Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/kVbtdxl5r7rl44HYKA5sht2hTPA.roa
File: kVbtdxl5r7rl44HYKA5sht2hTPA.roa (raw, json)
Hash identifier: pDR06QMON/0Rz4oTXhPHJgXDsLVRiWPUPc+NTcHziwk=
Subject key identifier: 91:56:ED:77:19:79:AF:BA:E5:E3:81:D8:28:0E:6C:86:DD:A1:4C:F0
Certificate issuer: /CN=62c5fce77dde4e2ee4fd6535100529c2f444d79a
Certificate serial: 019E23C55A11A2ECB9FA45D3E447BD4A9E08
Authority key identifier: 62:C5:FC:E7:7D:DE:4E:2E:E4:FD:65:35:10:05:29:C2:F4:44:D7:9A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YsX8533eTi7k_WU1EAUpwvRE15o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/kVbtdxl5r7rl44HYKA5sht2hTPA.roa
Signing time: Wed 13 May 2026 23:56:36 +0000
ROA not before: Wed 13 May 2026 23:56:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 0
IP address blocks: 45.158.64.0/22 maxlen: 22
45.158.64.0/24 maxlen: 24
45.158.65.0/24 maxlen: 24
45.158.66.0/24 maxlen: 24
45.158.67.0/24 maxlen: 24
95.214.128.0/22 maxlen: 22
95.214.128.0/24 maxlen: 24
95.214.129.0/24 maxlen: 24
95.214.130.0/24 maxlen: 24
95.214.131.0/24 maxlen: 24
2a09:e180::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/YsX8533eTi7k_WU1EAUpwvRE15o.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/YsX8533eTi7k_WU1EAUpwvRE15o.mft
rsync://rpki.ripe.net/repository/DEFAULT/YsX8533eTi7k_WU1EAUpwvRE15o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 May 2026 17:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:23:c5:5a:11:a2:ec:b9:fa:45:d3:e4:47:bd:4a:9e:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=62c5fce77dde4e2ee4fd6535100529c2f444d79a
Validity
Not Before: May 13 23:56:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9156ed771979afbae5e381d8280e6c86dda14cf0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:cb:2d:84:38:6a:15:c5:91:c4:73:f8:11:98:
d1:82:5f:45:59:ed:52:e6:37:f7:80:11:d1:66:fb:
f2:6f:f4:d6:99:3f:ba:08:6a:ef:e1:64:54:41:04:
30:81:3d:f6:c5:89:3e:14:35:a2:b4:6d:af:47:13:
ce:8d:a2:47:28:e2:f5:7c:c6:b3:ba:da:47:66:b4:
89:7c:98:51:ef:be:5b:e3:b4:a0:56:af:8d:9b:62:
a3:d6:f5:3e:ac:0d:1c:54:9e:0f:f7:0d:bb:be:82:
07:d0:82:ee:11:06:ec:04:e2:3b:c9:35:1e:a7:53:
7d:d3:a0:a0:50:09:b2:40:77:7b:ae:d3:60:cd:63:
76:46:82:f6:3a:bd:5f:49:26:9f:5e:22:06:b1:e1:
b2:47:41:d6:ed:d1:83:a1:0e:ea:65:7a:70:cc:9c:
92:f5:82:6d:bc:88:16:06:a0:9c:49:ed:b4:60:1b:
71:8e:be:ad:2b:01:d2:88:98:8a:9f:6c:fc:7b:38:
09:e7:3f:69:51:75:a1:37:6b:a7:f4:44:b9:47:5b:
44:6e:18:f5:b0:a1:55:62:46:55:85:3f:e4:45:c5:
37:fd:38:47:e2:f4:ad:e9:06:a6:2d:38:84:68:6b:
e1:09:41:45:b7:53:d3:9b:1e:b4:a1:02:99:b0:0a:
ac:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:56:ED:77:19:79:AF:BA:E5:E3:81:D8:28:0E:6C:86:DD:A1:4C:F0
X509v3 Authority Key Identifier:
