Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0dd668-9725-48bc-80f6-15b0185e7a79/1/nyskGSMyjznwMN2wb3tRAEeMLcE.roa
File: nyskGSMyjznwMN2wb3tRAEeMLcE.roa (raw, json)
Hash identifier: PX/bA+AaDD7Kn1LegVS7xXR8J6c1hlmfLAOwmDLgfNo=
Subject key identifier: 9F:2B:24:19:23:32:8F:39:F0:30:DD:B0:6F:7B:51:00:47:8C:2D:C1
Certificate issuer: /CN=8c48dcecbbcc052c659f971609229e3656a3d956
Certificate serial: 019B7B357F359D324F3008675E3E603567DA
Authority key identifier: 8C:48:DC:EC:BB:CC:05:2C:65:9F:97:16:09:22:9E:36:56:A3:D9:56
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jEjc7LvMBSxln5cWCSKeNlaj2VY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/0dd668-9725-48bc-80f6-15b0185e7a79/1/nyskGSMyjznwMN2wb3tRAEeMLcE.roa
Signing time: Thu 01 Jan 2026 20:17:42 +0000
ROA not before: Thu 01 Jan 2026 20:17:42 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 197295
IP address blocks: 91.231.168.0/23 maxlen: 23
178.159.160.0/20 maxlen: 20
185.157.164.0/22 maxlen: 22
194.156.16.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/0dd668-9725-48bc-80f6-15b0185e7a79/1/jEjc7LvMBSxln5cWCSKeNlaj2VY.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/0dd668-9725-48bc-80f6-15b0185e7a79/1/jEjc7LvMBSxln5cWCSKeNlaj2VY.mft
rsync://rpki.ripe.net/repository/DEFAULT/jEjc7LvMBSxln5cWCSKeNlaj2VY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 17:01:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7b:35:7f:35:9d:32:4f:30:08:67:5e:3e:60:35:67:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8c48dcecbbcc052c659f971609229e3656a3d956
Validity
Not Before: Jan 1 20:17:42 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9f2b241923328f39f030ddb06f7b5100478c2dc1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:3c:a1:3d:0e:58:ac:80:5e:34:7c:1e:7b:c3:
72:bf:0f:eb:66:d6:2d:c1:49:99:14:13:8c:9a:e0:
b7:48:d7:0d:6c:28:b7:53:bb:de:21:fa:d5:dd:01:
c6:62:9e:a5:1d:c4:cf:ea:77:34:a8:e0:88:57:e7:
14:50:2c:9c:4e:87:df:a2:e6:fe:ce:17:c3:a3:bf:
5d:13:48:ce:09:18:3f:7e:70:ff:92:e5:dc:08:8b:
38:d6:52:7c:a8:84:b5:dc:d3:e6:e2:bd:34:c8:7b:
e1:7d:4b:5f:28:e1:b9:28:5d:d5:1c:7d:99:9d:e2:
e7:2c:e2:cd:1e:ee:21:25:b0:57:22:91:62:9a:3f:
b9:b5:bf:f6:1f:4c:83:3d:18:5f:4b:ff:5e:63:03:
95:29:48:bb:e9:55:30:55:ab:72:dd:3d:ee:5a:37:
0b:8f:6a:3e:3c:48:d5:a0:9d:10:54:72:e8:a0:53:
ee:85:91:82:6d:7c:78:0f:aa:5b:15:77:97:ab:86:
d3:06:a1:3b:3b:ea:8d:19:82:58:57:18:a9:36:df:
93:fd:ff:1b:f8:f3:07:40:04:3d:89:0e:cb:e6:32:
ff:07:30:fc:2e:11:7c:49:5e:e1:06:cb:78:38:de:
a3:a7:0b:b0:27:c3:d0:dc:d3:ae:a6:17:e3:43:9f:
cc:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:2B:24:19:23:32:8F:39:F0:30:DD:B0:6F:7B:51:00:47:8C:2D:C1
X509v3 Authority Key Identifier:
keyid:8C:48:DC:EC:BB:CC:05:2C:65:9F:97:16:09:22:9E:36:56:A3:D9:56
