Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/cd51e8-6594-4a58-bd57-01f28f4d49f6/1/vkinxgiyd_YGCc2FvXGXlifXXZw.roa
File: vkinxgiyd_YGCc2FvXGXlifXXZw.roa (raw, json)
Hash identifier: ae69pULyWQhzs8GCwJJ69Rg2AhZZDsijjjtqdA5+8Yg=
Subject key identifier: BE:48:A7:C6:08:B2:77:F6:06:09:CD:85:BD:71:97:96:27:D7:5D:9C
Certificate issuer: /CN=ff2df297db1af0376a5a2a72e698a7eb287af3af
Certificate serial: 019B7A5ACE85DBA17CE4EE1209B65394F69B
Authority key identifier: FF:2D:F2:97:DB:1A:F0:37:6A:5A:2A:72:E6:98:A7:EB:28:7A:F3:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_y3yl9sa8DdqWipy5pin6yh6868.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/90/cd51e8-6594-4a58-bd57-01f28f4d49f6/1/vkinxgiyd_YGCc2FvXGXlifXXZw.roa
Signing time: Thu 01 Jan 2026 16:18:50 +0000
ROA not before: Thu 01 Jan 2026 16:18:50 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43861
IP address blocks: 45.134.176.0/23 maxlen: 23
45.134.178.0/23 maxlen: 23
91.199.227.0/24 maxlen: 24
185.125.242.0/24 maxlen: 24
2001:678:348::/48 maxlen: 48
2a13:acc0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/90/cd51e8-6594-4a58-bd57-01f28f4d49f6/1/_y3yl9sa8DdqWipy5pin6yh6868.crl
rsync://rpki.ripe.net/repository/DEFAULT/90/cd51e8-6594-4a58-bd57-01f28f4d49f6/1/_y3yl9sa8DdqWipy5pin6yh6868.mft
rsync://rpki.ripe.net/repository/DEFAULT/_y3yl9sa8DdqWipy5pin6yh6868.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 07:01:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7a:5a:ce:85:db:a1:7c:e4:ee:12:09:b6:53:94:f6:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff2df297db1af0376a5a2a72e698a7eb287af3af
Validity
Not Before: Jan 1 16:18:50 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=be48a7c608b277f60609cd85bd71979627d75d9c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:3f:1c:85:af:d6:1f:d5:06:e5:2a:da:a7:97:
29:ed:f6:4b:9d:69:a1:e4:49:97:86:9d:00:40:b7:
59:49:b0:d1:61:64:ff:92:bd:33:19:a3:05:86:b0:
17:5f:9c:4a:91:64:e7:b9:63:64:6c:c9:c0:53:cb:
49:9a:cf:50:f4:56:67:a4:18:33:30:bd:d7:bc:60:
82:26:97:12:19:be:f0:d3:4a:37:1e:35:23:0d:1f:
38:09:70:59:f3:c4:03:54:cc:3c:80:de:2f:9d:87:
5f:10:27:42:78:6e:55:e0:79:50:ab:b7:1f:c7:70:
ef:34:9c:8c:8c:b6:17:7e:3d:75:29:77:46:e7:06:
15:63:a7:5c:be:01:c9:d2:31:ef:d1:5d:61:0d:fd:
82:b9:58:72:cb:02:48:0c:6e:82:7a:ef:f6:8f:ca:
56:d3:78:1e:27:db:15:f1:74:f4:82:29:43:f7:45:
12:5b:95:f1:74:97:37:ba:bf:fd:b4:03:fe:96:09:
d0:41:0a:1a:7c:ae:0b:72:c1:f4:cd:64:ca:c6:2e:
12:1a:b4:99:6d:b0:99:ab:27:7c:38:f1:fd:7b:29:
ad:e2:71:0a:30:f7:dc:4a:c2:69:40:d9:02:0b:06:
07:6e:55:c6:98:eb:b8:21:93:e8:41:53:ca:99:75:
cf:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:48:A7:C6:08:B2:77:F6:06:09:CD:85:BD:71:97:96:27:D7:5D:9C
X509v3 Authority Key Identifier:
keyid:FF:2D:F2:97:DB:1A:F0:37:6A:5A:2A:72:E6:98:A7:EB:28:7A:F3:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_y3yl9sa8DdqWipy5pin6yh6868.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/cd51e8-6594-4a58-bd57-01f28f4d49f6/1/vkinxgiyd_YGCc2FvXGXlifXXZw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/90/cd51e8-6594-4a58-bd57-01f28f4d49f6/1/_y3yl9sa8DdqWipy5pin6yh6868.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.134.176.0/22
91.199.227.0/24
185.125.242.0/24
IPv6:
2001:678:348::/48
2a13:acc0::/32
Signature Algorithm: sha256WithRSAEncryption
be:05:51:27:10:07:57:b9:a1:94:6a:be:cc:80:5b:5b:52:8f:
a0:96:7c:de:99:0c:a2:2d:f0:ec:b9:ea:cd:56:12:97:47:97:
3f:3e:25:5a:e4:0c:e0:ac:99:df:c3:05:e7:62:c0:c0:2f:d5:
7c:68:6d:c1:40:b3:d9:33:ca:5b:4f:60:2b:1d:e0:04:1c:bf:
bb:05:22:ca:be:34:d8:58:f8:6f:57:aa:a5:e6:80:f1:8a:f1:
fc:f5:fe:8a:5c:3e:40:c2:0e:df:7b:a7:d8:a2:02:2b:6c:05:
59:74:2e:d1:9c:b7:d1:51:ed:72:86:2e:50:d0:7c:64:e6:d1:
d4:7c:4b:0a:37:33:e4:e1:42:20:29:55:9d:27:4f:bc:b5:db:
0a:39:df:b7:8e:b0:cf:b8:99:13:00:f3:bc:9a:0c:fe:af:14:
b0:77:2f:f0:d0:02:0f:2b:c1:61:03:e3:af:b7:7d:52:2b:d0:
c2:65:28:c8:2a:f5:8c:67:af:20:8d:76:a8:fd:70:3c:ea:35:
0c:eb:6c:0c:87:7b:ea:0b:1b:3f:58:11:58:8a:b2:3a:71:05:
88:df:9b:f7:a6:a1:df:1f:8e:af:e9:a4:72:e4:d8:60:c0:48:
6b:11:96:59:97:bd:ec:ec:e3:3f:19:50:62:9a:dd:95:01:51:
51:7f:85:c6
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZt6Ws6F26F85O4SCbZTlPabMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMmRmMjk3ZGIxYWYwMzc2YTVhMmE3MmU2OThhN2ViMjg3
YWYzYWYwHhcNMjYwMTAxMTYxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTQ4YTdjNjA4YjI3N2Y2MDYwOWNkODViZDcxOTc5NjI3ZDc1ZDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4D8cha/WH9UG5Srap5cp7fZLnWmh
5EmXhp0AQLdZSbDRYWT/kr0zGaMFhrAXX5xKkWTnuWNkbMnAU8tJms9Q9FZnpBgz
ML3XvGCCJpcSGb7w00o3HjUjDR84CXBZ88QDVMw8gN4vnYdfECdCeG5V4HlQq7cf
x3DvNJyMjLYXfj11KXdG5wYVY6dcvgHJ0jHv0V1hDf2CuVhyywJIDG6Ceu/2j8pW
03geJ9sV8XT0gilD90USW5XxdJc3ur/9tAP+lgnQQQoafK4LcsH0zWTKxi4SGrSZ
bbCZqyd8OPH9eymt4nEKMPfcSsJpQNkCCwYHblXGmOu4IZPoQVPKmXXP+wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFL5Ip8YIsnf2BgnNhb1xl5Yn112cMB8GA1UdIwQY
MBaAFP8t8pfbGvA3aloqcuaYp+soevOvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3kzeWw5c2E4RGRxV2lweTVwaW42eWg2ODY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jZDUxZTgtNjU5NC00YTU4LWJkNTct
MDFmMjhmNGQ0OWY2LzEvdmtpbnhnaXlkX1lHQ2MyRnZYR1hsaWZYWFp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jZDUxZTgtNjU5NC00YTU4LWJkNTctMDFmMjhmNGQ0OWY2
LzEvX3kzeWw5c2E4RGRxV2lweTVwaW42eWg2ODY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAYBAIAATASAwQCLYawAwQA
W8fjAwQAuX3yMBYEAgACMBADBwAgAQZ4A0gDBQAqE6zAMA0GCSqGSIb3DQEBCwUA
A4IBAQC+BVEnEAdXuaGUar7MgFtbUo+glnzemQyiLfDsuerNVhKXR5c/PiVa5Azg
rJnfwwXnYsDAL9V8aG3BQLPZM8pbT2ArHeAEHL+7BSLKvjTYWPhvV6ql5oDxivH8
9f6KXD5Awg7fe6fYogIrbAVZdC7RnLfRUe1yhi5Q0Hxk5tHUfEsKNzPk4UIgKVWd
J0+8tdsKOd+3jrDPuJkTAPO8mgz+rxSwdy/w0AIPK8FhA+Ovt31SK9DCZSjIKvWM
Z68gjXao/XA86jUM62wMh3vqCxs/WBFYirI6cQWI35v3pqHfH46v6aRy5NhgwEhr
EZZZl73s7OM/GVBimt2VAVFRf4XG
-----END CERTIFICATE-----
Generated at Mon Mar 2 16:02:00 2026 by rpki-client