Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/70777b-68b0-42a8-9e9d-e8ada51ee8ff/1/ylO6N8900P88QZefA7Dn01NvgPI.roa
File: ylO6N8900P88QZefA7Dn01NvgPI.roa (raw, json)
Hash identifier: U+/e2PWVxHjZOQFTR/YGHyNLL4yvYXeZwDjW8HXteac=
Subject key identifier: CA:53:BA:37:CF:74:D0:FF:3C:41:97:9F:03:B0:E7:D3:53:6F:80:F2
Certificate issuer: /CN=4987941e74c1c03e7aba3b878530095eb6fa874e
Certificate serial: 019CF60D14563636AA85968115555FC36071
Authority key identifier: 49:87:94:1E:74:C1:C0:3E:7A:BA:3B:87:85:30:09:5E:B6:FA:87:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SYeUHnTBwD56ujuHhTAJXrb6h04.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/70777b-68b0-42a8-9e9d-e8ada51ee8ff/1/ylO6N8900P88QZefA7Dn01NvgPI.roa
Signing time: Mon 16 Mar 2026 09:49:38 +0000
ROA not before: Mon 16 Mar 2026 09:49:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 200736
IP address blocks: 45.66.40.0/22 maxlen: 24
45.66.40.0/24 maxlen: 24
45.66.41.0/24 maxlen: 24
45.66.42.0/24 maxlen: 24
45.66.43.0/24 maxlen: 24
78.109.28.0/22 maxlen: 24
78.109.28.0/24 maxlen: 24
78.109.29.0/24 maxlen: 24
78.109.30.0/24 maxlen: 24
78.109.31.0/24 maxlen: 24
195.20.114.0/24 maxlen: 24
195.214.208.0/22 maxlen: 24
195.214.208.0/24 maxlen: 24
195.214.211.0/24 maxlen: 24
2a10:9300::/29 maxlen: 42
2a10:9300::/36 maxlen: 42
2a10:9300:100::/42 maxlen: 42
2a10:9300:140::/42 maxlen: 42
2a10:9300:400::/42 maxlen: 42
2a10:9300:500::/42 maxlen: 42
2a10:9300:600::/42 maxlen: 42
2a10:9300:700::/42 maxlen: 42
2a10:9300:900::/42 maxlen: 42
2a10:9300:b00::/42 maxlen: 42
2a10:9300:c00::/42 maxlen: 42
2a10:9301::/36 maxlen: 42
2a10:9301:100::/42 maxlen: 42
2a10:9301:140::/42 maxlen: 42
2a10:9301:180::/42 maxlen: 42
2a10:9301:300::/42 maxlen: 42
2a10:9301:340::/42 maxlen: 42
2a10:9301:700::/42 maxlen: 42
2a10:9301:740::/42 maxlen: 42
2a10:9301:980::/42 maxlen: 42
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/70777b-68b0-42a8-9e9d-e8ada51ee8ff/1/SYeUHnTBwD56ujuHhTAJXrb6h04.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/70777b-68b0-42a8-9e9d-e8ada51ee8ff/1/SYeUHnTBwD56ujuHhTAJXrb6h04.mft
rsync://rpki.ripe.net/repository/DEFAULT/SYeUHnTBwD56ujuHhTAJXrb6h04.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 24 Mar 2026 12:01:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:f6:0d:14:56:36:36:aa:85:96:81:15:55:5f:c3:60:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4987941e74c1c03e7aba3b878530095eb6fa874e
Validity
Not Before: Mar 16 09:49:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ca53ba37cf74d0ff3c41979f03b0e7d3536f80f2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:2c:fd:54:b9:3a:54:dc:4e:99:7a:6e:b8:a6:
58:4c:ff:c4:38:0c:a5:74:e8:f9:4e:35:10:5b:f4:
7a:a5:49:01:f7:6e:27:b9:7b:69:a9:41:11:77:04:
dd:28:0f:35:d5:17:c9:55:b2:b7:d3:0f:a3:7a:67:
72:f8:bf:10:df:35:7b:5f:f6:c6:f8:76:59:65:59:
0e:fa:7f:5b:8c:2b:6f:fb:84:a7:4d:b1:29:48:4e:
49:6b:f3:12:14:d5:a0:37:b2:8b:2e:59:f9:26:45:
c0:8f:88:5c:52:91:95:44:b7:ad:0f:cb:b3:9f:3e:
3b:ed:07:cf:15:87:64:3d:73:16:52:59:f7:20:8f:
7a:b3:ce:4a:64:ba:e3:f3:38:84:49:84:fd:6d:00:
84:89:02:c4:93:03:c1:e8:0d:de:64:4b:1e:1f:61:
30:6b:4c:bd:d9:54:82:8c:77:49:9b:0d:45:6b:f7:
80:90:9d:81:4c:26:b0:cc:b0:5f:d2:0c:c9:f1:60:
3d:d3:15:95:00:d9:87:2f:b4:d7:e6:ea:83:81:c5:
6b:8e:21:6b:de:5a:7d:79:2c:e7:09:f9:97:a6:16:
6d:79:dc:9a:28:74:97:a4:64:8c:d5:e8:82:ac:36:
82:2f:84:6f:d3:c9:23:ec:64:63:49:d2:d0:dd:7e:
04:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:53:BA:37:CF:74:D0:FF:3C:41:97:9F:03:B0:E7:D3:53:6F:80:F2
X509v3 Authority Key Identifier:
keyid:49:87:94:1E:74:C1:C0:3E:7A:BA:3B:87:85:30:09:5E:B6:FA:87:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYeUHnTBwD56ujuHhTAJXrb6h04.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/70777b-68b0-42a8-9e9d-e8ada51ee8ff/1/ylO6N8900P88QZefA7Dn01NvgPI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/70777b-68b0-42a8-9e9d-e8ada51ee8ff/1/SYeUHnTBwD56ujuHhTAJXrb6h04.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.40.0/22
78.109.28.0/22
195.20.114.0/24
195.214.208.0/22
IPv6:
2a10:9300::/29
Signature Algorithm: sha256WithRSAEncryption
3e:91:51:cf:fd:15:6f:c0:1a:f9:a9:65:6f:f2:aa:61:01:bb:
d8:7a:74:64:b4:43:80:bb:34:02:ec:6a:56:b1:ec:33:1b:21:
b2:b2:c2:29:1e:a5:06:b6:5d:93:2f:a2:a0:76:2c:e1:7e:b4:
3e:15:00:ec:bd:93:cd:75:b9:3c:1f:b1:4a:c2:28:03:c1:70:
89:3f:3c:da:f5:8a:30:b9:dd:39:16:8d:1c:30:42:c2:3b:ea:
94:b4:e6:2c:1d:c0:14:44:34:61:df:23:2b:cc:ba:d9:f9:c1:
f7:c1:2a:49:7d:1b:cb:1c:d3:05:3a:df:fa:a2:f4:75:86:89:
a0:a8:70:24:99:c3:3f:04:51:a5:0c:4d:dc:dc:89:c0:d8:a7:
fd:01:ee:f3:95:e5:92:2c:49:b5:7b:8b:56:44:2b:8e:a2:c7:
a9:72:25:6e:b1:98:7f:6e:04:0a:08:23:64:a3:5a:f2:87:e2:
96:fe:93:e7:41:fa:1d:22:e2:ea:ce:42:82:51:47:16:6e:7e:
05:85:2f:cd:e8:c0:e0:97:5c:92:89:f8:bc:35:73:0a:59:f0:
6a:f1:58:6e:30:09:d4:a4:3a:2e:90:58:56:8c:a8:ed:5b:25:
45:e6:ab:f1:f0:1a:b5:c3:9d:69:83:47:15:80:1e:c4:4a:da:
e6:b3:1b:7b
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZz2DRRWNjaqhZaBFVVfw2BxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODc5NDFlNzRjMWMwM2U3YWJhM2I4Nzg1MzAwOTVlYjZm
YTg3NGUwHhcNMjYwMzE2MDk0OTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTUzYmEzN2NmNzRkMGZmM2M0MTk3OWYwM2IwZTdkMzUzNmY4MGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiz9VLk6VNxOmXpuuKZYTP/EOAyl
dOj5TjUQW/R6pUkB924nuXtpqUERdwTdKA811RfJVbK30w+jemdy+L8Q3zV7X/bG
+HZZZVkO+n9bjCtv+4SnTbEpSE5Ja/MSFNWgN7KLLln5JkXAj4hcUpGVRLetD8uz
nz477QfPFYdkPXMWUln3II96s85KZLrj8ziESYT9bQCEiQLEkwPB6A3eZEseH2Ew
a0y92VSCjHdJmw1Fa/eAkJ2BTCawzLBf0gzJ8WA90xWVANmHL7TX5uqDgcVrjiFr
3lp9eSznCfmXphZtedyaKHSXpGSM1eiCrDaCL4Rv08kj7GRjSdLQ3X4EawIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFMpTujfPdND/PEGXnwOw59NTb4DyMB8GA1UdIwQY
MBaAFEmHlB50wcA+ero7h4UwCV62+odOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1llVUhuVEJ3RDU2dWp1SGhUQUpYcmI2aDA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83MDc3N2ItNjhiMC00MmE4LTllOWQt
ZThhZGE1MWVlOGZmLzEveWxPNk44OTAwUDg4UVplZkE3RG4wMU52Z1BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83MDc3N2ItNjhiMC00MmE4LTllOWQtZThhZGE1MWVlOGZm
LzEvU1llVUhuVEJ3RDU2dWp1SGhUQUpYcmI2aDA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCLUIoAwQC
Tm0cAwQAwxRyAwQCw9bQMA0EAgACMAcDBQMqEJMAMA0GCSqGSIb3DQEBCwUAA4IB
AQA+kVHP/RVvwBr5qWVv8qphAbvYenRktEOAuzQC7GpWsewzGyGyssIpHqUGtl2T
L6KgdizhfrQ+FQDsvZPNdbk8H7FKwigDwXCJPzza9Yowud05Fo0cMELCO+qUtOYs
HcAURDRh3yMrzLrZ+cH3wSpJfRvLHNMFOt/6ovR1homgqHAkmcM/BFGlDE3c3InA
2Kf9Ae7zleWSLEm1e4tWRCuOosepciVusZh/bgQKCCNko1ryh+KW/pPnQfodIuLq
zkKCUUcWbn4FhS/N6MDgl1ySifi8NXMKWfBq8VhuMAnUpDoukFhWjKjtWyVF5qvx
8Bq1w51pg0cVgB7EStrmsxt7
-----END CERTIFICATE-----
Generated at Mon Mar 23 21:06:55 2026 by rpki-client