Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/Oy1Vr9hwyTh0-0iHW94GDDDFmYs.roa
File: Oy1Vr9hwyTh0-0iHW94GDDDFmYs.roa (raw, json)
Hash identifier: 5fFerRCf8VBYV4VrGw9Oh25817KoFKu/y2AnqGnWOXw=
Subject key identifier: 3B:2D:55:AF:D8:70:C9:38:74:FB:48:87:5B:DE:06:0C:30:C5:99:8B
Certificate issuer: /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial: 019E781FC0E10B9103AF25F838F5EE834820
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/Oy1Vr9hwyTh0-0iHW94GDDDFmYs.roa
Signing time: Sat 30 May 2026 09:03:27 +0000
ROA not before: Sat 30 May 2026 09:03:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 13335
IP address blocks: 138.226.234.0/24 maxlen: 24
138.226.238.0/24 maxlen: 24
204.62.120.0/24 maxlen: 24
204.62.121.0/24 maxlen: 24
204.62.122.0/24 maxlen: 24
207.89.22.0/24 maxlen: 24
207.89.23.0/24 maxlen: 24
216.163.179.0/24 maxlen: 24
2a14:a087::/48 maxlen: 48
2a14:a087:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 03 Jun 2026 15:55:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:78:1f:c0:e1:0b:91:03:af:25:f8:38:f5:ee:83:48:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Validity
Not Before: May 30 09:03:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3b2d55afd870c93874fb48875bde060c30c5998b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:ae:b9:d1:ce:e8:4c:d7:75:52:29:0a:76:93:
72:6d:72:45:62:e8:59:6a:ea:14:10:2f:cf:56:03:
c0:1a:d7:a0:71:a4:80:af:79:67:28:88:8e:d8:56:
80:b8:77:50:18:a1:99:80:96:e9:4b:13:bc:7e:77:
3c:08:e3:ad:9c:50:4b:a3:65:3f:45:af:05:bc:d3:
9a:4e:04:96:7a:77:a9:da:00:93:c7:ca:23:b0:9f:
be:b8:d1:db:22:26:2e:56:dc:7b:25:a5:a1:58:3f:
bc:ff:2a:f4:41:ad:cf:10:cf:e8:5e:63:48:34:fd:
77:af:c9:8c:d3:0f:c2:28:3b:57:71:19:34:c1:8f:
96:38:76:45:e1:e1:06:14:92:04:dc:a7:f7:b4:77:
a0:1e:ed:e3:7f:da:8c:b4:41:3b:6d:2c:d1:65:df:
5d:cc:1c:35:c9:25:79:c9:d5:bf:85:05:88:a3:55:
5a:fc:26:c2:99:78:be:f2:30:74:14:c8:c2:45:00:
6b:64:8f:d9:27:55:eb:0c:ef:7b:d5:78:5b:56:db:
ab:ab:f5:3f:c0:d5:aa:23:fe:d5:34:e8:73:34:86:
87:3d:f8:bc:b6:a0:6e:33:e8:0d:cb:a9:f3:fc:f3:
a8:d8:82:b3:9c:f4:08:82:40:e0:2f:f2:5f:66:50:
05:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:2D:55:AF:D8:70:C9:38:74:FB:48:87:5B:DE:06:0C:30:C5:99:8B
X509v3 Authority Key Identifier:
keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/Oy1Vr9hwyTh0-0iHW94GDDDFmYs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.226.234.0/24
