Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/IhA8GJtNYOAx8HbpCfLoqnB-FXc.roa
File: IhA8GJtNYOAx8HbpCfLoqnB-FXc.roa (raw, json)
Hash identifier: oNeXuN3ce2gZVhX2DO6BNpsAqNr6LKfMMS6+6MEGbLk=
Subject key identifier: 22:10:3C:18:9B:4D:60:E0:31:F0:76:E9:09:F2:E8:AA:70:7E:15:77
Certificate issuer: /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial: 019D0536CC31ADCD247A0E880E712AACC2AA
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/IhA8GJtNYOAx8HbpCfLoqnB-FXc.roa
Signing time: Thu 19 Mar 2026 08:29:30 +0000
ROA not before: Thu 19 Mar 2026 08:29:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 0
IP address blocks: 77.76.4.0/22 maxlen: 22
78.128.2.0/23 maxlen: 23
78.128.12.0/22 maxlen: 22
78.128.16.0/20 maxlen: 20
78.128.41.0/24 maxlen: 24
78.128.52.0/22 maxlen: 22
78.128.56.0/22 maxlen: 22
78.128.83.0/24 maxlen: 24
78.128.84.0/22 maxlen: 22
78.128.88.0/22 maxlen: 22
78.128.97.0/24 maxlen: 24
78.128.100.0/22 maxlen: 22
78.128.104.0/22 maxlen: 22
78.142.10.0/23 maxlen: 23
78.142.31.0/24 maxlen: 24
82.118.242.0/24 maxlen: 24
83.222.190.0/23 maxlen: 23
84.201.224.0/20 maxlen: 20
91.148.162.0/23 maxlen: 23
91.148.164.0/23 maxlen: 23
91.148.169.0/24 maxlen: 24
91.148.170.0/23 maxlen: 23
91.148.172.0/22 maxlen: 22
91.148.176.0/21 maxlen: 21
130.185.227.0/24 maxlen: 24
130.185.234.0/24 maxlen: 24
185.81.120.0/24 maxlen: 24
193.24.240.0/22 maxlen: 22
193.200.14.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 15:17:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:05:36:cc:31:ad:cd:24:7a:0e:88:0e:71:2a:ac:c2:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Validity
Not Before: Mar 19 08:29:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=22103c189b4d60e031f076e909f2e8aa707e1577
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:84:45:e9:52:d2:af:0f:33:a2:9c:c7:6d:12:
dd:1f:b1:28:83:2d:d1:f1:1d:d5:e2:53:e8:ba:a4:
ae:90:f6:c4:47:d1:da:92:85:dc:20:3f:96:60:59:
ec:6c:59:bd:b2:97:36:98:1b:51:36:23:31:25:9b:
8e:3c:d8:89:9d:7c:0a:83:b4:23:12:bf:58:48:84:
34:5a:69:3a:46:31:b4:40:fc:e5:f7:60:f7:45:e2:
36:d9:79:3b:06:2e:f4:bb:96:c1:55:6f:02:0e:e0:
32:40:58:84:9f:cc:02:b1:d9:8e:ed:1e:a5:c2:03:
5c:71:c9:c3:d3:42:b9:6c:f8:4f:2c:fa:82:8a:41:
a7:ff:25:7f:ab:0e:e9:44:6e:99:56:e3:09:46:3e:
05:47:7b:1b:4b:76:3e:70:25:1d:d3:28:d3:84:e6:
37:0d:09:50:7a:1c:d3:f5:5f:31:28:91:36:99:77:
3e:6f:31:53:8f:81:48:06:95:7a:69:69:c4:2f:14:
bc:dc:2d:f2:40:96:b2:54:0f:10:ae:8e:8b:9b:35:
4c:73:51:69:cf:41:15:ce:b9:09:76:82:0c:22:14:
ec:5f:0e:35:2c:f8:63:d4:61:57:e5:fd:3f:7c:9f:
01:b9:0e:b1:52:9e:23:04:ae:6a:ff:4e:94:10:83:
e9:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:10:3C:18:9B:4D:60:E0:31:F0:76:E9:09:F2:E8:AA:70:7E:15:77
X509v3 Authority Key Identifier:
keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/IhA8GJtNYOAx8HbpCfLoqnB-FXc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.76.4.0/22
