Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/MkXamkMit0DUCscCJeOeai_2BUE.roa
File: MkXamkMit0DUCscCJeOeai_2BUE.roa (raw, json)
Hash identifier: WMrPqELHvgkrdxREhlBpsAdq+q/gtttubRFmvCN11rs=
Subject key identifier: 32:45:DA:9A:43:22:B7:40:D4:0A:C7:02:25:E3:9E:6A:2F:F6:05:41
Certificate issuer: /CN=dc3884021d1b02e8c16b555743dfeb9da8e48e31
Certificate serial: 019D252869E06E582EDBDB238B8175494BE2
Authority key identifier: DC:38:84:02:1D:1B:02:E8:C1:6B:55:57:43:DF:EB:9D:A8:E4:8E:31
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3DiEAh0bAujBa1VXQ9_rnajkjjE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/MkXamkMit0DUCscCJeOeai_2BUE.roa
Signing time: Wed 25 Mar 2026 13:21:38 +0000
ROA not before: Wed 25 Mar 2026 13:21:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 20853
IP address blocks: 31.31.168.0/21 maxlen: 32
77.95.234.0/23 maxlen: 32
77.95.234.0/24 maxlen: 24
77.95.235.0/24 maxlen: 24
77.95.236.0/22 maxlen: 32
79.133.192.0/19 maxlen: 32
80.72.32.0/20 maxlen: 32
91.250.243.0/24 maxlen: 32
185.7.104.0/22 maxlen: 32
185.30.124.0/22 maxlen: 32
185.40.196.0/22 maxlen: 32
185.73.228.0/22 maxlen: 32
2a00:c90::/32 maxlen: 32
2a05:4480::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/3DiEAh0bAujBa1VXQ9_rnajkjjE.crl
rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/3DiEAh0bAujBa1VXQ9_rnajkjjE.mft
rsync://rpki.ripe.net/repository/DEFAULT/3DiEAh0bAujBa1VXQ9_rnajkjjE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 22:01:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:25:28:69:e0:6e:58:2e:db:db:23:8b:81:75:49:4b:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc3884021d1b02e8c16b555743dfeb9da8e48e31
Validity
Not Before: Mar 25 13:21:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3245da9a4322b740d40ac70225e39e6a2ff60541
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:5c:48:2e:71:59:9a:9f:c2:1f:9b:2f:d8:28:
b8:26:16:ef:09:cf:f7:f1:1c:a4:74:bf:1d:2f:27:
c6:0a:cf:7e:43:11:b9:c1:5d:dd:ce:df:5b:ac:2c:
e9:9a:ff:62:ee:42:30:bf:95:c7:3d:f4:26:ed:8d:
21:76:d4:96:c4:34:4f:13:f8:30:47:61:d1:2b:8e:
ca:77:7e:b3:3c:ca:98:54:4c:f6:a6:31:09:e4:99:
48:da:60:95:a8:dc:af:06:ae:83:ad:70:fb:d1:6c:
8f:51:09:36:bb:4b:bc:76:17:3c:dc:8a:13:6c:92:
98:91:ea:79:db:f0:24:c1:2d:a4:4c:8e:ed:7e:3d:
4c:60:c6:fd:19:5c:b8:43:79:ea:5c:2e:02:0c:48:
ce:a5:47:4d:72:0a:d0:03:c1:c6:b7:a9:71:ae:ea:
3b:57:56:85:41:fd:47:26:f6:bb:6d:bb:93:7e:c9:
30:ea:3e:dc:fe:b7:cb:6a:1c:08:c6:e4:8a:33:61:
a6:91:8a:09:72:f8:1d:4d:1c:49:36:18:4c:f7:24:
c4:5d:cb:a8:00:16:a1:9e:d8:0e:7b:35:43:f7:23:
fe:d9:3b:b4:ba:e8:7d:bf:5c:7b:9d:41:ba:0e:94:
68:dd:f2:37:0c:91:a6:f1:84:ba:ad:49:11:3a:63:
eb:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:45:DA:9A:43:22:B7:40:D4:0A:C7:02:25:E3:9E:6A:2F:F6:05:41
X509v3 Authority Key Identifier:
keyid:DC:38:84:02:1D:1B:02:E8:C1:6B:55:57:43:DF:EB:9D:A8:E4:8E:31
