Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/YXMdn84s7H12vJRQ04RG8jReihQ.roa
File: YXMdn84s7H12vJRQ04RG8jReihQ.roa (raw, json)
Hash identifier: GqI2dZ5F7bUBYd3bJOjRibwqhdV60gwABaZ5J0BxIdg=
Subject key identifier: 61:73:1D:9F:CE:2C:EC:7D:76:BC:94:50:D3:84:46:F2:34:5E:8A:14
Certificate issuer: /CN=617252ebbb33484adcec7405adea4de08a0afb04
Certificate serial: 019C8A093BD86B4FA69903BD765D3186485C
Authority key identifier: 61:72:52:EB:BB:33:48:4A:DC:EC:74:05:AD:EA:4D:E0:8A:0A:FB:04
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YXJS67szSErc7HQFrepN4IoK-wQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/YXMdn84s7H12vJRQ04RG8jReihQ.roa
Signing time: Mon 23 Feb 2026 10:26:26 +0000
ROA not before: Mon 23 Feb 2026 10:26:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 41608
IP address blocks: 88.151.32.0/22 maxlen: 24
88.151.35.0/24 maxlen: 24
185.213.172.0/23 maxlen: 23
185.213.172.0/24 maxlen: 24
185.213.174.0/24 maxlen: 24
185.213.175.0/24 maxlen: 24
195.170.165.0/24 maxlen: 24
195.170.167.0/24 maxlen: 24
195.170.172.0/24 maxlen: 24
2a0b:8bc0::/29 maxlen: 29
2a0b:8bc0:9999::/48 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/YXJS67szSErc7HQFrepN4IoK-wQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/YXJS67szSErc7HQFrepN4IoK-wQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/YXJS67szSErc7HQFrepN4IoK-wQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 13:00:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:8a:09:3b:d8:6b:4f:a6:99:03:bd:76:5d:31:86:48:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=617252ebbb33484adcec7405adea4de08a0afb04
Validity
Not Before: Feb 23 10:26:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=61731d9fce2cec7d76bc9450d38446f2345e8a14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:f8:66:c8:d5:f3:bc:d0:b2:97:a8:02:bb:a2:
d5:8d:23:00:f2:8f:a9:0c:4b:ae:e7:af:da:57:fd:
82:a6:f8:0a:e9:6a:0e:de:78:f4:31:af:42:dd:7e:
68:2f:11:dc:9f:5a:fc:55:a9:56:bf:18:44:e4:e1:
6b:30:3c:74:f8:f3:4b:9b:50:51:15:0e:84:ba:ec:
22:5b:1d:21:69:78:4c:2f:e1:c2:ed:b9:2e:42:f2:
d7:98:da:de:2c:00:bd:53:35:82:42:3b:ab:8a:1a:
73:df:62:5a:50:05:d8:78:9e:12:c3:5b:b6:98:72:
af:85:fc:01:a8:e5:74:27:7c:fe:41:30:1a:7f:53:
36:69:9e:91:8b:29:bd:9a:0c:da:df:16:19:dc:06:
1a:9c:9f:ed:4c:a0:ad:de:13:2d:4b:0f:72:67:34:
d2:5e:ee:66:5d:be:86:1c:5e:a6:99:f6:8a:5e:ea:
57:ea:c8:d6:2f:32:95:c4:bb:20:f9:78:bf:b9:56:
80:57:bf:28:da:cc:2e:72:fb:53:ee:94:22:e8:59:
9c:88:93:b8:45:ed:d6:ba:7f:8a:d7:29:d1:7d:b2:
e9:61:42:93:20:58:2b:aa:7c:02:97:50:d0:8b:d3:
81:1d:ad:1d:57:45:df:bf:5f:83:98:2a:44:89:11:
2a:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:73:1D:9F:CE:2C:EC:7D:76:BC:94:50:D3:84:46:F2:34:5E:8A:14
X509v3 Authority Key Identifier:
keyid:61:72:52:EB:BB:33:48:4A:DC:EC:74:05:AD:EA:4D:E0:8A:0A:FB:04
