Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/xUHiwbmdxyG7zhauG_jIHmi1gno.roa
File: xUHiwbmdxyG7zhauG_jIHmi1gno.roa (raw, json)
Hash identifier: 03dvwh0NeW2YpGtwR7ObeLzcikhW32DldU3aMDZzsfI=
Subject key identifier: C5:41:E2:C1:B9:9D:C7:21:BB:CE:16:AE:1B:F8:C8:1E:68:B5:82:7A
Certificate issuer: /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial: 019D0479456DE3F39DCC3BFC0C0D2BD180EE
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/xUHiwbmdxyG7zhauG_jIHmi1gno.roa
Signing time: Thu 19 Mar 2026 05:02:29 +0000
ROA not before: Thu 19 Mar 2026 05:02:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 63150
IP address blocks: 77.93.89.0/24 maxlen: 24
77.93.90.0/24 maxlen: 24
85.149.208.0/21 maxlen: 24
2a14:7dc0:200::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 06:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:04:79:45:6d:e3:f3:9d:cc:3b:fc:0c:0d:2b:d1:80:ee
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Validity
Not Before: Mar 19 05:02:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c541e2c1b99dc721bbce16ae1bf8c81e68b5827a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:b4:1a:18:3c:e6:d8:1a:c1:0f:0f:e9:bb:d8:
33:80:a6:b8:5e:5c:09:7e:88:d9:8e:c6:80:be:83:
3c:11:fc:c4:d3:db:c9:17:c2:41:39:90:d0:ce:36:
c3:c1:e8:d0:fe:62:80:81:9e:3f:91:6a:76:1a:7e:
d4:0b:8d:b6:73:56:36:6e:f8:85:c2:05:ac:a6:41:
be:95:d5:70:44:91:30:82:b8:be:a6:38:01:40:6f:
cc:93:0d:6d:b9:2e:a5:c6:0a:1d:61:37:d4:8f:0d:
3d:3c:43:8a:1d:4c:a5:24:e8:c5:19:da:80:11:89:
b4:df:ec:6e:51:f4:c6:f3:10:aa:d4:44:2d:9e:f0:
3d:d8:93:0a:b3:39:6e:17:37:0d:69:b0:51:64:29:
58:4d:4a:1b:f8:f9:80:46:d2:e9:e4:8d:cc:57:19:
9b:21:26:eb:bd:92:a5:b4:ac:99:bb:1e:d8:cf:e8:
d8:d4:ce:e9:0d:fa:3b:09:af:d0:37:10:36:b3:6f:
57:ea:be:ed:29:bb:17:98:9e:5f:28:e7:53:47:4c:
34:16:55:df:ee:a3:ec:7d:82:e2:4f:44:6c:cc:01:
ed:80:34:b6:0c:e1:1c:49:43:50:e8:15:bc:46:a7:
c6:2d:5d:d6:14:fc:5c:b7:41:e8:7a:c9:46:c6:b5:
64:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:41:E2:C1:B9:9D:C7:21:BB:CE:16:AE:1B:F8:C8:1E:68:B5:82:7A
X509v3 Authority Key Identifier:
keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/xUHiwbmdxyG7zhauG_jIHmi1gno.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.93.89.0-77.93.90.255
85.149.208.0/21
IPv6:
2a14:7dc0:200::/40
Signature Algorithm: sha256WithRSAEncryption
5d:45:aa:90:a5:77:4f:7b:19:5f:e8:a6:d2:4b:15:59:06:9a:
c8:85:6d:bc:f3:b8:87:3a:eb:d4:01:a1:10:b6:ea:65:3c:92:
53:cb:6b:32:ca:35:88:cb:47:23:e1:2e:ea:66:9c:fd:9e:ef:
c1:3e:a7:21:b5:dd:c3:93:8d:65:94:d8:ed:76:bc:cb:93:7c:
af:8f:2b:e0:bc:fe:d6:f8:4b:46:80:52:4d:f5:35:3f:40:5e:
d4:7b:42:f5:c6:e3:8d:8b:83:d9:e6:54:b8:aa:8d:a1:eb:83:
8e:84:75:ea:5c:a9:ec:e4:f9:bb:8e:97:3d:e4:46:2b:36:f4:
71:49:f3:74:db:ec:57:b6:fa:de:f6:0d:10:9c:08:be:79:b4:
1e:ad:72:9d:19:c5:ab:c4:11:86:00:09:ad:f0:ac:3e:60:55:
3a:5b:00:46:31:af:55:21:f9:79:76:f1:b0:f9:85:88:04:7d:
e1:6f:ad:d0:96:0e:db:4b:8f:eb:96:3e:e6:67:55:66:fc:b2:
f7:ba:fb:87:98:fe:ad:35:a6:ea:f4:dc:62:75:04:2d:f2:b0:
b4:da:4b:0d:c0:60:1c:9b:5e:29:ce:3f:d9:2c:89:46:de:9b:
f8:86:29:4f:ac:99:e8:a3:06:3f:55:cc:19:97:34:a9:0b:5e:
ef:3d:a8:f0
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ0EeUVt4/OdzDv8DA0r0YDuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjYwMzE5MDUwMjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTQxZTJjMWI5OWRjNzIxYmJjZTE2YWUxYmY4YzgxZTY4YjU4MjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrQaGDzm2BrBDw/pu9gzgKa4XlwJ
fojZjsaAvoM8EfzE09vJF8JBOZDQzjbDwejQ/mKAgZ4/kWp2Gn7UC422c1Y2bviF
wgWspkG+ldVwRJEwgri+pjgBQG/Mkw1tuS6lxgodYTfUjw09PEOKHUylJOjFGdqA
EYm03+xuUfTG8xCq1EQtnvA92JMKszluFzcNabBRZClYTUob+PmARtLp5I3MVxmb
ISbrvZKltKyZux7Yz+jY1M7pDfo7Ca/QNxA2s29X6r7tKbsXmJ5fKOdTR0w0FlXf
7qPsfYLiT0RszAHtgDS2DOEcSUNQ6BW8RqfGLV3WFPxct0HoeslGxrVkqwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFMVB4sG5ncchu84Wrhv4yB5otYJ6MB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEveFVIaXdibWR4eUc3emhhdUdfaklIbWkxZ25vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAaBAIAATAUMAwDBABNXVkD
BABNXVoDBANVldAwDgQCAAIwCAMGACoUfcACMA0GCSqGSIb3DQEBCwUAA4IBAQBd
RaqQpXdPexlf6KbSSxVZBprIhW2887iHOuvUAaEQtuplPJJTy2syyjWIy0cj4S7q
Zpz9nu/BPqchtd3Dk41llNjtdrzLk3yvjyvgvP7W+EtGgFJN9TU/QF7Ue0L1xuON
i4PZ5lS4qo2h64OOhHXqXKns5Pm7jpc95EYrNvRxSfN02+xXtvre9g0QnAi+ebQe
rXKdGcWrxBGGAAmt8Kw+YFU6WwBGMa9VIfl5dvGw+YWIBH3hb63Qlg7bS4/rlj7m
Z1Vm/LL3uvuHmP6tNabq9NxidQQt8rC02ksNwGAcm14pzj/ZLIlG3pv4hilPrJno
owY/VcwZlzSpC17vPajw
-----END CERTIFICATE-----
Generated at Thu Mar 26 17:28:31 2026 by rpki-client