Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/d70262-f87c-4126-af85-a31853e6997a/1/Yf6ZWqUXXhcxyz3yHShQ-wPMSrs.roa
File: Yf6ZWqUXXhcxyz3yHShQ-wPMSrs.roa (raw, json)
Hash identifier: Mgnv3OuUKOPzy7mBsU09wit3ti136EdMHMxaYU6rvTU=
Subject key identifier: 61:FE:99:5A:A5:17:5E:17:31:CB:3D:F2:1D:28:50:FB:03:CC:4A:BB
Certificate issuer: /CN=23aee94d0fff6c6c752a6942ffa962ae37c7e6b6
Certificate serial: 019C4BE3E6BB6FCB564E572DA461A880578E
Authority key identifier: 23:AE:E9:4D:0F:FF:6C:6C:75:2A:69:42:FF:A9:62:AE:37:C7:E6:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/I67pTQ__bGx1KmlC_6lirjfH5rY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/d70262-f87c-4126-af85-a31853e6997a/1/Yf6ZWqUXXhcxyz3yHShQ-wPMSrs.roa
Signing time: Wed 11 Feb 2026 08:49:12 +0000
ROA not before: Wed 11 Feb 2026 08:49:12 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 31037
IP address blocks: 185.101.16.0/22 maxlen: 22
185.101.16.0/24 maxlen: 24
185.101.17.0/24 maxlen: 24
185.101.18.0/24 maxlen: 24
185.101.19.0/24 maxlen: 24
185.130.136.0/22 maxlen: 22
185.130.136.0/24 maxlen: 24
185.130.137.0/24 maxlen: 24
185.130.138.0/24 maxlen: 24
185.130.139.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7b/d70262-f87c-4126-af85-a31853e6997a/1/I67pTQ__bGx1KmlC_6lirjfH5rY.crl
rsync://rpki.ripe.net/repository/DEFAULT/7b/d70262-f87c-4126-af85-a31853e6997a/1/I67pTQ__bGx1KmlC_6lirjfH5rY.mft
rsync://rpki.ripe.net/repository/DEFAULT/I67pTQ__bGx1KmlC_6lirjfH5rY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 11:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:4b:e3:e6:bb:6f:cb:56:4e:57:2d:a4:61:a8:80:57:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23aee94d0fff6c6c752a6942ffa962ae37c7e6b6
Validity
Not Before: Feb 11 08:49:12 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=61fe995aa5175e1731cb3df21d2850fb03cc4abb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:91:1e:b1:f4:5d:c2:e6:7b:23:47:9d:9e:0d:
0f:4f:24:eb:9e:0b:b2:7d:cc:8d:ff:65:0f:9e:01:
9e:f6:34:ef:7b:3a:d8:6c:ea:5c:91:ef:61:2f:9b:
cb:af:e8:a2:ba:b6:37:93:0d:a3:11:3a:33:7c:e8:
1a:cb:25:94:60:d0:d5:8b:98:ef:82:e8:ae:77:7d:
f5:49:a4:0f:ac:9b:d8:06:c6:cc:56:5c:aa:97:a6:
d2:53:b7:27:7b:46:f5:44:e0:2d:70:4a:1b:d8:56:
39:10:5b:f5:ac:75:9a:cf:ae:2c:3d:44:a6:32:ba:
17:2b:25:53:95:5d:ad:d5:cb:40:be:72:d1:ee:91:
bd:d1:41:c6:a9:af:19:18:17:49:aa:e9:64:cf:6a:
a1:ee:9d:68:9f:77:77:ed:8e:92:58:c2:b6:c5:5e:
ea:15:2a:d9:d2:49:d1:71:9c:c8:f7:db:64:1a:f7:
10:1d:ab:ce:f7:e6:c1:b6:d8:50:98:b4:3e:9a:c1:
e3:e0:6e:80:97:c1:82:85:cf:5d:2f:d7:23:3b:67:
d5:1b:c6:90:6c:21:27:98:e7:ae:bb:b5:cb:bc:d2:
97:8a:7a:cd:44:3a:0c:64:d1:1a:79:6e:0a:44:76:
8f:ab:f8:80:fc:2d:e4:9c:af:a6:f9:96:e4:85:f1:
b2:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:FE:99:5A:A5:17:5E:17:31:CB:3D:F2:1D:28:50:FB:03:CC:4A:BB
X509v3 Authority Key Identifier:
keyid:23:AE:E9:4D:0F:FF:6C:6C:75:2A:69:42:FF:A9:62:AE:37:C7:E6:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I67pTQ__bGx1KmlC_6lirjfH5rY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/d70262-f87c-4126-af85-a31853e6997a/1/Yf6ZWqUXXhcxyz3yHShQ-wPMSrs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/d70262-f87c-4126-af85-a31853e6997a/1/I67pTQ__bGx1KmlC_6lirjfH5rY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.101.16.0/22
185.130.136.0/22
Signature Algorithm: sha256WithRSAEncryption
6b:80:a9:3f:55:f9:3e:e2:d2:92:57:80:39:fc:53:bb:dc:b3:
6e:f8:52:e1:6b:cc:4c:df:73:7c:8a:09:3d:d7:c8:40:34:b0:
ef:2d:df:0e:dd:b3:b2:26:01:4b:ba:74:60:ad:f9:2f:c3:77:
0e:53:d4:60:52:07:e7:e4:90:eb:61:d9:51:f5:93:2f:b8:8e:
4a:1d:e2:75:da:c3:ca:d4:1a:73:e9:6e:11:1e:57:47:a1:c7:
2d:e0:cf:ac:68:43:03:62:97:9c:a3:10:73:62:ff:e6:c4:1e:
a1:08:4f:dc:80:4b:7a:69:ad:84:72:d3:0e:e9:86:78:8c:dc:
5d:35:70:77:8d:37:1f:e0:99:b5:9c:12:17:3a:1a:1a:5d:00:
6f:ac:9f:3d:57:d4:7c:37:fc:e2:70:9a:9c:c9:ad:c1:f6:e4:
71:5d:a4:41:0c:91:1f:26:65:c0:e3:6b:7c:d2:f0:63:83:a0:
98:43:a4:e2:59:d4:6e:77:6e:69:34:6b:de:58:86:9c:bb:a2:
83:19:dd:4c:49:7c:8f:d5:74:e8:1f:ff:cd:42:ac:90:86:15:
8e:1b:7c:74:fd:46:dd:b0:73:30:c7:20:f7:7b:cb:9a:96:c2:
80:41:ee:c5:1d:3c:49:f8:ae:aa:fa:43:28:91:86:48:e5:ea:
6f:2c:cc:61
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxL4+a7b8tWTlctpGGogFeOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzYWVlOTRkMGZmZjZjNmM3NTJhNjk0MmZmYTk2MmFlMzdj
N2U2YjYwHhcNMjYwMjExMDg0OTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWZlOTk1YWE1MTc1ZTE3MzFjYjNkZjIxZDI4NTBmYjAzY2M0YWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5EesfRdwuZ7I0edng0PTyTrnguy
fcyN/2UPngGe9jTvezrYbOpcke9hL5vLr+iiurY3kw2jETozfOgayyWUYNDVi5jv
guiud331SaQPrJvYBsbMVlyql6bSU7cne0b1ROAtcEob2FY5EFv1rHWaz64sPUSm
MroXKyVTlV2t1ctAvnLR7pG90UHGqa8ZGBdJqulkz2qh7p1on3d37Y6SWMK2xV7q
FSrZ0knRcZzI99tkGvcQHavO9+bBtthQmLQ+msHj4G6Al8GChc9dL9cjO2fVG8aQ
bCEnmOeuu7XLvNKXinrNRDoMZNEaeW4KRHaPq/iA/C3knK+m+ZbkhfGy7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGH+mVqlF14XMcs98h0oUPsDzEq7MB8GA1UdIwQY
MBaAFCOu6U0P/2xsdSppQv+pYq43x+a2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTY3cFRRX19iR3gxS21sQ182bGlyamZINXJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9kNzAyNjItZjg3Yy00MTI2LWFmODUt
YTMxODUzZTY5OTdhLzEvWWY2WldxVVhYaGN4eXozeUhTaFEtd1BNU3JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9kNzAyNjItZjg3Yy00MTI2LWFmODUtYTMxODUzZTY5OTdh
LzEvSTY3cFRRX19iR3gxS21sQ182bGlyamZINXJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuWUQAwQC
uYKIMA0GCSqGSIb3DQEBCwUAA4IBAQBrgKk/Vfk+4tKSV4A5/FO73LNu+FLha8xM
33N8igk918hANLDvLd8O3bOyJgFLunRgrfkvw3cOU9RgUgfn5JDrYdlR9ZMvuI5K
HeJ12sPK1Bpz6W4RHldHocct4M+saEMDYpecoxBzYv/mxB6hCE/cgEt6aa2EctMO
6YZ4jNxdNXB3jTcf4Jm1nBIXOhoaXQBvrJ89V9R8N/zicJqcya3B9uRxXaRBDJEf
JmXA42t80vBjg6CYQ6TiWdRud25pNGveWIacu6KDGd1MSXyP1XToH//NQqyQhhWO
G3x0/UbdsHMwxyD3e8ualsKAQe7FHTxJ+K6q+kMokYZI5epvLMxh
-----END CERTIFICATE-----
Generated at Mon Mar 2 16:44:02 2026 by rpki-client