Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/943732-9621-4a42-87da-b2de3ebf3e7e/1/ysWkHcC4m8dES9G1oMzcknx5ywc.roa
File: ysWkHcC4m8dES9G1oMzcknx5ywc.roa (raw, json)
Hash identifier: XtvZJNZbz5U46btMQCpXBJcIu+lpBGoaLYth/6jGpzQ=
Subject key identifier: CA:C5:A4:1D:C0:B8:9B:C7:44:4B:D1:B5:A0:CC:DC:92:7C:79:CB:07
Certificate issuer: /CN=f91a8223002e3124e5bb06e82d4f60a379b93dcd
Certificate serial: 019B7AC8E8F40525DC76564DB164A007AB9A
Authority key identifier: F9:1A:82:23:00:2E:31:24:E5:BB:06:E8:2D:4F:60:A3:79:B9:3D:CD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-RqCIwAuMSTluwboLU9go3m5Pc0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/18/943732-9621-4a42-87da-b2de3ebf3e7e/1/ysWkHcC4m8dES9G1oMzcknx5ywc.roa
Signing time: Thu 01 Jan 2026 18:19:05 +0000
ROA not before: Thu 01 Jan 2026 18:19:05 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 211734
IP address blocks: 185.147.136.0/22 maxlen: 22
185.147.136.0/24 maxlen: 24
185.147.137.0/24 maxlen: 24
2a07:3780::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/18/943732-9621-4a42-87da-b2de3ebf3e7e/1/1-RqCIwAuMSTluwboLU9go3m5Pc0.crl
rsync://rpki.ripe.net/repository/DEFAULT/18/943732-9621-4a42-87da-b2de3ebf3e7e/1/1-RqCIwAuMSTluwboLU9go3m5Pc0.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-RqCIwAuMSTluwboLU9go3m5Pc0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7a:c8:e8:f4:05:25:dc:76:56:4d:b1:64:a0:07:ab:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f91a8223002e3124e5bb06e82d4f60a379b93dcd
Validity
Not Before: Jan 1 18:19:05 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=cac5a41dc0b89bc7444bd1b5a0ccdc927c79cb07
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f9:51:47:53:12:36:3b:0e:d9:ea:b5:81:89:6d:
f0:97:1d:0a:8f:2d:04:f5:0e:b0:1b:5f:d2:00:35:
79:85:be:d2:a9:24:f8:ec:11:f4:f0:eb:e1:c8:da:
df:60:4a:fa:90:d7:3e:b6:7c:9a:e6:97:2b:1f:0e:
5e:af:a8:78:3d:aa:19:ee:7d:9c:ce:f5:2d:4b:49:
90:e3:ad:72:9e:e1:b9:a4:45:1d:37:02:82:a8:33:
17:e0:7b:57:78:d2:ac:00:47:f3:a5:c2:99:77:7b:
06:3e:d0:1a:9f:2b:b4:fa:01:4c:b9:ab:6b:8f:29:
9b:3b:40:ba:23:55:dd:ac:bf:3f:52:af:ab:0e:9e:
74:4d:68:60:e1:b4:f6:0b:6d:bf:d3:4b:36:19:a4:
6a:c8:08:45:f8:33:11:b0:51:0f:c6:6e:14:1b:7c:
72:28:6b:5c:5b:9c:90:0a:27:c3:9b:72:cc:c4:01:
9b:14:22:ed:77:bf:96:37:71:ec:d4:b7:3b:45:f9:
8f:85:cd:7a:cc:8b:e7:32:8d:39:9d:81:82:4a:78:
32:a0:38:16:2e:cc:89:cd:2a:e7:87:22:80:14:f1:
e8:b0:eb:12:12:91:a6:5a:a7:64:52:67:08:fc:d3:
fb:04:d3:7a:41:2b:5e:8c:7b:2f:33:31:ac:05:c1:
25:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:C5:A4:1D:C0:B8:9B:C7:44:4B:D1:B5:A0:CC:DC:92:7C:79:CB:07
X509v3 Authority Key Identifier:
