Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/A21Z7mS0e3bAxujDpEVdYOZJWqI.roa
File: A21Z7mS0e3bAxujDpEVdYOZJWqI.roa (raw, json)
Hash identifier: dixHTBPQkIyr9FnrFhU5oYqsGEg2N2k6+JaRs/XYNQ0=
Subject key identifier: 03:6D:59:EE:64:B4:7B:76:C0:C6:E8:C3:A4:45:5D:60:E6:49:5A:A2
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 019D3BB8282FC35300199E0224B85C0C7433
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/A21Z7mS0e3bAxujDpEVdYOZJWqI.roa
Signing time: Sun 29 Mar 2026 22:30:17 +0000
ROA not before: Sun 29 Mar 2026 22:30:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 215391
IP address blocks: 45.43.143.0/24 maxlen: 24
45.43.161.0/24 maxlen: 24
104.238.21.0/24 maxlen: 24
104.238.23.0/24 maxlen: 24
216.173.108.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 15 Apr 2026 19:01:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:3b:b8:28:2f:c3:53:00:19:9e:02:24:b8:5c:0c:74:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Mar 29 22:30:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=036d59ee64b47b76c0c6e8c3a4455d60e6495aa2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:9f:a1:c2:03:8b:07:18:dd:8e:6e:a1:91:9b:
58:1a:b6:e9:f8:56:c0:04:5a:e5:dc:79:84:bf:f5:
ca:a4:78:4c:34:0f:30:97:f8:41:a5:3f:56:e9:4e:
64:5f:a3:a4:b2:e1:0e:ce:55:df:d3:66:ac:e7:98:
0a:c7:f0:20:e8:a3:e6:ff:87:10:36:ed:db:a3:b7:
0d:c0:fa:09:30:af:88:ce:1d:2a:7c:a3:56:2a:4f:
8c:6d:b3:cd:6f:77:62:45:5f:a1:c8:a5:15:b6:0c:
0e:5a:97:fa:40:ee:be:e0:ec:55:4e:93:f6:55:0e:
c6:dc:26:16:8e:85:ad:e9:7e:69:d0:50:39:a5:d2:
14:52:12:9b:37:7f:b3:3d:88:dd:f1:a0:c9:bb:3b:
9a:99:92:b0:5e:b7:3a:a2:24:f9:08:dc:bb:fb:06:
7d:43:71:ef:60:70:66:f8:07:67:5a:c3:5e:f9:c5:
a9:97:ea:4a:be:d4:a1:4d:b5:e4:2a:c6:8f:97:ec:
8f:ae:1a:14:75:47:60:1e:5d:ba:c7:af:e2:17:96:
23:28:bc:75:02:53:4e:01:86:df:2c:ac:c7:6f:ad:
e7:31:4e:47:06:62:89:d3:ea:51:36:79:f8:ea:9e:
58:ed:b3:28:44:1c:26:38:dc:b6:d6:a3:22:a9:21:
35:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:6D:59:EE:64:B4:7B:76:C0:C6:E8:C3:A4:45:5D:60:E6:49:5A:A2
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/A21Z7mS0e3bAxujDpEVdYOZJWqI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.43.143.0/24
45.43.161.0/24
104.238.21.0/24
104.238.23.0/24
216.173.108.0/24
Signature Algorithm: sha256WithRSAEncryption
8c:ea:0c:39:3e:8d:50:de:c3:5f:db:dd:0b:ea:1a:fe:2f:08:
af:50:9c:ed:43:47:b3:44:73:9f:95:d7:1a:2b:da:33:a9:26:
cf:e2:20:06:77:5b:6c:b7:08:46:54:ae:e4:1d:32:22:88:a8:
f3:ad:78:9a:9a:33:31:71:ce:c2:7d:84:1a:4a:f7:9c:f1:2b:
b5:f9:3a:0c:7a:fa:57:cd:7d:d7:b8:e1:fe:2d:86:6c:93:5e:
0a:02:4a:43:49:75:4f:20:da:b2:e9:11:52:c0:60:ef:3b:b0:
ca:70:3e:37:a3:e3:9f:82:1a:e4:55:e0:ac:63:39:d8:d4:96:
91:6c:77:4a:56:32:23:30:15:d8:55:1a:93:ce:6b:f4:b3:be:
3c:1b:9c:8b:46:9c:44:d8:30:34:ae:14:76:c5:03:6a:fe:c5:
a3:c0:32:41:82:c6:5d:44:dc:0e:36:39:ce:df:0b:e6:57:17:
5e:1e:56:ff:c7:6e:5e:4f:65:6e:c6:36:76:fb:4e:f6:c8:20:
1a:b9:21:48:d0:47:bb:38:2d:6b:da:fb:12:91:4b:bb:46:53:
e3:78:b0:f0:8a:6d:1b:ea:e3:de:2e:5b:11:57:3f:d4:e6:51:
1e:1b:b8:74:85:72:2d:01:4a:03:70:10:1c:e1:69:7e:c1:a4:
73:34:66:8c
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZ07uCgvw1MAGZ4CJLhcDHQzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwMzI5MjIzMDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzZkNTllZTY0YjQ3Yjc2YzBjNmU4YzNhNDQ1NWQ2MGU2NDk1YWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyp+hwgOLBxjdjm6hkZtYGrbp+FbA
BFrl3HmEv/XKpHhMNA8wl/hBpT9W6U5kX6OksuEOzlXf02as55gKx/Ag6KPm/4cQ
Nu3bo7cNwPoJMK+Izh0qfKNWKk+MbbPNb3diRV+hyKUVtgwOWpf6QO6+4OxVTpP2
VQ7G3CYWjoWt6X5p0FA5pdIUUhKbN3+zPYjd8aDJuzuamZKwXrc6oiT5CNy7+wZ9
Q3HvYHBm+AdnWsNe+cWpl+pKvtShTbXkKsaPl+yPrhoUdUdgHl26x6/iF5YjKLx1
AlNOAYbfLKzHb63nMU5HBmKJ0+pRNnn46p5Y7bMoRBwmONy21qMiqSE1KwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFANtWe5ktHt2wMbow6RFXWDmSVqiMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvQTIxWjdtUzBlM2JBeHVqRHBFVmRZT1pKV3FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQALSuPAwQA
LSuhAwQAaO4VAwQAaO4XAwQA2K1sMA0GCSqGSIb3DQEBCwUAA4IBAQCM6gw5Po1Q
3sNf290L6hr+LwivUJztQ0ezRHOfldcaK9ozqSbP4iAGd1tstwhGVK7kHTIiiKjz
rXiamjMxcc7CfYQaSvec8Su1+ToMevpXzX3XuOH+LYZsk14KAkpDSXVPINqy6RFS
wGDvO7DKcD43o+OfghrkVeCsYznY1JaRbHdKVjIjMBXYVRqTzmv0s748G5yLRpxE
2DA0rhR2xQNq/sWjwDJBgsZdRNwONjnO3wvmVxdeHlb/x25eT2VuxjZ2+072yCAa
uSFI0Ee7OC1r2vsSkUu7RlPjeLDwim0b6uPeLlsRVz/U5lEeG7h0hXItAUoDcBAc
4Wl+waRzNGaM
-----END CERTIFICATE-----
Generated at Wed Apr 15 03:51:22 2026 by rpki-client