Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/7424c5-2c99-4952-86e7-073fb83abfc6/1/TuLRBXz6EERScy5OEhGKTfByxKY.roa
File: TuLRBXz6EERScy5OEhGKTfByxKY.roa (raw, json)
Hash identifier: 4zWLjSSgQ/CzE+D8xtj4xcI0MuMoMFUDlb+Cl92io8o=
Subject key identifier: 4E:E2:D1:05:7C:FA:10:44:52:73:2E:4E:12:11:8A:4D:F0:72:C4:A6
Certificate issuer: /CN=cac9a1550d3db1ac0aeb11c16d63e48a683bca03
Certificate serial: 019B7D5C4DF903700FB9ED20B2D18AC4C7BA
Authority key identifier: CA:C9:A1:55:0D:3D:B1:AC:0A:EB:11:C1:6D:63:E4:8A:68:3B:CA:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ysmhVQ09sawK6xHBbWPkimg7ygM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/76/7424c5-2c99-4952-86e7-073fb83abfc6/1/TuLRBXz6EERScy5OEhGKTfByxKY.roa
Signing time: Fri 02 Jan 2026 06:19:19 +0000
ROA not before: Fri 02 Jan 2026 06:19:19 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 215624
IP address blocks: 45.87.224.0/24 maxlen: 24
45.87.225.0/24 maxlen: 24
2a14:5480:1012::/48 maxlen: 48
2a14:5480:1022::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/76/7424c5-2c99-4952-86e7-073fb83abfc6/1/ysmhVQ09sawK6xHBbWPkimg7ygM.crl
rsync://rpki.ripe.net/repository/DEFAULT/76/7424c5-2c99-4952-86e7-073fb83abfc6/1/ysmhVQ09sawK6xHBbWPkimg7ygM.mft
rsync://rpki.ripe.net/repository/DEFAULT/ysmhVQ09sawK6xHBbWPkimg7ygM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 12:01:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7d:5c:4d:f9:03:70:0f:b9:ed:20:b2:d1:8a:c4:c7:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cac9a1550d3db1ac0aeb11c16d63e48a683bca03
Validity
Not Before: Jan 2 06:19:19 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4ee2d1057cfa104452732e4e12118a4df072c4a6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:c0:d1:e0:5c:fd:30:27:2e:54:1f:89:2f:ba:
47:f7:55:e1:00:c6:3c:b7:fc:11:be:bc:65:ad:a6:
1b:9b:c5:6a:01:f7:fa:97:8e:ca:f1:12:a7:94:3c:
2a:4f:d6:b5:7b:fc:0a:ab:77:bf:bd:44:94:ea:54:
66:39:7c:d2:83:15:98:fd:ac:4b:5a:c3:f6:14:88:
db:58:04:cc:be:72:a3:39:88:72:a2:0c:2f:9a:43:
89:f9:29:c8:da:cd:a2:89:e7:d7:61:07:a6:21:8a:
b4:a2:1c:4c:4a:1b:65:65:c0:8d:49:09:d9:fa:0f:
be:3a:78:04:82:8b:74:1d:9f:5b:33:0c:e8:ca:c1:
0a:c7:8d:b2:a1:09:e2:24:92:a3:48:23:a7:c3:53:
b9:e6:96:1f:05:1c:b4:5a:62:9d:d9:6e:17:f5:06:
73:20:b2:46:eb:a5:de:9b:79:b9:bf:1a:a6:27:92:
60:3b:5a:34:52:86:40:c9:0f:f0:6e:3b:7b:68:d8:
8c:e2:21:c6:57:89:95:30:37:44:40:64:72:9e:c7:
6b:bf:10:d1:b8:f5:ec:6b:e7:f0:48:b3:38:2b:fd:
b2:84:42:fd:68:19:a3:b9:46:58:c7:6c:0d:b3:ba:
fa:96:9c:51:27:c6:6f:70:52:90:3b:cc:5f:bc:ca:
8c:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:E2:D1:05:7C:FA:10:44:52:73:2E:4E:12:11:8A:4D:F0:72:C4:A6
X509v3 Authority Key Identifier:
keyid:CA:C9:A1:55:0D:3D:B1:AC:0A:EB:11:C1:6D:63:E4:8A:68:3B:CA:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ysmhVQ09sawK6xHBbWPkimg7ygM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7424c5-2c99-4952-86e7-073fb83abfc6/1/TuLRBXz6EERScy5OEhGKTfByxKY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7424c5-2c99-4952-86e7-073fb83abfc6/1/ysmhVQ09sawK6xHBbWPkimg7ygM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.87.224.0/23
IPv6:
2a14:5480:1012::/48
2a14:5480:1022::/48
Signature Algorithm: sha256WithRSAEncryption
c1:20:e9:50:a8:4e:67:b2:0d:88:e0:11:b7:9c:b6:07:bb:7b:
ac:36:29:80:c3:40:df:d9:61:06:96:90:3d:48:c7:4f:f8:5a:
ef:0d:93:9c:72:9b:1b:d0:cb:17:40:0a:ec:b4:89:3c:a2:21:
3b:eb:4a:4c:28:55:6d:fe:81:c0:49:52:2f:ee:30:5a:54:14:
b6:de:b0:11:05:d9:7c:53:bd:12:22:83:ab:d6:82:6a:fe:64:
63:9d:d7:31:eb:95:a1:fb:4a:40:69:cd:e2:b8:6e:ff:d6:ad:
fe:f7:e3:42:cf:38:2c:22:01:95:cf:b0:4e:7a:83:45:35:09:
91:14:eb:6d:f4:e9:55:6f:57:92:e9:f0:2a:f6:83:58:99:07:
6b:b6:5f:2f:02:17:eb:5b:78:50:2e:f9:3f:4e:73:0b:02:36:
c9:ba:9e:ed:3d:f0:86:4b:61:b8:81:af:a0:71:2a:e0:06:ff:
45:46:9b:4b:1a:b3:1a:16:e0:9c:a7:20:9d:37:1e:c1:b9:2a:
b5:7a:ae:d8:f8:03:64:67:ef:11:d4:cb:b2:c6:c3:ce:65:c5:
55:fb:8c:8b:4e:fe:6f:1c:59:1d:da:ed:e8:58:78:06:e5:30:
68:6c:1b:03:c3:75:c5:3e:68:90:a5:17:f7:6a:c8:c3:2e:9b:
c2:22:1b:f4
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZt9XE35A3APue0gstGKxMe6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhYzlhMTU1MGQzZGIxYWMwYWViMTFjMTZkNjNlNDhhNjgz
YmNhMDMwHhcNMjYwMTAyMDYxOTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWUyZDEwNTdjZmExMDQ0NTI3MzJlNGUxMjExOGE0ZGYwNzJjNGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcDR4Fz9MCcuVB+JL7pH91XhAMY8
t/wRvrxlraYbm8VqAff6l47K8RKnlDwqT9a1e/wKq3e/vUSU6lRmOXzSgxWY/axL
WsP2FIjbWATMvnKjOYhyogwvmkOJ+SnI2s2iiefXYQemIYq0ohxMShtlZcCNSQnZ
+g++OngEgot0HZ9bMwzoysEKx42yoQniJJKjSCOnw1O55pYfBRy0WmKd2W4X9QZz
ILJG66Xem3m5vxqmJ5JgO1o0UoZAyQ/wbjt7aNiM4iHGV4mVMDdEQGRynsdrvxDR
uPXsa+fwSLM4K/2yhEL9aBmjuUZYx2wNs7r6lpxRJ8ZvcFKQO8xfvMqMvwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFE7i0QV8+hBEUnMuThIRik3wcsSmMB8GA1UdIwQY
MBaAFMrJoVUNPbGsCusRwW1j5IpoO8oDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXNtaFZRMDlzYXdLNnhIQmJXUGtpbWc3eWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni83NDI0YzUtMmM5OS00OTUyLTg2ZTct
MDczZmI4M2FiZmM2LzEvVHVMUkJYejZFRVJTY3k1T0VoR0tUZkJ5eEtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni83NDI0YzUtMmM5OS00OTUyLTg2ZTctMDczZmI4M2FiZmM2
LzEveXNtaFZRMDlzYXdLNnhIQmJXUGtpbWc3eWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQBLVfgMBgE
AgACMBIDBwAqFFSAEBIDBwAqFFSAECIwDQYJKoZIhvcNAQELBQADggEBAMEg6VCo
TmeyDYjgEbectge7e6w2KYDDQN/ZYQaWkD1Ix0/4Wu8Nk5xymxvQyxdACuy0iTyi
ITvrSkwoVW3+gcBJUi/uMFpUFLbesBEF2XxTvRIig6vWgmr+ZGOd1zHrlaH7SkBp
zeK4bv/Wrf7340LPOCwiAZXPsE56g0U1CZEU62306VVvV5Lp8Cr2g1iZB2u2Xy8C
F+tbeFAu+T9OcwsCNsm6nu098IZLYbiBr6BxKuAG/0VGm0sasxoW4JynIJ03HsG5
KrV6rtj4A2Rn7xHUy7LGw85lxVX7jItO/m8cWR3a7ehYeAblMGhsGwPDdcU+aJCl
F/dqyMMum8IiG/Q=
-----END CERTIFICATE-----
Generated at Mon Mar 2 17:00:29 2026 by rpki-client