Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/1DCNyrJbtTSyDmeCmbRtwNY27os.roa
File: 1DCNyrJbtTSyDmeCmbRtwNY27os.roa (raw, json)
Hash identifier: 3zUXYIWkZIebpWWfFKK3ucV38Whsjfb0rq4rEh6iQ2g=
Subject key identifier: D4:30:8D:CA:B2:5B:B5:34:B2:0E:67:82:99:B4:6D:C0:D6:36:EE:8B
Certificate issuer: /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial: 019CFCFC2833E285CE33AF07E7735188B47B
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/1DCNyrJbtTSyDmeCmbRtwNY27os.roa
Signing time: Tue 17 Mar 2026 18:08:29 +0000
ROA not before: Tue 17 Mar 2026 18:08:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 204997
IP address blocks: 104.128.132.0/24 maxlen: 24
104.128.133.0/24 maxlen: 24
104.128.136.0/24 maxlen: 24
104.128.137.0/24 maxlen: 24
104.128.140.0/24 maxlen: 24
104.128.141.0/24 maxlen: 24
135.136.180.0/24 maxlen: 24
135.136.188.0/24 maxlen: 24
135.136.191.0/24 maxlen: 24
2a0c:5d00:3001::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 15:00:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:fc:fc:28:33:e2:85:ce:33:af:07:e7:73:51:88:b4:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
Validity
Not Before: Mar 17 18:08:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d4308dcab25bb534b20e678299b46dc0d636ee8b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:a8:22:b3:09:b4:b4:da:58:eb:73:17:6f:38:
b9:49:b2:eb:d5:69:e7:92:c8:79:dc:ec:37:54:7c:
5a:29:5b:37:95:71:48:e7:e4:e7:64:1c:63:e6:f8:
15:e9:b6:6a:d8:29:81:23:fb:7a:60:9e:46:f7:19:
d6:39:78:7d:a9:1a:10:17:88:a0:93:70:bc:a4:6a:
27:bf:85:bf:91:d5:08:45:ca:73:55:53:15:55:19:
dc:45:13:b7:ab:c2:82:7c:85:81:c9:11:59:7e:ad:
e6:62:12:3e:86:03:1c:24:5c:04:b3:90:86:37:da:
69:69:cb:cb:3a:7a:49:e8:1c:90:c4:94:f2:c0:1c:
a6:1c:89:7e:f9:94:0e:c9:7a:8d:4a:cb:2f:4c:47:
5c:b2:e6:74:1a:c0:ae:0c:09:d9:d5:29:f6:84:1c:
f6:63:1d:c9:1a:19:d6:5f:34:eb:02:ae:d2:35:47:
89:1a:7d:7a:25:41:89:93:24:48:50:12:1f:1b:21:
38:78:f1:11:9a:5e:db:09:d0:e9:56:88:8d:4c:ec:
87:9d:64:5f:d6:cd:04:67:9f:28:c3:21:88:d8:d8:
d6:d5:9a:5f:be:39:b7:cf:bc:b7:ea:a0:0c:39:e3:
9f:43:fc:32:a6:7f:c8:79:ea:91:65:cc:7b:b1:e1:
db:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:30:8D:CA:B2:5B:B5:34:B2:0E:67:82:99:B4:6D:C0:D6:36:EE:8B
X509v3 Authority Key Identifier:
keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/1DCNyrJbtTSyDmeCmbRtwNY27os.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
