Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/76aee1-e220-4e22-9cb5-8fe3a0f61437/1/XOAJzQ9VwXh6TB5qa8PPijbh2aU.roa
File: XOAJzQ9VwXh6TB5qa8PPijbh2aU.roa (raw, json)
Hash identifier: M8IPys/5UHBrIndSXlL2fp5Vz45fcZszjNzRdsRKs8k=
Subject key identifier: 5C:E0:09:CD:0F:55:C1:78:7A:4C:1E:6A:6B:C3:CF:8A:36:E1:D9:A5
Certificate issuer: /CN=dde36e98021264f5a8070106780be29d48a16c67
Certificate serial: 019CD70EB425B0EDE08EDC40CD5D9C1A1A57
Authority key identifier: DD:E3:6E:98:02:12:64:F5:A8:07:01:06:78:0B:E2:9D:48:A1:6C:67
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3eNumAISZPWoBwEGeAvinUihbGc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cb/76aee1-e220-4e22-9cb5-8fe3a0f61437/1/XOAJzQ9VwXh6TB5qa8PPijbh2aU.roa
Signing time: Tue 10 Mar 2026 09:23:10 +0000
ROA not before: Tue 10 Mar 2026 09:23:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 200484
IP address blocks: 1.179.120.0/21 maxlen: 24
77.32.128.0/18 maxlen: 24
77.32.192.0/19 maxlen: 24
94.143.16.0/21 maxlen: 24
153.92.224.0/19 maxlen: 24
172.246.0.0/18 maxlen: 24
172.246.64.0/22 maxlen: 24
172.246.239.0/24 maxlen: 24
172.246.240.0/20 maxlen: 24
185.24.144.0/22 maxlen: 24
185.41.28.0/22 maxlen: 24
185.107.232.0/22 maxlen: 24
212.146.192.0/18 maxlen: 24
213.32.128.0/18 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cb/76aee1-e220-4e22-9cb5-8fe3a0f61437/1/3eNumAISZPWoBwEGeAvinUihbGc.crl
rsync://rpki.ripe.net/repository/DEFAULT/cb/76aee1-e220-4e22-9cb5-8fe3a0f61437/1/3eNumAISZPWoBwEGeAvinUihbGc.mft
rsync://rpki.ripe.net/repository/DEFAULT/3eNumAISZPWoBwEGeAvinUihbGc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:d7:0e:b4:25:b0:ed:e0:8e:dc:40:cd:5d:9c:1a:1a:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dde36e98021264f5a8070106780be29d48a16c67
Validity
Not Before: Mar 10 09:23:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5ce009cd0f55c1787a4c1e6a6bc3cf8a36e1d9a5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:ff:3e:af:7d:9e:49:eb:fe:31:13:1c:9c:fc:
71:2f:71:7e:28:95:03:87:3f:91:92:f0:bb:01:75:
2f:9a:f8:81:d7:f0:5d:fe:90:1a:49:13:90:c5:63:
05:f0:b1:45:c9:f9:39:07:93:4e:4e:4b:88:9b:17:
50:18:4b:48:80:8f:a7:ef:a2:38:8c:78:0b:bb:ee:
28:15:f0:03:b6:47:db:21:6b:9b:49:5f:d9:96:e2:
43:63:30:95:a1:87:66:8a:96:31:d9:30:b2:0d:ea:
64:98:fb:a2:5d:18:88:0b:2c:1a:1d:f6:39:85:a4:
03:a4:cd:1b:e4:92:7d:de:f7:cd:d3:9e:bd:34:7a:
51:e9:95:0c:0f:59:6d:06:7a:7f:39:60:8f:85:9f:
00:81:4d:c6:b4:e4:29:40:e3:55:b9:b3:ac:d9:62:
aa:a8:69:08:06:07:8c:fd:ad:15:5c:5a:b0:39:c1:
87:0a:b3:6d:8d:5c:95:42:81:27:aa:d2:9f:2b:14:
8c:71:6e:e8:43:8d:59:40:24:3a:d0:a8:ce:73:fb:
5b:bc:04:51:3b:b3:8d:13:f3:53:e3:79:94:5a:19:
fd:bf:87:bb:0e:1f:10:93:0f:31:3a:ac:77:6b:84:
d7:b3:ea:89:0b:fe:d9:5a:47:89:49:be:bc:00:b7:
c4:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:E0:09:CD:0F:55:C1:78:7A:4C:1E:6A:6B:C3:CF:8A:36:E1:D9:A5
X509v3 Authority Key Identifier:
keyid:DD:E3:6E:98:02:12:64:F5:A8:07:01:06:78:0B:E2:9D:48:A1:6C:67
