Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/02b522-9f08-46fc-99ea-9f3e8f9efc99/1/CK8OJfLCISBl1ouaHEnbpGJbOnw.roa
File: CK8OJfLCISBl1ouaHEnbpGJbOnw.roa (raw, json)
Hash identifier: pt47KAPdqRnN1dkS3yo4ZlI5RRvRrx+uI3TswhWMkuU=
Subject key identifier: 08:AF:0E:25:F2:C2:21:20:65:D6:8B:9A:1C:49:DB:A4:62:5B:3A:7C
Certificate issuer: /CN=61aedfdc7133e95f42498f7760f68fb80faa84ac
Certificate serial: 019E7286F28F6478FA592FFDDC786623F34B
Authority key identifier: 61:AE:DF:DC:71:33:E9:5F:42:49:8F:77:60:F6:8F:B8:0F:AA:84:AC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ya7f3HEz6V9CSY93YPaPuA-qhKw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/02b522-9f08-46fc-99ea-9f3e8f9efc99/1/CK8OJfLCISBl1ouaHEnbpGJbOnw.roa
Signing time: Fri 29 May 2026 06:58:26 +0000
ROA not before: Fri 29 May 2026 06:58:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 61276
IP address blocks: 91.190.156.0/24 maxlen: 24
138.16.137.0/24 maxlen: 24
193.47.41.0/24 maxlen: 24
2a11:6380::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/02b522-9f08-46fc-99ea-9f3e8f9efc99/1/Ya7f3HEz6V9CSY93YPaPuA-qhKw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/02b522-9f08-46fc-99ea-9f3e8f9efc99/1/Ya7f3HEz6V9CSY93YPaPuA-qhKw.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ya7f3HEz6V9CSY93YPaPuA-qhKw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 05 Jun 2026 06:00:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:72:86:f2:8f:64:78:fa:59:2f:fd:dc:78:66:23:f3:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61aedfdc7133e95f42498f7760f68fb80faa84ac
Validity
Not Before: May 29 06:58:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=08af0e25f2c2212065d68b9a1c49dba4625b3a7c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:31:81:ce:cd:a0:bf:20:d6:63:72:ea:c6:b2:
2e:50:3e:86:a2:9d:c7:5a:ae:20:ab:ce:9e:62:5d:
12:71:4e:89:fd:a0:4e:ae:36:7a:76:8f:88:be:a4:
bf:c5:3f:13:88:1c:be:d4:19:02:9b:3a:e3:d9:b4:
91:56:9c:84:76:be:a9:c7:a1:9b:08:01:4c:bb:45:
68:f4:6f:e1:db:55:32:7b:4d:c3:63:fc:d1:1f:f0:
da:0d:b2:77:a5:ee:50:2f:ef:d2:f9:77:10:f6:3f:
ac:70:5c:ce:0c:99:3e:a0:e4:1d:f5:ba:93:5d:a7:
76:52:cd:f3:30:1d:54:06:55:ca:8e:05:42:73:b5:
ce:d1:eb:68:95:69:d3:31:f8:de:60:06:b3:37:f5:
a6:93:64:32:e0:8a:4e:c9:17:7f:77:0f:0c:8d:38:
d5:50:06:07:2f:68:61:4f:a8:5a:28:9b:57:96:a4:
fd:c5:38:2e:9c:1e:3f:cc:76:f4:b2:11:35:69:9c:
15:90:75:8d:bc:8f:e5:e6:00:27:11:99:93:10:a5:
97:8a:17:b7:8f:fd:b0:d4:0d:fc:8d:3c:63:44:07:
7a:c0:40:06:c4:e6:4b:47:6c:eb:76:00:bf:c5:36:
23:54:6e:d3:44:ad:59:4b:2c:48:f9:fb:d8:a8:4c:
18:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:AF:0E:25:F2:C2:21:20:65:D6:8B:9A:1C:49:DB:A4:62:5B:3A:7C
X509v3 Authority Key Identifier:
keyid:61:AE:DF:DC:71:33:E9:5F:42:49:8F:77:60:F6:8F:B8:0F:AA:84:AC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ya7f3HEz6V9CSY93YPaPuA-qhKw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/02b522-9f08-46fc-99ea-9f3e8f9efc99/1/CK8OJfLCISBl1ouaHEnbpGJbOnw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/02b522-9f08-46fc-99ea-9f3e8f9efc99/1/Ya7f3HEz6V9CSY93YPaPuA-qhKw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.190.156.0/24
138.16.137.0/24
193.47.41.0/24
IPv6:
2a11:6380::/29
Signature Algorithm: sha256WithRSAEncryption
17:c9:1d:67:47:22:80:e6:1a:d1:50:04:58:47:e4:b2:06:ef:
05:20:38:78:de:2e:26:ff:6c:97:7c:f4:a2:2a:2b:1c:a2:d1:
af:54:47:9e:90:f7:08:17:c0:cb:93:7f:b8:82:af:e1:78:7f:
62:95:9a:31:0b:31:14:3b:04:4a:89:83:93:9b:19:5a:7a:30:
39:1c:17:e4:1e:1e:0f:b2:b7:10:e0:5a:22:ae:59:a1:dc:b6:
a7:43:03:78:51:16:f7:20:02:41:8a:d2:1f:e6:49:dd:92:af:
d2:9d:0f:46:cb:db:fe:4b:23:4c:b5:ca:1c:f5:32:17:85:06:
1b:20:1b:64:cf:9b:f9:99:9e:98:40:5f:b7:ce:c6:c2:bd:7a:
1c:c0:9c:9f:74:ab:fa:21:cb:34:bd:96:b1:15:3f:e7:d1:0f:
4b:63:df:27:1f:9e:ef:48:18:94:3e:bf:c5:1e:15:8d:58:66:
ac:06:29:45:97:58:c3:65:48:11:d7:9f:32:73:1f:f4:99:3c:
c8:a1:e9:a9:cd:66:0b:bb:96:b3:ed:56:2e:c4:97:68:89:78:
64:d5:5f:e8:8e:25:88:0b:ac:22:39:91:37:e0:f7:8d:30:4d:
d1:19:a1:c7:e9:f7:63:99:54:70:be:5b:5b:33:89:5a:e9:19:
6e:1f:ab:ab
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZ5yhvKPZHj6WS/93HhmI/NLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYWVkZmRjNzEzM2U5NWY0MjQ5OGY3NzYwZjY4ZmI4MGZh
YTg0YWMwHhcNMjYwNTI5MDY1ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGFmMGUyNWYyYzIyMTIwNjVkNjhiOWExYzQ5ZGJhNDYyNWIzYTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDGBzs2gvyDWY3LqxrIuUD6Gop3H
Wq4gq86eYl0ScU6J/aBOrjZ6do+IvqS/xT8TiBy+1BkCmzrj2bSRVpyEdr6px6Gb
CAFMu0Vo9G/h21Uye03DY/zRH/DaDbJ3pe5QL+/S+XcQ9j+scFzODJk+oOQd9bqT
Xad2Us3zMB1UBlXKjgVCc7XO0etolWnTMfjeYAazN/Wmk2Qy4IpOyRd/dw8MjTjV
UAYHL2hhT6haKJtXlqT9xTgunB4/zHb0shE1aZwVkHWNvI/l5gAnEZmTEKWXihe3
j/2w1A38jTxjRAd6wEAGxOZLR2zrdgC/xTYjVG7TRK1ZSyxI+fvYqEwYSQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFAivDiXywiEgZdaLmhxJ26RiWzp8MB8GA1UdIwQY
MBaAFGGu39xxM+lfQkmPd2D2j7gPqoSsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWE3ZjNIRXo2VjlDU1k5M1lQYVB1QS1xaEt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8wMmI1MjItOWYwOC00NmZjLTk5ZWEt
OWYzZThmOWVmYzk5LzEvQ0s4T0pmTENJU0JsMW91YUhFbmJwR0piT253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8wMmI1MjItOWYwOC00NmZjLTk5ZWEtOWYzZThmOWVmYzk5
LzEvWWE3ZjNIRXo2VjlDU1k5M1lQYVB1QS1xaEt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAW76cAwQA
ihCJAwQAwS8pMA0EAgACMAcDBQMqEWOAMA0GCSqGSIb3DQEBCwUAA4IBAQAXyR1n
RyKA5hrRUARYR+SyBu8FIDh43i4m/2yXfPSiKiscotGvVEeekPcIF8DLk3+4gq/h
eH9ilZoxCzEUOwRKiYOTmxlaejA5HBfkHh4PsrcQ4Foirlmh3LanQwN4URb3IAJB
itIf5kndkq/SnQ9Gy9v+SyNMtcoc9TIXhQYbIBtkz5v5mZ6YQF+3zsbCvXocwJyf
dKv6Ics0vZaxFT/n0Q9LY98nH57vSBiUPr/FHhWNWGasBilFl1jDZUgR158ycx/0
mTzIoempzWYLu5az7VYuxJdoiXhk1V/ojiWIC6wiOZE34PeNME3RGaHH6fdjmVRw
vltbM4la6RluH6ur
-----END CERTIFICATE-----
Generated at Thu Jun 4 12:11:10 2026 by rpki-client