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YXJS67szSErc7HQFrepN4IoK-wQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/YXMdn84s7H12vJRQ04RG8jReihQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/YXJS67szSErc7HQFrepN4IoK-wQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.151.32.0/22
185.213.172.0/22
195.170.165.0/24
195.170.167.0/24
195.170.172.0/24
IPv6:
2a0b:8bc0::/29
Signature Algorithm: sha256WithRSAEncryption
99:1e:1c:5a:8a:42:cf:e4:db:b4:d3:fc:be:c5:2e:35:44:43:
c1:12:e9:c1:21:af:97:fc:d1:f9:08:c7:63:bb:a0:bc:d6:fe:
60:7f:d6:ea:6e:de:35:c9:01:1e:08:49:b0:d6:df:c5:64:5c:
25:d5:af:75:58:7c:a8:3c:42:e8:d0:4c:7b:6c:28:66:e9:fc:
a6:94:cb:85:e6:3b:53:4d:9e:51:ec:f6:e5:5e:21:2f:e7:07:
57:89:80:7d:ab:e8:33:bd:28:7a:1b:bb:fc:90:de:92:be:38:
87:51:6c:8b:57:76:82:74:50:b5:b9:33:af:2f:45:06:31:1a:
8e:0b:c6:c0:1b:53:56:ec:05:35:98:2c:1a:1c:9a:08:c4:c3:
b9:1e:ec:58:10:78:c5:15:21:99:9d:09:d1:68:15:5a:37:cf:
02:1a:fa:a4:22:24:5d:7f:a1:84:42:bd:74:d6:df:f5:67:73:
47:0e:88:2d:03:5b:59:bf:57:e5:ac:c1:d2:e6:3b:a6:1c:7a:
57:17:4e:fa:0e:7f:a7:6a:55:92:37:a5:0b:8a:c0:4c:0a:21:
39:cb:0d:67:55:68:50:8c:d5:19:9a:2e:84:8f:e2:fb:28:65:
f0:4a:f0:18:cc:fd:1d:9d:da:c0:12:91:47:f2:a8:43:d0:b5:
27:0b:b9:37
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZyKCTvYa0+mmQO9dl0xhkhcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNzI1MmViYmIzMzQ4NGFkY2VjNzQwNWFkZWE0ZGUwOGEw
YWZiMDQwHhcNMjYwMjIzMTAyNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTczMWQ5ZmNlMmNlYzdkNzZiYzk0NTBkMzg0NDZmMjM0NWU4YTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvhmyNXzvNCyl6gCu6LVjSMA8o+p
DEuu56/aV/2CpvgK6WoO3nj0Ma9C3X5oLxHcn1r8ValWvxhE5OFrMDx0+PNLm1BR
FQ6EuuwiWx0haXhML+HC7bkuQvLXmNreLAC9UzWCQjurihpz32JaUAXYeJ4Sw1u2
mHKvhfwBqOV0J3z+QTAaf1M2aZ6Riym9mgza3xYZ3AYanJ/tTKCt3hMtSw9yZzTS
Xu5mXb6GHF6mmfaKXupX6sjWLzKVxLsg+Xi/uVaAV78o2swucvtT7pQi6FmciJO4
Re3Wun+K1ynRfbLpYUKTIFgrqnwCl1DQi9OBHa0dV0Xfv1+DmCpEiREquwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFGFzHZ/OLOx9dryUUNOERvI0XooUMB8GA1UdIwQY
MBaAFGFyUuu7M0hK3Ox0Ba3qTeCKCvsEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVhKUzY3c3pTRXJjN0hRRnJlcE40SW9LLXdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8zN2E5M2ItODdiNS00OTk1LTllOGMt
NjYzNWRlYmMzOTVjLzEvWVhNZG44NHM3SDEydkpSUTA0Ukc4alJlaWhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8zN2E5M2ItODdiNS00OTk1LTllOGMtNjYzNWRlYmMzOTVj
LzEvWVhKUzY3c3pTRXJjN0hRRnJlcE40SW9LLXdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCWJcgAwQC
udWsAwQAw6qlAwQAw6qnAwQAw6qsMA0EAgACMAcDBQMqC4vAMA0GCSqGSIb3DQEB
CwUAA4IBAQCZHhxaikLP5Nu00/y+xS41REPBEunBIa+X/NH5CMdju6C81v5gf9bq
bt41yQEeCEmw1t/FZFwl1a91WHyoPELo0Ex7bChm6fymlMuF5jtTTZ5R7PblXiEv
5wdXiYB9q+gzvSh6G7v8kN6SvjiHUWyLV3aCdFC1uTOvL0UGMRqOC8bAG1NW7AU1
mCwaHJoIxMO5HuxYEHjFFSGZnQnRaBVaN88CGvqkIiRdf6GEQr101t/1Z3NHDogt
A1tZv1flrMHS5jumHHpXF076Dn+nalWSN6ULisBMCiE5yw1nVWhQjNUZmi6Ej+L7
KGXwSvAYzP0dndrAEpFH8qhD0LUnC7k3
-----END CERTIFICATE-----
Generated at Mon Mar 2 16:59:46 2026 by rpki-client