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3eNumAISZPWoBwEGeAvinUihbGc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/76aee1-e220-4e22-9cb5-8fe3a0f61437/1/XOAJzQ9VwXh6TB5qa8PPijbh2aU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/76aee1-e220-4e22-9cb5-8fe3a0f61437/1/3eNumAISZPWoBwEGeAvinUihbGc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
1.179.120.0/21
77.32.128.0-77.32.223.255
94.143.16.0/21
153.92.224.0/19
172.246.0.0-172.246.67.255
172.246.239.0-172.246.255.255
185.24.144.0/22
185.41.28.0/22
185.107.232.0/22
212.146.192.0/18
213.32.128.0/18
Signature Algorithm: sha256WithRSAEncryption
8c:1e:0f:ea:08:96:8b:a5:d4:58:25:cd:56:04:73:30:a2:b9:
4f:bf:db:8f:7f:fd:69:b4:33:ac:69:d0:f1:d0:bb:da:e8:76:
b8:a3:4e:22:4b:68:04:ca:f7:b6:a7:11:c5:31:8c:85:46:cd:
3f:fc:d0:d3:bf:8e:0e:da:f7:88:f5:26:04:39:8e:ea:fb:b0:
b1:fe:d1:f1:13:ae:e9:da:23:a4:65:d9:a8:02:5c:56:63:84:
2f:33:3d:fd:e9:16:69:08:c4:3a:4a:43:04:d4:c8:18:c9:59:
ee:f6:30:c2:f1:b6:83:cf:68:73:db:db:b3:da:69:2b:eb:8d:
ed:91:0c:a9:b3:a0:f6:dc:3f:2d:60:a4:c0:60:b1:2b:3b:93:
a5:de:a6:81:9b:26:cb:cb:3a:ef:3a:62:f3:db:4c:a0:21:ce:
17:57:64:c6:6c:66:f5:d3:ef:a7:69:3a:18:7a:43:c8:54:b9:
6f:f7:3c:de:bd:8e:91:09:18:87:63:4c:06:cc:1c:10:24:8b:
92:c0:ae:cc:90:82:ec:0c:37:d4:28:b8:24:6c:49:f9:10:06:
5c:2d:5e:3d:44:2e:54:03:5a:6a:ac:a5:75:3b:81:95:ca:76:
57:ee:d0:9a:c8:14:c9:0f:d9:f1:ef:92:54:7c:6a:89:c5:6c:
64:77:31:64
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZzXDrQlsO3gjtxAzV2cGhpXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZTM2ZTk4MDIxMjY0ZjVhODA3MDEwNjc4MGJlMjlkNDhh
MTZjNjcwHhcNMjYwMzEwMDkyMzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2UwMDljZDBmNTVjMTc4N2E0YzFlNmE2YmMzY2Y4YTM2ZTFkOWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwP8+r32eSev+MRMcnPxxL3F+KJUD
hz+RkvC7AXUvmviB1/Bd/pAaSROQxWMF8LFFyfk5B5NOTkuImxdQGEtIgI+n76I4
jHgLu+4oFfADtkfbIWubSV/ZluJDYzCVoYdmipYx2TCyDepkmPuiXRiICywaHfY5
haQDpM0b5JJ93vfN0569NHpR6ZUMD1ltBnp/OWCPhZ8AgU3GtOQpQONVubOs2WKq
qGkIBgeM/a0VXFqwOcGHCrNtjVyVQoEnqtKfKxSMcW7oQ41ZQCQ60KjOc/tbvARR
O7ONE/NT43mUWhn9v4e7Dh8Qkw8xOqx3a4TXs+qJC/7ZWkeJSb68ALfEdQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFFzgCc0PVcF4ekweamvDz4o24dmlMB8GA1UdIwQY
MBaAFN3jbpgCEmT1qAcBBngL4p1IoWxnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2VOdW1BSVNaUFdvQndFR2VBdmluVWloYkdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi83NmFlZTEtZTIyMC00ZTIyLTljYjUt
OGZlM2EwZjYxNDM3LzEvWE9BSnpROVZ3WGg2VEI1cWE4UFBpamJoMmFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi83NmFlZTEtZTIyMC00ZTIyLTljYjUtOGZlM2EwZjYxNDM3
LzEvM2VOdW1BSVNaUFdvQndFR2VBdmluVWloYkdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAATBYAwQDAbN4MAwD
BAdNIIADBAVNIMADBANejxADBAWZXOAwCwMDAaz2AwQCrPZAMAsDBACs9u8DAwCs
9gMEArkYkAMEArkpHAMEArlr6AMEBtSSwAMEBtUggDANBgkqhkiG9w0BAQsFAAOC
AQEAjB4P6giWi6XUWCXNVgRzMKK5T7/bj3/9abQzrGnQ8dC72uh2uKNOIktoBMr3
tqcRxTGMhUbNP/zQ07+ODtr3iPUmBDmO6vuwsf7R8ROu6dojpGXZqAJcVmOELzM9
/ekWaQjEOkpDBNTIGMlZ7vYwwvG2g89oc9vbs9ppK+uN7ZEMqbOg9tw/LWCkwGCx
KzuTpd6mgZsmy8s67zpi89tMoCHOF1dkxmxm9dPvp2k6GHpDyFS5b/c83r2OkQkY
h2NMBswcECSLksCuzJCC7Aw31Ci4JGxJ+RAGXC1ePUQuVANaaqyldTuBlcp2V+7Q
msgUyQ/Z8e+SVHxqicVsZHcxZA==
-----END CERTIFICATE-----
Generated at Thu Mar 26 06:36:48 2026 by rpki-client