Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/nkq-yT8he3tj-YnIYTflM7G1EF8.roa
File: nkq-yT8he3tj-YnIYTflM7G1EF8.roa (raw, json)
Hash identifier: ymAWmoa7YJshJiD8dHQcVHR3TluzTSEJv21rIks5i88=
Subject key identifier: 9E:4A:BE:C9:3F:21:7B:7B:63:F9:89:C8:61:37:E5:33:B1:B5:10:5F
Certificate issuer: /CN=63883a79789d9f65815292f18d4980ba9c5ed221
Certificate serial: 019DD05E305F85651843C73034BCA0FEC483
Authority key identifier: 63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/nkq-yT8he3tj-YnIYTflM7G1EF8.roa
Signing time: Mon 27 Apr 2026 19:15:26 +0000
ROA not before: Mon 27 Apr 2026 19:15:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 262287
IP address blocks: 152.236.10.0/24 maxlen: 24
152.236.13.0/24 maxlen: 24
152.236.22.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl
rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 May 2026 04:01:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:d0:5e:30:5f:85:65:18:43:c7:30:34:bc:a0:fe:c4:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63883a79789d9f65815292f18d4980ba9c5ed221
Validity
Not Before: Apr 27 19:15:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9e4abec93f217b7b63f989c86137e533b1b5105f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:c4:74:27:2b:bf:53:fe:6e:86:5c:3a:16:ee:
68:bb:01:6b:00:4f:07:56:07:53:b4:63:31:91:b5:
50:94:1d:40:a0:55:39:fb:9b:04:44:ad:2b:dd:7e:
f2:ca:34:9f:2c:42:65:ca:e4:62:f5:08:a9:40:91:
92:e4:47:52:9e:94:42:72:d8:6c:ba:a2:4d:a9:17:
d9:72:67:76:b4:51:4d:15:14:6a:c5:6f:00:c6:e8:
58:b2:1c:14:f5:34:54:3a:cb:2e:70:3c:f5:4a:01:
b1:15:35:8c:a2:c6:c3:30:9f:75:b7:8e:df:92:f8:
03:0f:f5:7d:34:0b:7d:a6:b7:5d:3c:6a:ac:47:12:
6a:df:b4:a5:2c:d9:74:6b:b8:b9:d0:ab:1f:c5:b0:
34:ee:1b:51:ac:e7:b5:9c:8c:d6:89:ec:cf:f0:a5:
56:f6:5e:fb:e7:3e:cb:1b:18:f2:20:b5:c6:39:54:
23:20:38:61:01:61:db:22:4e:c9:93:36:75:be:99:
44:38:cd:9d:29:f4:e0:e1:c3:95:f9:36:8a:82:e7:
b1:14:52:70:9c:83:9c:fa:96:15:36:81:1e:fe:74:
0c:da:c2:b1:c1:6f:2d:da:2b:14:00:c1:43:b7:34:
ae:df:b3:7b:09:8a:24:3d:70:92:21:92:bd:78:0a:
2e:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:4A:BE:C9:3F:21:7B:7B:63:F9:89:C8:61:37:E5:33:B1:B5:10:5F
X509v3 Authority Key Identifier:
keyid:63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/nkq-yT8he3tj-YnIYTflM7G1EF8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.236.10.0/24
152.236.13.0/24
152.236.22.0/24
Signature Algorithm: sha256WithRSAEncryption
78:ae:1c:04:a2:ea:6b:59:39:6e:ee:9f:f6:df:ba:90:47:67:
