Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/tyyx7CQ72OAVrN598W3JxQforOk.roa
File: tyyx7CQ72OAVrN598W3JxQforOk.roa (raw, json)
Hash identifier: WGy/XvXStsB+brEB3FpBRG447M/UBah2aJzM1esaZHE=
Subject key identifier: B7:2C:B1:EC:24:3B:D8:E0:15:AC:DE:7D:F1:6D:C9:C5:07:E8:AC:E9
Certificate issuer: /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial: 019E2202009AD3FAFBEA015657A5C5926DE8
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/tyyx7CQ72OAVrN598W3JxQforOk.roa
Signing time: Wed 13 May 2026 15:43:37 +0000
ROA not before: Wed 13 May 2026 15:43:37 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 834
IP address blocks: 194.231.128.0/22 maxlen: 24
194.231.128.0/24 maxlen: 24
194.231.129.0/24 maxlen: 24
194.231.130.0/24 maxlen: 24
194.231.132.0/22 maxlen: 22
194.231.132.0/24 maxlen: 24
194.231.134.0/24 maxlen: 24
194.231.135.0/24 maxlen: 24
194.231.136.0/22 maxlen: 22
194.231.137.0/24 maxlen: 24
194.231.138.0/24 maxlen: 24
194.231.139.0/24 maxlen: 24
194.231.142.0/24 maxlen: 24
194.231.150.0/24 maxlen: 24
194.231.152.0/22 maxlen: 22
194.231.153.0/24 maxlen: 24
194.231.154.0/24 maxlen: 24
194.231.157.0/24 maxlen: 24
194.231.158.0/24 maxlen: 24
194.231.195.0/24 maxlen: 24
194.231.196.0/22 maxlen: 22
194.231.196.0/24 maxlen: 24
194.231.198.0/24 maxlen: 24
194.231.199.0/24 maxlen: 24
194.231.200.0/22 maxlen: 22
194.231.201.0/24 maxlen: 24
194.231.202.0/23 maxlen: 24
194.231.202.0/24 maxlen: 24
194.231.204.0/22 maxlen: 22
194.231.204.0/23 maxlen: 24
194.231.206.0/23 maxlen: 24
194.231.208.0/23 maxlen: 24
194.231.210.0/23 maxlen: 24
194.231.212.0/22 maxlen: 22
194.231.213.0/24 maxlen: 24
194.231.218.0/23 maxlen: 24
194.231.220.0/22 maxlen: 24
194.231.222.0/24 maxlen: 24
194.231.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 16 May 2026 02:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:22:02:00:9a:d3:fa:fb:ea:01:56:57:a5:c5:92:6d:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Validity
Not Before: May 13 15:43:37 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b72cb1ec243bd8e015acde7df16dc9c507e8ace9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:96:89:c2:63:cc:7e:f9:ea:ef:7e:d3:92:38:
1b:6f:1b:15:38:69:fc:c3:a5:69:62:16:25:40:53:
87:28:c1:5d:16:53:62:85:b0:9f:cd:b3:0f:59:52:
7e:f3:b0:a2:b9:bd:b1:4a:c4:5a:7b:ba:14:ec:e7:
75:f0:d6:52:23:95:76:d6:7a:e0:8d:c4:57:4f:16:
7a:18:2a:43:db:29:a8:2d:9b:8a:63:1c:b0:47:8c:
8a:7c:3f:5a:8a:93:5c:9d:33:34:f4:31:50:2d:da:
4f:05:0f:88:44:3a:a7:fe:4f:3e:2e:9f:9c:87:de:
90:e0:e4:8b:4e:63:59:9e:37:ac:0f:f0:ee:3a:98:
ab:81:b3:16:45:0a:69:5a:cd:6e:f2:e3:bc:77:8e:
41:3d:61:b6:f0:f3:e1:e1:5c:1f:99:44:f4:4e:61:
7b:29:d4:5b:55:36:6d:64:8f:89:a6:9f:59:2e:c6:
6d:50:06:ce:8f:2d:f2:2b:95:8d:68:96:aa:8d:57:
57:9d:f3:06:ed:52:62:1e:bf:08:73:e8:b2:2c:78:
13:c7:cd:68:8a:0c:91:c0:54:6b:ee:43:ef:a8:9e:
ce:64:30:2d:4f:16:d5:66:df:15:f5:8f:b5:70:2a:
52:4b:f8:cf:3a:59:be:2f:2c:41:01:70:1c:da:a7:
41:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:2C:B1:EC:24:3B:D8:E0:15:AC:DE:7D:F1:6D:C9:C5:07:E8:AC:E9
X509v3 Authority Key Identifier:
keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/tyyx7CQ72OAVrN598W3JxQforOk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.231.128.0-194.231.139.255
194.231.142.0/24
194.231.150.0/24
194.231.152.0/22
194.231.157.0-194.231.158.255
194.231.195.0-194.231.215.255
194.231.218.0-194.231.223.255
Signature Algorithm: sha256WithRSAEncryption
47:14:8a:0c:fd:9a:a1:df:94:79:5e:61:3d:ad:d5:0e:ba:6f:
31:46:9b:9c:3f:8a:d5:c4:46:82:64:82:24:eb:4d:54:60:56:
28:3c:d3:66:a0:af:3d:15:66:2d:5f:99:32:e1:78:cc:5a:d9:
24:69:33:e3:82:68:bc:a8:30:e9:70:d5:c5:79:8f:72:c6:32:
1c:b0:c4:db:45:e3:3f:c6:8a:10:4c:35:43:34:4e:0e:e6:0b:
71:4d:00:74:56:8f:66:fe:be:e1:05:f6:03:6f:da:2a:74:43:
4d:b1:b6:71:86:94:4e:2b:db:cc:fe:8f:f9:7e:cf:a1:24:27:
5f:c8:2d:38:55:8a:78:92:77:e7:20:70:91:33:bd:37:e3:a3:
b6:93:3f:7f:cf:03:25:20:31:d1:ce:57:fc:6a:31:1a:75:fa:
3a:fd:6b:04:be:2c:32:f4:7a:bb:93:39:46:4a:04:a1:ba:ae:
2f:9a:a4:83:ca:36:ca:a4:3d:1f:53:f8:1b:18:f4:1b:70:5d:
76:0c:d8:f4:80:7b:04:a7:64:9b:f1:95:e5:c4:aa:f9:f2:39:
18:3c:fe:46:a5:2c:52:f6:e0:79:07:f8:7c:2d:0d:8a:29:ec:
39:71:8d:13:39:fc:eb:b7:fb:a3:fb:93:80:26:de:22:c1:f1:
c3:64:1d:d6
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZ4iAgCa0/r76gFWV6XFkm3oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNTEzMTU0MzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzJjYjFlYzI0M2JkOGUwMTVhY2RlN2RmMTZkYzljNTA3ZThhY2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5aJwmPMfvnq737TkjgbbxsVOGn8
w6VpYhYlQFOHKMFdFlNihbCfzbMPWVJ+87Ciub2xSsRae7oU7Od18NZSI5V21nrg
jcRXTxZ6GCpD2ymoLZuKYxywR4yKfD9aipNcnTM09DFQLdpPBQ+IRDqn/k8+Lp+c
h96Q4OSLTmNZnjesD/DuOpirgbMWRQppWs1u8uO8d45BPWG28PPh4VwfmUT0TmF7
KdRbVTZtZI+Jpp9ZLsZtUAbOjy3yK5WNaJaqjVdXnfMG7VJiHr8Ic+iyLHgTx81o
igyRwFRr7kPvqJ7OZDAtTxbVZt8V9Y+1cCpSS/jPOlm+LyxBAXAc2qdBSwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFLcssewkO9jgFazeffFtycUH6KzpMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvdHl5eDdDUTcyT0FWck41OThXM0p4UWZvck9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKMAwDBAfC54AD
BALC54gDBADC544DBADC55YDBALC55gwDAMEAMLnnQMEAMLnnjAMAwQAwufDAwQD
wufQMAwDBAHC59oDBAXC58AwDQYJKoZIhvcNAQELBQADggEBAEcUigz9mqHflHle
YT2t1Q66bzFGm5w/itXERoJkgiTrTVRgVig802agrz0VZi1fmTLheMxa2SRpM+OC
aLyoMOlw1cV5j3LGMhywxNtF4z/GihBMNUM0Tg7mC3FNAHRWj2b+vuEF9gNv2ip0
Q02xtnGGlE4r28z+j/l+z6EkJ1/ILThViniSd+cgcJEzvTfjo7aTP3/PAyUgMdHO
V/xqMRp1+jr9awS+LDL0eruTOUZKBKG6ri+apIPKNsqkPR9T+BsY9BtwXXYM2PSA
ewSnZJvxleXEqvnyORg8/kalLFL24HkH+HwtDYop7DlxjRM5/Ou3+6P7k4Am3iLB
8cNkHdY=
-----END CERTIFICATE-----
Generated at Fri May 15 08:18:29 2026 by rpki-client