keyid:F9:1A:82:23:00:2E:31:24:E5:BB:06:E8:2D:4F:60:A3:79:B9:3D:CD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-RqCIwAuMSTluwboLU9go3m5Pc0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/943732-9621-4a42-87da-b2de3ebf3e7e/1/ysWkHcC4m8dES9G1oMzcknx5ywc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/18/943732-9621-4a42-87da-b2de3ebf3e7e/1/1-RqCIwAuMSTluwboLU9go3m5Pc0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.147.136.0/22
IPv6:
2a07:3780::/29
Signature Algorithm: sha256WithRSAEncryption
28:78:de:5f:d9:a4:cd:28:e6:b7:df:e2:2c:b2:bd:51:99:d4:
6d:20:32:1d:ee:c2:b7:1b:8d:62:c4:45:fe:88:54:fa:d5:37:
71:c6:a5:1a:05:ac:1c:64:4e:11:d0:ed:15:01:bb:9f:98:b6:
e0:e7:f3:47:65:21:50:1c:43:c1:a3:fe:f6:ca:86:11:c3:f2:
d0:2a:28:b7:5c:44:b3:17:4b:a3:98:e3:c2:6d:79:86:9b:28:
48:db:8d:9e:6a:18:2e:a9:01:79:0a:bc:54:ee:91:c9:01:2b:
eb:2a:28:2e:22:6a:ca:c8:22:30:86:e3:19:4b:40:f8:9d:bf:
7a:52:f8:34:f8:41:9a:0f:9c:d5:ec:ec:06:8d:6e:70:86:b7:
08:b8:b8:5e:05:a8:ae:6d:45:71:1c:45:4e:09:bb:92:65:a0:
bd:8c:bf:17:03:5c:94:3b:2f:5a:fe:9c:43:06:e8:04:4f:3a:
56:50:40:dd:b1:0f:49:fb:ac:3f:07:35:38:a6:b5:1d:35:95:
fa:22:3d:59:88:5a:98:48:d2:66:ff:02:d9:76:2f:eb:d7:cd:
97:64:28:0c:47:6d:82:e3:1e:c4:1e:2a:82:81:c0:bb:7b:71:
9d:40:15:93:f9:59:6c:71:77:5c:61:85:d7:9b:cb:92:0a:04:
2d:89:e8:c1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt6yOj0BSXcdlZNsWSgB6uaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5MWE4MjIzMDAyZTMxMjRlNWJiMDZlODJkNGY2MGEzNzli
OTNkY2QwHhcNMjYwMTAxMTgxOTA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWM1YTQxZGMwYjg5YmM3NDQ0YmQxYjVhMGNjZGM5MjdjNzljYjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+VFHUxI2Ow7Z6rWBiW3wlx0Kjy0E
9Q6wG1/SADV5hb7SqST47BH08OvhyNrfYEr6kNc+tnya5pcrHw5er6h4PaoZ7n2c
zvUtS0mQ461ynuG5pEUdNwKCqDMX4HtXeNKsAEfzpcKZd3sGPtAanyu0+gFMuatr
jymbO0C6I1XdrL8/Uq+rDp50TWhg4bT2C22/00s2GaRqyAhF+DMRsFEPxm4UG3xy
KGtcW5yQCifDm3LMxAGbFCLtd7+WN3Hs1Lc7RfmPhc16zIvnMo05nYGCSngyoDgW
LsyJzSrnhyKAFPHosOsSEpGmWqdkUmcI/NP7BNN6QStejHsvMzGsBcElZwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMrFpB3AuJvHREvRtaDM3JJ8ecsHMB8GA1UdIwQY
MBaAFPkagiMALjEk5bsG6C1PYKN5uT3NMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1ScUNJd0F1TVNUbHV3Ym9MVTlnbzNtNVBjMC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgvOTQzNzMyLTk2MjEtNGE0Mi04N2Rh
LWIyZGUzZWJmM2U3ZS8xL3lzV2tIY0M0bThkRVM5RzFvTXpja254NXl3Yy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTgvOTQzNzMyLTk2MjEtNGE0Mi04N2RhLWIyZGUzZWJmM2U3
ZS8xLzEtUnFDSXdBdU1TVGx1d2JvTFU5Z28zbTVQYzAuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAK5k4gw
DQQCAAIwBwMFAyoHN4AwDQYJKoZIhvcNAQELBQADggEBACh43l/ZpM0o5rff4iyy
vVGZ1G0gMh3uwrcbjWLERf6IVPrVN3HGpRoFrBxkThHQ7RUBu5+YtuDn80dlIVAc
Q8Gj/vbKhhHD8tAqKLdcRLMXS6OY48JteYabKEjbjZ5qGC6pAXkKvFTukckBK+sq
KC4iasrIIjCG4xlLQPidv3pS+DT4QZoPnNXs7AaNbnCGtwi4uF4FqK5tRXEcRU4J
u5JloL2MvxcDXJQ7L1r+nEMG6ARPOlZQQN2xD0n7rD8HNTimtR01lfoiPVmIWphI
0mb/Atl2L+vXzZdkKAxHbYLjHsQeKoKBwLt7cZ1AFZP5WWxxd1xhhdeby5IKBC2J
6ME=
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:12:44 2026 by rpki-client