Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/e3ee8d-e459-4f47-b75d-97117eeb4891/1/YyRSnlrY6ZL2BY7kWgNKQn7ZABQ.roa
File: YyRSnlrY6ZL2BY7kWgNKQn7ZABQ.roa (raw, json)
Hash identifier: XGF2A8hVRY8awHWUJiWHAMyAA173IB6zQJ6kuXsZFy4=
Subject key identifier: 63:24:52:9E:5A:D8:E9:92:F6:05:8E:E4:5A:03:4A:42:7E:D9:00:14
Certificate issuer: /CN=8a68191cab6ef06b322b0b1248785d484a4524f3
Certificate serial: 019B7F8090C78E78A63DFF9DF68388E20B9D
Authority key identifier: 8A:68:19:1C:AB:6E:F0:6B:32:2B:0B:12:48:78:5D:48:4A:45:24:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/imgZHKtu8GsyKwsSSHhdSEpFJPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/e3ee8d-e459-4f47-b75d-97117eeb4891/1/YyRSnlrY6ZL2BY7kWgNKQn7ZABQ.roa
Signing time: Fri 02 Jan 2026 16:18:10 +0000
ROA not before: Fri 02 Jan 2026 16:18:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 211582
IP address blocks: 5.45.144.0/22 maxlen: 22
80.243.224.0/22 maxlen: 22
185.214.188.0/22 maxlen: 22
212.60.24.0/21 maxlen: 21
2a10:b040:1::/48 maxlen: 48
2a10:b040:2::/48 maxlen: 48
2a10:b040:3::/48 maxlen: 48
2a10:b040:4::/48 maxlen: 48
2a10:b040:5::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/e3ee8d-e459-4f47-b75d-97117eeb4891/1/imgZHKtu8GsyKwsSSHhdSEpFJPM.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/e3ee8d-e459-4f47-b75d-97117eeb4891/1/imgZHKtu8GsyKwsSSHhdSEpFJPM.mft
rsync://rpki.ripe.net/repository/DEFAULT/imgZHKtu8GsyKwsSSHhdSEpFJPM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 04:00:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7f:80:90:c7:8e:78:a6:3d:ff:9d:f6:83:88:e2:0b:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8a68191cab6ef06b322b0b1248785d484a4524f3
Validity
Not Before: Jan 2 16:18:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6324529e5ad8e992f6058ee45a034a427ed90014
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:23:d2:90:7f:e0:6a:85:0c:b5:76:21:68:3b:
2e:2b:19:a9:36:7a:98:36:62:59:01:5a:9a:f3:40:
08:45:56:e7:5a:86:70:3e:29:47:e1:f4:80:8e:28:
33:ed:4d:9f:1f:a7:fd:49:e7:52:20:d7:3c:24:fb:
26:b2:cc:6b:fe:a1:72:1a:a8:47:1a:c3:51:21:d4:
34:24:68:0d:63:f5:06:c1:f5:27:84:21:73:c6:01:
5a:2c:b5:36:2f:53:bb:04:fe:20:b4:48:6a:90:52:
e3:20:80:1a:b9:a2:d9:a8:8b:5f:99:18:00:92:c8:
ad:cc:79:0d:d1:36:10:de:cf:f5:7d:d9:d8:c1:f8:
b0:84:62:0f:8e:8c:1c:0e:67:49:42:6b:e0:24:67:
69:5d:36:62:12:47:70:bd:b1:02:c2:e5:06:38:de:
27:72:bb:12:aa:f0:25:3d:8b:a2:32:27:a2:a0:e7:
5e:23:aa:9c:23:e7:f9:3d:4b:30:85:7e:eb:ab:13:
2b:5c:e4:87:dc:a0:32:c2:e4:72:7a:80:73:30:80:
ff:82:9c:6a:75:36:6a:72:8a:08:74:c7:d0:f7:d6:
27:6c:37:c1:ed:64:b2:13:52:96:43:b2:12:0f:a7:
0e:5a:db:f0:25:62:14:e1:24:53:10:f6:f4:38:97:
04:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:24:52:9E:5A:D8:E9:92:F6:05:8E:E4:5A:03:4A:42:7E:D9:00:14
X509v3 Authority Key Identifier:
keyid:8A:68:19:1C:AB:6E:F0:6B:32:2B:0B:12:48:78:5D:48:4A:45:24:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/imgZHKtu8GsyKwsSSHhdSEpFJPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e3ee8d-e459-4f47-b75d-97117eeb4891/1/YyRSnlrY6ZL2BY7kWgNKQn7ZABQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e3ee8d-e459-4f47-b75d-97117eeb4891/1/imgZHKtu8GsyKwsSSHhdSEpFJPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.45.144.0/22
80.243.224.0/22
185.214.188.0/22
212.60.24.0/21
IPv6:
2a10:b040:1::-2a10:b040:5:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
cb:56:60:4e:6f:50:09:05:f7:27:e9:c7:df:56:26:6f:df:9f:
4e:63:ad:d1:df:3c:b4:3e:ae:a7:e3:d9:18:4e:72:8b:e2:79:
68:84:41:38:0f:95:d7:26:e7:8c:32:bd:c4:88:a2:80:43:8b:
b7:86:de:bf:f9:10:6a:eb:ca:8d:ed:c2:f8:24:a0:c5:35:c1:
ff:14:84:d8:ba:a5:60:5d:14:7a:2b:40:fa:a3:8a:16:4c:96:
fe:06:88:13:c2:8d:ae:32:de:2b:4c:08:35:61:fe:b9:62:ef:
e8:3c:51:0f:6f:10:7c:f7:e0:44:67:28:00:17:2b:17:54:67:
74:ad:86:91:00:e2:c2:e8:86:e5:e0:61:55:c9:c9:4f:bd:e9:
0a:e8:1e:dc:4b:5a:c5:5b:2a:e5:18:2d:c5:5f:27:87:3b:4a:
22:a0:83:bd:e7:71:55:07:ef:57:b7:dd:17:70:4f:f9:1d:b4:
a4:27:cd:d1:3d:c1:84:71:e7:b8:2e:2d:b2:fa:b6:56:f5:7a:
f0:1f:1c:aa:bd:61:41:5b:1a:fd:73:a3:65:df:5b:61:7c:6f:
21:1c:20:be:67:04:f0:b6:8b:6f:60:94:42:0d:f3:d5:83:aa:
ff:30:9f:c4:fc:96:17:c4:05:fa:29:00:ad:3d:c2:68:e2:18:
01:cc:b8:be
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZt/gJDHjnimPf+d9oOI4gudMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNjgxOTFjYWI2ZWYwNmIzMjJiMGIxMjQ4Nzg1ZDQ4NGE0
NTI0ZjMwHhcNMjYwMTAyMTYxODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzI0NTI5ZTVhZDhlOTkyZjYwNThlZTQ1YTAzNGE0MjdlZDkwMDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSPSkH/gaoUMtXYhaDsuKxmpNnqY
NmJZAVqa80AIRVbnWoZwPilH4fSAjigz7U2fH6f9SedSINc8JPsmssxr/qFyGqhH
GsNRIdQ0JGgNY/UGwfUnhCFzxgFaLLU2L1O7BP4gtEhqkFLjIIAauaLZqItfmRgA
ksitzHkN0TYQ3s/1fdnYwfiwhGIPjowcDmdJQmvgJGdpXTZiEkdwvbECwuUGON4n
crsSqvAlPYuiMieioOdeI6qcI+f5PUswhX7rqxMrXOSH3KAywuRyeoBzMID/gpxq
dTZqcooIdMfQ99YnbDfB7WSyE1KWQ7ISD6cOWtvwJWIU4SRTEPb0OJcEKQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFGMkUp5a2OmS9gWO5FoDSkJ+2QAUMB8GA1UdIwQY
MBaAFIpoGRyrbvBrMisLEkh4XUhKRSTzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW1nWkhLdHU4R3N5S3dzU1NIaGRTRXBGSlBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lM2VlOGQtZTQ1OS00ZjQ3LWI3NWQt
OTcxMTdlZWI0ODkxLzEvWXlSU25sclk2WkwyQlk3a1dnTktRbjdaQUJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lM2VlOGQtZTQ1OS00ZjQ3LWI3NWQtOTcxMTdlZWI0ODkx
LzEvaW1nWkhLdHU4R3N5S3dzU1NIaGRTRXBGSlBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAeBAIAATAYAwQCBS2QAwQC
UPPgAwQCuda8AwQD1DwYMBoEAgACMBQwEgMHACoQsEAAAQMHASoQsEAABDANBgkq
hkiG9w0BAQsFAAOCAQEAy1ZgTm9QCQX3J+nH31Ymb9+fTmOt0d88tD6up+PZGE5y
i+J5aIRBOA+V1ybnjDK9xIiigEOLt4bev/kQauvKje3C+CSgxTXB/xSE2LqlYF0U
eitA+qOKFkyW/gaIE8KNrjLeK0wINWH+uWLv6DxRD28QfPfgRGcoABcrF1RndK2G
kQDiwuiG5eBhVcnJT73pCuge3EtaxVsq5RgtxV8nhztKIqCDvedxVQfvV7fdF3BP
+R20pCfN0T3BhHHnuC4tsvq2VvV68B8cqr1hQVsa/XOjZd9bYXxvIRwgvmcE8LaL
b2CUQg3z1YOq/zCfxPyWF8QF+ikArT3CaOIYAcy4vg==
-----END CERTIFICATE-----
Generated at Mon Mar 2 15:21:10 2026 by rpki-client