Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/3W9R-YT71N2KOE9koy1r5cINKX0.roa
File: 3W9R-YT71N2KOE9koy1r5cINKX0.roa (raw, json)
Hash identifier: clKClGDaGmI0tmvfHI+K0tkdnMBa+OFDvpOE7hWE5Ts=
Subject key identifier: DD:6F:51:F9:84:FB:D4:DD:8A:38:4F:64:A3:2D:6B:E5:C2:0D:29:7D
Certificate issuer: /CN=5949b31ebb6e4cbbd0cc770cc6f4d50f78f0eb7b
Certificate serial: 019CB35C2773648E8FE268613C88B5B69523
Authority key identifier: 59:49:B3:1E:BB:6E:4C:BB:D0:CC:77:0C:C6:F4:D5:0F:78:F0:EB:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WUmzHrtuTLvQzHcMxvTVD3jw63s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/3W9R-YT71N2KOE9koy1r5cINKX0.roa
Signing time: Tue 03 Mar 2026 11:01:26 +0000
ROA not before: Tue 03 Mar 2026 11:01:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 16236
IP address blocks: 151.87.0.0/16 maxlen: 16
151.88.0.0/16 maxlen: 16
151.88.22.0/24 maxlen: 24
151.88.40.0/24 maxlen: 24
151.88.41.0/24 maxlen: 24
151.88.54.0/24 maxlen: 24
151.88.55.0/24 maxlen: 24
151.88.109.0/24 maxlen: 24
151.88.176.0/24 maxlen: 24
151.91.0.0/16 maxlen: 16
151.91.35.0/24 maxlen: 24
151.91.38.0/24 maxlen: 24
151.92.0.0/16 maxlen: 16
151.92.2.0/24 maxlen: 24
151.92.4.0/24 maxlen: 24
151.92.12.0/24 maxlen: 24
151.92.83.0/24 maxlen: 24
151.92.154.0/24 maxlen: 24
151.92.155.0/24 maxlen: 24
151.92.158.0/24 maxlen: 24
151.92.166.0/24 maxlen: 24
151.92.198.0/24 maxlen: 24
193.43.48.0/20 maxlen: 20
194.104.188.0/24 maxlen: 24
194.104.189.0/24 maxlen: 24
194.104.190.0/24 maxlen: 24
194.104.191.0/24 maxlen: 24
2a00:ec20::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/WUmzHrtuTLvQzHcMxvTVD3jw63s.crl
rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/WUmzHrtuTLvQzHcMxvTVD3jw63s.mft
rsync://rpki.ripe.net/repository/DEFAULT/WUmzHrtuTLvQzHcMxvTVD3jw63s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 08:01:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:b3:5c:27:73:64:8e:8f:e2:68:61:3c:88:b5:b6:95:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5949b31ebb6e4cbbd0cc770cc6f4d50f78f0eb7b
Validity
Not Before: Mar 3 11:01:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=dd6f51f984fbd4dd8a384f64a32d6be5c20d297d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:c6:ac:40:2c:2c:55:9c:9e:88:d6:13:58:0f:
1c:a1:ea:f6:95:a7:02:94:9f:b7:62:16:b7:01:f3:
43:da:5e:69:ce:c9:d4:81:8d:d7:f4:e4:95:c0:f7:
0e:17:f2:0e:6f:ca:37:37:b2:5b:c1:62:45:41:65:
cf:8b:8d:b7:7c:b7:6d:28:f1:29:c6:e1:e4:22:f3:
e5:49:5b:e2:6b:09:5d:fe:cb:ee:dc:d9:7e:65:d7:
a5:df:44:6a:80:b1:c6:14:38:b4:b0:84:bb:44:9f:
14:aa:dc:9e:e0:b8:25:a1:be:6e:39:48:cf:64:83:
48:4f:5b:94:b6:0f:aa:75:ff:b6:95:88:b1:f3:93:
a6:55:db:01:1d:47:39:5d:49:3d:61:82:2c:04:bd:
5b:74:cb:e0:b7:3a:f0:2a:5f:8f:8e:1f:53:21:4e:
f6:d8:a6:bd:fe:a2:e9:86:86:48:82:f2:f4:7c:6b:
2e:7d:bf:3e:65:db:66:fa:d1:b6:4c:7f:c7:90:f2:
95:bd:cc:fd:83:4f:82:7f:6a:b9:61:ce:ef:f6:6e:
ce:d6:f2:b4:b6:09:88:64:c5:14:43:16:aa:b7:6d:
fd:4f:6c:9f:30:20:19:fc:b8:46:3f:fb:3d:7d:0f:
07:fc:2b:34:e0:df:da:19:20:af:da:99:46:4e:e1:
c8:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:6F:51:F9:84:FB:D4:DD:8A:38:4F:64:A3:2D:6B:E5:C2:0D:29:7D
