Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/yM-BRopjf51qtduhIy15MptpHyA.roa
File: yM-BRopjf51qtduhIy15MptpHyA.roa (raw, json)
Hash identifier: cYXBlJN/z+ptyvUxLCa1zDp3B5VQu0MKslmhphO0gbQ=
Subject key identifier: C8:CF:81:46:8A:63:7F:9D:6A:B5:DB:A1:23:2D:79:32:9B:69:1F:20
Certificate issuer: /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial: 019C751F059E5A9949E63E76B846EA98CD1A
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/yM-BRopjf51qtduhIy15MptpHyA.roa
Signing time: Thu 19 Feb 2026 08:58:13 +0000
ROA not before: Thu 19 Feb 2026 08:58:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 197706
IP address blocks: 31.171.152.0/24 maxlen: 24
31.171.153.0/24 maxlen: 24
31.171.154.0/24 maxlen: 24
31.171.155.0/24 maxlen: 24
45.142.26.0/24 maxlen: 24
103.124.165.0/24 maxlen: 24
103.124.167.0/24 maxlen: 24
109.104.140.0/24 maxlen: 24
109.104.141.0/24 maxlen: 24
144.48.54.0/24 maxlen: 24
144.48.55.0/24 maxlen: 24
185.53.100.0/24 maxlen: 24
185.53.101.0/24 maxlen: 24
185.153.125.0/24 maxlen: 24
185.153.126.0/24 maxlen: 24
185.153.127.0/24 maxlen: 24
195.146.16.0/24 maxlen: 24
195.146.18.0/24 maxlen: 24
195.146.20.0/24 maxlen: 24
195.146.22.0/24 maxlen: 24
195.146.24.0/24 maxlen: 24
195.146.26.0/24 maxlen: 24
195.146.28.0/24 maxlen: 24
195.146.30.0/24 maxlen: 24
209.23.44.0/24 maxlen: 24
209.23.45.0/24 maxlen: 24
209.23.46.0/24 maxlen: 24
209.23.47.0/24 maxlen: 24
2a04:27c0::/29 maxlen: 48
2a04:27c0:fffd::/48 maxlen: 48
2a04:27c0:fffe::/48 maxlen: 48
2a09:6e40::/29 maxlen: 48
2a09:6e47::/48 maxlen: 48
2a09:6ec0::/29 maxlen: 48
2a0d:27c0::/29 maxlen: 48
2a0d:27c4::/32 maxlen: 32
2a0d:42c0::/29 maxlen: 48
2a0d:4a40::/29 maxlen: 48
2a0d:4a46::/32 maxlen: 32
2a0e:3f00::/29 maxlen: 48
2a0e:3f01::/48 maxlen: 48
2a0e:4f00::/29 maxlen: 48
2a0e:4f05::/32 maxlen: 32
2a0e:d4c0::/29 maxlen: 48
2a0f:42c0::/29 maxlen: 48
2a0f:a880::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.mft
rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 05:00:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:75:1f:05:9e:5a:99:49:e6:3e:76:b8:46:ea:98:cd:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
Validity
Not Before: Feb 19 08:58:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c8cf81468a637f9d6ab5dba1232d79329b691f20
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:25:e7:b9:16:f4:ff:de:45:78:42:27:f4:a7:
1c:eb:96:8b:57:02:36:1b:6a:5b:cd:d4:89:ff:97:
31:ce:b3:e4:2e:e7:3c:55:49:7a:f6:7d:e6:1e:14:
8b:84:69:2b:e9:5f:00:ef:ba:8a:49:76:76:8b:6e:
51:cf:c4:c9:c0:5f:9f:11:fc:17:38:85:38:77:3d:
ae:71:97:fb:ae:21:16:45:81:41:b7:d7:65:c2:3e:
e6:0a:47:23:59:38:05:d2:b4:a3:af:39:ab:bb:84:
4d:47:68:32:dc:a0:9c:ad:36:a4:9c:c8:57:80:51:
58:eb:d4:2b:27:38:fc:05:45:e7:ca:e0:e4:57:5f:
e6:c6:b8:1e:31:ec:68:d6:ea:56:3f:5b:6d:bf:67:
29:98:81:ee:5a:cf:c9:1e:36:47:6b:26:56:ff:97:
3d:52:fa:14:13:1a:c7:fe:c9:5c:35:15:a8:2d:cb:
96:94:2c:19:c3:b0:21:3b:3c:fd:9b:34:66:2d:60:
f1:71:33:eb:90:37:9a:aa:47:9c:b7:cb:7c:f4:13:
62:11:c4:10:29:e9:d5:54:e4:a8:e5:1c:f1:ab:e8:
64:e0:c8:07:b2:79:7e:55:b4:b9:18:95:10:ba:8a:
b8:59:82:4f:01:7c:9f:6c:58:bd:b9:c8:eb:35:ef:
02:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:CF:81:46:8A:63:7F:9D:6A:B5:DB:A1:23:2D:79:32:9B:69:1F:20
X509v3 Authority Key Identifier:
keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/yM-BRopjf51qtduhIy15MptpHyA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.171.152.0/22
45.142.26.0/24
103.124.165.0/24
103.124.167.0/24
109.104.140.0/23
144.48.54.0/23
185.53.100.0/23
185.153.125.0-185.153.127.255
195.146.16.0/24
195.146.18.0/24
195.146.20.0/24
195.146.22.0/24
195.146.24.0/24
195.146.26.0/24
195.146.28.0/24
195.146.30.0/24
209.23.44.0/22
IPv6:
2a04:27c0::/29
2a09:6e40::/29
2a09:6ec0::/29
2a0d:27c0::/29
2a0d:42c0::/29
2a0d:4a40::/29
2a0e:3f00::/29
2a0e:4f00::/29
2a0e:d4c0::/29
2a0f:42c0::/29
2a0f:a880::/29
Signature Algorithm: sha256WithRSAEncryption
6a:d7:91:eb:30:19:b1:61:53:3b:0b:2c:75:0b:55:24:ee:13:
98:9d:ec:8a:74:73:d1:06:dd:4c:9b:40:51:33:d9:f0:66:9e:
b2:a1:ff:08:b1:40:ca:28:fc:0c:5f:17:c5:58:95:28:5c:86:
62:93:2b:2a:7d:13:1b:fb:35:be:d8:76:e0:d2:b5:a8:d4:eb:
7a:62:ec:b2:9d:bb:d1:0e:23:d1:ad:94:79:3c:c6:bb:ab:2e:
40:8e:a6:91:0c:70:9e:88:98:b1:c8:2a:5c:3a:fc:c4:cc:e3:
b9:03:1f:1d:12:ea:58:9b:59:17:d2:67:49:20:77:13:01:97:
c5:d5:eb:47:d2:89:77:54:52:d2:b7:d7:35:10:ab:27:31:51:
78:fb:47:0d:0e:13:69:dd:78:62:9a:63:64:4d:1a:2f:15:4b:
13:20:7c:9f:b6:c5:43:7c:24:26:e1:21:50:ca:be:f6:d8:8a:
81:a1:4b:68:eb:b2:ad:6a:b8:df:6c:df:a4:12:f5:d4:95:15:
6e:0c:ca:cf:65:12:b5:b8:e8:bd:19:ed:fc:a1:94:0e:5e:21:
54:da:31:1e:6a:d5:f1:e9:fd:f7:cb:32:96:36:e9:84:f0:45:
df:2c:c2:12:eb:2a:a8:40:62:3c:24:e9:25:62:70:9a:36:c5:
f0:4a:06:19
-----BEGIN CERTIFICATE-----
MIIFvTCCBKWgAwIBAgISAZx1HwWeWplJ5j52uEbqmM0aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNGFkNDUzNWFjODhkZDUzNDE5OWYyYTcyNjA5NWFmNzFh
ZmU0NGUwHhcNMjYwMjE5MDg1ODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGNmODE0NjhhNjM3ZjlkNmFiNWRiYTEyMzJkNzkzMjliNjkxZjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCXnuRb0/95FeEIn9Kcc65aLVwI2
G2pbzdSJ/5cxzrPkLuc8VUl69n3mHhSLhGkr6V8A77qKSXZ2i25Rz8TJwF+fEfwX
OIU4dz2ucZf7riEWRYFBt9dlwj7mCkcjWTgF0rSjrzmru4RNR2gy3KCcrTaknMhX
gFFY69QrJzj8BUXnyuDkV1/mxrgeMexo1upWP1ttv2cpmIHuWs/JHjZHayZW/5c9
UvoUExrH/slcNRWoLcuWlCwZw7AhOzz9mzRmLWDxcTPrkDeaqkect8t89BNiEcQQ
KenVVOSo5Rzxq+hk4MgHsnl+VbS5GJUQuoq4WYJPAXyfbFi9ucjrNe8CBQIDAQAB
o4ICyTCCAsUwHQYDVR0OBBYEFMjPgUaKY3+darXboSMteTKbaR8gMB8GA1UdIwQY
MBaAFGJK1FNayI3VNBmfKnJgla9xr+ROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTct
ZmI1OTQ5ODA4ZGRjLzEveU0tQlJvcGpmNTFxdGR1aEl5MTVNcHRwSHlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTctZmI1OTQ5ODA4ZGRj
LzEvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHeBggrBgEFBQcBBwEB/wSBzjCByzB0BAIAATBuAwQCH6uY
AwQALY4aAwQAZ3ylAwQAZ3ynAwQBbWiMAwQBkDA2AwQBuTVkMAwDBAC5mX0DBAe5
mQADBADDkhADBADDkhIDBADDkhQDBADDkhYDBADDkhgDBADDkhoDBADDkhwDBADD
kh4DBALRFywwUwQCAAIwTQMFAyoEJ8ADBQMqCW5AAwUDKgluwAMFAyoNJ8ADBQMq
DULAAwUDKg1KQAMFAyoOPwADBQMqDk8AAwUDKg7UwAMFAyoPQsADBQMqD6iAMA0G
CSqGSIb3DQEBCwUAA4IBAQBq15HrMBmxYVM7Cyx1C1Uk7hOYneyKdHPRBt1Mm0BR
M9nwZp6yof8IsUDKKPwMXxfFWJUoXIZikysqfRMb+zW+2Hbg0rWo1Ot6YuyynbvR
DiPRrZR5PMa7qy5AjqaRDHCeiJixyCpcOvzEzOO5Ax8dEupYm1kX0mdJIHcTAZfF
1etH0ol3VFLSt9c1EKsnMVF4+0cNDhNp3XhimmNkTRovFUsTIHyftsVDfCQm4SFQ
yr722IqBoUto67KtarjfbN+kEvXUlRVuDMrPZRK1uOi9Ge38oZQOXiFU2jEeatXx
6f33yzKWNumE8EXfLMIS6yqoQGI8JOklYnCaNsXwSgYZ
-----END CERTIFICATE-----
Generated at Mon Mar 2 13:40:10 2026 by rpki-client