Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/8aa085-cadc-446e-bbe8-c9ec3a98f9a3/1/rLgcyfnB8tNzYpyiG52yAUCegpk.roa
File: rLgcyfnB8tNzYpyiG52yAUCegpk.roa (raw, json)
Hash identifier: 9Pa3pX/aD3GvriHAqwyCAXLTpVPiEkOQNy834tS1eLI=
Subject key identifier: AC:B8:1C:C9:F9:C1:F2:D3:73:62:9C:A2:1B:9D:B2:01:40:9E:82:99
Certificate issuer: /CN=a16512b8a262bad599a3b023358c5ceccac9e085
Certificate serial: 019E2E1D0EC3EEBC9E26C8A9E2F891EC7E29
Authority key identifier: A1:65:12:B8:A2:62:BA:D5:99:A3:B0:23:35:8C:5C:EC:CA:C9:E0:85
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oWUSuKJiutWZo7AjNYxc7MrJ4IU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d5/8aa085-cadc-446e-bbe8-c9ec3a98f9a3/1/rLgcyfnB8tNzYpyiG52yAUCegpk.roa
Signing time: Sat 16 May 2026 00:08:36 +0000
ROA not before: Sat 16 May 2026 00:08:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 214145
IP address blocks: 5.159.192.0/24 maxlen: 24
2a01:e140::/32 maxlen: 32
2a01:e140::/44 maxlen: 48
2a01:e140:10::/44 maxlen: 48
2a01:e140:100::/44 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d5/8aa085-cadc-446e-bbe8-c9ec3a98f9a3/1/oWUSuKJiutWZo7AjNYxc7MrJ4IU.crl
rsync://rpki.ripe.net/repository/DEFAULT/d5/8aa085-cadc-446e-bbe8-c9ec3a98f9a3/1/oWUSuKJiutWZo7AjNYxc7MrJ4IU.mft
rsync://rpki.ripe.net/repository/DEFAULT/oWUSuKJiutWZo7AjNYxc7MrJ4IU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 10:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:2e:1d:0e:c3:ee:bc:9e:26:c8:a9:e2:f8:91:ec:7e:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a16512b8a262bad599a3b023358c5ceccac9e085
Validity
Not Before: May 16 00:08:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=acb81cc9f9c1f2d373629ca21b9db201409e8299
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:8f:c2:ef:29:a9:ed:9c:ad:e7:69:a8:f2:e1:
6a:ac:e1:65:fa:de:a8:ff:6d:8e:89:fd:19:a2:b1:
47:ee:2a:2d:24:4b:a7:0f:0f:1a:eb:bb:a0:e5:66:
02:8b:9c:1d:7f:94:1c:eb:3f:21:a5:09:89:b5:5a:
c8:21:f5:4a:a9:f0:c0:0f:e4:9f:21:d0:c2:63:8d:
7b:33:22:48:6f:0a:6d:b7:64:1c:5c:bf:b4:2f:78:
0d:39:a5:c2:71:e8:ec:a0:ae:a9:62:9f:69:ed:56:
ce:23:f9:fc:a0:53:41:a8:3d:49:c4:4f:92:b2:55:
80:92:04:63:c4:3b:d3:d2:73:88:1b:2a:cc:07:b5:
df:ae:f0:1c:1f:c7:07:7b:b0:a7:2a:0e:71:ed:f2:
8a:f0:16:6f:98:0e:a0:83:0a:21:96:0e:2b:63:a1:
c0:a8:7c:7d:8c:c2:f2:80:cb:35:be:73:7b:10:5c:
0a:0d:d0:4f:35:d9:7c:67:bd:67:c9:3a:2e:d8:31:
02:12:df:23:d9:12:b4:fe:5f:bd:e3:93:98:5b:df:
3a:96:d2:52:5b:2c:74:16:8a:42:ef:1a:13:c6:2c:
ec:11:87:5d:17:47:aa:ae:6e:09:e4:0f:53:4b:54:
a2:4e:25:e9:15:9c:67:26:88:91:55:fd:d9:77:69:
27:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:B8:1C:C9:F9:C1:F2:D3:73:62:9C:A2:1B:9D:B2:01:40:9E:82:99
X509v3 Authority Key Identifier:
keyid:A1:65:12:B8:A2:62:BA:D5:99:A3:B0:23:35:8C:5C:EC:CA:C9:E0:85