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jEjc7LvMBSxln5cWCSKeNlaj2VY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0dd668-9725-48bc-80f6-15b0185e7a79/1/nyskGSMyjznwMN2wb3tRAEeMLcE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0dd668-9725-48bc-80f6-15b0185e7a79/1/jEjc7LvMBSxln5cWCSKeNlaj2VY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.231.168.0/23
178.159.160.0/20
185.157.164.0/22
194.156.16.0/22
Signature Algorithm: sha256WithRSAEncryption
86:7c:c7:9f:31:d1:bc:4d:cc:85:5d:26:2e:15:05:8a:0e:1e:
d0:3b:2c:a8:80:06:69:8f:15:61:c6:43:af:ed:db:05:dd:77:
f3:d0:9d:b6:05:3b:56:94:6e:17:3d:f4:15:fa:40:db:a8:f1:
82:03:0a:5d:bc:fb:ad:1b:10:f3:6b:ac:b5:10:12:92:cf:a8:
e7:b5:d3:91:ea:f3:bc:b3:c8:a8:d5:33:40:96:44:11:09:73:
5c:30:f5:6b:b1:1d:50:27:00:c1:77:e6:11:3b:a5:36:5a:5e:
1e:6f:27:d7:ff:4e:e8:9f:15:9e:e9:48:fc:7b:50:ed:9b:5b:
23:7c:e8:e9:10:38:94:6a:5a:07:91:58:4d:bf:4f:59:e0:ec:
39:ea:ae:1c:2a:76:ba:18:0a:e6:51:7c:be:d4:9d:2a:8d:a4:
58:04:47:2f:43:eb:f2:cd:78:c6:f7:bf:b2:f7:55:76:79:5e:
c4:b5:2e:df:3c:20:00:ca:1c:bf:26:13:13:ef:07:c2:73:96:
21:98:4d:ed:f6:83:a8:9a:aa:bf:8b:a3:56:01:16:d2:b1:5e:
18:86:d5:46:7d:5b:81:fe:5d:a0:df:c3:a2:d7:f7:c2:a9:3a:
5f:ed:5a:d2:ca:74:2f:4f:11:26:ad:f0:46:d3:f7:e9:db:c6:
1f:8a:a4:d0
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZt7NX81nTJPMAhnXj5gNWfaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjNDhkY2VjYmJjYzA1MmM2NTlmOTcxNjA5MjI5ZTM2NTZh
M2Q5NTYwHhcNMjYwMTAxMjAxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjJiMjQxOTIzMzI4ZjM5ZjAzMGRkYjA2ZjdiNTEwMDQ3OGMyZGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7DyhPQ5YrIBeNHwee8Nyvw/rZtYt
wUmZFBOMmuC3SNcNbCi3U7veIfrV3QHGYp6lHcTP6nc0qOCIV+cUUCycToffoub+
zhfDo79dE0jOCRg/fnD/kuXcCIs41lJ8qIS13NPm4r00yHvhfUtfKOG5KF3VHH2Z
neLnLOLNHu4hJbBXIpFimj+5tb/2H0yDPRhfS/9eYwOVKUi76VUwVaty3T3uWjcL
j2o+PEjVoJ0QVHLooFPuhZGCbXx4D6pbFXeXq4bTBqE7O+qNGYJYVxipNt+T/f8b
+PMHQAQ9iQ7L5jL/BzD8LhF8SV7hBst4ON6jpwuwJ8PQ3NOuphfjQ5/MQwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJ8rJBkjMo858DDdsG97UQBHjC3BMB8GA1UdIwQY
MBaAFIxI3Oy7zAUsZZ+XFgkinjZWo9lWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakVqYzdMdk1CU3hsbjVjV0NTS2VObGFqMlZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wZGQ2NjgtOTcyNS00OGJjLTgwZjYt
MTViMDE4NWU3YTc5LzEvbnlza0dTTXlqem53TU4yd2IzdFJBRWVNTGNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wZGQ2NjgtOTcyNS00OGJjLTgwZjYtMTViMDE4NWU3YTc5
LzEvakVqYzdMdk1CU3hsbjVjV0NTS2VObGFqMlZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBW+eoAwQE
sp+gAwQCuZ2kAwQCwpwQMA0GCSqGSIb3DQEBCwUAA4IBAQCGfMefMdG8TcyFXSYu
FQWKDh7QOyyogAZpjxVhxkOv7dsF3Xfz0J22BTtWlG4XPfQV+kDbqPGCAwpdvPut
GxDza6y1EBKSz6jntdOR6vO8s8io1TNAlkQRCXNcMPVrsR1QJwDBd+YRO6U2Wl4e
byfX/07onxWe6Uj8e1Dtm1sjfOjpEDiUaloHkVhNv09Z4Ow56q4cKna6GArmUXy+
1J0qjaRYBEcvQ+vyzXjG97+y91V2eV7EtS7fPCAAyhy/JhMT7wfCc5YhmE3t9oOo
mqq/i6NWARbSsV4YhtVGfVuB/l2g38Oi1/fCqTpf7VrSynQvTxEmrfBG0/fp28Yf
iqTQ
-----END CERTIFICATE-----
Generated at Mon Mar 2 04:24:26 2026 by rpki-client