Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/e3d6ff-8ffb-4741-8fa4-0cc4d2d26f06/1/Pz4IoeM603cAvuIqtI8K9Tn1BOE.roa
File: Pz4IoeM603cAvuIqtI8K9Tn1BOE.roa (raw, json)
Hash identifier: 6HZMEqczbXuFmk1IxBNJVGD8h5NW47gUJ1UH+hRq8po=
Subject key identifier: 3F:3E:08:A1:E3:3A:D3:77:00:BE:E2:2A:B4:8F:0A:F5:39:F5:04:E1
Certificate issuer: /CN=855bc1d7cf7b69c8eb51d0c6d54f7ffadf780ca7
Certificate serial: 019B7C80666517DB8ADEB1371ED228197ED7
Authority key identifier: 85:5B:C1:D7:CF:7B:69:C8:EB:51:D0:C6:D5:4F:7F:FA:DF:78:0C:A7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hVvB1897acjrUdDG1U9_-t94DKc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/da/e3d6ff-8ffb-4741-8fa4-0cc4d2d26f06/1/Pz4IoeM603cAvuIqtI8K9Tn1BOE.roa
Signing time: Fri 02 Jan 2026 02:19:08 +0000
ROA not before: Fri 02 Jan 2026 02:19:08 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 204624
IP address blocks: 109.71.186.0/24 maxlen: 24
109.71.187.0/24 maxlen: 24
2a0e:f640:6::/48 maxlen: 48
2a0e:f640:7::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/da/e3d6ff-8ffb-4741-8fa4-0cc4d2d26f06/1/hVvB1897acjrUdDG1U9_-t94DKc.crl
rsync://rpki.ripe.net/repository/DEFAULT/da/e3d6ff-8ffb-4741-8fa4-0cc4d2d26f06/1/hVvB1897acjrUdDG1U9_-t94DKc.mft
rsync://rpki.ripe.net/repository/DEFAULT/hVvB1897acjrUdDG1U9_-t94DKc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:80:66:65:17:db:8a:de:b1:37:1e:d2:28:19:7e:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=855bc1d7cf7b69c8eb51d0c6d54f7ffadf780ca7
Validity
Not Before: Jan 2 02:19:08 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3f3e08a1e33ad37700bee22ab48f0af539f504e1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:b4:eb:8a:d2:c6:e7:42:7d:cd:6f:d4:3f:9d:
f7:4d:01:41:1c:a1:f4:fc:25:b0:30:03:b5:b7:4e:
9f:c1:5e:e6:71:71:a9:98:99:7e:dc:92:b3:96:3b:
c6:c5:89:e2:e3:95:ba:14:65:c0:14:28:cf:27:a7:
b0:69:1c:bf:72:90:19:00:43:64:2f:80:85:b0:64:
f1:54:7c:74:a5:6e:e3:a8:cd:30:e4:82:1e:8a:3b:
0c:99:ab:e8:cd:ca:22:d5:f6:8d:5b:34:32:c3:14:
08:db:59:54:29:d7:d8:6c:96:83:41:2a:bf:f2:dc:
33:e6:f8:28:0e:42:23:6d:3f:b1:b7:6c:06:dd:5d:
f3:3f:21:cf:21:21:8e:36:9f:9a:70:20:13:91:c3:
44:ba:5a:1a:fd:07:ef:ea:24:f2:b0:90:86:1d:33:
e1:d2:07:4a:42:91:24:75:67:61:5b:93:28:c7:ab:
fc:a3:36:bb:82:9c:cb:ae:56:33:8e:61:b4:51:4c:
1c:2e:5a:5d:65:e7:fc:88:20:47:77:91:83:68:1a:
ab:0b:6e:b8:a0:5c:82:b2:25:26:e1:82:18:39:06:
d4:56:3d:f0:1b:6c:2e:8a:3f:d3:7b:34:3b:92:ac:
5b:cf:3b:8e:ec:74:13:6a:c7:76:7e:7c:f2:37:cc:
5c:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:3E:08:A1:E3:3A:D3:77:00:BE:E2:2A:B4:8F:0A:F5:39:F5:04:E1
X509v3 Authority Key Identifier:
keyid:85:5B:C1:D7:CF:7B:69:C8:EB:51:D0:C6:D5:4F:7F:FA:DF:78:0C:A7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hVvB1897acjrUdDG1U9_-t94DKc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/e3d6ff-8ffb-4741-8fa4-0cc4d2d26f06/1/Pz4IoeM603cAvuIqtI8K9Tn1BOE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/da/e3d6ff-8ffb-4741-8fa4-0cc4d2d26f06/1/hVvB1897acjrUdDG1U9_-t94DKc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.71.186.0/23
IPv6:
2a0e:f640:6::/47
Signature Algorithm: sha256WithRSAEncryption
5d:e3:94:56:7c:8e:88:cc:44:ad:eb:dd:28:ad:66:db:2d:83:
ce:75:6b:42:51:22:6f:c0:c9:70:46:89:a6:c4:e7:5b:64:5d:
75:00:8f:c7:78:74:2c:ab:d9:63:98:c7:2e:35:82:ae:98:c6:
f4:7a:fb:c9:53:01:25:90:41:45:1d:89:2b:6f:e8:4c:41:f8:
80:e7:14:b9:a7:a0:e9:22:1e:08:3c:70:a6:fb:1a:c5:f2:4d:
d4:b2:b7:54:5c:8e:8a:86:cc:31:17:a6:86:0a:06:e1:ca:0d:
26:6f:96:8e:63:5b:1a:b9:31:47:99:94:cc:48:c9:6b:f6:8c:
9e:91:34:8d:db:ca:1f:33:12:34:03:27:12:7b:c1:d0:e7:a9:
0c:bb:4d:7b:11:03:9e:6f:33:c4:4e:b8:d6:5e:48:8f:32:cd:
78:f2:8c:29:44:89:c9:27:e6:0c:8e:0d:7e:80:6c:1e:b9:69:
05:2b:26:2c:0f:1a:d7:2c:59:f3:2b:fe:50:de:18:09:11:7c:
e9:fd:f3:f2:40:1a:05:8a:2f:51:ab:de:85:9c:4e:35:a6:b0:
d7:46:96:d1:a8:55:54:15:f7:31:91:39:bc:c4:23:62:66:35:
86:cc:cb:91:83:d2:8a:d5:99:26:f8:24:f4:cf:c5:09:f5:be:
bd:95:78:fc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt8gGZlF9uK3rE3HtIoGX7XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NWJjMWQ3Y2Y3YjY5YzhlYjUxZDBjNmQ1NGY3ZmZhZGY3
ODBjYTcwHhcNMjYwMTAyMDIxOTA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjNlMDhhMWUzM2FkMzc3MDBiZWUyMmFiNDhmMGFmNTM5ZjUwNGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLTritLG50J9zW/UP533TQFBHKH0
/CWwMAO1t06fwV7mcXGpmJl+3JKzljvGxYni45W6FGXAFCjPJ6ewaRy/cpAZAENk
L4CFsGTxVHx0pW7jqM0w5IIeijsMmavozcoi1faNWzQywxQI21lUKdfYbJaDQSq/
8twz5vgoDkIjbT+xt2wG3V3zPyHPISGONp+acCATkcNEuloa/Qfv6iTysJCGHTPh
0gdKQpEkdWdhW5Mox6v8oza7gpzLrlYzjmG0UUwcLlpdZef8iCBHd5GDaBqrC264
oFyCsiUm4YIYOQbUVj3wG2wuij/TezQ7kqxbzzuO7HQTasd2fnzyN8xcowIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD8+CKHjOtN3AL7iKrSPCvU59QThMB8GA1UdIwQY
MBaAFIVbwdfPe2nI61HQxtVPf/rfeAynMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFZ2QjE4OTdhY2pyVWRERzFVOV8tdDk0REtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9lM2Q2ZmYtOGZmYi00NzQxLThmYTQt
MGNjNGQyZDI2ZjA2LzEvUHo0SW9lTTYwM2NBdnVJcXRJOEs5VG4xQk9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9lM2Q2ZmYtOGZmYi00NzQxLThmYTQtMGNjNGQyZDI2ZjA2
LzEvaFZ2QjE4OTdhY2pyVWRERzFVOV8tdDk0REtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBbUe6MA8E
AgACMAkDBwEqDvZAAAYwDQYJKoZIhvcNAQELBQADggEBAF3jlFZ8jojMRK3r3Sit
Ztstg851a0JRIm/AyXBGiabE51tkXXUAj8d4dCyr2WOYxy41gq6YxvR6+8lTASWQ
QUUdiStv6ExB+IDnFLmnoOkiHgg8cKb7GsXyTdSyt1RcjoqGzDEXpoYKBuHKDSZv
lo5jWxq5MUeZlMxIyWv2jJ6RNI3byh8zEjQDJxJ7wdDnqQy7TXsRA55vM8ROuNZe
SI8yzXjyjClEickn5gyODX6AbB65aQUrJiwPGtcsWfMr/lDeGAkRfOn98/JAGgWK
L1Gr3oWcTjWmsNdGltGoVVQV9zGRObzEI2JmNYbMy5GD0orVmSb4JPTPxQn1vr2V
ePw=
-----END CERTIFICATE-----
Generated at Thu Mar 26 10:46:34 2026 by rpki-client