Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/97b0b7-013d-433e-b538-a84eb411ef8a/1/Be5RoMw-ds5u2XTKB0fRW06anJM.roa
File: Be5RoMw-ds5u2XTKB0fRW06anJM.roa (raw, json)
Hash identifier: /kKlE5noyKkxWgeKwC5k06c0zlzs+Aq9eYc5li0SiaA=
Subject key identifier: 05:EE:51:A0:CC:3E:76:CE:6E:D9:74:CA:07:47:D1:5B:4E:9A:9C:93
Certificate issuer: /CN=c0a233590de586e0c55821c6f6d5732afc841229
Certificate serial: 019D721C722D131EE7A1A28A614A8C14D5A6
Authority key identifier: C0:A2:33:59:0D:E5:86:E0:C5:58:21:C6:F6:D5:73:2A:FC:84:12:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wKIzWQ3lhuDFWCHG9tVzKvyEEik.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/97b0b7-013d-433e-b538-a84eb411ef8a/1/Be5RoMw-ds5u2XTKB0fRW06anJM.roa
Signing time: Thu 09 Apr 2026 11:59:20 +0000
ROA not before: Thu 09 Apr 2026 11:59:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 57630
IP address blocks: 5.152.152.0/23 maxlen: 23
31.12.80.0/22 maxlen: 22
46.33.16.0/23 maxlen: 23
117.55.200.0/23 maxlen: 23
134.65.164.0/22 maxlen: 22
194.179.134.0/23 maxlen: 23
217.11.175.0/24 maxlen: 24
217.177.8.0/23 maxlen: 23
2a02:7e00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ac/97b0b7-013d-433e-b538-a84eb411ef8a/1/wKIzWQ3lhuDFWCHG9tVzKvyEEik.crl
rsync://rpki.ripe.net/repository/DEFAULT/ac/97b0b7-013d-433e-b538-a84eb411ef8a/1/wKIzWQ3lhuDFWCHG9tVzKvyEEik.mft
rsync://rpki.ripe.net/repository/DEFAULT/wKIzWQ3lhuDFWCHG9tVzKvyEEik.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 02:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:72:1c:72:2d:13:1e:e7:a1:a2:8a:61:4a:8c:14:d5:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c0a233590de586e0c55821c6f6d5732afc841229
Validity
Not Before: Apr 9 11:59:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=05ee51a0cc3e76ce6ed974ca0747d15b4e9a9c93
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:09:73:bb:6b:9c:85:be:b2:c0:88:d8:02:db:
13:86:81:90:2c:ea:af:ff:3a:52:d5:47:3c:ac:6c:
1d:82:ca:99:67:b4:ad:42:a7:82:61:12:ca:99:ec:
c4:ba:f0:ab:ad:0b:f2:c7:6a:b8:8d:e2:55:a2:f1:
c1:d5:b5:34:06:f2:36:18:e9:53:81:21:67:6d:d8:
a4:23:a4:4b:53:55:ae:3f:f3:59:93:d0:7a:dd:d5:
40:65:6a:97:99:30:98:9e:6b:dd:bf:cd:f3:ee:30:
a3:93:af:d8:d0:ca:aa:36:5f:c8:8d:9c:87:9c:18:
0f:e8:69:8f:ec:48:5d:24:28:41:fb:f1:73:84:98:
7f:6c:61:90:ff:40:70:0d:09:3e:23:1c:42:58:68:
f1:fe:dd:e5:d4:17:bc:1a:9e:81:76:d7:39:aa:72:
d6:fb:b8:a2:43:65:fd:b3:73:7d:55:4e:75:a5:d4:
d6:5d:83:cd:1a:a1:56:61:f8:30:b7:f3:74:ba:71:
79:f4:cf:d4:3f:b4:b6:d2:0d:80:31:3c:65:2d:0a:
69:0d:a7:a1:5e:17:3f:85:aa:3f:e4:25:da:d2:4c:
6c:d3:bb:79:3c:8f:5d:1c:f8:d0:0f:19:02:0d:85:
96:13:26:5f:7f:89:a1:c5:01:28:c1:fb:ff:ac:ef:
ff:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:EE:51:A0:CC:3E:76:CE:6E:D9:74:CA:07:47:D1:5B:4E:9A:9C:93
X509v3 Authority Key Identifier:
keyid:C0:A2:33:59:0D:E5:86:E0:C5:58:21:C6:F6:D5:73:2A:FC:84:12:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wKIzWQ3lhuDFWCHG9tVzKvyEEik.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/97b0b7-013d-433e-b538-a84eb411ef8a/1/Be5RoMw-ds5u2XTKB0fRW06anJM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/97b0b7-013d-433e-b538-a84eb411ef8a/1/wKIzWQ3lhuDFWCHG9tVzKvyEEik.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.152.152.0/23
31.12.80.0/22
46.33.16.0/23
117.55.200.0/23
134.65.164.0/22
194.179.134.0/23
217.11.175.0/24
217.177.8.0/23
IPv6:
2a02:7e00::/29
Signature Algorithm: sha256WithRSAEncryption
60:98:b0:9d:3b:35:dc:af:22:ad:a8:c5:2f:a7:33:a7:d7:be:
bf:7d:31:9b:97:5d:39:78:cc:bf:cc:aa:59:4b:ea:a9:a3:5d:
db:e1:fc:9a:67:75:2b:04:89:a3:11:7a:90:8c:3a:ca:b0:86:
07:58:a6:da:8c:be:7e:54:ee:44:89:b5:fa:86:ea:5c:89:e7:
ad:80:d1:5b:24:25:ee:ee:25:85:da:f6:97:d8:db:5c:b8:25:
da:d6:fa:06:a1:3e:74:53:bf:6c:cc:61:f4:05:dd:8a:97:43:
1f:17:bc:81:5b:dc:bb:b7:37:76:a9:97:92:87:d5:23:57:f6:
f8:74:1f:2f:e8:5b:45:72:ec:58:97:81:7e:66:13:0b:16:b7:
db:ee:4c:5e:e2:53:b7:7d:fe:95:da:52:f0:7a:64:b6:e8:62:
8c:d2:26:8f:5c:11:60:1e:1c:78:e8:75:85:8c:2d:a2:04:30:
45:43:b8:d1:e6:b2:e6:e1:e2:12:4c:4c:f8:4a:c9:94:74:97:
da:e9:50:df:f2:a2:bc:50:94:ec:3e:a6:de:c5:49:d6:44:a3:
9a:f4:a7:04:ee:89:ed:7b:1d:e5:43:dc:44:18:cf:b7:6a:30:
84:03:1e:f5:17:3f:42:6b:8b:db:41:52:21:8e:b1:4c:09:98:
52:4f:4b:1f
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZ1yHHItEx7noaKKYUqMFNWmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwYTIzMzU5MGRlNTg2ZTBjNTU4MjFjNmY2ZDU3MzJhZmM4
NDEyMjkwHhcNMjYwNDA5MTE1OTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWVlNTFhMGNjM2U3NmNlNmVkOTc0Y2EwNzQ3ZDE1YjRlOWE5YzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5glzu2uchb6ywIjYAtsThoGQLOqv
/zpS1Uc8rGwdgsqZZ7StQqeCYRLKmezEuvCrrQvyx2q4jeJVovHB1bU0BvI2GOlT
gSFnbdikI6RLU1WuP/NZk9B63dVAZWqXmTCYnmvdv83z7jCjk6/Y0MqqNl/IjZyH
nBgP6GmP7EhdJChB+/FzhJh/bGGQ/0BwDQk+IxxCWGjx/t3l1Be8Gp6Bdtc5qnLW
+7iiQ2X9s3N9VU51pdTWXYPNGqFWYfgwt/N0unF59M/UP7S20g2AMTxlLQppDaeh
Xhc/hao/5CXa0kxs07t5PI9dHPjQDxkCDYWWEyZff4mhxQEowfv/rO//dQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFAXuUaDMPnbObtl0ygdH0VtOmpyTMB8GA1UdIwQY
MBaAFMCiM1kN5YbgxVghxvbVcyr8hBIpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0tJeldRM2xodURGV0NIRzl0VnpLdnlFRWlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy85N2IwYjctMDEzZC00MzNlLWI1Mzgt
YTg0ZWI0MTFlZjhhLzEvQmU1Um9Ndy1kczV1MlhUS0IwZlJXMDZhbkpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy85N2IwYjctMDEzZC00MzNlLWI1MzgtYTg0ZWI0MTFlZjhh
LzEvd0tJeldRM2xodURGV0NIRzl0VnpLdnlFRWlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQBBZiYAwQC
HwxQAwQBLiEQAwQBdTfIAwQChkGkAwQBwrOGAwQA2QuvAwQB2bEIMA0EAgACMAcD
BQMqAn4AMA0GCSqGSIb3DQEBCwUAA4IBAQBgmLCdOzXcryKtqMUvpzOn176/fTGb
l105eMy/zKpZS+qpo13b4fyaZ3UrBImjEXqQjDrKsIYHWKbajL5+VO5EibX6hupc
ieetgNFbJCXu7iWF2vaX2NtcuCXa1voGoT50U79szGH0Bd2Kl0MfF7yBW9y7tzd2
qZeSh9UjV/b4dB8v6FtFcuxYl4F+ZhMLFrfb7kxe4lO3ff6V2lLwemS26GKM0iaP
XBFgHhx46HWFjC2iBDBFQ7jR5rLm4eISTEz4SsmUdJfa6VDf8qK8UJTsPqbexUnW
RKOa9KcE7ontex3lQ9xEGM+3ajCEAx71Fz9Ca4vbQVIhjrFMCZhST0sf
-----END CERTIFICATE-----
Generated at Sun Apr 19 08:13:06 2026 by rpki-client