Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/722ccd-47c2-4b48-b957-bc5d3c91673b/1/nTO_7v382DQXa1KT96uc5_krM68.roa
File: nTO_7v382DQXa1KT96uc5_krM68.roa (raw, json)
Hash identifier: lvxYvuFUrUzZ06gSOq8z2zV5Teg8Jnnl+h1rg47zK30=
Subject key identifier: 9D:33:BF:EE:FD:FC:D8:34:17:6B:52:93:F7:AB:9C:E7:F9:2B:33:AF
Certificate issuer: /CN=4cd3f4e567fd541e5af0c9e88d11a90d3e21d467
Certificate serial: 019CF73EBE02E866B6B02A3B5A35991DEAB7
Authority key identifier: 4C:D3:F4:E5:67:FD:54:1E:5A:F0:C9:E8:8D:11:A9:0D:3E:21:D4:67
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TNP05Wf9VB5a8MnojRGpDT4h1Gc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b5/722ccd-47c2-4b48-b957-bc5d3c91673b/1/nTO_7v382DQXa1KT96uc5_krM68.roa
Signing time: Mon 16 Mar 2026 15:23:30 +0000
ROA not before: Mon 16 Mar 2026 15:23:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 204527
IP address blocks: 185.130.5.0/24 maxlen: 24
185.130.6.0/24 maxlen: 24
185.130.7.0/24 maxlen: 24
2a07:db01::/48 maxlen: 48
2a07:db01:1::/48 maxlen: 48
2a07:db01:3::/48 maxlen: 48
2a07:db01:4::/48 maxlen: 48
2a07:db01:40::/42 maxlen: 42
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b5/722ccd-47c2-4b48-b957-bc5d3c91673b/1/TNP05Wf9VB5a8MnojRGpDT4h1Gc.crl
rsync://rpki.ripe.net/repository/DEFAULT/b5/722ccd-47c2-4b48-b957-bc5d3c91673b/1/TNP05Wf9VB5a8MnojRGpDT4h1Gc.mft
rsync://rpki.ripe.net/repository/DEFAULT/TNP05Wf9VB5a8MnojRGpDT4h1Gc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 18:01:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:f7:3e:be:02:e8:66:b6:b0:2a:3b:5a:35:99:1d:ea:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4cd3f4e567fd541e5af0c9e88d11a90d3e21d467
Validity
Not Before: Mar 16 15:23:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9d33bfeefdfcd834176b5293f7ab9ce7f92b33af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:b2:1f:c2:f3:4b:df:2b:8e:e5:ff:7e:9e:3d:
f0:e8:b4:d4:9f:fa:14:73:5a:e6:69:b4:eb:80:9e:
e9:96:1c:d4:f6:73:12:5e:d9:16:ad:fa:ce:7a:a0:
25:b0:eb:e2:09:44:b4:24:a4:d2:12:d6:8b:f1:69:
56:52:e3:9d:3d:65:0a:e6:6b:c1:14:87:a8:8b:b2:
be:50:63:66:ad:1a:f9:8b:d8:f9:7f:e9:6b:04:c7:
ae:d2:48:a8:bb:d0:79:a7:4c:71:dd:7e:d5:e7:fb:
8d:3c:81:0c:ad:ff:d3:95:7f:5b:72:34:d4:dd:ca:
7e:2d:39:93:d0:45:08:59:18:5f:24:99:fd:75:30:
c9:0c:67:6f:df:f2:97:41:d8:6a:ca:88:2d:82:89:
8d:2e:dd:f1:8c:17:f9:1a:22:88:41:b9:64:d5:8a:
10:d1:e7:2f:0a:da:51:a5:50:d9:27:c3:fc:32:38:
a5:7a:78:a3:d2:b2:a2:f7:ca:85:7c:5b:d2:1b:d3:
45:b6:03:ef:ab:32:25:cf:ef:53:3c:38:37:c5:f7:
d4:91:fe:c5:8f:01:c3:91:54:69:dc:cb:51:df:8b:
ac:c3:a0:79:92:ba:af:17:f3:25:4e:fb:92:9f:18:
9f:cf:d7:12:e8:06:e3:5d:4d:6e:78:3a:10:05:b3:
c5:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:33:BF:EE:FD:FC:D8:34:17:6B:52:93:F7:AB:9C:E7:F9:2B:33:AF
X509v3 Authority Key Identifier:
keyid:4C:D3:F4:E5:67:FD:54:1E:5A:F0:C9:E8:8D:11:A9:0D:3E:21:D4:67