X509v3 Authority Key Identifier:
keyid:59:49:B3:1E:BB:6E:4C:BB:D0:CC:77:0C:C6:F4:D5:0F:78:F0:EB:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WUmzHrtuTLvQzHcMxvTVD3jw63s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/3W9R-YT71N2KOE9koy1r5cINKX0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/WUmzHrtuTLvQzHcMxvTVD3jw63s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.87.0.0-151.88.255.255
151.91.0.0-151.92.255.255
193.43.48.0/20
194.104.188.0/22
IPv6:
2a00:ec20::/32
Signature Algorithm: sha256WithRSAEncryption
2f:44:f1:98:a7:80:62:be:38:c7:88:66:46:25:bd:cc:2b:91:
1d:41:92:6f:45:47:cd:77:02:46:b6:f4:18:4d:ac:20:dc:c5:
76:42:cc:ef:21:f3:1c:3f:a4:53:8a:7a:28:73:c5:7d:6e:21:
60:a5:da:66:f3:db:36:7a:b1:2f:15:99:0f:e5:38:03:4a:7c:
aa:97:b9:60:2b:97:8e:02:37:6c:92:79:bd:f9:c7:0b:79:3d:
c0:5b:1e:99:b6:c2:c3:9a:96:b3:bb:f5:dd:61:b6:af:4d:b1:
c9:fc:ad:1a:54:7c:a3:1c:b8:21:2e:d1:77:94:03:0c:6e:40:
b9:e6:10:41:cd:9a:d8:f6:e9:cc:08:57:dc:7a:bd:02:00:fd:
e7:8e:c5:f6:87:0a:c3:cd:7e:ec:63:01:68:5c:b1:2f:c0:40:
2a:00:93:ea:23:0e:1a:fc:4e:72:0d:dc:68:99:58:71:e1:87:
db:d0:c2:6f:d2:05:8f:61:4b:b0:83:11:44:18:af:b0:ec:f0:
01:26:12:17:6d:d5:00:f4:3e:77:3c:d3:55:2f:90:8c:b5:03:
a7:77:7e:e6:b5:5d:d1:5d:cc:02:36:e5:84:f2:e6:9e:41:c7:
de:0c:39:0e:96:f1:f0:b8:8a:ca:5d:81:ab:51:34:1b:4a:cb:
f4:06:f1:64
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZyzXCdzZI6P4mhhPIi1tpUjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NDliMzFlYmI2ZTRjYmJkMGNjNzcwY2M2ZjRkNTBmNzhm
MGViN2IwHhcNMjYwMzAzMTEwMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDZmNTFmOTg0ZmJkNGRkOGEzODRmNjRhMzJkNmJlNWMyMGQyOTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucasQCwsVZyeiNYTWA8coer2lacC
lJ+3Yha3AfND2l5pzsnUgY3X9OSVwPcOF/IOb8o3N7JbwWJFQWXPi423fLdtKPEp
xuHkIvPlSVviawld/svu3Nl+Zdel30RqgLHGFDi0sIS7RJ8Uqtye4Lglob5uOUjP
ZINIT1uUtg+qdf+2lYix85OmVdsBHUc5XUk9YYIsBL1bdMvgtzrwKl+Pjh9TIU72
2Ka9/qLphoZIgvL0fGsufb8+Zdtm+tG2TH/HkPKVvcz9g0+Cf2q5Yc7v9m7O1vK0
tgmIZMUUQxaqt239T2yfMCAZ/LhGP/s9fQ8H/Cs04N/aGSCv2plGTuHIcwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFN1vUfmE+9TdijhPZKMta+XCDSl9MB8GA1UdIwQY
MBaAFFlJsx67bky70Mx3DMb01Q948Ot7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1VtekhydHVUTHZRekhjTXh2VFZEM2p3NjNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9kZTVhZGQtYWM2OC00ZmIxLTg0MTkt
MzE4MGFlNDI3NGYzLzEvM1c5Ui1ZVDcxTjJLT0U5a295MXI1Y0lOS1gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9kZTVhZGQtYWM2OC00ZmIxLTg0MTktMzE4MGFlNDI3NGYz
LzEvV1VtekhydHVUTHZRekhjTXh2VFZEM2p3NjNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkMAoDAwCXVwMD
AJdYMAoDAwCXWwMDAJdcAwQEwSswAwQCwmi8MA0EAgACMAcDBQAqAOwgMA0GCSqG
SIb3DQEBCwUAA4IBAQAvRPGYp4BivjjHiGZGJb3MK5EdQZJvRUfNdwJGtvQYTawg
3MV2QszvIfMcP6RTinooc8V9biFgpdpm89s2erEvFZkP5TgDSnyql7lgK5eOAjds
knm9+ccLeT3AWx6ZtsLDmpazu/XdYbavTbHJ/K0aVHyjHLghLtF3lAMMbkC55hBB
zZrY9unMCFfcer0CAP3njsX2hwrDzX7sYwFoXLEvwEAqAJPqIw4a/E5yDdxomVhx
4Yfb0MJv0gWPYUuwgxFEGK+w7PABJhIXbdUA9D53PNNVL5CMtQOnd37mtV3RXcwC
NuWE8uaeQcfeDDkOlvHwuIrKXYGrUTQbSsv0BvFk
-----END CERTIFICATE-----
Generated at Thu Mar 26 19:20:02 2026 by rpki-client