Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/aa3601-95e2-4ac6-b581-9bb6bb281ea7/1/kYfIEsvVk_BOJEOYO8dzHl3yBqw.roa
File: kYfIEsvVk_BOJEOYO8dzHl3yBqw.roa (raw, json)
Hash identifier: DJXKuUPzcXdeE6GAzh9NmYNgIzihSsE64bR0VlSG96A=
Subject key identifier: 91:87:C8:12:CB:D5:93:F0:4E:24:43:98:3B:C7:73:1E:5D:F2:06:AC
Certificate issuer: /CN=218dd6c0618bbfeff1a84c94fd64189e1845b188
Certificate serial: 019DA1E94F04C18FA945850F2DBCA561C2A9
Authority key identifier: 21:8D:D6:C0:61:8B:BF:EF:F1:A8:4C:94:FD:64:18:9E:18:45:B1:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IY3WwGGLv-_xqEyU_WQYnhhFsYg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/aa3601-95e2-4ac6-b581-9bb6bb281ea7/1/kYfIEsvVk_BOJEOYO8dzHl3yBqw.roa
Signing time: Sat 18 Apr 2026 18:45:15 +0000
ROA not before: Sat 18 Apr 2026 18:45:15 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 205506
IP address blocks: 86.104.30.0/23 maxlen: 23
86.104.30.0/24 maxlen: 24
86.104.31.0/24 maxlen: 24
185.200.24.0/22 maxlen: 22
185.200.24.0/24 maxlen: 24
185.200.25.0/24 maxlen: 24
185.200.26.0/24 maxlen: 24
185.200.27.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/be/aa3601-95e2-4ac6-b581-9bb6bb281ea7/1/IY3WwGGLv-_xqEyU_WQYnhhFsYg.crl
rsync://rpki.ripe.net/repository/DEFAULT/be/aa3601-95e2-4ac6-b581-9bb6bb281ea7/1/IY3WwGGLv-_xqEyU_WQYnhhFsYg.mft
rsync://rpki.ripe.net/repository/DEFAULT/IY3WwGGLv-_xqEyU_WQYnhhFsYg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 12:00:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:a1:e9:4f:04:c1:8f:a9:45:85:0f:2d:bc:a5:61:c2:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218dd6c0618bbfeff1a84c94fd64189e1845b188
Validity
Not Before: Apr 18 18:45:15 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9187c812cbd593f04e2443983bc7731e5df206ac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:ed:5a:e0:ec:e0:7c:ae:2e:e8:40:53:39:e4:
45:8e:80:a7:36:2a:17:01:65:63:e2:2d:95:2b:76:
27:70:06:27:83:6e:de:df:90:3d:71:c1:56:e4:9f:
c4:9d:cd:f7:52:99:6a:89:0c:82:a3:26:5e:98:60:
37:4d:36:d8:ad:84:3f:83:af:78:1c:f8:a0:12:53:
4b:e5:2e:9d:76:ee:3b:2a:c9:cf:f7:e1:42:06:06:
eb:95:59:a1:63:40:27:d7:34:05:a0:5d:4b:3f:e6:
7c:cb:63:f0:88:db:44:49:d3:3b:1f:71:e0:e7:ad:
b1:7b:a7:11:19:6f:ef:37:d9:5e:07:12:97:f1:7c:
8d:08:8b:a2:00:47:79:22:b0:83:bc:6e:f7:1e:30:
81:5e:91:42:b9:1b:b9:20:6b:df:0f:2f:cf:39:f7:
4b:9b:12:fd:fd:74:c7:d1:e4:3a:d2:c2:90:8e:af:
d5:8a:87:5b:0d:52:80:41:f1:3e:95:02:0a:ab:13:
21:60:3f:ca:13:44:73:a0:e6:8c:b0:0a:10:3e:c8:
7e:b3:00:66:78:e7:60:52:42:2a:31:5b:ee:45:c5:
51:a9:c1:3b:d9:f7:ad:4c:b7:b2:bc:ef:46:2f:cf:
79:a6:e3:70:3a:9c:d3:4d:e2:94:d7:b2:66:86:a6:
e1:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:87:C8:12:CB:D5:93:F0:4E:24:43:98:3B:C7:73:1E:5D:F2:06:AC
X509v3 Authority Key Identifier:
keyid:21:8D:D6:C0:61:8B:BF:EF:F1:A8:4C:94:FD:64:18:9E:18:45:B1:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IY3WwGGLv-_xqEyU_WQYnhhFsYg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/aa3601-95e2-4ac6-b581-9bb6bb281ea7/1/kYfIEsvVk_BOJEOYO8dzHl3yBqw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/aa3601-95e2-4ac6-b581-9bb6bb281ea7/1/IY3WwGGLv-_xqEyU_WQYnhhFsYg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.104.30.0/23
185.200.24.0/22
Signature Algorithm: sha256WithRSAEncryption
3d:26:8a:c3:66:7c:e6:1d:4a:08:c1:46:17:a3:c0:c0:8f:d2:
01:33:19:ff:47:63:3e:ef:36:5d:62:a7:0a:d8:df:e6:e1:b5:
22:7a:7a:d2:db:a3:88:99:b5:b6:b0:fb:d6:8b:d0:25:31:6b:
98:20:04:dd:db:fa:80:c6:a5:75:45:d8:5b:23:0f:6f:28:e2:
04:dd:14:01:41:eb:e4:65:9e:a8:d4:ee:c2:e0:bd:96:21:0e:
8c:47:63:02:5f:1a:ae:50:22:fe:81:47:f4:37:23:43:f1:b1:
c4:25:7c:19:ad:fa:26:31:c6:09:84:94:3b:ec:e6:a0:11:21:
99:23:94:5b:8e:2c:73:2c:05:81:49:1d:0f:eb:89:ca:5a:3b:
4a:53:91:d1:b1:3d:ff:5c:e0:66:2d:3a:d0:ce:9f:9e:be:58:
d5:ac:6b:a4:a3:85:5e:98:4c:77:13:d1:fe:b6:51:17:03:9e:
5a:43:6d:ba:85:f1:11:a3:bd:07:a0:4b:2f:ec:8b:e2:18:ee:
c9:b7:5b:78:2a:43:eb:40:bb:34:c9:e7:6c:ea:bd:cf:28:60:
34:ca:de:1e:1d:40:ac:1f:d1:eb:77:04:7e:df:06:03:b3:60:
46:0c:40:d1:a0:68:36:dc:ab:1c:56:27:7f:ba:0b:9e:da:f7:
a5:47:b1:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2h6U8EwY+pRYUPLbylYcKpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxOGRkNmMwNjE4YmJmZWZmMWE4NGM5NGZkNjQxODllMTg0
NWIxODgwHhcNMjYwNDE4MTg0NTE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTg3YzgxMmNiZDU5M2YwNGUyNDQzOTgzYmM3NzMxZTVkZjIwNmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuO1a4OzgfK4u6EBTOeRFjoCnNioX
AWVj4i2VK3YncAYng27e35A9ccFW5J/Enc33UplqiQyCoyZemGA3TTbYrYQ/g694
HPigElNL5S6ddu47KsnP9+FCBgbrlVmhY0An1zQFoF1LP+Z8y2PwiNtESdM7H3Hg
562xe6cRGW/vN9leBxKX8XyNCIuiAEd5IrCDvG73HjCBXpFCuRu5IGvfDy/POfdL
mxL9/XTH0eQ60sKQjq/ViodbDVKAQfE+lQIKqxMhYD/KE0RzoOaMsAoQPsh+swBm
eOdgUkIqMVvuRcVRqcE72fetTLeyvO9GL895puNwOpzTTeKU17JmhqbhzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJGHyBLL1ZPwTiRDmDvHcx5d8gasMB8GA1UdIwQY
MBaAFCGN1sBhi7/v8ahMlP1kGJ4YRbGIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVkzV3dHR0x2LV94cUV5VV9XUVluaGhGc1lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9hYTM2MDEtOTVlMi00YWM2LWI1ODEt
OWJiNmJiMjgxZWE3LzEva1lmSUVzdlZrX0JPSkVPWU84ZHpIbDN5QnF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9hYTM2MDEtOTVlMi00YWM2LWI1ODEtOWJiNmJiMjgxZWE3
LzEvSVkzV3dHR0x2LV94cUV5VV9XUVluaGhGc1lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVmgeAwQC
ucgYMA0GCSqGSIb3DQEBCwUAA4IBAQA9JorDZnzmHUoIwUYXo8DAj9IBMxn/R2M+
7zZdYqcK2N/m4bUienrS26OImbW2sPvWi9AlMWuYIATd2/qAxqV1RdhbIw9vKOIE
3RQBQevkZZ6o1O7C4L2WIQ6MR2MCXxquUCL+gUf0NyND8bHEJXwZrfomMcYJhJQ7
7OagESGZI5RbjixzLAWBSR0P64nKWjtKU5HRsT3/XOBmLTrQzp+evljVrGuko4Ve
mEx3E9H+tlEXA55aQ226hfERo70HoEsv7IviGO7Jt1t4KkPrQLs0yeds6r3PKGA0
yt4eHUCsH9HrdwR+3wYDs2BGDEDRoGg23KscVid/ugue2velR7GY
-----END CERTIFICATE-----
Generated at Sun Apr 19 15:34:27 2026 by rpki-client