Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/ltL5GtTi0pxLEF37wEq-dgCH_Ts.roa
File: ltL5GtTi0pxLEF37wEq-dgCH_Ts.roa (raw, json)
Hash identifier: bj1lwld4ptA/GUDjDg0kmGh8sr4akWuewZ6Po8OS0LM=
Subject key identifier: 96:D2:F9:1A:D4:E2:D2:9C:4B:10:5D:FB:C0:4A:BE:76:00:87:FD:3B
Certificate issuer: /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial: 019EA80C79E4DD9946514511300BEB858019
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/ltL5GtTi0pxLEF37wEq-dgCH_Ts.roa
Signing time: Mon 08 Jun 2026 16:24:10 +0000
ROA not before: Mon 08 Jun 2026 16:24:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 207461
IP address blocks: 87.58.220.0/23 maxlen: 23
87.58.222.0/23 maxlen: 23
150.251.141.0/24 maxlen: 24
150.251.142.0/24 maxlen: 24
150.251.143.0/24 maxlen: 24
150.251.144.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 01:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:a8:0c:79:e4:dd:99:46:51:45:11:30:0b:eb:85:80:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Validity
Not Before: Jun 8 16:24:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=96d2f91ad4e2d29c4b105dfbc04abe760087fd3b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:89:dc:9c:7f:e5:29:03:0d:f9:87:4f:69:68:
88:f9:8f:96:4c:b1:ef:45:23:ae:d8:72:de:07:c6:
3b:5f:b6:c2:95:22:96:a0:d1:f6:59:2a:b7:e8:a6:
0c:d7:88:38:95:f2:85:c8:89:a3:62:d3:69:ae:fa:
30:43:53:d9:a9:39:58:eb:dd:e9:f6:c9:b1:2e:c3:
41:e4:5e:61:65:6a:84:8c:19:92:f7:86:86:b4:1c:
d6:ba:1d:02:d9:12:39:32:ca:20:cf:58:b2:9a:d8:
84:32:d4:3f:cc:79:d3:29:22:35:08:a3:97:2c:4d:
c7:f4:aa:91:6e:3f:37:86:d8:e4:fd:f6:aa:a8:ca:
22:90:03:da:06:ee:8c:f4:59:5e:a9:7d:3b:c0:85:
29:ef:d3:94:52:57:4b:1c:85:4b:d9:8c:99:61:b8:
20:5f:7a:86:45:da:c4:fe:81:ab:fa:8f:47:1c:bb:
d3:d6:7a:63:2a:5b:a5:09:8c:ed:29:6e:86:cd:42:
27:41:a1:44:fd:73:e4:e2:73:5a:0f:9a:88:bf:a6:
1a:46:a0:06:7a:c9:66:2f:d3:34:c7:77:ed:da:a4:
f1:54:87:ab:ed:65:b3:1e:30:af:25:47:54:4c:00:
9a:57:45:cc:76:0f:a4:f8:7a:5c:20:a7:39:0b:20:
82:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:D2:F9:1A:D4:E2:D2:9C:4B:10:5D:FB:C0:4A:BE:76:00:87:FD:3B
X509v3 Authority Key Identifier:
keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/ltL5GtTi0pxLEF37wEq-dgCH_Ts.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.58.220.0/22
150.251.141.0-150.251.144.255
Signature Algorithm: sha256WithRSAEncryption
64:ac:2f:54:f3:83:a4:16:15:91:f3:ce:07:26:c9:d0:cc:95:
cb:88:a3:f3:5f:0e:79:f5:67:25:44:66:07:65:e5:13:9d:7d:
c2:92:b6:d2:dc:93:b6:e7:c4:d3:24:fd:18:48:d2:1f:99:78:
1f:a1:98:99:10:c1:d2:b2:b1:b3:45:84:ea:40:cd:d3:78:95:
55:47:1f:74:62:46:ce:5d:bc:63:42:28:90:55:94:7e:09:29:
8e:8f:5c:b2:c9:ed:99:23:88:24:f5:cf:41:2c:af:7d:1a:2e:
d8:dc:16:45:6f:d4:97:a9:39:e3:75:9b:45:ab:3d:f4:05:25:
ed:ee:69:62:b5:a3:e1:73:72:fe:9f:4f:e5:e8:45:e7:cb:0d:
88:6f:24:fd:cb:d9:a8:68:c8:01:73:fa:b1:cd:a9:26:e2:2b:
17:4c:57:9f:c8:7a:1a:c0:1e:12:1c:7f:a1:93:d9:e5:e6:4b:
80:51:cd:4d:37:b4:1a:00:d8:af:12:2d:5a:21:77:a1:5c:0b:
5b:93:a1:cf:13:05:e0:d3:d0:e2:40:e2:b1:ca:96:2d:16:d2:
eb:ac:88:b4:8a:57:d6:39:cb:b1:09:db:d5:ae:ba:ab:28:8c:
2a:d7:83:60:82:b2:8d:7c:26:a8:73:31:97:e2:dc:e5:f4:3e:
5a:1c:26:4c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ6oDHnk3ZlGUUURMAvrhYAZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNjA4MTYyNDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmQyZjkxYWQ0ZTJkMjljNGIxMDVkZmJjMDRhYmU3NjAwODdmZDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooncnH/lKQMN+YdPaWiI+Y+WTLHv
RSOu2HLeB8Y7X7bClSKWoNH2WSq36KYM14g4lfKFyImjYtNprvowQ1PZqTlY693p
9smxLsNB5F5hZWqEjBmS94aGtBzWuh0C2RI5Msogz1iymtiEMtQ/zHnTKSI1CKOX
LE3H9KqRbj83htjk/faqqMoikAPaBu6M9FleqX07wIUp79OUUldLHIVL2YyZYbgg
X3qGRdrE/oGr+o9HHLvT1npjKlulCYztKW6GzUInQaFE/XPk4nNaD5qIv6YaRqAG
eslmL9M0x3ft2qTxVIer7WWzHjCvJUdUTACaV0XMdg+k+HpcIKc5CyCCmQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJbS+RrU4tKcSxBd+8BKvnYAh/07MB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvbHRMNUd0VGkwcHhMRUYzN3dFcS1kZ0NIX1RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCVzrcMAwD
BACW+40DBACW+5AwDQYJKoZIhvcNAQELBQADggEBAGSsL1Tzg6QWFZHzzgcmydDM
lcuIo/NfDnn1ZyVEZgdl5ROdfcKSttLck7bnxNMk/RhI0h+ZeB+hmJkQwdKysbNF
hOpAzdN4lVVHH3RiRs5dvGNCKJBVlH4JKY6PXLLJ7ZkjiCT1z0Esr30aLtjcFkVv
1JepOeN1m0WrPfQFJe3uaWK1o+Fzcv6fT+XoRefLDYhvJP3L2ahoyAFz+rHNqSbi
KxdMV5/IehrAHhIcf6GT2eXmS4BRzU03tBoA2K8SLVohd6FcC1uToc8TBeDT0OJA
4rHKli0W0uusiLSKV9Y5y7EJ29WuuqsojCrXg2CCso18JqhzMZfi3OX0PlocJkw=
-----END CERTIFICATE-----
Generated at Sat Jun 13 08:23:35 2026 by rpki-client