Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/308589-92fe-4593-93e4-2d0a78be892d/1/Y0tk_Sz2HsUVZBHhG38K63AXXoI.roa
File: Y0tk_Sz2HsUVZBHhG38K63AXXoI.roa (raw, json)
Hash identifier: cuxsa3EYw8MedZ66NKK/P6ufrEIddCWT2hYIuyPu+h0=
Subject key identifier: 63:4B:64:FD:2C:F6:1E:C5:15:64:11:E1:1B:7F:0A:EB:70:17:5E:82
Certificate issuer: /CN=dd3d4011175e5df7a3f57d38e78150a2c05fdd1d
Certificate serial: 019B77C667FA9DB26787C84733614CF73AAC
Authority key identifier: DD:3D:40:11:17:5E:5D:F7:A3:F5:7D:38:E7:81:50:A2:C0:5F:DD:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3T1AERdeXfej9X0454FQosBf3R0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3e/308589-92fe-4593-93e4-2d0a78be892d/1/Y0tk_Sz2HsUVZBHhG38K63AXXoI.roa
Signing time: Thu 01 Jan 2026 04:17:30 +0000
ROA not before: Thu 01 Jan 2026 04:17:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 206805
IP address blocks: 45.84.152.0/23 maxlen: 24
45.84.154.0/24 maxlen: 24
45.84.155.0/24 maxlen: 24
45.145.188.0/23 maxlen: 23
45.145.190.0/23 maxlen: 23
45.145.190.0/24 maxlen: 24
45.145.191.0/24 maxlen: 24
80.85.248.0/23 maxlen: 23
80.85.250.0/23 maxlen: 23
80.85.252.0/24 maxlen: 24
80.85.253.0/24 maxlen: 24
80.85.254.0/23 maxlen: 24
176.119.0.0/21 maxlen: 21
178.159.32.0/23 maxlen: 24
185.159.111.0/24 maxlen: 24
185.228.48.0/22 maxlen: 24
185.247.192.0/22 maxlen: 24
188.64.149.0/24 maxlen: 24
188.64.150.0/23 maxlen: 24
193.19.100.0/23 maxlen: 24
193.141.230.0/23 maxlen: 23
193.142.20.0/23 maxlen: 23
193.246.144.0/24 maxlen: 24
193.246.150.0/24 maxlen: 24
193.246.153.0/24 maxlen: 24
193.246.159.0/24 maxlen: 24
203.81.208.0/20 maxlen: 24
2a0c:ee00::/32 maxlen: 40
2a0c:ee00::/40 maxlen: 40
2a0c:ee00:100::/40 maxlen: 40
2a0c:ee00:200::/40 maxlen: 40
2a0c:ee00:20c::/48 maxlen: 48
2a0c:ee00:300::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3e/308589-92fe-4593-93e4-2d0a78be892d/1/3T1AERdeXfej9X0454FQosBf3R0.crl
rsync://rpki.ripe.net/repository/DEFAULT/3e/308589-92fe-4593-93e4-2d0a78be892d/1/3T1AERdeXfej9X0454FQosBf3R0.mft
rsync://rpki.ripe.net/repository/DEFAULT/3T1AERdeXfej9X0454FQosBf3R0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:77:c6:67:fa:9d:b2:67:87:c8:47:33:61:4c:f7:3a:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dd3d4011175e5df7a3f57d38e78150a2c05fdd1d
Validity
Not Before: Jan 1 04:17:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=634b64fd2cf61ec5156411e11b7f0aeb70175e82
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:55:3a:80:50:aa:8b:e7:33:ae:74:ed:01:87:
e2:56:02:46:a5:1e:52:51:6a:28:0a:be:09:e4:5c:
20:2d:a1:c0:9b:20:4c:07:10:ab:83:07:6a:65:0a:
58:36:96:58:17:9f:2b:dc:81:a7:c6:f2:41:e1:73:
ac:89:f9:e7:90:69:42:e6:08:39:37:72:a3:f6:bb:
b1:46:33:02:ae:a9:96:22:07:79:a3:a3:41:5a:f5:
50:3f:a2:55:c7:9f:77:64:d5:ac:5c:87:73:cd:f8:
ec:c9:a4:b6:df:3b:26:1d:da:de:4f:54:d4:e3:18:
84:73:47:ec:3b:5f:76:7f:0e:da:b5:04:1b:04:8c:
4f:eb:ae:06:0e:ec:c5:ae:4d:41:bf:19:47:c1:74:
8b:f1:66:a1:12:41:fe:c3:34:12:32:84:95:23:c8:
42:6b:05:0e:8b:ec:43:c4:8d:28:7b:ce:e7:16:65:
a4:ca:af:dd:52:ff:3f:a4:b9:f7:fc:9c:04:8c:d8:
dc:87:83:11:98:17:41:d0:1d:96:fb:58:9c:b3:9e:
32:45:1e:1a:6a:c5:90:18:53:c3:5c:53:53:e0:25:
8c:a4:8a:1a:f3:90:44:fc:b5:6f:16:d1:19:5c:0b:
47:cb:90:c7:c3:79:da:8c:de:07:76:48:6d:44:27:
91:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:4B:64:FD:2C:F6:1E:C5:15:64:11:E1:1B:7F:0A:EB:70:17:5E:82
X509v3 Authority Key Identifier:
keyid:DD:3D:40:11:17:5E:5D:F7:A3:F5:7D:38:E7:81:50:A2:C0:5F:DD:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3T1AERdeXfej9X0454FQosBf3R0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/308589-92fe-4593-93e4-2d0a78be892d/1/Y0tk_Sz2HsUVZBHhG38K63AXXoI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/308589-92fe-4593-93e4-2d0a78be892d/1/3T1AERdeXfej9X0454FQosBf3R0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.152.0/22
45.145.188.0/22
80.85.248.0/21
176.119.0.0/21
178.159.32.0/23
185.159.111.0/24
185.228.48.0/22
185.247.192.0/22
188.64.149.0-188.64.151.255
193.19.100.0/23
193.141.230.0/23
193.142.20.0/23
193.246.144.0/24
193.246.150.0/24
193.246.153.0/24
193.246.159.0/24
203.81.208.0/20
IPv6:
2a0c:ee00::/32
Signature Algorithm: sha256WithRSAEncryption
8d:4b:eb:1c:ba:9c:69:4a:18:a3:96:12:25:0c:d1:40:be:41:
14:14:71:39:0f:6e:fd:81:8c:92:59:98:39:4e:94:0a:1a:c2:
6d:7c:9e:07:12:f9:33:1e:8c:c0:25:dc:b3:2f:ac:97:49:1b:
12:81:e7:e4:9a:8f:43:c8:48:99:aa:ac:0d:16:8f:f2:dc:d7:
fc:04:51:cc:46:40:ab:9d:5e:85:a2:87:e6:53:d4:05:b4:66:
f9:6e:c1:6e:5c:96:1c:95:4f:4f:31:2c:99:47:37:5a:80:50:
f6:9a:df:32:b1:31:3d:e3:ae:9a:f1:d6:e5:7f:ab:04:9c:0c:
03:f5:76:02:13:93:dd:bc:1c:0f:dd:e5:68:ca:91:52:95:fd:
a8:9b:2e:21:60:f4:bf:22:ec:fd:a9:57:52:ef:90:f2:24:cf:
69:c9:fa:46:98:01:62:e5:1a:4c:0e:04:98:48:8c:a1:60:1a:
97:4b:e3:91:50:d2:c3:38:f8:bb:59:39:54:b4:5d:d4:65:67:
f4:c8:bc:9b:c6:b7:9b:f4:8d:8b:63:8b:7c:3a:7e:c9:fc:8b:
9b:9b:57:da:0f:a5:bd:f9:e9:c1:af:ca:40:b9:d7:6a:9e:46:
bd:bf:f7:1e:7d:3e:98:ea:d6:b3:c9:8e:1a:6c:96:73:6e:9f:
bb:cd:8f:28
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZt3xmf6nbJnh8hHM2FM9zqsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkM2Q0MDExMTc1ZTVkZjdhM2Y1N2QzOGU3ODE1MGEyYzA1
ZmRkMWQwHhcNMjYwMTAxMDQxNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzRiNjRmZDJjZjYxZWM1MTU2NDExZTExYjdmMGFlYjcwMTc1ZTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVU6gFCqi+czrnTtAYfiVgJGpR5S
UWooCr4J5FwgLaHAmyBMBxCrgwdqZQpYNpZYF58r3IGnxvJB4XOsifnnkGlC5gg5
N3Kj9ruxRjMCrqmWIgd5o6NBWvVQP6JVx593ZNWsXIdzzfjsyaS23zsmHdreT1TU
4xiEc0fsO192fw7atQQbBIxP664GDuzFrk1BvxlHwXSL8WahEkH+wzQSMoSVI8hC
awUOi+xDxI0oe87nFmWkyq/dUv8/pLn3/JwEjNjch4MRmBdB0B2W+1ics54yRR4a
asWQGFPDXFNT4CWMpIoa85BE/LVvFtEZXAtHy5DHw3najN4HdkhtRCeRYwIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFGNLZP0s9h7FFWQR4Rt/CutwF16CMB8GA1UdIwQY
MBaAFN09QBEXXl33o/V9OOeBUKLAX90dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1QxQUVSZGVYZmVqOVgwNDU0RlFvc0JmM1IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8zMDg1ODktOTJmZS00NTkzLTkzZTQt
MmQwYTc4YmU4OTJkLzEvWTB0a19TejJIc1VWWkJIaEczOEs2M0FYWG9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8zMDg1ODktOTJmZS00NTkzLTkzZTQtMmQwYTc4YmU4OTJk
LzEvM1QxQUVSZGVYZmVqOVgwNDU0RlFvc0JmM1IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGYBggrBgEFBQcBBwEB/wSBiDCBhTB0BAIAATBuAwQCLVSY
AwQCLZG8AwQDUFX4AwQDsHcAAwQBsp8gAwQAuZ9vAwQCueQwAwQCuffAMAwDBAC8
QJUDBAO8QJADBAHBE2QDBAHBjeYDBAHBjhQDBADB9pADBADB9pYDBADB9pkDBADB
9p8DBATLUdAwDQQCAAIwBwMFACoM7gAwDQYJKoZIhvcNAQELBQADggEBAI1L6xy6
nGlKGKOWEiUM0UC+QRQUcTkPbv2BjJJZmDlOlAoawm18ngcS+TMejMAl3LMvrJdJ
GxKB5+Saj0PISJmqrA0Wj/Lc1/wEUcxGQKudXoWih+ZT1AW0ZvluwW5clhyVT08x
LJlHN1qAUPaa3zKxMT3jrprx1uV/qwScDAP1dgITk928HA/d5WjKkVKV/aibLiFg
9L8i7P2pV1LvkPIkz2nJ+kaYAWLlGkwOBJhIjKFgGpdL45FQ0sM4+LtZOVS0XdRl
Z/TIvJvGt5v0jYtji3w6fsn8i5ubV9oPpb356cGvykC512qeRr2/9x59Ppjq1rPJ
jhpslnNun7vNjyg=
-----END CERTIFICATE-----
Generated at Mon Mar 2 08:55:23 2026 by rpki-client