Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/d7558e-9a6c-4711-8ef8-9150296daa0a/1/y2dvaW9BE_hgA52pK6ndrIlUQD8.roa
File: y2dvaW9BE_hgA52pK6ndrIlUQD8.roa (raw, json)
Hash identifier: 8aYMWWwaNFDI51SXRVa0hNzXB/57zeHnGU+/Ox3JcPA=
Subject key identifier: CB:67:6F:69:6F:41:13:F8:60:03:9D:A9:2B:A9:DD:AC:89:54:40:3F
Certificate issuer: /CN=235163d39db88816cddc597a5db5eae707d3de39
Certificate serial: 019B7F854ED4D84EB55F739A21CCDE4BE792
Authority key identifier: 23:51:63:D3:9D:B8:88:16:CD:DC:59:7A:5D:B5:EA:E7:07:D3:DE:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/I1Fj0524iBbN3Fl6XbXq5wfT3jk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/d7558e-9a6c-4711-8ef8-9150296daa0a/1/y2dvaW9BE_hgA52pK6ndrIlUQD8.roa
Signing time: Fri 02 Jan 2026 16:23:21 +0000
ROA not before: Fri 02 Jan 2026 16:23:21 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 208250
IP address blocks: 45.150.120.0/22 maxlen: 22
45.150.120.0/24 maxlen: 24
45.150.121.0/24 maxlen: 24
45.150.122.0/24 maxlen: 24
2a0f:be00::/29 maxlen: 29
2a0f:be00::/48 maxlen: 48
2a0f:be00:1::/48 maxlen: 48
2a0f:be00:2::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bb/d7558e-9a6c-4711-8ef8-9150296daa0a/1/I1Fj0524iBbN3Fl6XbXq5wfT3jk.crl
rsync://rpki.ripe.net/repository/DEFAULT/bb/d7558e-9a6c-4711-8ef8-9150296daa0a/1/I1Fj0524iBbN3Fl6XbXq5wfT3jk.mft
rsync://rpki.ripe.net/repository/DEFAULT/I1Fj0524iBbN3Fl6XbXq5wfT3jk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7f:85:4e:d4:d8:4e:b5:5f:73:9a:21:cc:de:4b:e7:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=235163d39db88816cddc597a5db5eae707d3de39
Validity
Not Before: Jan 2 16:23:21 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=cb676f696f4113f860039da92ba9ddac8954403f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:6c:0f:a6:10:bf:d0:aa:2b:b9:7b:93:b4:4c:
a5:f9:47:72:60:82:56:33:9d:61:3f:86:02:16:40:
2c:f9:b1:fc:d4:a8:a7:90:c3:65:58:bd:c3:8c:ea:
e6:f7:43:ce:cf:10:7d:1c:65:46:47:e6:65:78:38:
cb:0d:2f:92:da:93:71:2b:3b:b1:50:51:6c:f1:7a:
fa:02:e2:a8:46:23:72:0d:57:01:fe:63:3d:74:ec:
b1:bc:aa:d2:d1:75:85:eb:43:14:77:34:34:57:2d:
fd:72:c1:e0:df:f7:b7:f6:db:93:ca:e4:7a:aa:2f:
01:39:87:6b:88:c3:22:79:ac:fe:f5:13:e3:9a:31:
04:e5:30:53:81:3b:e0:d4:19:80:35:15:fe:10:8c:
0c:3a:be:e2:24:0e:de:74:e6:2e:27:60:4a:a9:65:
98:ca:84:4c:d1:44:1c:08:e6:90:fa:aa:2e:28:cc:
96:9d:9d:99:fc:27:94:ad:5f:01:56:75:84:4b:e2:
23:72:96:cb:9f:b5:c1:aa:83:30:0f:11:7a:6e:ff:
f3:78:75:27:45:a6:60:b2:5b:86:1d:b2:ef:d9:67:
18:9c:7b:fe:ee:8b:d3:b1:8c:19:e1:2d:71:34:0b:
b2:2d:d8:af:cb:90:80:77:f0:10:36:a8:3e:f1:75:
8d:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:67:6F:69:6F:41:13:F8:60:03:9D:A9:2B:A9:DD:AC:89:54:40:3F
X509v3 Authority Key Identifier:
keyid:23:51:63:D3:9D:B8:88:16:CD:DC:59:7A:5D:B5:EA:E7:07:D3:DE:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I1Fj0524iBbN3Fl6XbXq5wfT3jk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/d7558e-9a6c-4711-8ef8-9150296daa0a/1/y2dvaW9BE_hgA52pK6ndrIlUQD8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/d7558e-9a6c-4711-8ef8-9150296daa0a/1/I1Fj0524iBbN3Fl6XbXq5wfT3jk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.120.0/22
IPv6:
2a0f:be00::/29
Signature Algorithm: sha256WithRSAEncryption
1d:cf:80:33:8a:63:ae:70:2a:6b:bd:09:7e:0c:ad:32:7f:67:
88:5a:40:e1:5c:b8:01:e4:bd:4d:6d:22:75:fe:57:57:1f:0d:
c2:fd:54:ff:50:2d:fa:c2:f8:91:77:38:4e:b9:7a:9b:5d:75:
a8:79:e3:f2:8c:0b:6e:ea:aa:0a:51:a8:47:88:53:cc:f2:68:
9a:e3:65:d9:aa:88:6b:89:2a:55:f6:5d:e1:69:f4:94:fa:70:
df:64:9b:76:77:0e:ed:1a:9c:e4:de:6d:5c:d1:e8:66:79:a7:
ad:ab:56:9e:81:f5:5a:04:d5:6d:a6:63:66:d7:58:1e:3d:f1:
21:93:bc:6f:e0:38:01:8f:55:c8:63:b4:82:67:be:61:f4:0f:
c0:ee:98:f1:02:24:27:30:19:96:72:98:a9:a6:70:ee:2c:ae:
20:83:c5:e5:69:fc:13:71:aa:e5:f9:24:4b:b8:ff:dc:39:57:
24:af:23:32:cd:7d:43:70:f4:a3:5d:db:06:20:d8:82:cb:0b:
90:b7:ae:ac:e6:46:6e:09:47:2e:2e:d0:ba:92:42:81:8c:37:
93:58:e0:ff:bf:b1:e5:dd:47:3c:d9:97:32:20:e3:23:7e:fa:
02:3a:a6:01:97:1e:0d:46:21:54:50:0a:05:ed:8e:3d:0a:05:
d1:c1:0e:c7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt/hU7U2E61X3OaIczeS+eSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNTE2M2QzOWRiODg4MTZjZGRjNTk3YTVkYjVlYWU3MDdk
M2RlMzkwHhcNMjYwMTAyMTYyMzIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjY3NmY2OTZmNDExM2Y4NjAwMzlkYTkyYmE5ZGRhYzg5NTQ0MDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWwPphC/0KoruXuTtEyl+UdyYIJW
M51hP4YCFkAs+bH81KinkMNlWL3DjOrm90POzxB9HGVGR+ZleDjLDS+S2pNxKzux
UFFs8Xr6AuKoRiNyDVcB/mM9dOyxvKrS0XWF60MUdzQ0Vy39csHg3/e39tuTyuR6
qi8BOYdriMMieaz+9RPjmjEE5TBTgTvg1BmANRX+EIwMOr7iJA7edOYuJ2BKqWWY
yoRM0UQcCOaQ+qouKMyWnZ2Z/CeUrV8BVnWES+IjcpbLn7XBqoMwDxF6bv/zeHUn
RaZgsluGHbLv2WcYnHv+7ovTsYwZ4S1xNAuyLdivy5CAd/AQNqg+8XWNAwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMtnb2lvQRP4YAOdqSup3ayJVEA/MB8GA1UdIwQY
MBaAFCNRY9OduIgWzdxZel216ucH0945MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTFGajA1MjRpQmJOM0ZsNlhiWHE1d2ZUM2prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kNzU1OGUtOWE2Yy00NzExLThlZjgt
OTE1MDI5NmRhYTBhLzEveTJkdmFXOUJFX2hnQTUycEs2bmRySWxVUUQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kNzU1OGUtOWE2Yy00NzExLThlZjgtOTE1MDI5NmRhYTBh
LzEvSTFGajA1MjRpQmJOM0ZsNlhiWHE1d2ZUM2prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZZ4MA0E
AgACMAcDBQMqD74AMA0GCSqGSIb3DQEBCwUAA4IBAQAdz4AzimOucCprvQl+DK0y
f2eIWkDhXLgB5L1NbSJ1/ldXHw3C/VT/UC36wviRdzhOuXqbXXWoeePyjAtu6qoK
UahHiFPM8mia42XZqohriSpV9l3hafSU+nDfZJt2dw7tGpzk3m1c0ehmeaetq1ae
gfVaBNVtpmNm11gePfEhk7xv4DgBj1XIY7SCZ75h9A/A7pjxAiQnMBmWcpippnDu
LK4gg8XlafwTcarl+SRLuP/cOVckryMyzX1DcPSjXdsGINiCywuQt66s5kZuCUcu
LtC6kkKBjDeTWOD/v7Hl3Uc82ZcyIOMjfvoCOqYBlx4NRiFUUAoF7Y49CgXRwQ7H
-----END CERTIFICATE-----
Generated at Mon Mar 2 08:08:54 2026 by rpki-client