138.226.238.0/24
204.62.120.0-204.62.122.255
207.89.22.0/23
216.163.179.0/24
IPv6:
2a14:a087::/47
Signature Algorithm: sha256WithRSAEncryption
25:8b:f2:85:69:8b:55:0a:88:79:5b:37:dd:d7:fa:5f:a4:38:
ce:47:ff:23:9d:70:89:8f:39:eb:d8:be:cb:38:07:f0:a8:35:
34:a1:43:89:7f:e9:96:0c:41:8e:fd:c6:aa:06:09:ec:6c:66:
0a:05:e2:d5:a4:41:03:6b:e1:7b:12:f5:e6:ab:f0:cf:8a:b6:
2e:ea:e2:57:e6:60:cb:4a:d0:0f:eb:ce:a5:4a:48:cf:dc:d4:
a1:a0:7f:5c:7b:74:51:74:b3:bb:d1:83:ed:ac:3f:88:33:9a:
ea:80:02:81:44:44:10:32:a8:c8:82:58:ad:3f:ee:81:c7:a5:
07:b0:f1:d2:9c:fd:b9:67:91:d5:ee:ef:ea:d6:fd:a4:b5:94:
6d:98:ed:91:8b:40:f5:87:f8:f2:28:69:33:a9:c8:ef:2e:75:
39:bb:5a:39:9a:b9:b0:46:0e:27:7e:a5:54:79:83:9d:88:99:
b7:eb:71:f8:d4:03:fa:18:ca:bd:87:4d:9e:4b:e3:e6:35:90:
cf:c8:f0:29:cf:4a:b3:07:0b:ba:7c:7c:47:ea:21:03:91:f3:
8b:cb:d9:52:9b:f3:49:a4:a4:75:9f:d2:b4:7c:3c:45:0a:41:
4e:20:37:ef:ee:72:4d:3e:43:16:d5:2b:93:4e:e6:45:3a:3f:
17:83:f1:37
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAZ54H8DhC5EDryX4OPXug0ggMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjYwNTMwMDkwMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjJkNTVhZmQ4NzBjOTM4NzRmYjQ4ODc1YmRlMDYwYzMwYzU5OThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoa650c7oTNd1UikKdpNybXJFYuhZ
auoUEC/PVgPAGtegcaSAr3lnKIiO2FaAuHdQGKGZgJbpSxO8fnc8COOtnFBLo2U/
Ra8FvNOaTgSWenep2gCTx8ojsJ++uNHbIiYuVtx7JaWhWD+8/yr0Qa3PEM/oXmNI
NP13r8mM0w/CKDtXcRk0wY+WOHZF4eEGFJIE3Kf3tHegHu3jf9qMtEE7bSzRZd9d
zBw1ySV5ydW/hQWIo1Va/CbCmXi+8jB0FMjCRQBrZI/ZJ1XrDO971XhbVturq/U/
wNWqI/7VNOhzNIaHPfi8tqBuM+gNy6nz/POo2IKznPQIgkDgL/JfZlAFXwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFDstVa/YcMk4dPtIh1veBgwwxZmLMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvT3kxVnI5aHd5VGgwLTBpSFc5NEdERERGbVlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAsBAIAATAmAwQAiuLqAwQA
iuLuMAwDBAPMPngDBADMPnoDBAHPWRYDBADYo7MwDwQCAAIwCQMHASoUoIcAADAN
BgkqhkiG9w0BAQsFAAOCAQEAJYvyhWmLVQqIeVs33df6X6Q4zkf/I51wiY8569i+
yzgH8Kg1NKFDiX/plgxBjv3GqgYJ7GxmCgXi1aRBA2vhexL15qvwz4q2LuriV+Zg
y0rQD+vOpUpIz9zUoaB/XHt0UXSzu9GD7aw/iDOa6oACgUREEDKoyIJYrT/ugcel
B7Dx0pz9uWeR1e7v6tb9pLWUbZjtkYtA9Yf48ihpM6nI7y51ObtaOZq5sEYOJ36l
VHmDnYiZt+tx+NQD+hjKvYdNnkvj5jWQz8jwKc9KswcLunx8R+ohA5Hzi8vZUpvz
SaSkdZ/StHw8RQpBTiA37+5yTT5DFtUrk07mRTo/F4PxNw==
-----END CERTIFICATE-----
Generated at Tue Jun 2 21:43:08 2026 by rpki-client