Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/5f217a-de26-4bf0-ac20-4fdae09a677d/1/2YeI2iTdKuTlvqMe4sOgGCIyYoo.roa
File: 2YeI2iTdKuTlvqMe4sOgGCIyYoo.roa (raw, json)
Hash identifier: 02/F9yMKiIKlo7hndzCydCS9KD+xiL1gHlJPnwXYt3g=
Subject key identifier: D9:87:88:DA:24:DD:2A:E4:E5:BE:A3:1E:E2:C3:A0:18:22:32:62:8A
Certificate issuer: /CN=6eef0dc51dfff0103419599906365572b7fe48fe
Certificate serial: 019B7A5B684514B7F2CA5B6C538DD8FAF2D8
Authority key identifier: 6E:EF:0D:C5:1D:FF:F0:10:34:19:59:99:06:36:55:72:B7:FE:48:FE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bu8NxR3_8BA0GVmZBjZVcrf-SP4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/5f217a-de26-4bf0-ac20-4fdae09a677d/1/2YeI2iTdKuTlvqMe4sOgGCIyYoo.roa
Signing time: Thu 01 Jan 2026 16:19:29 +0000
ROA not before: Thu 01 Jan 2026 16:19:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 61055
IP address blocks: 185.10.72.0/24 maxlen: 24
185.10.73.0/24 maxlen: 24
185.10.74.0/24 maxlen: 24
185.10.75.0/24 maxlen: 24
2a02:dfc0:1::/48 maxlen: 48
2a02:dfc0:2::/48 maxlen: 48
2a02:dfc0:3::/48 maxlen: 48
2a02:dfc0:4::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/59/5f217a-de26-4bf0-ac20-4fdae09a677d/1/bu8NxR3_8BA0GVmZBjZVcrf-SP4.crl
rsync://rpki.ripe.net/repository/DEFAULT/59/5f217a-de26-4bf0-ac20-4fdae09a677d/1/bu8NxR3_8BA0GVmZBjZVcrf-SP4.mft
rsync://rpki.ripe.net/repository/DEFAULT/bu8NxR3_8BA0GVmZBjZVcrf-SP4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7a:5b:68:45:14:b7:f2:ca:5b:6c:53:8d:d8:fa:f2:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6eef0dc51dfff0103419599906365572b7fe48fe
Validity
Not Before: Jan 1 16:19:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d98788da24dd2ae4e5bea31ee2c3a0182232628a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:15:25:13:44:b1:03:57:90:23:91:8a:b8:9b:
c3:06:2b:dc:e4:cc:e8:8d:6f:e5:2d:81:18:3c:94:
93:18:1e:b1:67:c7:a2:9c:48:45:79:8a:cf:07:71:
78:40:7e:7e:1d:0d:0f:61:12:cb:d5:19:65:a4:e2:
a3:be:f0:68:1d:15:7a:21:bc:c9:77:0f:fb:65:63:
65:ea:c6:12:96:e2:e8:47:02:2c:6a:29:f7:71:5f:
72:d7:7d:64:8c:0e:d5:da:29:5e:da:93:65:a3:b7:
ab:fc:1f:ef:56:ce:7c:99:2b:19:f0:5f:09:3a:d4:
7b:ab:70:5a:39:e3:ea:67:6b:67:1c:10:79:be:5d:
79:f9:3b:d5:cd:e1:3d:1e:82:c9:6e:f7:c1:41:e6:
b5:30:f8:91:c0:fd:4e:ed:37:3a:ee:44:6b:c5:f0:
f6:54:22:03:e9:5c:3a:1f:40:63:7f:20:c6:79:14:
04:8d:4e:00:e5:a8:4f:9a:5c:3b:0c:d3:42:d8:37:
7c:d4:0b:14:a1:84:c5:bb:89:ae:93:ea:a5:ef:4f:
fe:1c:c8:2e:24:d6:12:3f:9c:6a:f0:c1:05:5e:1d:
56:41:0e:e2:28:d2:2f:d6:97:5e:76:82:a9:c6:2c:
b7:d8:61:d0:c3:e7:62:66:13:46:78:98:f0:f0:60:
dd:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:87:88:DA:24:DD:2A:E4:E5:BE:A3:1E:E2:C3:A0:18:22:32:62:8A
X509v3 Authority Key Identifier:
keyid:6E:EF:0D:C5:1D:FF:F0:10:34:19:59:99:06:36:55:72:B7:FE:48:FE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bu8NxR3_8BA0GVmZBjZVcrf-SP4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/5f217a-de26-4bf0-ac20-4fdae09a677d/1/2YeI2iTdKuTlvqMe4sOgGCIyYoo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/5f217a-de26-4bf0-ac20-4fdae09a677d/1/bu8NxR3_8BA0GVmZBjZVcrf-SP4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.10.72.0/22
IPv6:
2a02:dfc0:1::-2a02:dfc0:4:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
95:c1:21:bf:7c:55:4a:ea:3a:ee:1a:9f:a1:d5:2f:6d:7c:51:
ba:9f:ec:37:d8:20:58:0f:01:eb:f6:40:5c:13:b8:c6:23:85:
97:07:17:13:4c:fa:77:f0:e5:d7:16:6b:d9:3c:37:a6:bd:de:
27:60:6f:7b:93:eb:2b:96:c6:85:9b:bd:41:c0:cc:ef:4b:b9:
c4:16:6c:4c:06:6a:c2:af:c4:3a:2a:c8:ec:b0:64:38:84:f7:
8f:89:bc:6f:eb:3f:eb:f6:65:2a:1f:ef:46:84:78:09:3b:8b:
24:65:6a:93:53:c8:b3:38:c6:f3:81:ef:43:55:d3:94:87:4c:
7a:49:b1:9a:90:4f:8e:06:24:bc:d1:7e:5e:e2:14:c2:41:0a:
41:ad:9e:b7:4e:5a:d2:96:09:13:e3:fd:6a:57:1a:3a:19:7f:
d2:e3:61:5b:b4:18:1a:fc:69:63:69:1c:96:38:df:87:f8:42:
9b:44:91:2a:8e:e7:68:09:8a:95:d2:76:c1:86:61:a9:e4:f1:
2a:ff:aa:2e:23:7c:8d:6a:64:78:07:d8:ed:eb:b6:23:17:74:
78:1e:5e:87:ac:40:ad:f3:e7:0a:6d:bd:7c:d3:46:6f:d2:01:
6f:9a:4c:64:53:a5:80:1d:0e:42:21:81:9e:2c:e9:8d:42:32:
fe:63:a1:c8
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZt6W2hFFLfyyltsU43Y+vLYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZWYwZGM1MWRmZmYwMTAzNDE5NTk5OTA2MzY1NTcyYjdm
ZTQ4ZmUwHhcNMjYwMTAxMTYxOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTg3ODhkYTI0ZGQyYWU0ZTViZWEzMWVlMmMzYTAxODIyMzI2MjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhUlE0SxA1eQI5GKuJvDBivc5Mzo
jW/lLYEYPJSTGB6xZ8einEhFeYrPB3F4QH5+HQ0PYRLL1RllpOKjvvBoHRV6IbzJ
dw/7ZWNl6sYSluLoRwIsain3cV9y131kjA7V2ile2pNlo7er/B/vVs58mSsZ8F8J
OtR7q3BaOePqZ2tnHBB5vl15+TvVzeE9HoLJbvfBQea1MPiRwP1O7Tc67kRrxfD2
VCID6Vw6H0BjfyDGeRQEjU4A5ahPmlw7DNNC2Dd81AsUoYTFu4muk+ql70/+HMgu
JNYSP5xq8MEFXh1WQQ7iKNIv1pdedoKpxiy32GHQw+diZhNGeJjw8GDdfQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFNmHiNok3Srk5b6jHuLDoBgiMmKKMB8GA1UdIwQY
MBaAFG7vDcUd//AQNBlZmQY2VXK3/kj+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnU4TnhSM184QkEwR1ZtWkJqWlZjcmYtU1A0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS81ZjIxN2EtZGUyNi00YmYwLWFjMjAt
NGZkYWUwOWE2NzdkLzEvMlllSTJpVGRLdVRsdnFNZTRzT2dHQ0l5WW9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS81ZjIxN2EtZGUyNi00YmYwLWFjMjAtNGZkYWUwOWE2Nzdk
LzEvYnU4TnhSM184QkEwR1ZtWkJqWlZjcmYtU1A0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAMBAIAATAGAwQCuQpIMBoE
AgACMBQwEgMHACoC38AAAQMHACoC38AABDANBgkqhkiG9w0BAQsFAAOCAQEAlcEh
v3xVSuo67hqfodUvbXxRup/sN9ggWA8B6/ZAXBO4xiOFlwcXE0z6d/Dl1xZr2Tw3
pr3eJ2Bve5PrK5bGhZu9QcDM70u5xBZsTAZqwq/EOirI7LBkOIT3j4m8b+s/6/Zl
Kh/vRoR4CTuLJGVqk1PIszjG84HvQ1XTlIdMekmxmpBPjgYkvNF+XuIUwkEKQa2e
t05a0pYJE+P9alcaOhl/0uNhW7QYGvxpY2kcljjfh/hCm0SRKo7naAmKldJ2wYZh
qeTxKv+qLiN8jWpkeAfY7eu2Ixd0eB5eh6xArfPnCm29fNNGb9IBb5pMZFOlgB0O
QiGBnizpjUIy/mOhyA==
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:46:26 2026 by rpki-client