78.128.2.0/23
78.128.12.0-78.128.31.255
78.128.41.0/24
78.128.52.0-78.128.59.255
78.128.83.0-78.128.91.255
78.128.97.0/24
78.128.100.0-78.128.107.255
78.142.10.0/23
78.142.31.0/24
82.118.242.0/24
83.222.190.0/23
84.201.224.0/20
91.148.162.0-91.148.165.255
91.148.169.0-91.148.183.255
130.185.227.0/24
130.185.234.0/24
185.81.120.0/24
193.24.240.0/22
193.200.14.0/23
Signature Algorithm: sha256WithRSAEncryption
30:d7:a1:15:2b:c8:88:e3:69:6c:3c:a9:14:3a:bc:4c:c0:b9:
52:ad:8b:7d:89:cf:c5:86:f5:66:b8:fa:3f:da:8e:79:2b:4a:
e3:78:cd:2f:26:2f:38:85:e5:13:8c:c9:a8:6b:0f:d6:e8:ea:
92:07:c5:9c:24:a3:6f:ff:9b:e3:ad:ad:c3:fd:5b:33:5b:95:
e1:b4:3a:be:34:ef:94:f1:09:4d:8d:85:55:a1:b6:03:27:14:
b8:58:22:86:7b:17:6a:87:42:a3:68:a4:fa:59:dc:40:b4:0f:
76:d9:cc:aa:88:51:23:d4:b8:b1:cd:b6:cd:93:15:ba:a0:bc:
6e:9d:29:21:e6:03:8c:0a:42:6a:6d:75:09:08:01:8c:82:50:
b8:c6:3b:19:a2:19:72:4b:e2:17:15:30:b3:97:68:5f:aa:39:
ba:bf:8a:ed:d3:19:d5:fa:9a:13:3f:a3:65:8b:7a:37:a4:70:
55:a9:b7:6e:25:e8:21:d0:d8:c4:21:bb:22:c6:ec:e6:3b:78:
09:cb:c7:fc:46:50:42:02:e5:22:a3:b5:36:31:13:09:e7:25:
73:99:a7:e1:e7:b8:b0:16:e6:8c:e4:56:c7:c5:2d:f0:aa:ea:
f2:60:b5:5e:dd:a1:a1:36:6c:57:1d:f5:1e:40:20:3d:d5:64:
6a:52:4c:39
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgISAZ0FNswxrc0keg6IDnEqrMKqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjYwMzE5MDgyOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjEwM2MxODliNGQ2MGUwMzFmMDc2ZTkwOWYyZThhYTcwN2UxNTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoRF6VLSrw8zopzHbRLdH7Eogy3R
8R3V4lPouqSukPbER9HakoXcID+WYFnsbFm9spc2mBtRNiMxJZuOPNiJnXwKg7Qj
Er9YSIQ0Wmk6RjG0QPzl92D3ReI22Xk7Bi70u5bBVW8CDuAyQFiEn8wCsdmO7R6l
wgNcccnD00K5bPhPLPqCikGn/yV/qw7pRG6ZVuMJRj4FR3sbS3Y+cCUd0yjThOY3
DQlQehzT9V8xKJE2mXc+bzFTj4FIBpV6aWnELxS83C3yQJayVA8Qro6LmzVMc1Fp
z0EVzrkJdoIMIhTsXw41LPhj1GFX5f0/fJ8BuQ6xUp4jBK5q/06UEIPpRwIDAQAB
o4ICsDCCAqwwHQYDVR0OBBYEFCIQPBibTWDgMfB26Qny6KpwfhV3MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvSWhBOEdKdE5ZT0F4OEhicENmTG9xbkItRlhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHFBggrBgEFBQcBBwEB/wSBtTCBsjCBrwQCAAEwgagDBAJN
TAQDBAFOgAIwDAMEAk6ADAMEBU6AAAMEAE6AKTAMAwQCToA0AwQCToA4MAwDBABO
gFMDBAJOgFgDBABOgGEwDAMEAk6AZAMEAk6AaAMEAU6OCgMEAE6OHwMEAFJ28gME
AVPevgMEBFTJ4DAMAwQBW5SiAwQBW5SkMAwDBABblKkDBANblLADBACCueMDBACC
ueoDBAC5UXgDBALBGPADBAHByA4wDQYJKoZIhvcNAQELBQADggEBADDXoRUryIjj
aWw8qRQ6vEzAuVKti32Jz8WG9Wa4+j/ajnkrSuN4zS8mLziF5ROMyahrD9bo6pIH
xZwko2//m+OtrcP9WzNbleG0Or4075TxCU2NhVWhtgMnFLhYIoZ7F2qHQqNopPpZ
3EC0D3bZzKqIUSPUuLHNts2TFbqgvG6dKSHmA4wKQmptdQkIAYyCULjGOxmiGXJL
4hcVMLOXaF+qObq/iu3TGdX6mhM/o2WLejekcFWpt24l6CHQ2MQhuyLG7OY7eAnL
x/xGUEIC5SKjtTYxEwnnJXOZp+HnuLAW5ozkVsfFLfCq6vJgtV7doaE2bFcd9R5A
ID3VZGpSTDk=
-----END CERTIFICATE-----
Generated at Thu Mar 26 01:47:55 2026 by rpki-client