Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/RbjX86fcOMSY4QFLKDJwZ2qTveo.roa
File: RbjX86fcOMSY4QFLKDJwZ2qTveo.roa (raw, json)
Hash identifier: N6VxatQ/mIA8OoimGHGJtwJB+iRV96F3haafY4KxDvg=
Subject key identifier: 45:B8:D7:F3:A7:DC:38:C4:98:E1:01:4B:28:32:70:67:6A:93:BD:EA
Certificate issuer: /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial: 019DA9676CADDAC5762972DA2B75B5D4EC42
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/RbjX86fcOMSY4QFLKDJwZ2qTveo.roa
Signing time: Mon 20 Apr 2026 05:40:20 +0000
ROA not before: Mon 20 Apr 2026 05:40:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 212238
IP address blocks: 158.173.3.0/24 maxlen: 24
158.173.4.0/24 maxlen: 24
158.173.5.0/24 maxlen: 24
158.173.6.0/24 maxlen: 24
158.173.7.0/24 maxlen: 24
158.173.16.0/24 maxlen: 24
158.173.17.0/24 maxlen: 24
158.173.18.0/24 maxlen: 24
158.173.19.0/24 maxlen: 24
158.173.20.0/24 maxlen: 24
158.173.21.0/24 maxlen: 24
158.173.22.0/24 maxlen: 24
158.173.23.0/24 maxlen: 24
158.173.24.0/24 maxlen: 24
158.173.25.0/24 maxlen: 24
158.173.32.0/24 maxlen: 24
158.173.33.0/24 maxlen: 24
158.173.44.0/24 maxlen: 24
158.173.45.0/24 maxlen: 24
158.173.46.0/24 maxlen: 24
158.173.47.0/24 maxlen: 24
158.173.55.0/24 maxlen: 24
158.173.67.0/24 maxlen: 24
158.173.72.0/24 maxlen: 24
158.173.73.0/24 maxlen: 24
158.173.76.0/24 maxlen: 24
158.173.88.0/24 maxlen: 24
158.173.89.0/24 maxlen: 24
158.173.101.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 25 Apr 2026 17:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:a9:67:6c:ad:da:c5:76:29:72:da:2b:75:b5:d4:ec:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Validity
Not Before: Apr 20 05:40:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=45b8d7f3a7dc38c498e1014b283270676a93bdea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:86:0d:9f:69:b5:c6:b4:eb:a3:90:cd:ac:d2:
05:cb:0e:8a:83:a3:88:c0:7f:fb:fb:51:a3:ef:f5:
eb:d2:73:33:4a:52:c0:6d:da:68:99:30:44:74:31:
82:a2:65:43:b6:18:f4:ef:c3:96:a0:c3:cd:d9:65:
65:f6:61:ca:79:49:e2:60:93:0e:f5:54:ae:d0:1f:
cb:72:15:59:86:8e:a4:bd:59:cd:65:79:af:10:4c:
16:db:87:c2:7c:a8:a8:db:bb:ba:7b:27:62:ad:02:
71:50:54:4b:37:56:80:45:33:f0:72:b3:52:df:03:
2c:6e:64:63:40:da:ff:09:ae:7f:71:da:dd:0a:13:
4f:bd:b6:1d:15:aa:4b:89:74:b0:a3:90:44:61:7a:
8d:e6:18:35:fa:d4:7d:48:d4:69:4d:4c:83:74:29:
a9:7b:bb:97:60:63:e7:c5:f6:9f:0f:13:6f:56:f8:
d2:40:23:0b:ef:c9:3f:0a:c4:5e:d2:4b:5c:16:8f:
f8:45:67:37:f5:17:c6:1a:14:ba:7b:79:f7:80:cd:
fb:17:f2:2b:49:ee:5c:6d:92:e3:ee:23:16:33:40:
9a:26:40:34:c0:77:be:4b:41:9f:9c:83:b5:4b:7b:
8c:8d:68:0c:03:2a:6b:97:83:75:7d:9c:87:f1:0a:
9e:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:B8:D7:F3:A7:DC:38:C4:98:E1:01:4B:28:32:70:67:6A:93:BD:EA