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oWUSuKJiutWZo7AjNYxc7MrJ4IU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8aa085-cadc-446e-bbe8-c9ec3a98f9a3/1/rLgcyfnB8tNzYpyiG52yAUCegpk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8aa085-cadc-446e-bbe8-c9ec3a98f9a3/1/oWUSuKJiutWZo7AjNYxc7MrJ4IU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.159.192.0/24
IPv6:
2a01:e140::/32
Signature Algorithm: sha256WithRSAEncryption
2e:f6:a6:82:99:00:77:2e:99:51:89:38:fe:e7:f6:9b:9a:70:
20:63:38:f7:af:da:e8:79:70:eb:73:cf:e4:ad:98:f5:f2:5f:
a8:f0:67:e9:4e:17:ee:47:52:68:8d:fd:53:aa:63:8c:c6:29:
ee:97:71:0e:cb:ee:7e:c6:7a:7a:ff:f5:7b:2f:04:52:78:3d:
d8:96:7a:1a:35:b4:a5:f5:7b:cc:d7:68:bc:04:2d:e5:d4:d9:
c6:fc:0b:70:0f:ac:59:2c:31:39:da:ee:17:a9:52:97:cf:ce:
69:a8:5e:24:f2:b3:bc:9d:40:95:0b:57:67:db:20:a5:e5:04:
36:d9:38:1a:ac:85:36:c7:31:a9:6a:f8:e3:fc:20:97:7f:bf:
4c:f6:a0:a8:b4:7b:d0:e8:a6:27:89:9c:cc:b5:aa:8a:6a:df:
0d:10:fb:22:74:84:0e:dd:48:0d:1d:32:36:82:5d:20:a4:34:
3e:cf:37:a3:94:01:f6:54:0c:a7:0d:71:12:1b:ce:b9:dd:95:
cd:5c:ac:41:62:e1:4f:77:46:da:ad:34:e9:e8:c1:e0:74:e0:
0d:25:38:1f:b9:b0:ec:9e:7f:39:1c:4e:30:1e:e5:00:b5:ed:
72:ab:36:d5:4f:7b:57:fc:ed:ea:9a:8a:25:2d:90:e6:ab:eb:
44:a6:d5:05
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ4uHQ7D7ryeJsip4viR7H4pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNjUxMmI4YTI2MmJhZDU5OWEzYjAyMzM1OGM1Y2VjY2Fj
OWUwODUwHhcNMjYwNTE2MDAwODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2I4MWNjOWY5YzFmMmQzNzM2MjljYTIxYjlkYjIwMTQwOWU4Mjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApI/C7ymp7Zyt52mo8uFqrOFl+t6o
/22Oif0ZorFH7iotJEunDw8a67ug5WYCi5wdf5Qc6z8hpQmJtVrIIfVKqfDAD+Sf
IdDCY417MyJIbwptt2QcXL+0L3gNOaXCcejsoK6pYp9p7VbOI/n8oFNBqD1JxE+S
slWAkgRjxDvT0nOIGyrMB7XfrvAcH8cHe7CnKg5x7fKK8BZvmA6ggwohlg4rY6HA
qHx9jMLygMs1vnN7EFwKDdBPNdl8Z71nyTou2DECEt8j2RK0/l+945OYW986ltJS
Wyx0FopC7xoTxizsEYddF0eqrm4J5A9TS1SiTiXpFZxnJoiRVf3Zd2knlQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKy4HMn5wfLTc2KcohudsgFAnoKZMB8GA1UdIwQY
MBaAFKFlEriiYrrVmaOwIzWMXOzKyeCFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1dVU3VLSml1dFdabzdBak5ZeGM3TXJKNElVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84YWEwODUtY2FkYy00NDZlLWJiZTgt
YzllYzNhOThmOWEzLzEvckxnY3lmbkI4dE56WXB5aUc1MnlBVUNlZ3BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84YWEwODUtY2FkYy00NDZlLWJiZTgtYzllYzNhOThmOWEz
LzEvb1dVU3VLSml1dFdabzdBak5ZeGM3TXJKNElVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQABZ/AMA0E
AgACMAcDBQAqAeFAMA0GCSqGSIb3DQEBCwUAA4IBAQAu9qaCmQB3LplRiTj+5/ab
mnAgYzj3r9roeXDrc8/krZj18l+o8GfpThfuR1Jojf1TqmOMxinul3EOy+5+xnp6
//V7LwRSeD3YlnoaNbSl9XvM12i8BC3l1NnG/AtwD6xZLDE52u4XqVKXz85pqF4k
8rO8nUCVC1dn2yCl5QQ22TgarIU2xzGpavjj/CCXf79M9qCotHvQ6KYniZzMtaqK
at8NEPsidIQO3UgNHTI2gl0gpDQ+zzejlAH2VAynDXESG8653ZXNXKxBYuFPd0ba
rTTp6MHgdOANJTgfubDsnn85HE4wHuUAte1yqzbVT3tX/O3qmoolLZDmq+tEptUF
-----END CERTIFICATE-----
Generated at Sat Jun 13 20:18:10 2026 by rpki-client