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TNP05Wf9VB5a8MnojRGpDT4h1Gc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/722ccd-47c2-4b48-b957-bc5d3c91673b/1/nTO_7v382DQXa1KT96uc5_krM68.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/722ccd-47c2-4b48-b957-bc5d3c91673b/1/TNP05Wf9VB5a8MnojRGpDT4h1Gc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.130.5.0-185.130.7.255
IPv6:
2a07:db01::/47
2a07:db01:3::-2a07:db01:4:ffff:ffff:ffff:ffff:ffff
2a07:db01:40::/42
Signature Algorithm: sha256WithRSAEncryption
a5:95:40:69:d6:48:18:2d:e4:4c:1a:fc:88:40:9a:59:d8:47:
76:6a:36:24:37:4f:d6:3f:5d:7e:11:d0:f0:45:cd:c3:d2:4f:
04:bf:c6:fa:d9:65:7e:09:30:e7:70:71:36:21:ef:18:25:6b:
bd:8d:ac:a0:13:53:e6:1c:8e:43:38:2b:92:09:c3:bd:f3:ac:
6c:db:a1:8d:92:cd:6d:29:f0:f8:13:f6:c3:74:20:d9:c5:97:
7e:7a:7c:e7:58:c7:fe:95:7f:3a:9a:f1:8b:23:24:0d:23:38:
79:00:94:23:4e:80:21:58:38:62:31:2c:97:ee:4f:e2:f7:40:
cf:f8:81:1b:79:93:be:c1:a0:88:f0:98:7f:60:24:2c:ab:9f:
da:50:d0:a3:4b:84:dd:fd:97:be:9c:ae:1b:b2:e1:52:d0:c9:
06:db:54:10:7b:2f:b3:f0:9b:da:01:04:80:cf:78:4d:39:e1:
7f:31:cc:fc:20:8b:52:66:84:0d:35:79:56:45:12:c3:ca:80:
19:9b:c5:80:2e:0c:cf:1c:18:39:9a:fe:64:49:91:42:d4:cb:
4f:30:0e:a8:06:ea:b8:4b:54:2e:ba:1c:a0:c7:88:56:9e:12:
29:84:0d:17:98:99:ca:0b:f0:b1:53:0a:a2:ae:f5:23:15:06:
45:e5:9d:f8
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZz3Pr4C6Ga2sCo7WjWZHeq3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZDNmNGU1NjdmZDU0MWU1YWYwYzllODhkMTFhOTBkM2Uy
MWQ0NjcwHhcNMjYwMzE2MTUyMzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDMzYmZlZWZkZmNkODM0MTc2YjUyOTNmN2FiOWNlN2Y5MmIzM2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobIfwvNL3yuO5f9+nj3w6LTUn/oU
c1rmabTrgJ7plhzU9nMSXtkWrfrOeqAlsOviCUS0JKTSEtaL8WlWUuOdPWUK5mvB
FIeoi7K+UGNmrRr5i9j5f+lrBMeu0kiou9B5p0xx3X7V5/uNPIEMrf/TlX9bcjTU
3cp+LTmT0EUIWRhfJJn9dTDJDGdv3/KXQdhqyogtgomNLt3xjBf5GiKIQblk1YoQ
0ecvCtpRpVDZJ8P8Mjilenij0rKi98qFfFvSG9NFtgPvqzIlz+9TPDg3xffUkf7F
jwHDkVRp3MtR34usw6B5krqvF/MlTvuSnxifz9cS6AbjXU1ueDoQBbPFgQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFJ0zv+79/Ng0F2tSk/ernOf5KzOvMB8GA1UdIwQY
MBaAFEzT9OVn/VQeWvDJ6I0RqQ0+IdRnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVE5QMDVXZjlWQjVhOE1ub2pSR3BEVDRoMUdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS83MjJjY2QtNDdjMi00YjQ4LWI5NTct
YmM1ZDNjOTE2NzNiLzEvblRPXzd2MzgyRFFYYTFLVDk2dWM1X2tyTTY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS83MjJjY2QtNDdjMi00YjQ4LWI5NTctYmM1ZDNjOTE2NzNi
LzEvVE5QMDVXZjlWQjVhOE1ub2pSR3BEVDRoMUdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAUBAIAATAOMAwDBAC5ggUD
BAO5ggAwLAQCAAIwJgMHASoH2wEAADASAwcAKgfbAQADAwcAKgfbAQAEAwcGKgfb
AQBAMA0GCSqGSIb3DQEBCwUAA4IBAQCllUBp1kgYLeRMGvyIQJpZ2Ed2ajYkN0/W
P11+EdDwRc3D0k8Ev8b62WV+CTDncHE2Ie8YJWu9jaygE1PmHI5DOCuSCcO986xs
26GNks1tKfD4E/bDdCDZxZd+enznWMf+lX86mvGLIyQNIzh5AJQjToAhWDhiMSyX
7k/i90DP+IEbeZO+waCI8Jh/YCQsq5/aUNCjS4Td/Ze+nK4bsuFS0MkG21QQey+z
8JvaAQSAz3hNOeF/Mcz8IItSZoQNNXlWRRLDyoAZm8WALgzPHBg5mv5kSZFC1MtP
MA6oBuq4S1Quuhygx4hWnhIphA0XmJnKC/CxUwqirvUjFQZF5Z34
-----END CERTIFICATE-----
Generated at Fri Mar 27 05:13:26 2026 by rpki-client