40:33:b3:95:66:9f:8c:f8:ed:12:9d:77:f4:d2:a6:83:d5:4d:
94:7e:59:54:b2:f5:ee:50:ea:7a:a7:5a:ca:0c:88:a9:ce:d6:
a4:7d:76:2f:8c:c8:20:60:6a:4a:88:63:a3:96:79:4f:4d:11:
c8:4d:c1:e6:03:4f:83:83:79:a4:3a:bf:05:3a:2e:74:f5:59:
55:36:8e:09:bf:ee:32:8e:6c:90:41:35:01:bc:1f:e5:99:1b:
e4:5c:3a:ac:20:39:03:53:69:21:45:c4:4d:f1:35:05:99:65:
10:88:c9:87:0e:ee:a8:0b:a1:e3:46:31:ec:f9:c9:35:dc:9b:
da:41:86:bc:45:dd:d7:2e:58:6d:5a:a5:6c:e5:e5:bf:e6:d5:
9a:32:80:3a:9f:94:ae:46:57:51:c6:93:20:ca:f0:0c:32:44:
26:46:ba:e4:f7:a2:8b:98:1a:22:d7:b8:cd:12:40:68:7c:3c:
3a:52:86:5a:20:03:5f:f6:9f:d6:8b:b2:ce:0c:8f:e6:5c:1e:
53:53:95:83:ef:1b:46:1a:13:f6:3d:ca:c5:05:d4:18:4f:a8:
ce:22:01:9c:b6:05:65:6e:a4:0e:00:d4:ef:80:51:db:79:d5:
4c:35:c9:5b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3QXjBfhWUYQ8cwNLyg/sSDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzODgzYTc5Nzg5ZDlmNjU4MTUyOTJmMThkNDk4MGJhOWM1
ZWQyMjEwHhcNMjYwNDI3MTkxNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTRhYmVjOTNmMjE3YjdiNjNmOTg5Yzg2MTM3ZTUzM2IxYjUxMDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMR0Jyu/U/5uhlw6Fu5ouwFrAE8H
VgdTtGMxkbVQlB1AoFU5+5sERK0r3X7yyjSfLEJlyuRi9QipQJGS5EdSnpRCcths
uqJNqRfZcmd2tFFNFRRqxW8AxuhYshwU9TRUOssucDz1SgGxFTWMosbDMJ91t47f
kvgDD/V9NAt9prddPGqsRxJq37SlLNl0a7i50KsfxbA07htRrOe1nIzWiezP8KVW
9l775z7LGxjyILXGOVQjIDhhAWHbIk7JkzZ1vplEOM2dKfTg4cOV+TaKguexFFJw
nIOc+pYVNoEe/nQM2sKxwW8t2isUAMFDtzSu37N7CYokPXCSIZK9eAoubwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ5Kvsk/IXt7Y/mJyGE35TOxtRBfMB8GA1UdIwQY
MBaAFGOIOnl4nZ9lgVKS8Y1JgLqcXtIhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTRnNmVYaWRuMldCVXBMeGpVbUF1cHhlMGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9jYTAyMjgtNTdlZS00ZjY1LTk2MmYt
MzVkMDU5NWUxMmYwLzEvbmtxLXlUOGhlM3RqLVluSVlUZmxNN0cxRUY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9jYTAyMjgtNTdlZS00ZjY1LTk2MmYtMzVkMDU5NWUxMmYw
LzEvWTRnNmVYaWRuMldCVXBMeGpVbUF1cHhlMGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAmOwKAwQA
mOwNAwQAmOwWMA0GCSqGSIb3DQEBCwUAA4IBAQB4rhwEouprWTlu7p/237qQR2dA
M7OVZp+M+O0SnXf00qaD1U2UfllUsvXuUOp6p1rKDIipztakfXYvjMggYGpKiGOj
lnlPTRHITcHmA0+Dg3mkOr8FOi509VlVNo4Jv+4yjmyQQTUBvB/lmRvkXDqsIDkD
U2khRcRN8TUFmWUQiMmHDu6oC6HjRjHs+ck13JvaQYa8Rd3XLlhtWqVs5eW/5tWa
MoA6n5SuRldRxpMgyvAMMkQmRrrk96KLmBoi17jNEkBofDw6UoZaIANf9p/Wi7LO
DI/mXB5TU5WD7xtGGhP2PcrFBdQYT6jOIgGctgVlbqQOANTvgFHbedVMNclb
-----END CERTIFICATE-----
Generated at Wed May 13 09:44:18 2026 by rpki-client