Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/Tyrkcp4Qm5cYHK32Je0qxoO_BxQ.roa
File: Tyrkcp4Qm5cYHK32Je0qxoO_BxQ.roa (raw, json)
Hash identifier: YpnO2YnSikFeCUtwzAuwiXJg3QMY5SaPxJ086ggaRYk=
Subject key identifier: 4F:2A:E4:72:9E:10:9B:97:18:1C:AD:F6:25:ED:2A:C6:83:BF:07:14
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 019CD8B86D0F3C23B5C2F63E03B04EBFC0AB
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/Tyrkcp4Qm5cYHK32Je0qxoO_BxQ.roa
Signing time: Tue 10 Mar 2026 17:08:11 +0000
ROA not before: Tue 10 Mar 2026 17:08:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 53813
IP address blocks: 147.161.192.0/23 maxlen: 24
147.161.194.0/23 maxlen: 24
147.161.196.0/23 maxlen: 24
147.161.198.0/23 maxlen: 24
147.161.200.0/23 maxlen: 24
147.161.204.0/23 maxlen: 24
147.161.208.0/23 maxlen: 24
147.161.210.0/23 maxlen: 24
147.161.212.0/23 maxlen: 24
147.161.214.0/23 maxlen: 24
147.161.216.0/23 maxlen: 24
147.161.218.0/23 maxlen: 24
147.161.220.0/23 maxlen: 24
159.254.98.0/24 maxlen: 24
159.254.103.0/24 maxlen: 24
159.254.204.0/24 maxlen: 24
164.137.56.0/24 maxlen: 24
164.137.57.0/24 maxlen: 24
164.137.58.0/24 maxlen: 24
164.137.59.0/24 maxlen: 24
164.137.60.0/24 maxlen: 24
164.137.69.0/24 maxlen: 24
164.137.109.0/24 maxlen: 24
164.137.159.0/24 maxlen: 24
164.137.160.0/24 maxlen: 24
164.137.161.0/24 maxlen: 24
164.137.162.0/24 maxlen: 24
164.137.163.0/24 maxlen: 24
164.137.164.0/24 maxlen: 24
164.137.165.0/24 maxlen: 24
164.137.166.0/24 maxlen: 24
164.137.167.0/24 maxlen: 24
164.137.168.0/24 maxlen: 24
164.137.169.0/24 maxlen: 24
164.137.170.0/24 maxlen: 24
164.137.171.0/24 maxlen: 24
164.137.172.0/24 maxlen: 24
164.137.173.0/24 maxlen: 24
164.137.174.0/24 maxlen: 24
164.137.175.0/24 maxlen: 24
164.137.176.0/24 maxlen: 24
164.137.177.0/24 maxlen: 24
164.137.178.0/24 maxlen: 24
164.137.179.0/24 maxlen: 24
164.137.180.0/24 maxlen: 24
164.137.181.0/24 maxlen: 24
164.137.182.0/24 maxlen: 24
164.137.183.0/24 maxlen: 24
164.137.184.0/24 maxlen: 24
164.137.185.0/24 maxlen: 24
164.137.186.0/24 maxlen: 24
164.137.187.0/24 maxlen: 24
164.137.188.0/24 maxlen: 24
164.137.189.0/24 maxlen: 24
164.137.190.0/24 maxlen: 24
164.137.191.0/24 maxlen: 24
164.137.192.0/24 maxlen: 24
2a03:eec0:3211::/48 maxlen: 48
2a03:eec0:3216::/48 maxlen: 48
2a03:eec0:3223::/48 maxlen: 48
2a03:eec0:3224::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 13 Mar 2026 12:01:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:d8:b8:6d:0f:3c:23:b5:c2:f6:3e:03:b0:4e:bf:c0:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Mar 10 17:08:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4f2ae4729e109b97181cadf625ed2ac683bf0714
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:cd:b9:38:e8:91:93:ae:72:ae:84:e4:15:88:
ea:60:52:be:d4:92:5c:13:bf:93:a7:16:0d:be:7a:
f2:7d:73:61:db:8c:10:20:41:10:8e:08:bd:8d:1b:
4c:4d:b8:9e:0b:02:62:da:84:f0:03:74:72:65:e1:
b3:4e:fa:f0:39:ef:e0:f4:aa:20:95:6b:66:c2:e3:
87:f5:6d:74:86:c4:58:56:d2:8e:8f:e2:76:b2:e7:
cc:0d:6f:cb:06:0a:72:a0:d6:6d:f9:12:77:13:16:
ab:b2:93:db:dc:02:6a:57:27:7a:5e:9d:3c:7f:05:
f9:f6:8d:e8:b7:6b:05:3c:38:e0:dd:61:6a:0a:14:
09:29:69:0f:2f:28:f5:58:46:bc:9d:96:cf:96:b6:
3d:5c:a2:c4:3a:3f:fa:0b:cc:74:6e:d5:16:89:a1:
4f:c6:45:d4:c1:56:a3:53:a3:8f:2e:6d:e8:0b:5b:
ab:d4:23:71:51:4a:f8:94:1c:ac:20:f2:1a:08:80:
ef:f4:86:6d:94:7c:98:73:26:8c:d6:3c:7a:0d:2e:
55:8b:eb:d3:59:46:1d:f5:d7:65:76:e5:74:54:fa:
c1:8c:0f:5e:a7:6b:58:fe:d5:40:1c:f3:f3:8c:a0:
7f:ae:84:f4:e2:de:20:cd:96:3a:a9:4b:2c:71:51:
ef:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:2A:E4:72:9E:10:9B:97:18:1C:AD:F6:25:ED:2A:C6:83:BF:07:14
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/Tyrkcp4Qm5cYHK32Je0qxoO_BxQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.161.192.0-147.161.201.255
147.161.204.0/23
147.161.208.0-147.161.221.255
159.254.98.0/24
159.254.103.0/24
159.254.204.0/24
164.137.56.0-164.137.60.255
164.137.69.0/24
164.137.109.0/24
164.137.159.0-164.137.192.255
IPv6:
2a03:eec0:3211::/48
2a03:eec0:3216::/48
2a03:eec0:3223::-2a03:eec0:3224:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
45:e4:40:a2:d8:fe:88:97:a4:42:74:27:eb:26:98:51:5f:31:
72:04:3e:b9:0c:c2:53:c9:3b:ab:15:91:bd:91:a9:74:73:de:
81:6e:92:26:61:12:a9:59:fd:28:47:3c:b1:4a:50:a1:6a:69:
5c:2e:aa:da:ed:08:16:76:f6:79:46:ce:4a:63:3a:9c:a5:81:
59:70:67:b5:c8:ce:b9:a8:13:79:c1:9b:bf:84:b6:45:26:9a:
48:da:db:e4:f0:a5:93:bb:29:16:06:6b:f4:31:73:a6:f0:e2:
26:37:aa:3c:3a:01:1b:77:c1:97:f5:8c:d1:df:11:c2:0d:ea:
ed:5d:f1:87:be:4a:a0:9a:38:e8:2d:a6:81:3a:7a:b1:41:4f:
6c:57:09:c1:60:9f:68:27:df:c7:94:a7:ac:1c:61:01:8a:dc:
42:1b:3f:3b:37:a2:f0:ef:13:8a:4a:3b:13:a9:ad:cf:fa:19:
e2:d1:da:5e:61:63:0d:4d:69:49:b4:0f:c6:02:06:4a:ca:36:
7d:2b:b5:96:8a:06:2d:03:2f:5f:5d:d0:48:b6:85:de:f8:3f:
52:52:d2:23:ea:e7:a5:a2:11:a4:df:5f:a1:ea:56:f3:99:e5:
1b:13:38:d8:0d:b9:ca:8b:ed:3e:5e:67:b5:9d:59:13:d4:0e:
21:1b:04:79
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAZzYuG0PPCO1wvY+A7BOv8CrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjYwMzEwMTcwODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjJhZTQ3MjllMTA5Yjk3MTgxY2FkZjYyNWVkMmFjNjgzYmYwNzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuM25OOiRk65yroTkFYjqYFK+1JJc
E7+TpxYNvnryfXNh24wQIEEQjgi9jRtMTbieCwJi2oTwA3RyZeGzTvrwOe/g9Kog
lWtmwuOH9W10hsRYVtKOj+J2sufMDW/LBgpyoNZt+RJ3ExarspPb3AJqVyd6Xp08
fwX59o3ot2sFPDjg3WFqChQJKWkPLyj1WEa8nZbPlrY9XKLEOj/6C8x0btUWiaFP
xkXUwVajU6OPLm3oC1ur1CNxUUr4lBysIPIaCIDv9IZtlHyYcyaM1jx6DS5Vi+vT
WUYd9ddlduV0VPrBjA9ep2tY/tVAHPPzjKB/roT04t4gzZY6qUsscVHvSwIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFE8q5HKeEJuXGByt9iXtKsaDvwcUMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvVHlya2NwNFFtNWNZSEszMkplMHF4b09fQnhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGlBggrBgEFBQcBBwEB/wSBlTCBkjBiBAIAATBcMAwDBAaT
ocADBAGTocgDBAGTocwwDAMEBJOh0AMEAZOh3AMEAJ/+YgMEAJ/+ZwMEAJ/+zDAM
AwQDpIk4AwQApIk8AwQApIlFAwQApIltMAwDBACkiZ8DBACkicAwLAQCAAIwJgMH
ACoD7sAyEQMHACoD7sAyFjASAwcAKgPuwDIjAwcAKgPuwDIkMA0GCSqGSIb3DQEB
CwUAA4IBAQBF5ECi2P6Il6RCdCfrJphRXzFyBD65DMJTyTurFZG9kal0c96BbpIm
YRKpWf0oRzyxSlChamlcLqra7QgWdvZ5Rs5KYzqcpYFZcGe1yM65qBN5wZu/hLZF
JppI2tvk8KWTuykWBmv0MXOm8OImN6o8OgEbd8GX9YzR3xHCDertXfGHvkqgmjjo
LaaBOnqxQU9sVwnBYJ9oJ9/HlKesHGEBitxCGz87N6Lw7xOKSjsTqa3P+hni0dpe
YWMNTWlJtA/GAgZKyjZ9K7WWigYtAy9fXdBItoXe+D9SUtIj6uelohGk31+h6lbz
meUbEzjYDbnKi+0+Xme1nVkT1A4hGwR5
-----END CERTIFICATE-----
Generated at Thu Mar 12 17:15:38 2026 by rpki-client