Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/Ioa0eZ5RUm4gAk-baFnaE-k1Hcc.roa
File: Ioa0eZ5RUm4gAk-baFnaE-k1Hcc.roa (raw, json)
Hash identifier: g8qZphROQCmdhCTEH9y9RWTZxL6HXOQgO7sdhb9GP5I=
Subject key identifier: 22:86:B4:79:9E:51:52:6E:20:02:4F:9B:68:59:DA:13:E9:35:1D:C7
Certificate issuer: /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial: 019D8740CAEF2F9CEABD46ACD32BFF32F441
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/Ioa0eZ5RUm4gAk-baFnaE-k1Hcc.roa
Signing time: Mon 13 Apr 2026 14:31:03 +0000
ROA not before: Mon 13 Apr 2026 14:31:03 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 13335
IP address blocks: 138.226.234.0/24 maxlen: 24
138.226.238.0/24 maxlen: 24
138.226.239.0/24 maxlen: 24
207.89.22.0/24 maxlen: 24
207.89.23.0/24 maxlen: 24
216.162.47.0/24 maxlen: 24
216.163.179.0/24 maxlen: 24
2a14:a087::/48 maxlen: 48
2a14:a087:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:87:40:ca:ef:2f:9c:ea:bd:46:ac:d3:2b:ff:32:f4:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Validity
Not Before: Apr 13 14:31:03 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2286b4799e51526e20024f9b6859da13e9351dc7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:cf:36:84:91:b0:65:2b:57:51:a5:96:df:75:
16:a2:68:28:8c:69:81:12:ca:a5:15:d0:d2:fe:e7:
b9:13:0f:2a:1e:41:2e:f4:64:c2:5d:13:23:92:0a:
0b:e0:ae:57:00:a0:60:a9:66:6d:a0:56:f2:aa:15:
fe:7f:77:20:2d:fa:a2:a9:73:0b:35:3c:16:4f:1f:
8e:4f:ec:69:44:46:7b:a5:e2:c9:be:63:92:64:2a:
8e:8e:35:7e:57:a7:e1:29:aa:f0:c9:d5:76:c7:5a:
61:42:97:5b:b6:c4:b8:f5:dd:43:bc:24:a9:a4:25:
cb:1e:7d:5f:65:83:1b:5b:6a:4c:d1:96:76:c3:74:
cb:e8:ec:a5:3d:13:70:d6:59:c3:f6:03:49:88:77:
50:19:42:6c:7f:40:ba:47:d9:9b:31:7e:ef:b1:89:
bc:13:dd:40:f6:29:13:ae:3b:93:fb:36:11:39:a6:
44:5c:ca:90:f1:04:fb:ad:db:77:34:bd:92:52:7c:
5b:b8:97:dd:53:49:71:b0:39:8c:d4:30:83:d1:3b:
a7:7e:af:3a:0e:44:93:2a:8b:ed:da:9a:78:6a:89:
3b:d1:5c:01:9e:b3:7a:92:90:d0:65:1b:6a:0e:f9:
54:3a:11:6f:f1:0b:31:5e:b5:20:31:b4:53:c5:3a:
ad:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:86:B4:79:9E:51:52:6E:20:02:4F:9B:68:59:DA:13:E9:35:1D:C7
X509v3 Authority Key Identifier:
keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/Ioa0eZ5RUm4gAk-baFnaE-k1Hcc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.226.234.0/24
138.226.238.0/23
207.89.22.0/23
216.162.47.0/24
216.163.179.0/24
IPv6:
2a14:a087::/47
Signature Algorithm: sha256WithRSAEncryption
a6:31:ad:f5:8b:0b:28:47:c1:d8:18:6e:dc:ff:45:1b:dc:ed:
b6:87:50:d4:3e:f9:78:b2:49:b3:3b:55:e5:03:4a:69:10:93:
ca:ed:60:10:23:3b:c8:58:7e:53:61:85:a5:97:7e:5d:81:e9:
e3:19:e4:36:34:2e:1f:1c:4e:76:bc:c7:12:fe:5c:fa:ee:ca:
83:6c:9e:c9:56:18:ba:76:11:be:0e:5a:8d:a6:54:4e:d6:0f:
f8:c1:6f:08:2a:d1:3e:77:0e:21:60:05:12:5d:25:32:f3:07:
60:2f:d3:50:10:af:b4:66:d9:85:18:ec:f7:87:b6:f8:10:41:
21:a0:46:71:cf:e0:c2:aa:00:7c:35:27:91:6c:e9:5b:e3:a1:
ae:cd:08:71:f5:c7:74:6b:b0:c8:e1:ce:76:14:db:20:ba:1f:
c8:79:4c:fe:26:d5:6f:b4:47:e9:5c:b6:e8:3e:10:42:a8:85:
e3:bf:4b:90:e8:c6:b2:fd:ea:66:4c:7c:ce:00:43:cf:ad:97:
be:bc:fe:46:14:5d:df:6a:04:76:f7:04:7f:12:51:1d:45:8d:
7d:cd:b7:20:63:ec:31:9c:bd:4d:a8:b1:b7:f1:ec:51:1f:5f:
5a:10:13:65:92:cd:d8:88:81:d2:e1:5a:63:2a:8a:76:24:70:
cb:47:d4:ad
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZ2HQMrvL5zqvUas0yv/MvRBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjYwNDEzMTQzMTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjg2YjQ3OTllNTE1MjZlMjAwMjRmOWI2ODU5ZGExM2U5MzUxZGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqs82hJGwZStXUaWW33UWomgojGmB
EsqlFdDS/ue5Ew8qHkEu9GTCXRMjkgoL4K5XAKBgqWZtoFbyqhX+f3cgLfqiqXML
NTwWTx+OT+xpREZ7peLJvmOSZCqOjjV+V6fhKarwydV2x1phQpdbtsS49d1DvCSp
pCXLHn1fZYMbW2pM0ZZ2w3TL6OylPRNw1lnD9gNJiHdQGUJsf0C6R9mbMX7vsYm8
E91A9ikTrjuT+zYROaZEXMqQ8QT7rdt3NL2SUnxbuJfdU0lxsDmM1DCD0Tunfq86
DkSTKovt2pp4aok70VwBnrN6kpDQZRtqDvlUOhFv8QsxXrUgMbRTxTqt9wIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFCKGtHmeUVJuIAJPm2hZ2hPpNR3HMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvSW9hMGVaNVJVbTRnQWstYmFGbmFFLWsxSGNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQAiuLqAwQB
iuLuAwQBz1kWAwQA2KIvAwQA2KOzMA8EAgACMAkDBwEqFKCHAAAwDQYJKoZIhvcN
AQELBQADggEBAKYxrfWLCyhHwdgYbtz/RRvc7baHUNQ++XiySbM7VeUDSmkQk8rt
YBAjO8hYflNhhaWXfl2B6eMZ5DY0Lh8cTna8xxL+XPruyoNsnslWGLp2Eb4OWo2m
VE7WD/jBbwgq0T53DiFgBRJdJTLzB2Av01AQr7Rm2YUY7PeHtvgQQSGgRnHP4MKq
AHw1J5Fs6Vvjoa7NCHH1x3RrsMjhznYU2yC6H8h5TP4m1W+0R+lctug+EEKoheO/
S5DoxrL96mZMfM4AQ8+tl768/kYUXd9qBHb3BH8SUR1FjX3NtyBj7DGcvU2osbfx
7FEfX1oQE2WSzdiIgdLhWmMqinYkcMtH1K0=
-----END CERTIFICATE-----
Generated at Fri Apr 17 08:14:24 2026 by rpki-client