Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/acd7e3-9c76-4ff6-b5ae-ee80a2d2952d/1/OCZr5kjA-CfYpumVERqkCUluKf4.roa
File: OCZr5kjA-CfYpumVERqkCUluKf4.roa (raw, json)
Hash identifier: fP+6DEGSKabb9AgXcHTeX7zIerrqedNJGpjW4I4cF8I=
Subject key identifier: 38:26:6B:E6:48:C0:F8:27:D8:A6:E9:95:11:1A:A4:09:49:6E:29:FE
Certificate issuer: /CN=5d81d1ff45b1547c00a84b46ef99eca2dfbd45bc
Certificate serial: 019EB5EBD2B7F287027770A09D9CCB95FBA9
Authority key identifier: 5D:81:D1:FF:45:B1:54:7C:00:A8:4B:46:EF:99:EC:A2:DF:BD:45:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XYHR_0WxVHwAqEtG75nsot-9Rbw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/acd7e3-9c76-4ff6-b5ae-ee80a2d2952d/1/OCZr5kjA-CfYpumVERqkCUluKf4.roa
Signing time: Thu 11 Jun 2026 09:03:11 +0000
ROA not before: Thu 11 Jun 2026 09:03:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 1299
IP address blocks: 45.152.52.0/22 maxlen: 24
86.111.44.0/22 maxlen: 24
91.195.116.0/23 maxlen: 24
94.199.168.0/21 maxlen: 24
185.31.212.0/22 maxlen: 24
185.252.36.0/22 maxlen: 24
2a02:1688::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/72/acd7e3-9c76-4ff6-b5ae-ee80a2d2952d/1/XYHR_0WxVHwAqEtG75nsot-9Rbw.crl
rsync://rpki.ripe.net/repository/DEFAULT/72/acd7e3-9c76-4ff6-b5ae-ee80a2d2952d/1/XYHR_0WxVHwAqEtG75nsot-9Rbw.mft
rsync://rpki.ripe.net/repository/DEFAULT/XYHR_0WxVHwAqEtG75nsot-9Rbw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 13 Jun 2026 21:00:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:b5:eb:d2:b7:f2:87:02:77:70:a0:9d:9c:cb:95:fb:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5d81d1ff45b1547c00a84b46ef99eca2dfbd45bc
Validity
Not Before: Jun 11 09:03:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=38266be648c0f827d8a6e995111aa409496e29fe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:c3:de:b7:81:4d:b6:e1:68:d5:90:88:8a:8b:
03:0d:52:a6:13:c0:0b:ac:04:1f:f6:a0:b5:c1:5e:
46:2b:18:3c:4f:c1:23:d9:2b:7a:64:9c:d1:51:7d:
60:54:4d:e8:80:f9:7b:3f:65:25:68:ad:40:82:9f:
62:64:40:8c:92:56:d5:47:83:a5:18:3e:68:dc:6f:
de:c1:db:12:90:36:d7:1e:c6:90:97:ed:0a:fd:b4:
fd:ae:25:b7:66:82:94:38:af:c5:5c:fd:cf:46:ca:
9f:e9:51:e5:f4:ff:4c:f5:64:5d:22:de:01:43:1f:
6f:14:a3:55:27:c2:1c:73:0f:c0:26:fb:fc:60:ba:
32:a6:ad:fc:65:ed:45:11:ff:b3:ea:a7:37:fa:5d:
05:4c:02:02:ec:15:64:71:2f:50:66:c7:fc:c6:f6:
86:83:bd:3e:bb:f6:c5:6a:df:fb:85:dd:18:34:51:
bf:96:22:d4:08:06:21:f0:98:12:0b:f2:0e:32:af:
84:0c:22:e4:00:a7:63:1f:4b:76:62:a1:e0:a3:e5:
9a:ae:9f:fa:7c:29:c5:9d:1a:78:96:b3:d6:96:81:
82:84:51:31:d0:89:ac:a4:b2:0c:9b:0a:b2:58:2c:
2d:69:77:7e:3b:9c:a6:a5:c5:9d:37:ea:82:51:f8:
7a:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:26:6B:E6:48:C0:F8:27:D8:A6:E9:95:11:1A:A4:09:49:6E:29:FE
X509v3 Authority Key Identifier:
keyid:5D:81:D1:FF:45:B1:54:7C:00:A8:4B:46:EF:99:EC:A2:DF:BD:45:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYHR_0WxVHwAqEtG75nsot-9Rbw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/acd7e3-9c76-4ff6-b5ae-ee80a2d2952d/1/OCZr5kjA-CfYpumVERqkCUluKf4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/acd7e3-9c76-4ff6-b5ae-ee80a2d2952d/1/XYHR_0WxVHwAqEtG75nsot-9Rbw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.152.52.0/22
86.111.44.0/22
91.195.116.0/23
94.199.168.0/21
185.31.212.0/22
185.252.36.0/22
IPv6:
2a02:1688::/32
Signature Algorithm: sha256WithRSAEncryption
34:44:32:e4:20:89:08:58:46:8a:c2:9a:0e:aa:76:6d:86:91:
5e:25:0d:f7:4d:54:10:48:1f:92:f0:cd:97:ed:cb:a6:0a:2b:
8d:13:93:51:0e:c0:e5:07:42:17:bf:96:d9:ef:42:a1:5d:ae:
c9:db:c2:43:cf:61:9b:ad:c5:b8:53:7b:88:e0:63:8b:ea:d7:
65:33:a4:89:74:5a:62:4d:63:fb:01:55:e6:46:82:9d:93:b8:
21:97:de:57:63:63:6e:6f:9c:50:4f:d4:b8:a8:98:97:37:ec:
85:c8:8f:b5:72:5c:d6:4f:91:72:2e:bc:aa:f1:be:6b:83:d9:
32:2d:07:51:f3:39:1f:ce:95:3a:e2:5f:55:bb:f3:3f:93:e7:
82:e4:0e:f6:b2:34:e0:26:d8:7e:43:73:4c:9b:cf:5d:75:dd:
3b:a2:db:3d:f1:8b:fd:f5:8e:c8:a8:8e:cd:b5:6e:95:df:4a:
5e:75:f2:ac:5e:10:6e:c0:90:38:a3:6d:e5:72:99:aa:f8:62:
0e:6f:e3:5e:67:05:2a:75:08:b2:e4:0e:c0:56:02:dc:72:13:
39:06:78:ff:9a:80:db:39:60:47:9f:2a:47:3d:be:79:5f:32:
51:00:3a:a7:70:bf:d2:96:b6:84:00:a4:b4:95:5c:0d:9b:e0:
93:c6:43:d7
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZ6169K38ocCd3CgnZzLlfupMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkODFkMWZmNDViMTU0N2MwMGE4NGI0NmVmOTllY2EyZGZi
ZDQ1YmMwHhcNMjYwNjExMDkwMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODI2NmJlNjQ4YzBmODI3ZDhhNmU5OTUxMTFhYTQwOTQ5NmUyOWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMPet4FNtuFo1ZCIiosDDVKmE8AL
rAQf9qC1wV5GKxg8T8Ej2St6ZJzRUX1gVE3ogPl7P2UlaK1Agp9iZECMklbVR4Ol
GD5o3G/ewdsSkDbXHsaQl+0K/bT9riW3ZoKUOK/FXP3PRsqf6VHl9P9M9WRdIt4B
Qx9vFKNVJ8Iccw/AJvv8YLoypq38Ze1FEf+z6qc3+l0FTAIC7BVkcS9QZsf8xvaG
g70+u/bFat/7hd0YNFG/liLUCAYh8JgSC/IOMq+EDCLkAKdjH0t2YqHgo+Warp/6
fCnFnRp4lrPWloGChFEx0ImspLIMmwqyWCwtaXd+O5ympcWdN+qCUfh6ZQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFDgma+ZIwPgn2KbplREapAlJbin+MB8GA1UdIwQY
MBaAFF2B0f9FsVR8AKhLRu+Z7KLfvUW8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFlIUl8wV3hWSHdBcUV0Rzc1bnNvdC05UmJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9hY2Q3ZTMtOWM3Ni00ZmY2LWI1YWUt
ZWU4MGEyZDI5NTJkLzEvT0NacjVrakEtQ2ZZcHVtVkVScWtDVWx1S2Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9hY2Q3ZTMtOWM3Ni00ZmY2LWI1YWUtZWU4MGEyZDI5NTJk
LzEvWFlIUl8wV3hWSHdBcUV0Rzc1bnNvdC05UmJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQCLZg0AwQC
Vm8sAwQBW8N0AwQDXseoAwQCuR/UAwQCufwkMA0EAgACMAcDBQAqAhaIMA0GCSqG
SIb3DQEBCwUAA4IBAQA0RDLkIIkIWEaKwpoOqnZthpFeJQ33TVQQSB+S8M2X7cum
CiuNE5NRDsDlB0IXv5bZ70KhXa7J28JDz2GbrcW4U3uI4GOL6tdlM6SJdFpiTWP7
AVXmRoKdk7ghl95XY2Nub5xQT9S4qJiXN+yFyI+1clzWT5FyLryq8b5rg9kyLQdR
8zkfzpU64l9Vu/M/k+eC5A72sjTgJth+Q3NMm89ddd07ots98Yv99Y7IqI7NtW6V
30pedfKsXhBuwJA4o23lcpmq+GIOb+NeZwUqdQiy5A7AVgLcchM5Bnj/moDbOWBH
nypHPb55XzJRADqncL/SlraEAKS0lVwNm+CTxkPX
-----END CERTIFICATE-----
Generated at Sat Jun 13 06:38:39 2026 by rpki-client