Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/17ZzXQIgaPFFjeqMhwt3zOxvx1s.roa
File: 17ZzXQIgaPFFjeqMhwt3zOxvx1s.roa (raw, json)
Hash identifier: 86lU48qvlXKv6saptuHXqJOZusprYtOpfN/ZmUTRc2c=
Subject key identifier: D7:B6:73:5D:02:20:68:F1:45:8D:EA:8C:87:0B:77:CC:EC:6F:C7:5B
Certificate issuer: /CN=8d4f3f8ba7dcf5894f2f611d7dfab53d4a63c0a9
Certificate serial: 019DD8D8A8271E8D6701EED791CC4958BF99
Authority key identifier: 8D:4F:3F:8B:A7:DC:F5:89:4F:2F:61:1D:7D:FA:B5:3D:4A:63:C0:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jU8_i6fc9YlPL2Edffq1PUpjwKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/17ZzXQIgaPFFjeqMhwt3zOxvx1s.roa
Signing time: Wed 29 Apr 2026 10:46:10 +0000
ROA not before: Wed 29 Apr 2026 10:46:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 12324
IP address blocks: 5.201.0.0/17 maxlen: 17
87.246.192.0/19 maxlen: 19
87.246.240.0/20 maxlen: 20
185.76.104.0/22 maxlen: 22
192.188.234.0/24 maxlen: 24
212.182.0.0/18 maxlen: 18
212.182.64.0/20 maxlen: 20
2a04:440::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/jU8_i6fc9YlPL2Edffq1PUpjwKk.crl
rsync://rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/jU8_i6fc9YlPL2Edffq1PUpjwKk.mft
rsync://rpki.ripe.net/repository/DEFAULT/jU8_i6fc9YlPL2Edffq1PUpjwKk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 13:01:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:d8:d8:a8:27:1e:8d:67:01:ee:d7:91:cc:49:58:bf:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d4f3f8ba7dcf5894f2f611d7dfab53d4a63c0a9
Validity
Not Before: Apr 29 10:46:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d7b6735d022068f1458dea8c870b77ccec6fc75b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:6c:e0:ec:e0:16:d8:41:f0:91:c7:72:9b:fa:
56:3a:f4:49:20:1e:7c:f4:34:4f:b7:f0:a1:af:52:
c4:14:ba:81:b9:13:12:dd:14:7b:65:f5:14:a3:4d:
08:14:5a:a4:70:af:91:21:67:58:65:81:c7:ac:17:
d0:cd:c6:33:c9:32:ec:c5:0d:f5:d0:ec:fe:7a:58:
22:e8:42:7c:c1:e7:6b:89:32:b3:fa:54:74:db:83:
97:bb:22:51:e9:25:3a:15:69:d2:12:99:44:f5:1a:
73:c6:56:c4:2f:46:df:ab:73:13:4c:4e:1e:7e:ce:
37:03:69:67:33:ab:9f:85:2b:9d:bf:22:29:90:c9:
3b:27:a9:b2:31:e7:f2:51:ad:18:0d:23:b8:24:7c:
f9:ca:d2:91:02:9e:cb:7a:83:1b:8f:3b:16:6a:f6:
5e:58:b1:41:9e:b6:cd:12:a5:95:b3:91:a8:2b:ee:
82:32:3c:f6:11:41:d5:b5:25:02:c8:df:96:e9:28:
cf:ae:21:73:10:53:ff:a7:ad:e9:7c:07:76:82:60:
53:88:06:cb:da:fc:2d:1b:16:49:36:f0:17:7b:ab:
a0:0b:8d:89:04:0a:3d:76:b6:00:08:ea:56:04:30:
a3:2f:d0:1a:96:f0:40:ba:ae:7f:80:e8:9f:25:6e:
eb:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:B6:73:5D:02:20:68:F1:45:8D:EA:8C:87:0B:77:CC:EC:6F:C7:5B
X509v3 Authority Key Identifier:
keyid:8D:4F:3F:8B:A7:DC:F5:89:4F:2F:61:1D:7D:FA:B5:3D:4A:63:C0:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jU8_i6fc9YlPL2Edffq1PUpjwKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/17ZzXQIgaPFFjeqMhwt3zOxvx1s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/jU8_i6fc9YlPL2Edffq1PUpjwKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.201.0.0/17
