Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/bhIBklZheMq-9tZpH7RtF8qmQRk.roa
File: bhIBklZheMq-9tZpH7RtF8qmQRk.roa (raw, json)
Hash identifier: N9DLacCSl3KtCFUJLw6tdIHFf2BMAbo1XMXGyOGBM5Q=
Subject key identifier: 6E:12:01:92:56:61:78:CA:BE:F6:D6:69:1F:B4:6D:17:CA:A6:41:19
Certificate issuer: /CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
Certificate serial: 019CAF91B19207FCCFF76BE1890503A22D72
Authority key identifier: 36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/bhIBklZheMq-9tZpH7RtF8qmQRk.roa
Signing time: Mon 02 Mar 2026 17:21:26 +0000
ROA not before: Mon 02 Mar 2026 17:21:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 200373
IP address blocks: 45.3.32.0/20 maxlen: 24
45.3.48.0/21 maxlen: 24
45.3.62.0/24 maxlen: 24
65.111.0.0/19 maxlen: 24
95.141.242.0/24 maxlen: 24
104.167.19.0/24 maxlen: 24
104.167.25.0/24 maxlen: 24
104.207.32.0/19 maxlen: 24
151.123.176.0/24 maxlen: 24
151.123.177.0/24 maxlen: 24
151.123.178.0/24 maxlen: 24
195.63.0.0/19 maxlen: 24
209.50.160.0/19 maxlen: 24
216.26.224.0/19 maxlen: 24
217.181.64.0/19 maxlen: 24
2a0a:da40::/29 maxlen: 29
2a13:3f80::/32 maxlen: 32
2a13:3f83::/32 maxlen: 32
2a13:3f84::/32 maxlen: 32
2a13:3f85::/32 maxlen: 32
2a13:3f86::/32 maxlen: 32
2a13:3f87::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl
rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.mft
rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 21:01:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:af:91:b1:92:07:fc:cf:f7:6b:e1:89:05:03:a2:2d:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
Validity
Not Before: Mar 2 17:21:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6e120192566178cabef6d6691fb46d17caa64119
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:44:eb:91:f2:0d:ba:6a:95:c4:2b:6b:75:75:
aa:b0:a0:60:f9:c1:0f:d4:49:11:6d:c4:6f:4d:4e:
0a:d7:4e:66:a1:60:33:b5:8f:bd:81:ba:f6:bb:0d:
9c:b2:46:32:5a:09:f5:1c:04:29:2c:25:d0:db:3e:
6d:81:6b:40:21:84:8d:5e:97:1c:03:18:27:81:e4:
61:1b:06:4f:f6:09:95:0b:0d:3b:6b:2f:38:7f:51:
d6:89:ef:d6:e0:e0:65:29:76:d7:eb:c4:7f:14:0a:
63:64:91:29:64:94:74:58:ac:55:83:78:1f:a3:18:
39:76:9b:7d:3b:09:16:cb:01:75:14:b7:a8:78:53:
ce:4b:89:c7:d8:2a:d0:70:fd:49:62:09:23:f6:5f:
c6:b6:c3:9d:2d:0e:65:15:b5:4e:6b:41:1e:84:0a:
17:29:ce:1c:49:2f:cb:75:e5:a0:01:3b:b9:6e:6c:
2c:bb:30:89:04:e7:e5:52:b9:cb:b3:09:2e:da:43:
2a:26:dc:80:ec:40:e6:08:f1:c9:4b:47:a8:c9:7b:
a0:07:14:5b:24:03:66:86:72:f2:93:fe:9f:fb:26:
17:b1:db:44:86:4f:75:e3:83:79:1c:ea:c1:f4:4f:
2d:be:1b:63:bc:e4:94:34:fe:d4:84:eb:99:1a:3c:
19:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:12:01:92:56:61:78:CA:BE:F6:D6:69:1F:B4:6D:17:CA:A6:41:19
X509v3 Authority Key Identifier:
keyid:36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/bhIBklZheMq-9tZpH7RtF8qmQRk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.3.32.0-45.3.55.255
