Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/YDHAFS5NL3nYDPhy4OA73C3z01M.roa
File: YDHAFS5NL3nYDPhy4OA73C3z01M.roa (raw, json)
Hash identifier: G6APuYyI4RlimuK+4VqWE8moDRuBp8AeV+DrddKsYsY=
Subject key identifier: 60:31:C0:15:2E:4D:2F:79:D8:0C:F8:72:E0:E0:3B:DC:2D:F3:D3:53
Certificate issuer: /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial: 019C46E400BFCAB9CB7CB2C6B2A8BA6E4F37
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/YDHAFS5NL3nYDPhy4OA73C3z01M.roa
Signing time: Tue 10 Feb 2026 09:31:13 +0000
ROA not before: Tue 10 Feb 2026 09:31:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 393886
IP address blocks: 152.163.0.0/22 maxlen: 22
152.163.12.0/22 maxlen: 22
152.163.64.0/22 maxlen: 22
152.163.100.0/22 maxlen: 22
152.163.112.0/22 maxlen: 22
152.163.120.0/22 maxlen: 22
152.163.164.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Feb 2026 08:01:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:46:e4:00:bf:ca:b9:cb:7c:b2:c6:b2:a8:ba:6e:4f:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
Validity
Not Before: Feb 10 09:31:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6031c0152e4d2f79d80cf872e0e03bdc2df3d353
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:3c:34:3d:23:e3:fd:a5:0d:2d:83:37:2b:b8:
67:43:80:c6:aa:63:2e:fb:5e:1a:be:0b:1b:d8:12:
44:46:22:cc:13:db:0e:8b:c7:7c:32:e9:64:39:5f:
24:c4:d0:3e:6c:e6:87:10:0d:e2:8f:43:16:2b:04:
41:37:3a:e2:e5:2e:34:1e:60:a7:8d:91:c5:c6:b8:
5f:a2:00:f8:55:70:23:2c:00:0d:b1:81:f3:80:57:
53:2b:49:83:8d:ec:ba:6a:2a:3a:4e:e1:8b:33:fb:
aa:82:88:d6:ce:0e:b3:ec:f5:08:38:37:fe:a0:38:
8d:c1:b6:76:ae:01:0d:16:4a:4e:f2:56:36:1d:c1:
e3:c3:80:b9:49:d8:a2:14:0d:c1:95:d7:18:87:ed:
26:9a:70:34:a4:4b:4d:11:d8:44:1e:5c:34:7c:08:
c7:a5:ca:ac:fa:f8:b0:7c:06:d2:36:1d:32:90:6a:
59:a2:8a:53:fd:78:5d:c7:ad:ea:34:b0:0d:ad:7d:
e9:69:09:99:35:62:0f:a3:50:66:6f:f7:0c:65:12:
3a:d6:c9:3c:a7:ae:67:65:e2:35:6d:9c:7a:a2:43:
4f:3e:86:a9:85:75:e8:6f:70:1a:18:3d:e5:0a:0a:
f1:bd:fa:db:5d:c9:97:3c:27:6e:90:a0:03:13:d1:
57:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:31:C0:15:2E:4D:2F:79:D8:0C:F8:72:E0:E0:3B:DC:2D:F3:D3:53
X509v3 Authority Key Identifier:
keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/YDHAFS5NL3nYDPhy4OA73C3z01M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.163.0.0/22
152.163.12.0/22
152.163.64.0/22
152.163.100.0/22
152.163.112.0/22
152.163.120.0/22
152.163.164.0/22
Signature Algorithm: sha256WithRSAEncryption
43:ef:ff:df:3b:49:a1:f2:b7:9f:03:b7:e3:06:76:75:35:a6:
92:cf:a4:34:6e:1b:66:ff:93:c1:00:b2:68:61:eb:b8:89:43:
d7:4d:2b:d8:f7:ec:54:24:5f:77:93:47:ec:31:76:29:20:e4:
75:5c:71:54:f9:a1:0f:1a:ec:33:a6:58:8d:20:f7:5a:72:bd:
5d:ec:a3:76:8d:aa:0e:3f:33:ef:bb:e6:d3:fb:aa:6c:38:e4:
62:71:c5:77:ff:ab:e4:98:6f:ce:42:c6:9c:84:0f:e4:f2:13:
22:67:75:72:0f:40:8f:4c:91:42:c6:78:0f:2b:d3:bd:9a:f3:
a4:18:0c:0f:91:2c:27:85:95:68:76:82:a8:8e:49:2d:e3:e6:
70:87:70:23:27:d9:0d:2b:77:0d:36:44:71:86:56:e9:bb:4a:
79:26:f6:05:c3:4d:eb:09:85:79:1f:59:bd:b2:84:bf:9a:30:
2f:35:bb:ae:f9:7a:58:8f:8f:00:72:f4:4e:77:b7:d0:55:6f:
7d:37:61:9c:ba:63:93:df:b7:9c:87:5c:07:c9:3d:77:ba:f0:
3b:ec:5f:b8:fb:90:2a:08:c6:af:02:7a:a5:a6:76:e6:4d:86:
bf:b4:79:ab:18:0a:7e:20:d5:6c:dd:ec:07:27:a3:4d:5e:4b:
5e:18:fb:a9
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZxG5AC/yrnLfLLGsqi6bk83MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjYwMjEwMDkzMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDMxYzAxNTJlNGQyZjc5ZDgwY2Y4NzJlMGUwM2JkYzJkZjNkMzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDw0PSPj/aUNLYM3K7hnQ4DGqmMu
+14avgsb2BJERiLME9sOi8d8MulkOV8kxNA+bOaHEA3ij0MWKwRBNzri5S40HmCn
jZHFxrhfogD4VXAjLAANsYHzgFdTK0mDjey6aio6TuGLM/uqgojWzg6z7PUIODf+
oDiNwbZ2rgENFkpO8lY2HcHjw4C5SdiiFA3BldcYh+0mmnA0pEtNEdhEHlw0fAjH
pcqs+viwfAbSNh0ykGpZoopT/Xhdx63qNLANrX3paQmZNWIPo1Bmb/cMZRI61sk8
p65nZeI1bZx6okNPPoaphXXob3AaGD3lCgrxvfrbXcmXPCdukKADE9FXKwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFGAxwBUuTS952Az4cuDgO9wt89NTMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvWURIQUZTNU5MM25ZRFBoeTRPQTczQzN6MDFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCmKMAAwQC
mKMMAwQCmKNAAwQCmKNkAwQCmKNwAwQCmKN4AwQCmKOkMA0GCSqGSIb3DQEBCwUA
A4IBAQBD7//fO0mh8refA7fjBnZ1NaaSz6Q0bhtm/5PBALJoYeu4iUPXTSvY9+xU
JF93k0fsMXYpIOR1XHFU+aEPGuwzpliNIPdacr1d7KN2jaoOPzPvu+bT+6psOORi
ccV3/6vkmG/OQsachA/k8hMiZ3VyD0CPTJFCxngPK9O9mvOkGAwPkSwnhZVodoKo
jkkt4+Zwh3AjJ9kNK3cNNkRxhlbpu0p5JvYFw03rCYV5H1m9soS/mjAvNbuu+XpY
j48AcvROd7fQVW99N2GcumOT37ech1wHyT13uvA77F+4+5AqCMavAnqlpnbmTYa/
tHmrGAp+INVs3ewHJ6NNXkteGPup
-----END CERTIFICATE-----
Generated at Thu Feb 26 12:16:35 2026 by rpki-client