X509v3 Authority Key Identifier:
keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/RbjX86fcOMSY4QFLKDJwZ2qTveo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
158.173.3.0-158.173.7.255
158.173.16.0-158.173.25.255
158.173.32.0/23
158.173.44.0/22
158.173.55.0/24
158.173.67.0/24
158.173.72.0/23
158.173.76.0/24
158.173.88.0/23
158.173.101.0/24
Signature Algorithm: sha256WithRSAEncryption
10:75:8e:73:ef:37:5b:d2:f0:ec:7c:86:7a:a3:d3:fc:cb:db:
7a:b3:72:56:14:0a:cf:9b:4c:87:b6:26:5a:4e:9b:00:27:90:
7b:18:37:b2:7c:cf:9e:db:95:06:1b:ba:0d:93:92:7c:b6:68:
ca:de:4b:24:57:61:a2:e3:05:9e:5d:8f:59:28:31:ab:df:05:
bc:1a:eb:c6:39:e7:b4:7b:a5:fc:fe:73:7d:0b:15:20:3c:33:
ff:a0:7c:5c:2b:57:47:35:12:76:19:6d:c0:d1:00:2e:a8:9c:
f8:67:60:b2:4e:6a:66:8e:75:6a:91:d6:eb:00:e8:d1:a8:6b:
76:a1:80:9e:cf:e4:4a:0b:2a:21:61:62:3c:68:83:87:91:16:
be:5d:fb:ba:41:9a:3f:58:6d:63:97:ac:98:25:3c:09:01:ef:
1d:f0:36:61:52:1b:62:24:4a:65:ad:f8:77:83:72:33:13:c2:
25:f3:9c:80:08:ab:99:26:d1:83:89:b1:89:bf:f3:d4:f7:06:
69:87:b2:d9:d0:0f:c3:c3:99:32:2b:05:ab:c5:b0:99:e3:43:
e0:fd:98:4e:54:91:b0:c5:f9:0a:46:38:63:9c:ba:7e:a8:57:
af:31:4f:4d:a4:d4:77:48:b2:49:58:57:35:37:ac:4f:2f:0f:
72:51:4f:81
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZ2pZ2yt2sV2KXLaK3W11OxCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwNDIwMDU0MDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWI4ZDdmM2E3ZGMzOGM0OThlMTAxNGIyODMyNzA2NzZhOTNiZGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4YNn2m1xrTro5DNrNIFyw6Kg6OI
wH/7+1Gj7/Xr0nMzSlLAbdpomTBEdDGComVDthj078OWoMPN2WVl9mHKeUniYJMO
9VSu0B/LchVZho6kvVnNZXmvEEwW24fCfKio27u6eydirQJxUFRLN1aARTPwcrNS
3wMsbmRjQNr/Ca5/cdrdChNPvbYdFapLiXSwo5BEYXqN5hg1+tR9SNRpTUyDdCmp
e7uXYGPnxfafDxNvVvjSQCML78k/CsRe0ktcFo/4RWc39RfGGhS6e3n3gM37F/Ir
Se5cbZLj7iMWM0CaJkA0wHe+S0GfnIO1S3uMjWgMAyprl4N1fZyH8Qqe3wIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFEW41/On3DjEmOEBSygycGdqk73qMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvUmJqWDg2ZmNPTVNZNFFGTEtESndaMnFUdmVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMMAwDBACerQMD
BAOerQAwDAMEBJ6tEAMEAZ6tGAMEAZ6tIAMEAp6tLAMEAJ6tNwMEAJ6tQwMEAZ6t
SAMEAJ6tTAMEAZ6tWAMEAJ6tZTANBgkqhkiG9w0BAQsFAAOCAQEAEHWOc+83W9Lw
7HyGeqPT/MvberNyVhQKz5tMh7YmWk6bACeQexg3snzPntuVBhu6DZOSfLZoyt5L
JFdhouMFnl2PWSgxq98FvBrrxjnntHul/P5zfQsVIDwz/6B8XCtXRzUSdhltwNEA
Lqic+Gdgsk5qZo51apHW6wDo0ahrdqGAns/kSgsqIWFiPGiDh5EWvl37ukGaP1ht
Y5esmCU8CQHvHfA2YVIbYiRKZa34d4NyMxPCJfOcgAirmSbRg4mxib/z1PcGaYey
2dAPw8OZMisFq8WwmeND4P2YTlSRsMX5CkY4Y5y6fqhXrzFPTaTUd0iySVhXNTes
Ty8PclFPgQ==
-----END CERTIFICATE-----
Generated at Sat Apr 25 01:37:02 2026 by rpki-client