Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/bYYjdXr_4Gn2Yi3IJ-quGWMC2MU.roa
File: bYYjdXr_4Gn2Yi3IJ-quGWMC2MU.roa (raw, json)
Hash identifier: JyzWj0ZIYmxJImt5pjKo7ooDZ5e59x7gFTUXteOAmdY=
Subject key identifier: 6D:86:23:75:7A:FF:E0:69:F6:62:2D:C8:27:EA:AE:19:63:02:D8:C5
Certificate issuer: /CN=4593b9ac0a486b0037765d605c8b1c8104046f0a
Certificate serial: 019E89DF829AB955871F18EEE1FECFA18066
Authority key identifier: 45:93:B9:AC:0A:48:6B:00:37:76:5D:60:5C:8B:1C:81:04:04:6F:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RZO5rApIawA3dl1gXIscgQQEbwo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/bYYjdXr_4Gn2Yi3IJ-quGWMC2MU.roa
Signing time: Tue 02 Jun 2026 19:46:26 +0000
ROA not before: Tue 02 Jun 2026 19:46:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 205634
IP address blocks: 144.124.209.0/24 maxlen: 24
144.124.216.0/24 maxlen: 24
144.124.217.0/24 maxlen: 24
144.124.218.0/24 maxlen: 24
144.124.219.0/24 maxlen: 24
144.124.221.0/24 maxlen: 24
144.124.222.0/24 maxlen: 24
144.124.223.0/24 maxlen: 24
158.94.213.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/RZO5rApIawA3dl1gXIscgQQEbwo.crl
rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/RZO5rApIawA3dl1gXIscgQQEbwo.mft
rsync://rpki.ripe.net/repository/DEFAULT/RZO5rApIawA3dl1gXIscgQQEbwo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 13 Jun 2026 16:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:89:df:82:9a:b9:55:87:1f:18:ee:e1:fe:cf:a1:80:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4593b9ac0a486b0037765d605c8b1c8104046f0a
Validity
Not Before: Jun 2 19:46:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6d8623757affe069f6622dc827eaae196302d8c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:ad:ba:2d:7a:f7:00:09:e9:3d:cf:09:29:6b:
ea:de:2c:7f:c7:d3:31:7d:33:b6:e9:46:70:c1:42:
3e:77:25:38:de:d7:56:38:d9:58:e0:c3:ae:89:b9:
7e:6b:40:7d:e2:f4:6b:0c:8b:fe:5c:b8:b3:61:da:
dd:9a:84:d7:45:dc:03:41:57:10:3f:45:3a:a1:2e:
a5:02:5c:68:ea:b8:4f:4a:6d:8d:23:61:14:df:b4:
bc:5f:4a:76:65:ca:a6:11:34:09:0d:a3:75:0c:62:
c1:26:ef:ef:64:95:66:61:4c:bf:3a:7d:6f:f2:06:
3b:2d:9b:aa:36:69:3a:4c:b3:b9:8e:09:10:dd:41:
c1:8a:51:93:a6:aa:62:1f:1b:ba:b8:e3:58:f6:30:
f0:0a:57:15:be:85:fe:a8:e6:02:9a:33:bf:34:8a:
3c:73:dc:50:36:c3:09:5b:9e:97:90:99:c3:1b:0e:
a9:34:83:fa:ef:ae:33:b7:40:7f:96:8a:38:aa:a5:
43:26:55:8e:8a:8b:d7:30:59:a4:45:69:5a:6c:de:
86:22:12:ec:6a:35:77:a3:e9:39:2c:9d:b4:6b:55:
44:34:b5:78:38:85:dc:1b:3b:fd:6e:e5:32:40:fc:
86:55:d2:7a:2b:4a:93:6a:ff:d9:53:da:f2:b8:a4:
c6:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:86:23:75:7A:FF:E0:69:F6:62:2D:C8:27:EA:AE:19:63:02:D8:C5
X509v3 Authority Key Identifier:
keyid:45:93:B9:AC:0A:48:6B:00:37:76:5D:60:5C:8B:1C:81:04:04:6F:0A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RZO5rApIawA3dl1gXIscgQQEbwo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/bYYjdXr_4Gn2Yi3IJ-quGWMC2MU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/RZO5rApIawA3dl1gXIscgQQEbwo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
144.124.209.0/24
144.124.216.0/22
144.124.221.0-144.124.223.255
158.94.213.0/24
Signature Algorithm: sha256WithRSAEncryption
57:0e:d9:18:d7:0d:bb:41:ce:d2:99:05:d4:8b:fc:e5:01:fe:
de:20:ae:4f:e6:5a:c8:9e:d2:a2:a2:77:cb:61:98:de:52:4b:
65:ff:17:74:83:53:90:f6:22:97:52:9b:10:a9:97:fb:19:67:
61:ad:b5:2c:49:fb:59:62:22:93:33:0a:59:6a:1f:d2:ac:4e:
0f:b3:51:82:a1:a8:80:30:ed:e3:c7:5c:4f:36:fc:64:9f:8f:
49:85:b6:48:4f:3d:b5:90:f8:b4:e6:7b:56:50:01:c0:61:34:
c9:eb:a1:90:78:53:9b:1b:9a:75:d6:f2:14:fd:13:32:9f:51:
7e:25:a3:c6:26:a5:27:40:82:3c:93:af:b1:ee:d5:c7:60:cf:
92:1c:9a:4f:81:b8:58:72:7f:45:98:30:a2:1a:98:98:ec:e2:
02:23:5c:27:ac:78:24:72:25:9c:58:2e:e7:96:5c:6d:fe:44:
01:3e:d0:9b:d7:06:35:c7:c5:89:17:a9:4a:62:11:ab:50:6c:
d8:00:92:25:12:d8:eb:c6:d6:8d:d6:6b:be:50:b9:7c:27:ac:
11:5e:88:8a:3f:1b:41:0a:5c:1e:ce:ef:a3:02:59:c0:db:d8:
9f:89:30:50:13:9c:1b:0e:4f:8c:dd:18:81:15:aa:44:bb:8e:
96:b1:a0:86
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ6J34KauVWHHxju4f7PoYBmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OTNiOWFjMGE0ODZiMDAzNzc2NWQ2MDVjOGIxYzgxMDQw
NDZmMGEwHhcNMjYwNjAyMTk0NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDg2MjM3NTdhZmZlMDY5ZjY2MjJkYzgyN2VhYWUxOTYzMDJkOGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj626LXr3AAnpPc8JKWvq3ix/x9Mx
fTO26UZwwUI+dyU43tdWONlY4MOuibl+a0B94vRrDIv+XLizYdrdmoTXRdwDQVcQ
P0U6oS6lAlxo6rhPSm2NI2EU37S8X0p2ZcqmETQJDaN1DGLBJu/vZJVmYUy/On1v
8gY7LZuqNmk6TLO5jgkQ3UHBilGTpqpiHxu6uONY9jDwClcVvoX+qOYCmjO/NIo8
c9xQNsMJW56XkJnDGw6pNIP6764zt0B/loo4qqVDJlWOiovXMFmkRWlabN6GIhLs
ajV3o+k5LJ20a1VENLV4OIXcGzv9buUyQPyGVdJ6K0qTav/ZU9ryuKTGOwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFG2GI3V6/+Bp9mItyCfqrhljAtjFMB8GA1UdIwQY
MBaAFEWTuawKSGsAN3ZdYFyLHIEEBG8KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlpPNXJBcElhd0EzZGwxZ1hJc2NnUVFFYndvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8wNWIwZDItMTZiYS00ZDcxLWEyMTgt
NDNlNmJmZjlhMjVlLzEvYllZamRYcl80R24yWWkzSUotcXVHV01DMk1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8wNWIwZDItMTZiYS00ZDcxLWEyMTgtNDNlNmJmZjlhMjVl
LzEvUlpPNXJBcElhd0EzZGwxZ1hJc2NnUVFFYndvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAkHzRAwQC
kHzYMAwDBACQfN0DBAWQfMADBACeXtUwDQYJKoZIhvcNAQELBQADggEBAFcO2RjX
DbtBztKZBdSL/OUB/t4grk/mWsie0qKid8thmN5SS2X/F3SDU5D2IpdSmxCpl/sZ
Z2GttSxJ+1liIpMzCllqH9KsTg+zUYKhqIAw7ePHXE82/GSfj0mFtkhPPbWQ+LTm
e1ZQAcBhNMnroZB4U5sbmnXW8hT9EzKfUX4lo8YmpSdAgjyTr7Hu1cdgz5Icmk+B
uFhyf0WYMKIamJjs4gIjXCeseCRyJZxYLueWXG3+RAE+0JvXBjXHxYkXqUpiEatQ
bNgAkiUS2OvG1o3Wa75QuXwnrBFeiIo/G0EKXB7O76MCWcDb2J+JMFATnBsOT4zd
GIEVqkS7jpaxoIY=
-----END CERTIFICATE-----
Generated at Sat Jun 13 01:01:16 2026 by rpki-client