104.128.132.0/23
104.128.136.0/23
104.128.140.0/23
135.136.180.0/24
135.136.188.0/24
135.136.191.0/24
IPv6:
2a0c:5d00:3001::/48
Signature Algorithm: sha256WithRSAEncryption
42:41:9a:ba:70:84:93:1d:85:ab:ea:b4:60:06:0c:19:c7:4f:
90:37:63:12:08:c3:ac:b4:ac:d8:ed:90:d7:17:04:7a:79:5b:
e8:45:85:9e:f0:80:f2:ee:10:a2:77:58:73:64:cc:35:08:9f:
d0:f9:23:c0:0f:76:8a:92:41:96:b5:a3:95:40:e4:f8:4b:f9:
88:28:78:ec:3b:ab:f8:09:74:92:73:b8:e1:85:be:97:01:91:
72:7f:6e:94:c4:63:e9:40:69:78:25:8c:fd:dd:c9:7e:7b:4a:
6f:69:da:ae:30:3d:06:b6:2b:f0:39:06:f7:32:a7:2a:13:fc:
d6:8d:1f:1c:44:9b:ec:f0:b8:8c:5f:f3:05:32:0d:ab:01:99:
0c:92:f7:df:88:0d:24:24:55:ad:c6:3c:22:b8:35:38:67:c2:
ba:78:5e:4e:16:77:af:ee:5b:87:c6:d2:31:c2:5b:02:2d:c4:
fa:0a:ce:a9:55:d4:26:78:29:00:41:7a:aa:00:d5:3f:f0:9c:
40:d7:aa:8e:e8:c2:ef:58:45:df:1d:3d:03:1b:39:38:c2:28:
65:50:a3:76:db:80:1d:b0:be:c4:2a:51:8a:81:e5:f6:d4:ee:
ce:64:7c:e3:e3:47:9a:24:4f:3a:2c:05:03:ac:86:65:78:8c:
a9:b8:11:3b
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZz8/Cgz4oXOM68H53NRiLR7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjYwMzE3MTgwODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDMwOGRjYWIyNWJiNTM0YjIwZTY3ODI5OWI0NmRjMGQ2MzZlZThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKgiswm0tNpY63MXbzi5SbLr1Wnn
ksh53Ow3VHxaKVs3lXFI5+TnZBxj5vgV6bZq2CmBI/t6YJ5G9xnWOXh9qRoQF4ig
k3C8pGonv4W/kdUIRcpzVVMVVRncRRO3q8KCfIWByRFZfq3mYhI+hgMcJFwEs5CG
N9ppacvLOnpJ6ByQxJTywBymHIl++ZQOyXqNSssvTEdcsuZ0GsCuDAnZ1Sn2hBz2
Yx3JGhnWXzTrAq7SNUeJGn16JUGJkyRIUBIfGyE4ePERml7bCdDpVoiNTOyHnWRf
1s0EZ58owyGI2NjW1Zpfvjm3z7y36qAMOeOfQ/wypn/IeeqRZcx7seHboQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFNQwjcqyW7U0sg5ngpm0bcDWNu6LMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvMURDTnlySmJ0VFN5RG1lQ21iUnR3TlkyN29zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAqBAIAATAkAwQBaICEAwQB
aICIAwQBaICMAwQAh4i0AwQAh4i8AwQAh4i/MA8EAgACMAkDBwAqDF0AMAEwDQYJ
KoZIhvcNAQELBQADggEBAEJBmrpwhJMdhavqtGAGDBnHT5A3YxIIw6y0rNjtkNcX
BHp5W+hFhZ7wgPLuEKJ3WHNkzDUIn9D5I8APdoqSQZa1o5VA5PhL+YgoeOw7q/gJ
dJJzuOGFvpcBkXJ/bpTEY+lAaXgljP3dyX57Sm9p2q4wPQa2K/A5BvcypyoT/NaN
HxxEm+zwuIxf8wUyDasBmQyS99+IDSQkVa3GPCK4NThnwrp4Xk4Wd6/uW4fG0jHC
WwItxPoKzqlV1CZ4KQBBeqoA1T/wnEDXqo7owu9YRd8dPQMbOTjCKGVQo3bbgB2w
vsQqUYqB5fbU7s5kfOPjR5okTzosBQOshmV4jKm4ETs=
-----END CERTIFICATE-----
Generated at Fri Mar 27 00:07:34 2026 by rpki-client