87.246.192.0/19
87.246.240.0/20
185.76.104.0/22
192.188.234.0/24
212.182.0.0-212.182.79.255
IPv6:
2a04:440::/32
Signature Algorithm: sha256WithRSAEncryption
3d:58:32:ee:ea:e6:45:86:e7:5a:9c:10:69:6d:b0:02:ed:32:
d5:3f:4e:45:5e:c4:cd:5f:28:c4:dc:15:2b:71:c9:c5:1e:84:
66:7a:ec:ef:4f:c4:d9:73:34:52:bc:a0:a3:e3:59:e6:dd:92:
63:c9:cd:ca:ec:29:ea:1b:28:3b:33:58:15:23:a4:4e:0d:08:
70:fe:71:93:2b:46:f0:09:f5:dd:1c:b1:d9:ed:74:3e:4f:dd:
52:74:54:c1:41:72:50:00:02:18:49:14:a7:4e:ed:46:a9:88:
31:8a:17:ef:9c:8e:f5:d8:ea:48:f5:54:22:58:f7:3d:8b:67:
50:27:dd:59:ff:70:9f:41:49:70:90:7d:f9:e8:0d:bb:33:bb:
7b:f3:10:c1:66:c0:bf:39:b9:c9:11:ec:d3:0c:49:17:89:b1:
4c:06:c3:e2:22:70:d1:eb:c3:bc:8c:4e:83:11:c1:2c:b2:d2:
10:b0:05:05:4a:c4:d9:8d:eb:64:20:87:c5:c3:30:74:bf:b3:
c4:93:44:17:d5:14:ca:a3:cd:2d:d1:c4:88:23:9a:43:e2:20:
71:9b:d8:a6:64:07:a4:c6:3b:c6:35:93:f8:0f:6c:da:d4:1c:
eb:03:96:a3:57:0d:0c:5d:ea:aa:e3:e5:5e:85:e7:78:71:bd:
67:b6:9b:7a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZ3Y2KgnHo1nAe7XkcxJWL+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNGYzZjhiYTdkY2Y1ODk0ZjJmNjExZDdkZmFiNTNkNGE2
M2MwYTkwHhcNMjYwNDI5MTA0NjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2I2NzM1ZDAyMjA2OGYxNDU4ZGVhOGM4NzBiNzdjY2VjNmZjNzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumzg7OAW2EHwkcdym/pWOvRJIB58
9DRPt/Chr1LEFLqBuRMS3RR7ZfUUo00IFFqkcK+RIWdYZYHHrBfQzcYzyTLsxQ31
0Oz+elgi6EJ8wedriTKz+lR024OXuyJR6SU6FWnSEplE9RpzxlbEL0bfq3MTTE4e
fs43A2lnM6ufhSudvyIpkMk7J6myMefyUa0YDSO4JHz5ytKRAp7LeoMbjzsWavZe
WLFBnrbNEqWVs5GoK+6CMjz2EUHVtSUCyN+W6SjPriFzEFP/p63pfAd2gmBTiAbL
2vwtGxZJNvAXe6ugC42JBAo9drYACOpWBDCjL9AalvBAuq5/gOifJW7rawIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFNe2c10CIGjxRY3qjIcLd8zsb8dbMB8GA1UdIwQY
MBaAFI1PP4un3PWJTy9hHX36tT1KY8CpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalU4X2k2ZmM5WWxQTDJFZGZmcTFQVXBqd0trLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy81NTIyOWMtZTI4Mi00YTg1LWI3YTQt
OGFjYmZlYTJlY2ZhLzEvMTdaelhRSWdhUEZGamVxTWh3dDN6T3h2eDFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy81NTIyOWMtZTI4Mi00YTg1LWI3YTQtOGFjYmZlYTJlY2Zh
LzEvalU4X2k2ZmM5WWxQTDJFZGZmcTFQVXBqd0trLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAxBAIAATArAwQHBckAAwQF
V/bAAwQEV/bwAwQCuUxoAwQAwLzqMAsDAwHUtgMEBNS2QDANBAIAAjAHAwUAKgQE
QDANBgkqhkiG9w0BAQsFAAOCAQEAPVgy7urmRYbnWpwQaW2wAu0y1T9ORV7EzV8o
xNwVK3HJxR6EZnrs70/E2XM0Urygo+NZ5t2SY8nNyuwp6hsoOzNYFSOkTg0IcP5x
kytG8An13Ryx2e10Pk/dUnRUwUFyUAACGEkUp07tRqmIMYoX75yO9djqSPVUIlj3
PYtnUCfdWf9wn0FJcJB9+egNuzO7e/MQwWbAvzm5yRHs0wxJF4mxTAbD4iJw0evD
vIxOgxHBLLLSELAFBUrE2Y3rZCCHxcMwdL+zxJNEF9UUyqPNLdHEiCOaQ+IgcZvY
pmQHpMY7xjWT+A9s2tQc6wOWo1cNDF3qquPlXoXneHG9Z7abeg==
-----END CERTIFICATE-----
Generated at Tue May 12 21:39:21 2026 by rpki-client