Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/gjl8k3or-lbrKUh_SHUVbREXDkw.roa
File: gjl8k3or-lbrKUh_SHUVbREXDkw.roa (raw, json)
Hash identifier: kLCAWW4+NmgkuYnKwOm/RLwo1hWpCNFpUwM9JsgII3s=
Subject key identifier: 82:39:7C:93:7A:2B:FA:56:EB:29:48:7F:48:75:15:6D:11:17:0E:4C
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 019E87F20BC57B1016BE3C0B4277C513E47E
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/gjl8k3or-lbrKUh_SHUVbREXDkw.roa
Signing time: Tue 02 Jun 2026 10:47:27 +0000
ROA not before: Tue 02 Jun 2026 10:47:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 207359
IP address blocks: 45.43.148.0/24 maxlen: 24
45.43.151.0/24 maxlen: 24
104.222.180.0/24 maxlen: 24
104.233.4.0/24 maxlen: 24
104.233.5.0/24 maxlen: 24
104.233.6.0/24 maxlen: 24
104.233.7.0/24 maxlen: 24
104.238.28.0/24 maxlen: 24
104.239.14.0/24 maxlen: 24
104.249.21.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 03 Jun 2026 19:01:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:87:f2:0b:c5:7b:10:16:be:3c:0b:42:77:c5:13:e4:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Jun 2 10:47:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=82397c937a2bfa56eb29487f4875156d11170e4c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:bc:90:ef:88:99:9c:de:93:25:67:41:7d:bc:
52:07:51:98:be:c9:c1:67:95:2d:49:cc:1b:58:40:
4f:9a:b6:7a:1f:51:ae:c1:d1:91:3e:10:1a:f7:be:
18:62:a9:55:38:4f:99:dc:08:65:80:9c:73:99:88:
59:c7:cc:e4:a2:27:7b:ce:9d:8b:c0:34:f8:83:d6:
57:aa:66:6d:c4:ad:f5:4c:2b:0a:38:78:4b:bf:ac:
a0:d8:c6:86:28:8f:8c:1d:be:87:14:51:22:a0:9b:
4b:91:de:89:cd:3c:08:80:9c:cf:ad:2e:72:77:c2:
36:9e:ed:5c:b2:82:e0:9a:bf:49:6f:d6:7d:06:60:
8d:e2:d2:a5:3f:fd:50:78:e1:1c:67:b2:73:14:6f:
7a:8b:6d:89:70:3d:c8:86:ba:7c:98:5e:27:bc:04:
2e:5b:fd:b7:3c:6f:b7:2b:c0:3e:e9:8b:d1:8a:72:
2a:b8:e9:86:6f:9e:f5:ac:22:f6:b5:d9:90:8c:67:
ee:13:d7:22:71:f8:8b:86:79:af:2c:dc:ef:44:ef:
fa:a9:b7:3a:6d:22:5d:19:94:de:1f:ae:ff:5f:b9:
3a:f7:49:4e:37:cc:00:5e:2f:4b:17:39:17:c2:d4:
53:f7:f4:86:f5:8b:dc:14:95:c4:03:1b:22:ec:3c:
cb:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:39:7C:93:7A:2B:FA:56:EB:29:48:7F:48:75:15:6D:11:17:0E:4C
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/gjl8k3or-lbrKUh_SHUVbREXDkw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.43.148.0/24
45.43.151.0/24
104.222.180.0/24
104.233.4.0/22
104.238.28.0/24
104.239.14.0/24
104.249.21.0/24
Signature Algorithm: sha256WithRSAEncryption
3f:e1:d1:71:d6:72:fa:05:39:68:56:6e:bb:d5:fd:d5:8b:b8:
dc:e4:c4:c8:36:69:3f:e7:af:92:e6:ab:02:64:33:d9:8a:ef:
0f:97:01:4a:e1:3d:9c:20:8a:73:3b:6d:a1:cf:e0:13:07:af:
d2:6c:93:2b:bb:73:0c:14:84:65:e9:20:08:7b:f7:7c:87:7f:
09:6d:63:1e:2c:07:3b:c4:4f:31:8b:4b:76:80:89:9c:22:b1:
52:ce:cc:62:94:14:43:3b:e4:43:5a:49:22:19:f9:37:35:2c:
1f:20:af:3f:c8:fe:04:cc:c1:ea:82:54:56:2d:15:ed:15:52:
78:19:87:9a:24:fb:32:56:0b:68:18:50:ef:99:29:56:f8:e4:
53:1c:f0:87:f1:45:0c:c2:7b:d7:8e:3f:63:98:56:01:9a:02:
b2:8d:0a:d3:f4:c7:c8:4b:e0:b9:46:4a:a1:6c:1e:1d:a6:26:
fe:77:4b:34:34:03:6e:14:80:2b:38:69:21:04:9e:30:96:52:
e2:7f:e4:c0:50:7a:d9:f2:44:e5:bc:03:d3:6e:03:5b:d7:87:
35:c2:53:37:72:4b:de:19:be:d7:ae:46:9d:3f:5d:f4:56:ef:
b4:e6:2e:26:ac:8d:e5:23:dd:cc:ee:2a:b0:87:cf:a5:f3:dd:
e5:e5:27:0f
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZ6H8gvFexAWvjwLQnfFE+R+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwNjAyMTA0NzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjM5N2M5MzdhMmJmYTU2ZWIyOTQ4N2Y0ODc1MTU2ZDExMTcwZTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17yQ74iZnN6TJWdBfbxSB1GYvsnB
Z5UtScwbWEBPmrZ6H1GuwdGRPhAa974YYqlVOE+Z3AhlgJxzmYhZx8zkoid7zp2L
wDT4g9ZXqmZtxK31TCsKOHhLv6yg2MaGKI+MHb6HFFEioJtLkd6JzTwIgJzPrS5y
d8I2nu1csoLgmr9Jb9Z9BmCN4tKlP/1QeOEcZ7JzFG96i22JcD3Ihrp8mF4nvAQu
W/23PG+3K8A+6YvRinIquOmGb571rCL2tdmQjGfuE9cicfiLhnmvLNzvRO/6qbc6
bSJdGZTeH67/X7k690lON8wAXi9LFzkXwtRT9/SG9YvcFJXEAxsi7DzLoQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFII5fJN6K/pW6ylIf0h1FW0RFw5MMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvZ2psOGszb3ItbGJyS1VoX1NIVVZiUkVYRGt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALSuUAwQA
LSuXAwQAaN60AwQCaOkEAwQAaO4cAwQAaO8OAwQAaPkVMA0GCSqGSIb3DQEBCwUA
A4IBAQA/4dFx1nL6BTloVm671f3Vi7jc5MTINmk/56+S5qsCZDPZiu8PlwFK4T2c
IIpzO22hz+ATB6/SbJMru3MMFIRl6SAIe/d8h38JbWMeLAc7xE8xi0t2gImcIrFS
zsxilBRDO+RDWkkiGfk3NSwfIK8/yP4EzMHqglRWLRXtFVJ4GYeaJPsyVgtoGFDv
mSlW+ORTHPCH8UUMwnvXjj9jmFYBmgKyjQrT9MfIS+C5RkqhbB4dpib+d0s0NANu
FIArOGkhBJ4wllLif+TAUHrZ8kTlvAPTbgNb14c1wlM3ckveGb7XrkadP130Vu+0
5i4mrI3lI93M7iqwh8+l893l5ScP
-----END CERTIFICATE-----
Generated at Wed Jun 3 04:18:41 2026 by rpki-client