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3DiEAh0bAujBa1VXQ9_rnajkjjE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/MkXamkMit0DUCscCJeOeai_2BUE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/3DiEAh0bAujBa1VXQ9_rnajkjjE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.31.168.0/21
77.95.234.0-77.95.239.255
79.133.192.0/19
80.72.32.0/20
91.250.243.0/24
185.7.104.0/22
185.30.124.0/22
185.40.196.0/22
185.73.228.0/22
IPv6:
2a00:c90::/32
2a05:4480::/29
Signature Algorithm: sha256WithRSAEncryption
a2:68:6b:2b:53:84:00:bf:3b:2d:ce:cd:34:bf:87:3a:3d:8b:
c9:a1:27:1c:1e:3f:1b:ae:a3:fd:2c:89:90:35:d6:55:59:e4:
e6:25:1c:b2:0f:8a:f3:28:fc:01:84:9c:5c:42:a5:fc:a7:b3:
8a:49:15:86:95:69:9e:c5:d1:18:0a:66:8e:9d:3b:1f:7b:cf:
1d:97:f7:93:31:be:78:04:d4:e7:99:a4:d2:25:b6:a9:fa:d7:
4b:56:05:b7:87:3f:83:dd:c1:30:bb:e6:60:69:9b:2d:77:52:
a7:f2:36:ca:e2:94:3f:4b:da:b3:12:87:18:01:c9:f0:f1:96:
45:a0:2f:04:a3:50:9c:2a:61:1a:00:ef:51:ff:4f:2a:58:40:
77:c6:a8:e4:87:cb:3d:eb:a6:03:1d:2f:d0:24:cd:73:dc:b6:
10:c5:d5:9b:d9:a8:9c:77:4e:76:42:ba:81:ff:9c:3d:dc:a4:
e1:60:0b:69:46:cf:5a:fa:af:e3:e2:85:28:2d:90:57:bd:9b:
85:ba:8c:1e:f1:db:d5:d5:98:13:ea:59:cd:02:dd:3f:21:b9:
2e:4d:df:6c:74:99:94:14:d2:3d:c7:48:4a:c8:4d:7d:54:df:
41:db:9d:14:42:e1:b7:e5:cc:ad:80:08:14:d6:ee:1c:cd:1d:
d4:e3:38:f5
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZ0lKGngblgu29sji4F1SUviMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMzg4NDAyMWQxYjAyZThjMTZiNTU1NzQzZGZlYjlkYThl
NDhlMzEwHhcNMjYwMzI1MTMyMTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjQ1ZGE5YTQzMjJiNzQwZDQwYWM3MDIyNWUzOWU2YTJmZjYwNTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVxILnFZmp/CH5sv2Ci4JhbvCc/3
8RykdL8dLyfGCs9+QxG5wV3dzt9brCzpmv9i7kIwv5XHPfQm7Y0hdtSWxDRPE/gw
R2HRK47Kd36zPMqYVEz2pjEJ5JlI2mCVqNyvBq6DrXD70WyPUQk2u0u8dhc83IoT
bJKYkep52/AkwS2kTI7tfj1MYMb9GVy4Q3nqXC4CDEjOpUdNcgrQA8HGt6lxruo7
V1aFQf1HJva7bbuTfskw6j7c/rfLahwIxuSKM2GmkYoJcvgdTRxJNhhM9yTEXcuo
ABahntgOezVD9yP+2Tu0uuh9v1x7nUG6DpRo3fI3DJGm8YS6rUkROmPrcQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFDJF2ppDIrdA1ArHAiXjnmov9gVBMB8GA1UdIwQY
MBaAFNw4hAIdGwLowWtVV0Pf652o5I4xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0RpRUFoMGJBdWpCYTFWWFE5X3JuYWprampFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8wY2IyZjktOGVmOS00ZWViLTk2MmEt
ZDhiNGUwZDBkNmQ1LzEvTWtYYW1rTWl0MERVQ3NjQ0plT2VhaV8yQlVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8wY2IyZjktOGVmOS00ZWViLTk2MmEtZDhiNGUwZDBkNmQ1
LzEvM0RpRUFoMGJBdWpCYTFWWFE5X3JuYWprampFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBEBAIAATA+AwQDHx+oMAwD
BAFNX+oDBARNX+ADBAVPhcADBARQSCADBABb+vMDBAK5B2gDBAK5HnwDBAK5KMQD
BAK5SeQwFAQCAAIwDgMFACoADJADBQMqBUSAMA0GCSqGSIb3DQEBCwUAA4IBAQCi
aGsrU4QAvzstzs00v4c6PYvJoSccHj8brqP9LImQNdZVWeTmJRyyD4rzKPwBhJxc
QqX8p7OKSRWGlWmexdEYCmaOnTsfe88dl/eTMb54BNTnmaTSJbap+tdLVgW3hz+D
3cEwu+ZgaZstd1Kn8jbK4pQ/S9qzEocYAcnw8ZZFoC8Eo1CcKmEaAO9R/08qWEB3
xqjkh8s966YDHS/QJM1z3LYQxdWb2aicd052QrqB/5w93KThYAtpRs9a+q/j4oUo
LZBXvZuFuowe8dvV1ZgT6lnNAt0/IbkuTd9sdJmUFNI9x0hKyE19VN9B250UQuG3
5cytgAgU1u4czR3U4zj1
-----END CERTIFICATE-----
Generated at Thu Mar 26 03:52:33 2026 by rpki-client