Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/Aq5wESOUolAkTosvnE7ETStDfyU.roa
File: Aq5wESOUolAkTosvnE7ETStDfyU.roa (raw, json)
Hash identifier: yfEBzyPkUQCnnTcx22tGTzIIsK+Ma5c/+X+c6Yry/fU=
Subject key identifier: 02:AE:70:11:23:94:A2:50:24:4E:8B:2F:9C:4E:C4:4D:2B:43:7F:25
Certificate issuer: /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial: 019BFFCE55E132DFAA4AD9DB8517B411A699
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/Aq5wESOUolAkTosvnE7ETStDfyU.roa
Signing time: Tue 27 Jan 2026 14:14:30 +0000
ROA not before: Tue 27 Jan 2026 14:14:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 200019
IP address blocks: 5.181.0.0/23 maxlen: 24
5.252.20.0/24 maxlen: 24
45.150.110.0/24 maxlen: 24
45.150.111.0/24 maxlen: 24
91.199.133.0/24 maxlen: 24
91.229.239.0/24 maxlen: 24
146.19.213.0/24 maxlen: 24
159.253.120.0/24 maxlen: 24
194.110.247.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:ff:ce:55:e1:32:df:aa:4a:d9:db:85:17:b4:11:a6:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Validity
Not Before: Jan 27 14:14:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=02ae70112394a250244e8b2f9c4ec44d2b437f25
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:23:16:a7:4c:61:ad:b0:9c:65:66:30:44:99:
ec:57:a9:00:fd:2e:a3:4d:7a:95:3a:d7:cb:cc:98:
46:7f:37:e5:47:51:c2:db:e1:a0:d6:49:5e:b1:af:
04:d2:cc:65:6e:26:3f:34:d7:0e:9a:30:d7:fa:a1:
6e:2f:66:a3:89:24:4e:02:b0:96:80:6b:7f:df:61:
ae:9a:6e:0d:83:dc:48:a7:07:99:38:fb:c0:a0:dd:
bb:9c:ad:c7:9c:43:1a:2d:b8:ee:d9:0a:5a:03:ce:
8d:e8:0f:05:de:d1:8a:86:4d:09:28:ab:bf:4f:a3:
43:11:74:3b:1d:ee:06:df:ca:c6:b0:0a:ab:b8:7f:
35:82:54:07:45:d9:38:49:ad:a2:c3:88:2e:aa:d9:
5e:06:73:66:31:6a:2a:9d:83:10:78:bd:2b:e5:58:
22:b3:6a:61:9e:12:53:58:90:c0:ec:8d:7a:a1:65:
0b:71:80:54:ff:2f:44:51:35:21:25:f0:5f:bf:55:
b0:ab:fe:3c:49:1b:b2:08:6d:7a:46:0d:8e:4e:12:
45:f5:a9:fd:ca:12:37:75:f1:fd:ba:3d:89:f7:22:
70:9a:91:fb:3a:d6:ef:af:be:e7:18:b5:47:8b:02:
28:a1:43:6e:39:0e:e4:b9:f8:6e:34:b5:e8:3f:e7:
a6:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:AE:70:11:23:94:A2:50:24:4E:8B:2F:9C:4E:C4:4D:2B:43:7F:25
X509v3 Authority Key Identifier:
keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/Aq5wESOUolAkTosvnE7ETStDfyU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.181.0.0/23
5.252.20.0/24
45.150.110.0/23
91.199.133.0/24
91.229.239.0/24
146.19.213.0/24
159.253.120.0/24
194.110.247.0/24
Signature Algorithm: sha256WithRSAEncryption
6c:8d:3d:48:0e:2c:9e:e6:5d:5f:1e:a6:5a:62:4e:05:bf:9f:
24:dc:35:37:f9:c3:78:10:8c:aa:74:32:89:0a:45:73:77:e3:
04:4b:15:f1:84:ed:3b:5d:12:b1:64:22:3f:58:b6:81:d9:a8:
0b:83:af:6a:e3:29:65:b0:6c:4e:32:f0:cb:2c:45:8c:71:60:
08:a6:1e:49:59:46:4e:f4:80:41:8e:22:6b:c5:f9:ae:57:10:
09:b7:e3:63:54:cf:75:61:14:a0:f0:ea:12:87:ac:bb:1f:e4:
66:6c:67:28:14:d8:f5:df:24:d9:cd:66:6f:16:b1:7f:59:b9:
8d:87:eb:e5:8d:d8:1d:9f:b5:2e:c5:7e:52:62:35:53:2a:9d:
18:e6:3d:c2:02:31:8f:20:43:db:c0:e5:63:ac:67:56:28:fa:
cb:cd:8d:3c:70:9a:f8:b0:4e:2e:2f:c9:48:1a:10:e4:c9:1c:
65:50:87:7e:0a:7c:c3:28:3d:16:b0:61:ec:a1:49:e7:aa:ca:
b2:00:38:6c:e1:df:79:43:bc:b7:38:eb:c7:78:71:24:83:1b:
83:e0:87:b1:34:44:ce:92:c1:14:94:22:32:f3:2e:fe:17:99:
37:89:30:18:fe:92:30:15:8a:62:a7:b9:67:83:cc:61:73:50:
4c:ce:e6:38
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZv/zlXhMt+qStnbhRe0EaaZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjYwMTI3MTQxNDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmFlNzAxMTIzOTRhMjUwMjQ0ZThiMmY5YzRlYzQ0ZDJiNDM3ZjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSMWp0xhrbCcZWYwRJnsV6kA/S6j
TXqVOtfLzJhGfzflR1HC2+Gg1klesa8E0sxlbiY/NNcOmjDX+qFuL2ajiSROArCW
gGt/32Gumm4Ng9xIpweZOPvAoN27nK3HnEMaLbju2QpaA86N6A8F3tGKhk0JKKu/
T6NDEXQ7He4G38rGsAqruH81glQHRdk4Sa2iw4guqtleBnNmMWoqnYMQeL0r5Vgi
s2phnhJTWJDA7I16oWULcYBU/y9EUTUhJfBfv1Wwq/48SRuyCG16Rg2OThJF9an9
yhI3dfH9uj2J9yJwmpH7Otbvr77nGLVHiwIooUNuOQ7kufhuNLXoP+emRwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFAKucBEjlKJQJE6LL5xOxE0rQ38lMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvQXE1d0VTT1VvbEFrVG9zdm5FN0VUU3REZnlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBBbUAAwQA
BfwUAwQBLZZuAwQAW8eFAwQAW+XvAwQAkhPVAwQAn/14AwQAwm73MA0GCSqGSIb3
DQEBCwUAA4IBAQBsjT1IDiye5l1fHqZaYk4Fv58k3DU3+cN4EIyqdDKJCkVzd+ME
SxXxhO07XRKxZCI/WLaB2agLg69q4yllsGxOMvDLLEWMcWAIph5JWUZO9IBBjiJr
xfmuVxAJt+NjVM91YRSg8OoSh6y7H+RmbGcoFNj13yTZzWZvFrF/WbmNh+vljdgd
n7UuxX5SYjVTKp0Y5j3CAjGPIEPbwOVjrGdWKPrLzY08cJr4sE4uL8lIGhDkyRxl
UId+CnzDKD0WsGHsoUnnqsqyADhs4d95Q7y3OOvHeHEkgxuD4IexNETOksEUlCIy
8y7+F5k3iTAY/pIwFYpip7lng8xhc1BMzuY4
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:28:15 2026 by rpki-client