keyid:62:C5:FC:E7:7D:DE:4E:2E:E4:FD:65:35:10:05:29:C2:F4:44:D7:9A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YsX8533eTi7k_WU1EAUpwvRE15o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/kVbtdxl5r7rl44HYKA5sht2hTPA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/YsX8533eTi7k_WU1EAUpwvRE15o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.158.64.0/22
95.214.128.0/22
IPv6:
2a09:e180::/29
Signature Algorithm: sha256WithRSAEncryption
72:cf:35:7f:d9:d4:0c:58:8d:d6:f5:af:9e:a1:2c:12:f8:32:
41:a8:27:7c:7c:c6:44:58:8d:71:1d:72:d8:22:f2:28:6d:7b:
7f:23:03:38:32:d2:c9:8e:88:12:8e:54:0a:f5:7f:69:a1:18:
fd:c4:d1:8e:57:55:ab:dc:54:a0:bc:10:4b:e2:88:06:33:7b:
8f:6a:76:a7:b0:59:5e:92:2c:c8:46:91:81:2a:8c:d3:24:0b:
a0:f1:85:3a:ea:af:48:7d:7b:7b:12:2f:48:aa:ad:48:f1:b3:
34:10:fa:a5:e7:e1:5b:e8:0b:19:51:6b:aa:a1:ee:d3:c0:49:
17:ae:6d:06:21:1f:d3:64:ad:de:59:2d:8e:50:27:70:b8:69:
f9:a7:b7:c9:18:1d:b9:6e:eb:53:ec:76:68:7b:ad:e1:cf:6e:
52:41:13:96:8e:04:23:41:67:f8:1c:50:36:c5:0c:17:65:c9:
72:bd:fc:11:30:43:8c:e0:4c:d5:10:08:cd:0e:66:c9:9c:ed:
5a:04:2c:0d:df:5a:17:34:df:11:e6:ef:f6:11:25:6a:46:5e:
4f:29:cb:7e:72:79:09:c2:c0:0a:fa:47:a3:d2:32:a1:a5:2c:
ef:82:1e:81:32:82:8e:ea:8b:bf:8d:5e:72:7b:b5:00:b8:63:
0d:9f:7b:e0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ4jxVoRouy5+kXT5Ee9Sp4IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYzVmY2U3N2RkZTRlMmVlNGZkNjUzNTEwMDUyOWMyZjQ0
NGQ3OWEwHhcNMjYwNTEzMjM1NjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTU2ZWQ3NzE5NzlhZmJhZTVlMzgxZDgyODBlNmM4NmRkYTE0Y2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8sthDhqFcWRxHP4EZjRgl9FWe1S
5jf3gBHRZvvyb/TWmT+6CGrv4WRUQQQwgT32xYk+FDWitG2vRxPOjaJHKOL1fMaz
utpHZrSJfJhR775b47SgVq+Nm2Kj1vU+rA0cVJ4P9w27voIH0ILuEQbsBOI7yTUe
p1N906CgUAmyQHd7rtNgzWN2RoL2Or1fSSafXiIGseGyR0HW7dGDoQ7qZXpwzJyS
9YJtvIgWBqCcSe20YBtxjr6tKwHSiJiKn2z8ezgJ5z9pUXWhN2un9ES5R1tEbhj1
sKFVYkZVhT/kRcU3/ThH4vSt6QamLTiEaGvhCUFFt1PTmx60oQKZsAqsxQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJFW7XcZea+65eOB2CgObIbdoUzwMB8GA1UdIwQY
MBaAFGLF/Od93k4u5P1lNRAFKcL0RNeaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXNYODUzM2VUaTdrX1dVMUVBVXB3dlJFMTVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8wMDNmNzAtMGE4OC00ZmFiLWIzNzQt
YWY2YmU5MDU3OTlkLzEva1ZidGR4bDVyN3JsNDRIWUtBNXNodDJoVFBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8wMDNmNzAtMGE4OC00ZmFiLWIzNzQtYWY2YmU5MDU3OTlk
LzEvWXNYODUzM2VUaTdrX1dVMUVBVXB3dlJFMTVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLZ5AAwQC
X9aAMA0EAgACMAcDBQMqCeGAMA0GCSqGSIb3DQEBCwUAA4IBAQByzzV/2dQMWI3W
9a+eoSwS+DJBqCd8fMZEWI1xHXLYIvIobXt/IwM4MtLJjogSjlQK9X9poRj9xNGO
V1Wr3FSgvBBL4ogGM3uPanansFlekizIRpGBKozTJAug8YU66q9IfXt7Ei9Iqq1I
8bM0EPql5+Fb6AsZUWuqoe7TwEkXrm0GIR/TZK3eWS2OUCdwuGn5p7fJGB25butT
7HZoe63hz25SQROWjgQjQWf4HFA2xQwXZclyvfwRMEOM4EzVEAjNDmbJnO1aBCwN
31oXNN8R5u/2ESVqRl5PKct+cnkJwsAK+kej0jKhpSzvgh6BMoKO6ou/jV5ye7UA
uGMNn3vg
-----END CERTIFICATE-----
Generated at Sat May 23 03:04:31 2026 by rpki-client