Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/ef4db0-b6c9-47aa-84c1-dc3769e8f6a1/1/h678NT-wkbHRJaqm6iZb8LbOJkA.roa
File: h678NT-wkbHRJaqm6iZb8LbOJkA.roa (raw, json)
Hash identifier: 6iUrPhfAB1aiMKoStXuUWvzoIVv3KdXK9DA19OIjxHA=
Subject key identifier: 87:AE:FC:35:3F:B0:91:B1:D1:25:AA:A6:EA:26:5B:F0:B6:CE:26:40
Certificate issuer: /CN=c8d322beb7e363f4d4575e1e4feee5ccb84e1275
Certificate serial: 019B7F152B48529A9ED6544F340CA7C48A70
Authority key identifier: C8:D3:22:BE:B7:E3:63:F4:D4:57:5E:1E:4F:EE:E5:CC:B8:4E:12:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yNMivrfjY_TUV14eT-7lzLhOEnU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/ef4db0-b6c9-47aa-84c1-dc3769e8f6a1/1/h678NT-wkbHRJaqm6iZb8LbOJkA.roa
Signing time: Fri 02 Jan 2026 14:20:52 +0000
ROA not before: Fri 02 Jan 2026 14:20:52 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 200562
IP address blocks: 45.159.172.0/22 maxlen: 22
146.255.116.0/22 maxlen: 22
185.75.144.0/22 maxlen: 22
2a05:5300::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a7/ef4db0-b6c9-47aa-84c1-dc3769e8f6a1/1/yNMivrfjY_TUV14eT-7lzLhOEnU.crl
rsync://rpki.ripe.net/repository/DEFAULT/a7/ef4db0-b6c9-47aa-84c1-dc3769e8f6a1/1/yNMivrfjY_TUV14eT-7lzLhOEnU.mft
rsync://rpki.ripe.net/repository/DEFAULT/yNMivrfjY_TUV14eT-7lzLhOEnU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 17:01:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7f:15:2b:48:52:9a:9e:d6:54:4f:34:0c:a7:c4:8a:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c8d322beb7e363f4d4575e1e4feee5ccb84e1275
Validity
Not Before: Jan 2 14:20:52 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=87aefc353fb091b1d125aaa6ea265bf0b6ce2640
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:ce:5f:a8:fb:56:6b:40:b8:82:9c:b1:ef:9c:
42:6e:be:11:e9:53:5a:c2:1a:fd:ba:d8:bf:38:4c:
27:09:27:43:2c:78:ab:e3:fa:df:89:d7:85:a9:5f:
88:6b:d1:62:bc:13:f7:f0:53:0f:71:0f:5c:31:b4:
f9:7a:52:a6:c2:8f:52:c4:64:d5:92:84:79:3e:75:
47:40:58:dc:da:91:89:4f:fb:d1:96:e5:18:37:51:
47:3d:68:4a:cd:f0:61:2a:04:4d:21:40:b7:96:e2:
ba:a7:1d:1b:42:65:55:02:85:ad:ff:39:5b:1a:28:
e2:a6:b2:3b:75:9c:f0:ba:de:35:c9:90:01:04:bf:
f3:34:5f:a8:e5:ca:63:00:d2:2b:3c:05:20:63:20:
c0:08:49:66:02:b1:32:e2:f2:b9:15:50:9b:1a:e1:
be:05:7f:27:b6:c1:c0:d3:61:fd:73:4e:e8:f7:e3:
f8:1f:31:6c:d1:f4:cb:7e:17:cd:24:a2:8e:46:1e:
79:c4:51:a1:c5:d1:c1:ed:c6:eb:66:11:94:f8:38:
f8:58:4c:f2:29:79:4f:28:b6:af:70:c4:c8:d3:53:
e8:4e:18:c0:f9:4e:81:39:b6:a0:71:68:dd:18:34:
30:c7:1f:05:0c:8a:2d:d6:12:9b:57:4f:af:a3:97:
b0:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:AE:FC:35:3F:B0:91:B1:D1:25:AA:A6:EA:26:5B:F0:B6:CE:26:40
X509v3 Authority Key Identifier:
keyid:C8:D3:22:BE:B7:E3:63:F4:D4:57:5E:1E:4F:EE:E5:CC:B8:4E:12:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yNMivrfjY_TUV14eT-7lzLhOEnU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/ef4db0-b6c9-47aa-84c1-dc3769e8f6a1/1/h678NT-wkbHRJaqm6iZb8LbOJkA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/ef4db0-b6c9-47aa-84c1-dc3769e8f6a1/1/yNMivrfjY_TUV14eT-7lzLhOEnU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.172.0/22
146.255.116.0/22
185.75.144.0/22
IPv6:
2a05:5300::/29
Signature Algorithm: sha256WithRSAEncryption
6c:c8:40:25:a4:ba:ae:2c:a3:42:8e:5d:cb:40:ba:4a:2c:6c:
e7:81:40:38:24:2a:2c:45:d6:fc:96:12:25:f5:06:d7:93:ae:
1b:ae:18:31:ed:d5:5e:1d:78:90:9f:66:35:91:0f:4e:e5:44:
2e:38:b0:eb:89:23:3c:b8:cb:8c:36:5f:11:50:ab:83:b9:10:
32:cf:72:a9:25:6c:c8:df:0f:39:e2:dd:4d:cb:7b:41:79:79:
04:3e:86:8a:9b:90:85:cc:87:4f:fe:74:38:05:bf:79:bc:9f:
0c:eb:9a:63:b5:dc:99:41:86:f8:7d:5e:78:13:99:cd:a7:0b:
23:28:5f:37:85:aa:2d:97:84:f3:7d:ba:42:2d:b5:9c:cc:31:
c3:14:05:f9:df:ec:bc:46:f0:26:37:78:b3:fc:29:26:23:a6:
f9:15:c2:f9:0a:d9:a4:97:cb:92:5f:6e:3a:0b:c5:7d:5f:f3:
d2:f2:c7:95:8d:11:e2:6d:ab:49:52:10:c6:0e:a7:c1:9e:20:
17:8c:b5:9c:fc:a8:29:98:9c:50:07:99:9b:3d:fd:1f:08:23:
fd:f8:ad:2b:d8:22:ee:8a:5f:8f:7c:9a:4a:a2:22:79:e0:2c:
d2:cf:a1:9d:6f:0c:ee:3e:1a:e4:d6:11:34:4d:09:9a:9e:bf:
c2:be:09:0d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZt/FStIUpqe1lRPNAynxIpwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZDMyMmJlYjdlMzYzZjRkNDU3NWUxZTRmZWVlNWNjYjg0
ZTEyNzUwHhcNMjYwMTAyMTQyMDUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2FlZmMzNTNmYjA5MWIxZDEyNWFhYTZlYTI2NWJmMGI2Y2UyNjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw85fqPtWa0C4gpyx75xCbr4R6VNa
whr9uti/OEwnCSdDLHir4/rfideFqV+Ia9FivBP38FMPcQ9cMbT5elKmwo9SxGTV
koR5PnVHQFjc2pGJT/vRluUYN1FHPWhKzfBhKgRNIUC3luK6px0bQmVVAoWt/zlb
GijiprI7dZzwut41yZABBL/zNF+o5cpjANIrPAUgYyDACElmArEy4vK5FVCbGuG+
BX8ntsHA02H9c07o9+P4HzFs0fTLfhfNJKKORh55xFGhxdHB7cbrZhGU+Dj4WEzy
KXlPKLavcMTI01PoThjA+U6BObagcWjdGDQwxx8FDIot1hKbV0+vo5ewAQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFIeu/DU/sJGx0SWqpuomW/C2ziZAMB8GA1UdIwQY
MBaAFMjTIr6342P01FdeHk/u5cy4ThJ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU5NaXZyZmpZX1RVVjE0ZVQtN2x6TGhPRW5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9lZjRkYjAtYjZjOS00N2FhLTg0YzEt
ZGMzNzY5ZThmNmExLzEvaDY3OE5ULXdrYkhSSmFxbTZpWmI4TGJPSmtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9lZjRkYjAtYjZjOS00N2FhLTg0YzEtZGMzNzY5ZThmNmEx
LzEveU5NaXZyZmpZX1RVVjE0ZVQtN2x6TGhPRW5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCLZ+sAwQC
kv90AwQCuUuQMA0EAgACMAcDBQMqBVMAMA0GCSqGSIb3DQEBCwUAA4IBAQBsyEAl
pLquLKNCjl3LQLpKLGzngUA4JCosRdb8lhIl9QbXk64brhgx7dVeHXiQn2Y1kQ9O
5UQuOLDriSM8uMuMNl8RUKuDuRAyz3KpJWzI3w854t1Ny3tBeXkEPoaKm5CFzIdP
/nQ4Bb95vJ8M65pjtdyZQYb4fV54E5nNpwsjKF83haotl4TzfbpCLbWczDHDFAX5
3+y8RvAmN3iz/CkmI6b5FcL5Ctmkl8uSX246C8V9X/PS8seVjRHibatJUhDGDqfB
niAXjLWc/KgpmJxQB5mbPf0fCCP9+K0r2CLuil+PfJpKoiJ54CzSz6GdbwzuPhrk
1hE0TQmanr/CvgkN
-----END CERTIFICATE-----
Generated at Mon Mar 2 04:01:12 2026 by rpki-client