45.3.62.0/24
65.111.0.0/19
95.141.242.0/24
104.167.19.0/24
104.167.25.0/24
104.207.32.0/19
151.123.176.0-151.123.178.255
195.63.0.0/19
209.50.160.0/19
216.26.224.0/19
217.181.64.0/19
IPv6:
2a0a:da40::/29
2a13:3f80::/32
2a13:3f83::-2a13:3f87:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
93:42:2f:e6:58:2a:a3:91:1e:0f:17:e3:03:83:9e:e7:fc:12:
e5:36:83:28:2a:d0:00:07:0b:81:40:3f:8d:aa:09:94:e0:a7:
6d:be:85:fc:32:57:69:b9:36:25:d3:41:84:24:d5:37:00:f8:
58:0f:ff:18:32:88:4b:42:82:5d:2c:0e:e8:b0:33:ee:74:85:
5e:0b:98:61:07:cc:a6:9d:8c:5e:e5:8a:a8:1a:69:40:fe:30:
86:2b:13:05:96:16:76:a4:7a:df:ef:38:ee:91:60:54:ac:43:
e4:d8:e9:33:76:d3:d1:55:0a:e3:3f:35:c6:25:0b:1e:f3:64:
03:a9:5b:bd:0c:4b:11:b2:ac:97:48:7c:0e:d0:cd:03:e2:ca:
8c:27:ae:24:a0:42:88:95:00:69:33:79:21:21:53:34:a9:dd:
b5:3c:7e:55:52:f6:59:e6:6e:45:d5:e2:de:b6:29:11:d1:7a:
ff:5d:b3:63:13:5d:cf:dd:4e:be:4e:67:44:14:91:1e:0c:2c:
9a:de:98:07:60:f3:3e:bc:25:0d:19:6a:5d:d9:57:2e:a0:8c:
ba:8d:1b:6e:03:8f:91:6c:c0:86:35:6e:a7:3e:8f:32:75:40:
aa:a2:a9:3c:4c:e0:7a:1e:8e:a4:e6:b8:f0:da:39:05:15:7d:
2c:cd:68:8b
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZyvkbGSB/zP92vhiQUDoi1yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MjJmYzJmOGFkOGIwMDgzNTdkYmU2ZjAxOTU5NjBjOWRl
NjFiZDUwHhcNMjYwMzAyMTcyMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTEyMDE5MjU2NjE3OGNhYmVmNmQ2NjkxZmI0NmQxN2NhYTY0MTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0TrkfINumqVxCtrdXWqsKBg+cEP
1EkRbcRvTU4K105moWAztY+9gbr2uw2cskYyWgn1HAQpLCXQ2z5tgWtAIYSNXpcc
AxgngeRhGwZP9gmVCw07ay84f1HWie/W4OBlKXbX68R/FApjZJEpZJR0WKxVg3gf
oxg5dpt9OwkWywF1FLeoeFPOS4nH2CrQcP1JYgkj9l/GtsOdLQ5lFbVOa0EehAoX
Kc4cSS/LdeWgATu5bmwsuzCJBOflUrnLswku2kMqJtyA7EDmCPHJS0eoyXugBxRb
JANmhnLyk/6f+yYXsdtEhk9144N5HOrB9E8tvhtjvOSUNP7UhOuZGjwZFwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFG4SAZJWYXjKvvbWaR+0bRfKpkEZMB8GA1UdIwQY
MBaAFDYi/C+K2LAINX2+bwGVlgyd5hvVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmIt
MDg4MzVkZmY2YzRmLzEvYmhJQmtsWmhlTXEtOXRacEg3UnRGOHFtUVJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmItMDg4MzVkZmY2YzRm
LzEvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGZBggrBgEFBQcBBwEB/wSBiTCBhjBeBAIAATBYMAwDBAUt
AyADBAMtAzADBAAtAz4DBAVBbwADBABfjfIDBABopxMDBABopxkDBAVozyAwDAME
BJd7sAMEAJd7sgMEBcM/AAMEBdEyoAMEBdga4AMEBdm1QDAkBAIAAjAeAwUDKgra
QAMFACoTP4AwDgMFACoTP4MDBQMqEz+AMA0GCSqGSIb3DQEBCwUAA4IBAQCTQi/m
WCqjkR4PF+MDg57n/BLlNoMoKtAABwuBQD+NqgmU4KdtvoX8MldpuTYl00GEJNU3
APhYD/8YMohLQoJdLA7osDPudIVeC5hhB8ymnYxe5YqoGmlA/jCGKxMFlhZ2pHrf
7zjukWBUrEPk2OkzdtPRVQrjPzXGJQse82QDqVu9DEsRsqyXSHwO0M0D4sqMJ64k
oEKIlQBpM3khIVM0qd21PH5VUvZZ5m5F1eLetikR0Xr/XbNjE13P3U6+TmdEFJEe
DCya3pgHYPM+vCUNGWpd2VcuoIy6jRtuA4+RbMCGNW6nPo8ydUCqoqk8TOB6Ho6k
5rjw2jkFFX0szWiL
-----END CERTIFICATE-----
Generated at Thu Mar 26 08:36:43 2026 by rpki-client