Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/oY3gdIV4n1fET7NwlgUgM7E2A58.roa
File: oY3gdIV4n1fET7NwlgUgM7E2A58.roa (raw, json)
Hash identifier: 2nAz8MBR7//dDF2SyuP46QueU8MfTaGR1aKMQkQHzBo=
Subject key identifier: A1:8D:E0:74:85:78:9F:57:C4:4F:B3:70:96:05:20:33:B1:36:03:9F
Certificate issuer: /CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Certificate serial: 019D9758030CE09717CD0DE0B4DA9E78765F
Authority key identifier: C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/oY3gdIV4n1fET7NwlgUgM7E2A58.roa
Signing time: Thu 16 Apr 2026 17:30:20 +0000
ROA not before: Thu 16 Apr 2026 17:30:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 59645
IP address blocks: 45.91.12.0/22 maxlen: 22
45.91.15.0/24 maxlen: 24
193.104.168.0/24 maxlen: 24
195.191.196.0/23 maxlen: 24
195.191.196.0/24 maxlen: 24
195.191.197.0/24 maxlen: 24
2a06:d1c0::/29 maxlen: 29
2a06:d1c0:a761::/48 maxlen: 48
2a06:d1c0:ac5a::/48 maxlen: 48
2a06:d1c0:deac::/48 maxlen: 48
2a06:d1c0:dead::/48 maxlen: 48
2a06:d1c0:deae::/48 maxlen: 48
2a06:d1c0:f761::/48 maxlen: 48
2a06:d1c1::/32 maxlen: 48
2a06:d1c1:a::/48 maxlen: 48
2a06:d1c1:e::/48 maxlen: 48
2a06:d1c1:23::/48 maxlen: 48
2a06:d1c1:30::/44 maxlen: 48
2a06:d1c1:30::/48 maxlen: 48
2a06:d1c1:ac5a::/48 maxlen: 48
2a06:d1c2::/36 maxlen: 48
2a06:d1c2:a000::/36 maxlen: 36
2a06:d1c2:b000::/36 maxlen: 36
2a06:d1c2:d000::/36 maxlen: 36
2a06:d1c7::/48 maxlen: 48
2a06:d1c7:a::/48 maxlen: 48
2a06:d1c7:b::/48 maxlen: 48
2a06:d1c7:d::/48 maxlen: 48
2a0e:a40::/29 maxlen: 29
2a0e:a40::/32 maxlen: 32
2a0e:a41::/32 maxlen: 32
2a0e:a42::/32 maxlen: 32
2a0e:a43::/32 maxlen: 32
2a0e:a44::/32 maxlen: 32
2a0e:a45::/32 maxlen: 32
2a0e:a46::/32 maxlen: 32
2a0e:a47::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl
rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.mft
rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 11:00:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:97:58:03:0c:e0:97:17:cd:0d:e0:b4:da:9e:78:76:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Validity
Not Before: Apr 16 17:30:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a18de07485789f57c44fb37096052033b136039f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:e4:77:01:f3:6b:d3:8a:1d:7a:b0:2b:39:9b:
24:1b:96:88:7a:13:ac:47:1a:56:d1:56:ca:18:d7:
72:97:1f:db:c5:ab:a9:d8:e5:55:43:bf:18:87:80:
86:ec:5f:0b:c9:5c:09:de:1c:60:29:fb:8c:87:8f:
a7:58:6c:be:69:ce:cb:cb:f6:a0:7d:36:33:8c:a3:
25:84:a6:de:36:69:6e:27:83:68:a4:f1:b3:e2:8e:
35:d1:e1:1e:7b:bb:4d:bd:1a:8f:33:52:2e:0a:5d:
4d:4c:d5:98:8e:c8:4d:dc:67:17:75:90:88:47:a1:
9f:c8:72:e3:a5:d7:30:31:d1:48:6f:48:4b:0b:41:
b9:b6:63:e8:73:cc:04:bf:a0:d6:69:3d:ac:92:ea:
4d:ea:15:dd:5a:28:7c:05:54:d5:0c:27:88:5f:59:
37:43:74:bc:98:eb:29:26:80:89:38:31:b9:ba:6b:
22:ae:e1:fc:02:7d:7f:75:fd:61:c3:4a:aa:a1:1f:
21:9f:d6:65:1d:70:b7:a3:14:a7:ef:42:89:99:00:
a8:e4:0b:3d:80:db:76:68:bb:8f:e9:a5:3c:45:22:
8b:6d:6d:ab:48:90:3e:e4:79:da:30:dd:03:40:d4:
0e:da:0c:bf:34:27:8a:d5:c0:f0:48:54:dc:f4:22:
b3:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:8D:E0:74:85:78:9F:57:C4:4F:B3:70:96:05:20:33:B1:36:03:9F
X509v3 Authority Key Identifier:
keyid:C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/oY3gdIV4n1fET7NwlgUgM7E2A58.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.91.12.0/22
193.104.168.0/24
195.191.196.0/23
IPv6:
2a06:d1c0::/29
2a0e:a40::/29
Signature Algorithm: sha256WithRSAEncryption
63:3c:ad:43:f1:5c:0a:e8:98:f1:5b:49:8f:8b:7b:20:b4:66:
3b:cc:10:ab:0f:cb:09:8c:1b:a6:70:c9:1e:ae:f9:3b:a9:f3:
3e:c6:cc:8d:51:e9:bd:cf:8a:b3:5e:3f:72:4b:ad:9f:19:56:
92:49:17:a9:2a:d1:c4:65:8d:e0:e9:a0:ba:53:f4:02:84:8a:
8e:89:94:f3:41:8a:d6:b3:f9:f8:22:33:24:7c:ae:aa:c6:c8:
c2:54:dc:bf:88:4b:10:aa:a5:90:1d:2c:3c:89:b3:52:0c:ea:
cf:1e:35:e0:c4:45:3e:09:64:cf:35:df:8f:3f:39:d7:25:7c:
9f:6e:05:79:8b:2e:58:63:a7:bf:c7:8d:a1:7e:8e:be:21:7d:
9a:04:42:66:4b:6e:ae:43:61:29:97:a3:7c:57:d0:81:b2:b5:
3c:04:3e:b3:2b:9b:53:3a:f6:13:8c:ed:86:ec:18:51:45:2f:
00:09:43:5a:9c:f0:02:fc:0f:80:c5:8e:d3:91:d2:05:de:32:
cb:9c:18:03:d8:2b:02:b7:73:72:0d:b4:0b:14:51:ec:63:04:
bf:46:49:77:ae:b5:67:8f:51:73:d8:8a:00:9e:c7:8b:9d:06:
e6:c1:5e:8e:bd:2b:13:23:85:d6:a8:e7:86:f9:7b:47:8a:ba:
72:50:ef:5d
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZ2XWAMM4JcXzQ3gtNqeeHZfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NGZhMGFkODk4NzE0OWYwNTUzNDcyNGI0NWEyZjRkNWVi
ZjQ3NWQwHhcNMjYwNDE2MTczMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMThkZTA3NDg1Nzg5ZjU3YzQ0ZmIzNzA5NjA1MjAzM2IxMzYwMzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkuR3AfNr04oderArOZskG5aIehOs
RxpW0VbKGNdylx/bxaup2OVVQ78Yh4CG7F8LyVwJ3hxgKfuMh4+nWGy+ac7Ly/ag
fTYzjKMlhKbeNmluJ4NopPGz4o410eEee7tNvRqPM1IuCl1NTNWYjshN3GcXdZCI
R6GfyHLjpdcwMdFIb0hLC0G5tmPoc8wEv6DWaT2skupN6hXdWih8BVTVDCeIX1k3
Q3S8mOspJoCJODG5umsiruH8An1/df1hw0qqoR8hn9ZlHXC3oxSn70KJmQCo5As9
gNt2aLuP6aU8RSKLbW2rSJA+5HnaMN0DQNQO2gy/NCeK1cDwSFTc9CKzrwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFKGN4HSFeJ9XxE+zcJYFIDOxNgOfMB8GA1UdIwQY
MBaAFMZPoK2JhxSfBVNHJLRaL01ev0ddMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEt
YmNmNzcwMjY5MzlkLzEvb1kzZ2RJVjRuMWZFVDdOd2xnVWdNN0UyQTU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEtYmNmNzcwMjY5Mzlk
LzEveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQCLVsMAwQA
wWioAwQBw7/EMBQEAgACMA4DBQMqBtHAAwUDKg4KQDANBgkqhkiG9w0BAQsFAAOC
AQEAYzytQ/FcCuiY8VtJj4t7ILRmO8wQqw/LCYwbpnDJHq75O6nzPsbMjVHpvc+K
s14/ckutnxlWkkkXqSrRxGWN4OmgulP0AoSKjomU80GK1rP5+CIzJHyuqsbIwlTc
v4hLEKqlkB0sPImzUgzqzx414MRFPglkzzXfjz851yV8n24FeYsuWGOnv8eNoX6O
viF9mgRCZkturkNhKZejfFfQgbK1PAQ+syubUzr2E4zthuwYUUUvAAlDWpzwAvwP
gMWO05HSBd4yy5wYA9grArdzcg20CxRR7GMEv0ZJd661Z49Rc9iKAJ7Hi50G5sFe
jr0rEyOF1qjnhvl7R4q6clDvXQ==
-----END CERTIFICATE-----
Generated at Fri Apr 17 18:21:48 2026 by rpki-client