Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/r-spS_s4o3tHQBEBuSgZxxRzODk.roa
File: r-spS_s4o3tHQBEBuSgZxxRzODk.roa (raw, json)
Hash identifier: r+m8p33XcobkJHbwUm4VvDqKa1R52exPo6p81YpRS1w=
Subject key identifier: AF:EB:29:4B:FB:38:A3:7B:47:40:11:01:B9:28:19:C7:14:73:38:39
Certificate issuer: /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial: 019D0D858F2B1195766CB3B37C9404E0F9A0
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/r-spS_s4o3tHQBEBuSgZxxRzODk.roa
Signing time: Fri 20 Mar 2026 23:12:29 +0000
ROA not before: Fri 20 Mar 2026 23:12:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 13213
IP address blocks: 45.67.146.0/24 maxlen: 24
185.52.136.0/24 maxlen: 24
185.205.206.0/24 maxlen: 24
185.208.152.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 20:01:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:0d:85:8f:2b:11:95:76:6c:b3:b3:7c:94:04:e0:f9:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Validity
Not Before: Mar 20 23:12:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=afeb294bfb38a37b47401101b92819c714733839
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:cb:da:c8:c5:82:4d:64:79:af:0d:dc:41:cd:
ab:7b:2c:d4:be:85:47:72:6d:e9:b5:70:29:af:c0:
d1:ad:af:5b:02:e4:95:86:a5:24:a9:8e:76:44:32:
ed:37:e3:9b:2d:52:c7:f6:99:56:40:01:d1:d6:9e:
2a:94:dd:eb:71:6d:e2:19:65:b8:4c:b6:f0:84:f7:
c1:e3:0e:aa:6d:66:5d:0d:11:e6:a9:fd:db:36:f7:
a0:61:cd:81:32:18:e9:17:c9:dc:19:a1:c2:04:41:
98:66:4a:34:2e:1b:ce:54:fa:7c:9d:31:f4:df:bb:
d5:bd:44:0c:0d:28:ae:44:83:76:fc:14:05:b9:75:
40:ad:81:4b:c9:e9:c8:84:19:7a:79:36:64:d0:56:
c7:2f:05:cc:8b:b9:91:06:7d:0f:9b:18:ed:88:45:
c3:dd:c0:0c:a5:49:79:88:94:bc:c5:0e:e9:c6:f1:
18:b7:42:3b:e5:21:48:57:37:b8:97:02:1d:1f:de:
5c:c9:bf:b3:73:8f:97:32:61:df:fc:64:91:84:82:
17:97:53:ff:4f:f0:0e:c7:ce:3d:8e:49:70:ce:63:
77:7e:66:08:7f:f9:51:a8:aa:3f:19:60:c7:fb:7c:
5d:51:78:c7:03:0a:cd:32:79:a2:3f:b5:98:fd:62:
e6:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:EB:29:4B:FB:38:A3:7B:47:40:11:01:B9:28:19:C7:14:73:38:39
X509v3 Authority Key Identifier:
keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/r-spS_s4o3tHQBEBuSgZxxRzODk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.67.146.0/24
185.52.136.0/24
185.205.206.0/24
185.208.152.0/24
Signature Algorithm: sha256WithRSAEncryption
2f:22:b9:a1:5e:a7:92:82:ae:93:08:c7:fe:09:4b:1e:91:21:
9a:8e:96:d2:7c:1f:86:d7:93:7e:99:0e:63:f2:d0:19:72:4b:
31:2d:64:ef:a9:14:0e:13:0a:b6:74:0d:04:e1:c9:f3:e6:d6:
fc:dc:9d:32:bf:97:f4:70:4b:f8:ba:e1:5f:5e:19:54:8d:a2:
c7:7c:b6:2d:93:2a:81:bf:bb:56:f2:fa:ad:37:5f:9c:4a:ef:
cb:d1:de:70:cc:ff:1d:26:4f:b4:a5:3e:0e:a8:8d:66:ec:d9:
ba:74:ef:f3:1b:1f:ed:e9:83:db:49:ad:b0:30:a9:c2:1a:5d:
38:53:dc:f6:35:40:65:63:e5:b9:8b:b7:20:b9:18:1c:a2:ab:
93:d2:fd:9a:bd:a4:96:9a:05:a9:02:13:a2:98:70:05:17:fa:
fa:0e:35:65:40:0b:1a:67:1a:9f:eb:1f:fc:58:4a:3a:35:99:
a7:45:fc:49:a3:44:b2:66:d1:3c:21:dc:84:73:e8:bb:de:09:
0a:f7:94:06:b8:27:97:c9:01:0a:13:83:c6:ff:10:c6:4d:39:
de:8a:cd:fe:c7:45:ed:41:f6:d7:50:43:bb:4e:07:aa:20:77:
63:94:5d:01:97:1c:df:ac:2e:b5:ef:b2:b7:ca:2d:17:2f:ed:
68:a6:1c:c1
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ0NhY8rEZV2bLOzfJQE4PmgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjYwMzIwMjMxMjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmViMjk0YmZiMzhhMzdiNDc0MDExMDFiOTI4MTljNzE0NzMzODM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8vayMWCTWR5rw3cQc2reyzUvoVH
cm3ptXApr8DRra9bAuSVhqUkqY52RDLtN+ObLVLH9plWQAHR1p4qlN3rcW3iGWW4
TLbwhPfB4w6qbWZdDRHmqf3bNvegYc2BMhjpF8ncGaHCBEGYZko0LhvOVPp8nTH0
37vVvUQMDSiuRIN2/BQFuXVArYFLyenIhBl6eTZk0FbHLwXMi7mRBn0PmxjtiEXD
3cAMpUl5iJS8xQ7pxvEYt0I75SFIVze4lwIdH95cyb+zc4+XMmHf/GSRhIIXl1P/
T/AOx849jklwzmN3fmYIf/lRqKo/GWDH+3xdUXjHAwrNMnmiP7WY/WLmAQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFK/rKUv7OKN7R0ARAbkoGccUczg5MB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvci1zcFNfczRvM3RIUUJFQnVTZ1p4eFJ6T0RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALUOSAwQA
uTSIAwQAuc3OAwQAudCYMA0GCSqGSIb3DQEBCwUAA4IBAQAvIrmhXqeSgq6TCMf+
CUsekSGajpbSfB+G15N+mQ5j8tAZcksxLWTvqRQOEwq2dA0E4cnz5tb83J0yv5f0
cEv4uuFfXhlUjaLHfLYtkyqBv7tW8vqtN1+cSu/L0d5wzP8dJk+0pT4OqI1m7Nm6
dO/zGx/t6YPbSa2wMKnCGl04U9z2NUBlY+W5i7cguRgcoquT0v2avaSWmgWpAhOi
mHAFF/r6DjVlQAsaZxqf6x/8WEo6NZmnRfxJo0SyZtE8IdyEc+i73gkK95QGuCeX
yQEKE4PG/xDGTTneis3+x0XtQfbXUEO7TgeqIHdjlF0BlxzfrC6177K3yi0XL+1o
phzB
-----END CERTIFICATE-----
Generated at Thu Mar 26 05:34:48 2026 by rpki-client