Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/9f7b6b-b29d-486e-8478-27efc13aff1e/1/1-kk5YtawRkJQwdDT4MsBuFBc3Yo.roa
File: 1-kk5YtawRkJQwdDT4MsBuFBc3Yo.roa (raw, json)
Hash identifier: Aamvd7Z6s9hiJAa6DbrukXmWAwrVI2PPj/AOKYI7G4U=
Subject key identifier: FA:49:39:62:D6:B0:46:42:50:C1:D0:D3:E0:CB:01:B8:50:5C:DD:8A
Certificate issuer: /CN=afec4f4a16cc51bd51621011539ceb574ac15d02
Certificate serial: 019D7322499E412B8E659FDEACD5C84752EB
Authority key identifier: AF:EC:4F:4A:16:CC:51:BD:51:62:10:11:53:9C:EB:57:4A:C1:5D:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r-xPShbMUb1RYhARU5zrV0rBXQI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/9f7b6b-b29d-486e-8478-27efc13aff1e/1/1-kk5YtawRkJQwdDT4MsBuFBc3Yo.roa
Signing time: Thu 09 Apr 2026 16:45:20 +0000
ROA not before: Thu 09 Apr 2026 16:45:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 198385
IP address blocks: 5.1.96.0/21 maxlen: 24
37.35.104.0/21 maxlen: 21
89.249.40.0/23 maxlen: 23
185.50.188.0/22 maxlen: 24
185.63.36.0/22 maxlen: 22
185.75.32.0/22 maxlen: 22
2a00:e6c0::/32 maxlen: 32
2a03:2040::/29 maxlen: 29
2a03:2040::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/9f7b6b-b29d-486e-8478-27efc13aff1e/1/r-xPShbMUb1RYhARU5zrV0rBXQI.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/9f7b6b-b29d-486e-8478-27efc13aff1e/1/r-xPShbMUb1RYhARU5zrV0rBXQI.mft
rsync://rpki.ripe.net/repository/DEFAULT/r-xPShbMUb1RYhARU5zrV0rBXQI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 04:00:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:73:22:49:9e:41:2b:8e:65:9f:de:ac:d5:c8:47:52:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=afec4f4a16cc51bd51621011539ceb574ac15d02
Validity
Not Before: Apr 9 16:45:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fa493962d6b0464250c1d0d3e0cb01b8505cdd8a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:8b:38:f5:a7:58:46:75:19:27:b5:62:24:d5:
cb:29:86:f1:a6:66:04:6d:40:f2:c0:ab:8e:6e:31:
b0:8f:d2:0a:72:70:34:69:ec:30:07:79:2a:07:bf:
5e:66:fc:a8:d6:c8:be:c1:08:3e:5f:88:6e:0a:7d:
ad:95:42:f8:7f:6b:6f:72:fd:d1:da:02:fe:7b:3a:
e4:b6:96:56:b8:f6:c5:19:2c:b6:bb:3d:ac:19:e7:
35:ad:5e:61:fd:46:33:f6:4c:42:7f:45:cb:ac:ff:
fa:20:71:f3:c4:89:a3:07:e6:7e:fc:02:f6:c4:12:
85:f4:ee:da:6c:c4:62:05:ea:4d:8c:26:90:e4:8c:
fa:cd:76:7a:53:a3:b7:18:40:ac:09:29:f0:c2:17:
f0:69:ef:a8:62:46:7c:10:f2:a7:f4:55:39:ef:49:
a5:2c:cb:1a:b1:8e:9b:de:bd:d2:98:a4:77:e9:d3:
06:96:94:d5:6e:60:9e:ab:73:91:ad:5c:ff:8a:8e:
ad:3f:e0:18:09:6d:50:6e:a3:1e:fc:e2:fe:cc:b4:
f8:42:c8:8c:64:9f:e0:5a:ac:bd:75:3e:62:27:e2:
5e:92:15:04:57:ea:16:34:d1:58:85:09:81:2e:94:
23:e0:30:24:21:26:8a:23:50:c1:70:67:68:ee:8c:
06:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:49:39:62:D6:B0:46:42:50:C1:D0:D3:E0:CB:01:B8:50:5C:DD:8A
X509v3 Authority Key Identifier:
keyid:AF:EC:4F:4A:16:CC:51:BD:51:62:10:11:53:9C:EB:57:4A:C1:5D:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r-xPShbMUb1RYhARU5zrV0rBXQI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/9f7b6b-b29d-486e-8478-27efc13aff1e/1/1-kk5YtawRkJQwdDT4MsBuFBc3Yo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/9f7b6b-b29d-486e-8478-27efc13aff1e/1/r-xPShbMUb1RYhARU5zrV0rBXQI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.1.96.0/21
37.35.104.0/21
89.249.40.0/23
185.50.188.0/22
185.63.36.0/22
185.75.32.0/22
IPv6:
2a00:e6c0::/32
2a03:2040::/29
Signature Algorithm: sha256WithRSAEncryption
c1:d5:14:ae:5c:83:a5:98:89:d1:66:80:cb:ee:69:7c:7b:60:
4b:9f:d0:15:21:26:39:f6:be:f3:13:7a:c9:96:a5:7b:10:6f:
83:da:01:0b:08:9c:c8:eb:2a:08:3c:78:61:42:f4:bc:32:fe:
a0:08:8e:a1:67:4c:34:69:26:36:cc:05:d5:08:9e:43:48:0b:
2a:56:f0:69:c8:dd:1e:95:8a:fb:af:5b:e3:5c:fb:d9:cc:a9:
fa:d8:a3:91:f7:40:1b:18:3f:bc:d9:93:38:87:07:2d:23:97:
4d:39:f2:69:5b:99:59:b5:72:1d:9b:e1:0b:b6:b6:21:05:cd:
3e:1f:d9:97:a3:85:3c:46:de:60:e9:c9:7c:de:1f:18:f2:5e:
2f:44:86:57:f5:2e:ac:d5:44:a1:7c:a9:1c:d0:e0:33:ba:e3:
a9:fa:21:e6:0b:f2:40:f0:cc:55:4b:41:31:1c:2b:3a:87:8c:
98:dc:ff:df:6e:26:a7:7a:f1:00:fd:09:57:22:8f:6f:6d:3f:
7c:da:a4:19:d1:d8:84:c3:87:60:72:f1:93:ba:bd:5a:31:a5:
10:41:70:36:1c:7e:da:74:db:e2:b9:41:5c:82:d7:96:ab:ed:
86:cd:99:f1:7b:e3:95:09:7a:87:be:da:a8:5e:78:c5:c7:88:
d5:5e:bd:8b
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZ1zIkmeQSuOZZ/erNXIR1LrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZWM0ZjRhMTZjYzUxYmQ1MTYyMTAxMTUzOWNlYjU3NGFj
MTVkMDIwHhcNMjYwNDA5MTY0NTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTQ5Mzk2MmQ2YjA0NjQyNTBjMWQwZDNlMGNiMDFiODUwNWNkZDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4s49adYRnUZJ7ViJNXLKYbxpmYE
bUDywKuObjGwj9IKcnA0aewwB3kqB79eZvyo1si+wQg+X4huCn2tlUL4f2tvcv3R
2gL+ezrktpZWuPbFGSy2uz2sGec1rV5h/UYz9kxCf0XLrP/6IHHzxImjB+Z+/AL2
xBKF9O7abMRiBepNjCaQ5Iz6zXZ6U6O3GECsCSnwwhfwae+oYkZ8EPKn9FU570ml
LMsasY6b3r3SmKR36dMGlpTVbmCeq3ORrVz/io6tP+AYCW1QbqMe/OL+zLT4QsiM
ZJ/gWqy9dT5iJ+JekhUEV+oWNNFYhQmBLpQj4DAkISaKI1DBcGdo7owG+wIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFPpJOWLWsEZCUMHQ0+DLAbhQXN2KMB8GA1UdIwQY
MBaAFK/sT0oWzFG9UWIQEVOc61dKwV0CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvci14UFNoYk1VYjFSWWhBUlU1enJWMHJCWFFJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni85ZjdiNmItYjI5ZC00ODZlLTg0Nzgt
MjdlZmMxM2FmZjFlLzEvMS1razVZdGF3UmtKUXdkRFQ0TXNCdUZCYzNZby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjYvOWY3YjZiLWIyOWQtNDg2ZS04NDc4LTI3ZWZjMTNhZmYx
ZS8xL3IteFBTaGJNVWIxUlloQVJVNXpyVjByQlhRSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBTBggrBgEFBQcBBwEB/wREMEIwKgQCAAEwJAMEAwUBYAME
AyUjaAMEAVn5KAMEArkyvAMEArk/JAMEArlLIDAUBAIAAjAOAwUAKgDmwAMFAyoD
IEAwDQYJKoZIhvcNAQELBQADggEBAMHVFK5cg6WYidFmgMvuaXx7YEuf0BUhJjn2
vvMTesmWpXsQb4PaAQsInMjrKgg8eGFC9Lwy/qAIjqFnTDRpJjbMBdUInkNICypW
8GnI3R6VivuvW+Nc+9nMqfrYo5H3QBsYP7zZkziHBy0jl0058mlbmVm1ch2b4Qu2
tiEFzT4f2ZejhTxG3mDpyXzeHxjyXi9Ehlf1LqzVRKF8qRzQ4DO646n6IeYL8kDw
zFVLQTEcKzqHjJjc/99uJqd68QD9CVcij29tP3zapBnR2ITDh2By8ZO6vVoxpRBB
cDYcftp02+K5QVyC15ar7YbNmfF745UJeoe+2qheeMXHiNVevYs=
-----END CERTIFICATE-----
Generated at Fri Apr 17 14:39:34 2026 by rpki-client