29:fe:
76:e6:21:bc:71:c0:79:b0:b3:c6:fd:4f:a8:ca:5f:74:a3:3c:
3a:76:ee:3b:8d:b0:5d:4b:fd:85:18:d7:46:98:1f:b9:57:9c:
fc:81:1b:b1:e0:ff:4b:52:35:79:74:53:9a:1e:5d:23:3d:50:
d7:f4:20:90:82:7a:09:23:2f:27:ea:90:ff:8c:32:2a:ac:6c:
ce:c8:d5:e8
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZz1+boB3Um4IOjjhtCZsAU2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YmE5NzlkZDA4ZGJlMDNjMTc0OGEwMjJmYTY2NTRkMzYx
MTk0MGYwHhcNMjYwMzE2MDkyODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWUzZmUxZGFlMmQzOTYwNDk0ZjRhNDhlMDRlMWMzYjJhYjhhZWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyw0Ld7DG3P7NTr6K8zdYeuA3QQOZ
WCxhxcW5+kZ8AOzTsTtJBJQ+1VFHa/tcHeDKlRjwrlPggH1eisPWCFU5/M3wWB+I
3nmIbuwcURZ7er6BlBG/IXkyQTMie0XnQKlbtTd62pXf+b3kbJUQTY0XheD1nx+m
34Z1uLaprBdfXyFLrgo+Dw/RT5XV0xc4No7c7qx/jfPeKV/hkscIFmR+XPnTvxMf
kx54ekxg80PZePqv4gbGqqQ1HNKlXDy0K/GXaoeMq1ziw/M05bv16blR7nQT5aPN
xB0bIx7tFBZzeyzDeQMyZd2n7MbQBu7DoczEM0UZsqnPZdwnVs79DtTWGQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFArj/h2uLTlgSU9KSOBOHDsquK67MB8GA1UdIwQY
MBaAFGe6l53Qjb4DwXSKAi+mZU02EZQPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdxWG5kQ052Z1BCZElvQ0w2WmxUVFlSbEE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9iMzBjMDQtZWVmYS00NTMxLTkwZDAt
MDE0NGZkNzdlYmU0LzEvQ3VQLUhhNHRPV0JKVDBwSTRFNGNPeXE0cnJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9iMzBjMDQtZWVmYS00NTMxLTkwZDAtMDE0NGZkNzdlYmU0
LzEvWjdxWG5kQ052Z1BCZElvQ0w2WmxUVFlSbEE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCixxsAwQA
sG5sAwQCufkkAwQAwjCbMA0EAgACMAcDBQMqCdNAMA0GCSqGSIb3DQEBCwUAA4IB
AQCKVPALTQ3pBR8nrW0A7tCdEp9PHdZw5Q3Hh8yo2UpelmE7QpK79vHI+I/1qoCG
X5nTL61xVs2LsjHclrcWzn1CNyjSoKP5ETUdr777GtvbNt2xnpOI9kIMRGieywqV
c7qrq6pbWqaA0i85JAuScrNk3rs2ka504bQV6f0n+EUa8EcWeaYi2VGWrVkToRV8
y2fA5dSo9qgHtEgQSq5huYrmwiu1DZ//VZY4Q7OJVo4kk7h7Kf525iG8ccB5sLPG
/U+oyl90ozw6du47jbBdS/2FGNdGmB+5V5z8gRux4P9LUjV5dFOaHl0jPVDX9CCQ
gnoJIy8n6pD/jDIqrGzOyNXo
-----END CERTIFICATE-----
Generated at Wed Mar 25 23:02:03 2026 by rpki-client