Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/dfGhr_QpC7PXnSoC1F37CSecH5I.roa
File: dfGhr_QpC7PXnSoC1F37CSecH5I.roa (raw, json)
Hash identifier: YCVMunTjeNWDVxvbJDfGX3ZIWgOmoISgA4k5wcOQnHk=
Subject key identifier: 75:F1:A1:AF:F4:29:0B:B3:D7:9D:2A:02:D4:5D:FB:09:27:9C:1F:92
Certificate issuer: /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial: 019E1AC98D55CFBA63FA2B1961C5A168FECB
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/dfGhr_QpC7PXnSoC1F37CSecH5I.roa
Signing time: Tue 12 May 2026 06:04:36 +0000
ROA not before: Tue 12 May 2026 06:04:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 834
IP address blocks: 91.234.22.0/24 maxlen: 24
194.59.6.0/24 maxlen: 24
194.59.7.0/24 maxlen: 24
194.59.9.0/24 maxlen: 24
194.116.235.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:1a:c9:8d:55:cf:ba:63:fa:2b:19:61:c5:a1:68:fe:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Validity
Not Before: May 12 06:04:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=75f1a1aff4290bb3d79d2a02d45dfb09279c1f92
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:cd:98:20:49:ed:cb:09:1d:9c:ff:63:5e:70:
90:cc:28:2b:a5:84:c0:f4:79:2f:0a:40:b2:a6:67:
43:7b:8b:12:5f:b7:31:77:6d:cf:23:2e:92:44:2d:
c4:46:3b:d2:01:df:a4:48:c5:42:8c:72:36:03:fb:
b8:f6:b3:6e:06:33:55:df:2d:da:2f:6b:62:01:c1:
d9:98:cc:4a:bf:80:e4:31:cc:0b:85:4b:86:4c:ad:
e9:8f:3b:1f:7d:37:76:18:ba:92:9b:68:24:d1:b4:
d9:d1:9c:f2:f2:d1:97:57:79:d1:17:04:4c:ea:d6:
67:47:d0:68:c7:75:7b:8a:15:eb:af:2d:12:4c:ff:
71:1d:66:84:ba:3e:d9:13:50:07:e8:e1:df:e1:44:
0b:8a:b0:12:6e:98:4b:a2:39:ef:5d:2d:6b:92:e4:
a9:28:00:4e:89:6b:b6:14:4a:eb:9b:22:19:b4:23:
5c:e9:ac:1e:0b:60:5b:ed:af:b2:83:a3:93:5e:6e:
cc:73:1b:19:85:4b:e7:00:6e:bf:ba:2f:1b:b9:51:
d5:9a:6a:3d:c2:96:27:78:91:3d:7a:81:f2:f1:7f:
c5:e5:3d:59:d7:f2:53:66:bc:f2:b7:c6:15:e3:6c:
c1:f1:5c:3a:73:b7:bc:e7:11:21:58:9b:4f:ee:b8:
25:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:F1:A1:AF:F4:29:0B:B3:D7:9D:2A:02:D4:5D:FB:09:27:9C:1F:92
X509v3 Authority Key Identifier:
keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/dfGhr_QpC7PXnSoC1F37CSecH5I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.234.22.0/24
194.59.6.0/23
194.59.9.0/24
194.116.235.0/24
Signature Algorithm: sha256WithRSAEncryption
16:f3:58:9e:b5:71:3c:cf:49:f2:69:df:67:b1:88:b3:ea:10:
da:c5:1f:ae:52:ad:8e:48:25:67:1b:e0:64:86:04:2a:81:a9:
7c:cc:14:e5:d6:61:87:6a:f3:61:40:0a:03:0c:6c:fc:f1:91:
7d:2f:b0:b4:ac:11:6a:f3:b7:67:f4:57:0d:d1:dd:9e:37:24:
f4:f3:5a:37:60:86:b4:70:73:a6:e7:cd:4b:18:c6:20:86:75:
33:b1:93:21:b0:4a:e7:d3:d0:55:77:0f:ee:89:42:a5:0c:33:
8c:e4:f8:38:ef:e5:cb:a9:8f:f2:7e:40:37:84:40:cc:3f:ca:
eb:c5:e7:63:37:52:dd:27:c9:d9:6e:f5:91:de:21:8e:f9:bd:
df:dc:07:bb:66:91:7e:89:7b:bd:fc:34:87:d9:51:e0:80:b6:
84:fa:14:c9:23:01:10:7f:a8:34:6e:27:5e:1d:20:29:5a:8a:
a4:93:cc:61:9c:5f:f0:49:bf:c4:fb:0b:a5:95:a4:85:50:57:
67:9c:33:a3:d8:0e:da:75:ee:55:f9:38:ef:a8:ae:5c:28:b5:
c5:07:f6:ce:62:a8:fb:cf:d3:7f:6e:1d:57:3b:f0:42:0c:33:
2f:e8:f0:ea:e1:54:ea:e3:3a:05:62:6b:63:2d:a1:07:0b:35:
c9:9e:a6:86
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ4ayY1Vz7pj+isZYcWhaP7LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjYwNTEyMDYwNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWYxYTFhZmY0MjkwYmIzZDc5ZDJhMDJkNDVkZmIwOTI3OWMxZjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsc2YIEntywkdnP9jXnCQzCgrpYTA
9HkvCkCypmdDe4sSX7cxd23PIy6SRC3ERjvSAd+kSMVCjHI2A/u49rNuBjNV3y3a
L2tiAcHZmMxKv4DkMcwLhUuGTK3pjzsffTd2GLqSm2gk0bTZ0Zzy8tGXV3nRFwRM
6tZnR9Box3V7ihXrry0STP9xHWaEuj7ZE1AH6OHf4UQLirASbphLojnvXS1rkuSp
KABOiWu2FErrmyIZtCNc6aweC2Bb7a+yg6OTXm7McxsZhUvnAG6/ui8buVHVmmo9
wpYneJE9eoHy8X/F5T1Z1/JTZrzyt8YV42zB8Vw6c7e85xEhWJtP7rglOQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHXxoa/0KQuz150qAtRd+wknnB+SMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvZGZHaHJfUXBDN1BYblNvQzFGMzdDU2VjSDVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW+oWAwQB
wjsGAwQAwjsJAwQAwnTrMA0GCSqGSIb3DQEBCwUAA4IBAQAW81ietXE8z0nyad9n
sYiz6hDaxR+uUq2OSCVnG+BkhgQqgal8zBTl1mGHavNhQAoDDGz88ZF9L7C0rBFq
87dn9FcN0d2eNyT081o3YIa0cHOm581LGMYghnUzsZMhsErn09BVdw/uiUKlDDOM
5Pg47+XLqY/yfkA3hEDMP8rrxedjN1LdJ8nZbvWR3iGO+b3f3Ae7ZpF+iXu9/DSH
2VHggLaE+hTJIwEQf6g0bideHSApWoqkk8xhnF/wSb/E+wullaSFUFdnnDOj2A7a
de5V+TjvqK5cKLXFB/bOYqj7z9N/bh1XO/BCDDMv6PDq4VTq4zoFYmtjLaEHCzXJ
nqaG
-----END CERTIFICATE-----
Generated at Tue May 12 22:32:22 2026 by rpki-client